| Revision as of 21:02, 24 June 2011 editRisker (talk | contribs)Edit filter managers, Autopatrolled, Checkusers, Oversighters, Administrators28,295 edits →Break - security: some comments about security← Previous edit |
Latest revision as of 15:58, 15 December 2024 edit undoLowercase sigmabot III (talk | contribs)Bots, Template editors2,296,532 editsm Archiving 1 discussion(s) to Misplaced Pages talk:Arbitration Committee/Archive 26) (bot |
| Line 2: |
Line 2: |
|
{{Misplaced Pages talk:Arbitration Committee/Front matter}} |
|
{{Misplaced Pages talk:Arbitration Committee/Front matter}} |
|
{{User:MiszaBot/config |
|
{{User:MiszaBot/config |
|
|
|archiveheader = {{talkarchivenav}} |
|
|maxarchivesize = 250K |
|
|maxarchivesize = 250K |
|
|counter = 8 |
|
|counter = 26 |
|
|
|minthreadsleft = 0 |
|
|algo = old(3d) |
|
|
|
|minthreadstoarchive = 1 |
|
|
|algo = old(14d) |
|
|archive = Misplaced Pages talk:Arbitration Committee/Archive %(counter)d |
|
|archive = Misplaced Pages talk:Arbitration Committee/Archive %(counter)d |
|
}} |
|
}} |
|
|
{{pb}} |
|
|
|
|
== Re-organisation of ] == |
|
|
|
|
|
As a matter of experience, the Arbitration Enforcement (AE) noticeboard is unwieldy. In the current system of organisation, all requests are under one main header, with the most recent ones going to the bottom. The result is that an administrator, upon opening AE to attend to pending requests, is faced with a lengthy array of threads. I propose that we do ''something'' to improve the organisation of the noticeboard, although I have no single preference as to what new structure we implement. My suggestion is that we create sub-sections for the topic areas that are most commonly related to enforcement requests, with the option to add or remove sub-sections as dictated by demand, and with a final sub-section for other requests. The resulting structure would be: |
|
|
|
|
|
<pre><nowiki> |
|
|
= Requests for enforcement = |
|
|
|
|
|
== Open requests == |
|
|
|
|
|
=== Arab-Israel conflict === |
|
|
=== Armenia-Azerbaijan === |
|
|
=== Digwuren === |
|
|
=== Pseudoscience === |
|
|
=== Other topics === |
|
|
|
|
|
== Closed requests == |
|
|
|
|
|
</nowiki></pre> |
|
|
|
|
|
The sub-sections of ''Open requests'' are alphabetised (except for ''Other topics'', which is placed last), so as to not give precedence to any one topic area. The topic areas which I have given their own section are ones that come to mind when I think of the cases which are most commonly cited at AE, but there may be others, and in any case this is merely an example. Also, I am unsure if I need the Committee's approval for this change, because AE was initially a community process—and, although it was moved by an arbitrator to the ArbCom space, I think it still is. But I thought I'd propose this here, because, although my primary motivation is to ask for input from everybody, I am also keen to know how the arbitrators would feel about these changes. ]<small> <nowiki>]<nowiki>]</nowiki></small> 21:39, 24 May 2011 (UTC) |
|
|
:Thank you for giving this issue consideration, AGK. I think the most useful feedback would be from other administrators who currently participate in arbitration enforcement, as well as perhaps others who may be considering it. If this works for all of you, then it is likely to be a good step. One very minor point: ''Ps'''eu'''doscience.'' :-) ] (]) 06:19, 25 May 2011 (UTC) |
|
|
:: <small>My bad; fixed :). ]<small> <nowiki>]<nowiki>]</nowiki></small> 08:33, 25 May 2011 (UTC)</small> |
|
|
|
|
|
:As Risker said, this is mostly a question of what works best for the admins involved in enforcement; while the Committee retains jurisdiction over the enforcement process in principle, I don't see any problem with having the people who actually participate determining how to structure it. |
|
|
:Personally, I think your idea is a good one. The only suggestion I would make is to use topic areas, rather than actual case names, for the section headings; "Eastern Europe" is much more obvious than "Digwuren", for example. ] <sup>]] ]]</sup> 10:25, 25 May 2011 (UTC) |
|
|
:: Yeah, topic areas as opposed to case names would be better. As an aside, naming of cases ''has'' improved in recent years, and it is normally only older cases that do not have descriptive titles. ]<small> <nowiki>]<nowiki>]</nowiki></small> 20:04, 29 May 2011 (UTC) |
|
|
::: Kirill: As a purely constitutional point, arbitration enforcement ''is'' a community process, because it is operated entirely by administrators who do not sit on the Committee. It was moved into the Committee's namespace some time ago, from a subpage of AN, but without community agreement. ]<small> <nowiki>]<nowiki>]</nowiki></small> 14:28, 7 June 2011 (UTC) |
|
|
:::: I disagree. The fact that arbitration enforcement is performed by the administrator corps, rather than the Committee itself, is immaterial; the administrators are implementing the Committee's decisions, pursuant to the enforcement provisions set by the Committee, and thus the enforcement process as a whole is necessarily under the Committee's jurisdiction. |
|
|
:::: Or, to be slightly more pedantic: administrators are able to perform certain actions (e.g. blocking editors) on their own discretion, pursuant to the relevant community policies; thus, for example, the activity of AN/I. Thus, any administrator may in principle sanction an editor who violated an arbitration decision independently of the decision per se, by arguing that the editor's action was sanctionable in and of itself. However, for an administrator to legitimately claim that his actions constitute "enforcement of an arbitration decision", those actions must be carried out in accordance with the provisions for enforcement contained in said decision—else they are merely independent actions which happen to sanction the same offense. In other words, any administrator who explicitly claims to be acting pursuant to the Committee's instructions is by definition granting the Committee jurisdiction over his actions by doing so. ] <sup>]] ]]</sup> 00:03, 8 June 2011 (UTC) |
|
|
:I don't about this. There are quite a lot of areas under discretionary sanctions; I'm not sure if I fancy seeing 12 headers up on ] all the time, not even counting subheaders. Perhaps if we had people include the case in the section title like so: <nowiki>==User (9/11 attacks)==</nowiki>, and started archiving closed discussions more quickly, we could streamline the process a bit more and achieve a similar result. '''<font color="navy">]</font>''' ''(<font color="green">]</font>)'' 11:22, 25 May 2011 (UTC) |
|
|
::I don't see what problem this is solving. Admins who often comment at AE probably go there at least once a day. They are unlikely to be confused by the set of threads currently open. I tend to check the history before opening the page to see if there are any new comments on the set of things I am following. Adding headers to the page could be adding one more task for the people trying to submit complaints. ] (]) 16:37, 25 May 2011 (UTC) |
|
|
::: Ed: I am as active at AE as most, but I regularly get frustrated and confused by the mass of threads. The page is simply so ''massive'', even when closed threads are collapsed and even with the relatively prompt archiving set-up in place. My personal feeling is that we must impose some further structure if this page is to continue to function, although as I said before this is only one idea and I don't mind particularly what that structure is.<p>NW: That suggestion might actually work. I wonder if we could additionally create two sub-headers, for ''Open requests'' and ''Closed requests'', to further separate the settled threads (before they are archived) from the stuff that actually needs attention. I should also say that I anticipated that we would ], so that only the main headers were visible, and so that the number of headers didn't become unwieldy. Sorry I didn't make that clear. ]<small> <nowiki>]<nowiki>]</nowiki></small> 20:04, 29 May 2011 (UTC) |
|
|
::::The problem with limiting the headers using {{tlx|TOC limit}} is that if you use {{tlx|TOC limit|2}}, you don't have enough headers. If you use {{tlx|TOC limit|3}}, you have all the subject areas but it isn't easy to see from a glance if there is anything in the section you want to see, so you have to go down and read it all anyway. If we use {{tlx|TOC limit|4}}, that would work I guess, but I think that's too many headers. I liked the idea of "opened" and "closed" sections though. '''<font color="navy">]</font>''' ''(<font color="green">]</font>)'' 20:22, 29 May 2011 (UTC) |
|
|
|
|
|
== Arbitration policy update and ratification == |
|
|
|
|
|
The current written arbitration policy dates from 2004 and much has evolved since then. It has been extensively reviewed over the last two years, with a series of wide-ranging community consultations. A proposed update has now been ] and is awaiting community ratification. All editors are cordially invited to participate in the ''']''', which is now open. ] <sup>]</sup> 23:36, 1 June 2011 (UTC) |
|
|
|
|
|
:] |
|
|
|
|
|
== Final reminder: Arbitration policy update and ratification == |
|
|
|
|
|
|
|
|
The current written ] dates from 2004 and much has evolved since then. The policy has been extensively reviewed over the last two years, with a series of wide-ranging community consultations, to bring the written document up to date. The proposed update is ] and is undergoing community ratification, which is due to close on 13 June 2011. All editors are cordially invited to participate in the ''']'''. ] <sup>]</sup> 06:02, 9 June 2011 (UTC) |
|
|
|
|
|
:] |
|
|
|
|
|
== Who is responsible? == |
|
|
|
|
|
I would like to know which member of ArbCom, past or present, is responsible for this leak. ] ] 14:59, 23 June 2011 (UTC) |
|
|
:Oh ''dear''. This is not going to end well, and I fear you--rather than the responsible parties--are going to end up pilloried. → ] ]<small> 15:13, 23 June 2011 (UTC)</small> |
|
|
::I'm quite used to that, but there's something amiss here that needs sorting out. What else has been/is being leaked? ] ] 15:15, 23 June 2011 (UTC) |
|
|
:::Without engaging in hyperbole, this is really very bad. personally I'd bypass the usual ArbCom nonsense and go straight to WMF. ] might be a good way to get someone to take notice. → ] ]<small> 15:23, 23 June 2011 (UTC)</small> |
|
|
::::] seems to be the appropriate Wikimedia body for outside review of this matter. –]] 15:29, 23 June 2011 (UTC) |
|
|
:::::The Ombudsman Commission investigates violations of the Foundation privacy policy, which does not appear to have occurred. This is a matter of a breach of trust by a community member, but not a matter for the Foundation. ]·] 16:47, 23 June 2011 (UTC) |
|
|
::::::Would a contributor's non-public(?) email address not be considered personally-identifying information? –]] 17:03, 23 June 2011 (UTC) |
|
|
:Can't be any past arbitrators (for the initial leak anyway); the only people on the list these days are current Arbs and Jimbo. '''<font color="navy">]</font>''' ''(<font color="green">]</font>)'' 15:28, 23 June 2011 (UTC) |
|
|
|
|
|
*The committee is aware of the situation and looking into it. –]] 15:29, 23 June 2011 (UTC) |
|
|
|
|
|
Malleus, please accept my most profound apology for this unforgivable breach of your expectation of privacy. It is vanishingly unlikely that this leak comes from someone else than a sitting arbitrator, and I want to assure you that I will do everything in my power to identify the slime who did this and crucify them. — ] <sup>]</sup> 16:34, 23 June 2011 (UTC) |
|
|
|
|
|
:In this particular instance there was nothing particularly private, just a chat with Iridescent (who I don't at all blame for this) about a few options that are now impractical. It does though raise the very serious question of what else has been leaked. ] ] 16:49, 23 June 2011 (UTC) |
|
|
::Nevertheless, you were given an assurance of confidentiality and, through lack of care or dishonesty, it has been breached. I agree with you that the possibility of further leaks that ''we are unaware of'' is worrisome, and makes it all the more important that the leak is found and plugged. — ] <sup>]</sup> 17:09, 23 June 2011 (UTC) |
|
|
:::It clearly needs to be sorted out, and quickly. I must admit to being rather puzzled at this discussion being leaked though, as I'm sure there must be much juicier stuff on the mailing list that's far more interesting. ] ] 17:15, 23 June 2011 (UTC) |
|
|
|
|
|
I do hope this isn't swept under the rug, either. This is a serious breach of confidentiality and I (and I'm sure others) would very much like to know who the leak is. Please don't just do whatever it is you arbs do behind closed doors. Please make a public statement about this once it is known who did such a thing. ] (]) 17:18, 23 June 2011 (UTC) |
|
|
|
|
|
:I agree with ], this is a very serious matter and as Tex said a '''lot''' of people would very much like to know who leaked and I, along with others, want a public statement as to what happened once it is figured out. This is a very serious issue and indeed it is worrisome that possibly other things have leaked out. This is truly disconcerting, as this defeats the entire purpose of Arb Com and emailing, to keep things that are private private, had he wanted it public he wouldn't have been emailing it. As Malleus said there are much more interesting things that could be talked about and that is partially what has me worried, if this is what we have found then there is probably other stuff that is more interesting or important out there as well. I hope that this is all resolved quickly and we can be assured that this is all that is out there. <span style="border:1px solid #999;-moz-border-radius:2em">]]</span> 17:42, 23 June 2011 (UTC) |
|
|
|
|
|
::The same person has leaked some emails I recently sent to the ArbCom, and emails from some of the Arbs discussing it between themselves. I think it's important that an announcement be made about this somewhere prominently, so that people know not to send anything confidential to the ArbCom until it's sorted out. <font color="black">]</font> <small><sup><font color="gold">]</font><font color="lime">]</font></sup></small> 18:41, 23 June 2011 (UTC) |
|
|
:::I've temporarily removed the word "private" from the emphatic bright yellow box on the page, since such status can't currently be guaranteed. I agree an announcement somewhere else (although I'm not sure where) might also be a good idea. --] (]) 18:47, 23 June 2011 (UTC) |
|
|
::::The resulting statement instructs individuals to send ''all'' material (private or otherwise) for our attention to the list. –]] 18:51, 23 June 2011 (UTC) |
|
|
:::::Well, it says "any", not "all", but yes it could have been construed that way. So how should it be worded? How about "Material intended for the Committee's attention can be sent to..." ? The alternatives are emphatically suggesting a level of privacy that likely does not currently exist, or removing mention of the email address altogether until the problem is resolved. Or is there a better way? --] (]) 18:59, 23 June 2011 (UTC) |
|
|
::::::I'd suggest full and clear honesty. Something like ''Notice: Communication with ArbCom has been confirmed to be compromised. Confidentiality can not be guaranteed at the current time.''--] (]) 19:08, 23 June 2011 (UTC) |
|
|
:::::::I think the first sentence of that is perhaps overly dramatic. The second, in small, would be adequate though. --] (]) 19:15, 23 June 2011 (UTC) |
|
|
::::::::I think this is serious enough that I'd be more concerned about failure to fully inform someone who intended to transmit confidential information. My understanding is that someone with access is willing to release information maliciously. There's a definite right to know issue that goes beyond a fine print note that could be missed or not treated seriously.--] (]) 19:22, 23 June 2011 (UTC) |
|
|
|
|
|
::::::::(ec) No one will notice it there. It should be posted somewhere prominently. It would be best if the ArbCom would do that asap. <font color="black">]</font> <small><sup><font color="gold">]</font><font color="lime">]</font></sup></small> 19:23, 23 June 2011 (UTC) |
|
|
:::::::::This aspect of the discussion has been superseded by Coren's note below as far as I'm concerned. --] (]) 19:26, 23 June 2011 (UTC) |
|
|
=== brief status update === |
|
|
At this time, the source of the leak seems to have been identified and closed. We are not yet able to determine what other emails may have been stolen, but I am confident that future email will not be so exposed. The committee will give a detailed statement regarding the incident once we have finished cleaning things up and investigating the matter in detail (within the next 24h). — ] <sup>]</sup> 19:24, 23 June 2011 (UTC) |
|
|
:Confirming what Coren has said above. For the record, this incident has been discussed with the WMF as well. ] (]) 19:32, 23 June 2011 (UTC) |
|
|
|
|
|
:Given the ongoing leaks at Misplaced Pages Review, how confident are you that this matter is now sorted? ] ] 22:24, 23 June 2011 (UTC) |
|
|
|
|
|
::Interestingly, the material posted so far has been surprisingly mild, and far more gossipy than scandalous. I'm a little hesitant to start writing ] cases, but I think either the person who has the emails doesn't know what would be (relatively) explosive, or doesn't have much (I'm excluding there being nothing scandalous, based on knowing the personalities of certain people :-) ...) -- ] (]) 22:48, 23 June 2011 (UTC) |
|
|
|
|
|
::We are quite certain that we have identified the source of the leak, and that the account involved no longer has access to any private mailing lists or the arbitration wiki. We are still assessing what information was accessed while the account was compromised. As a precaution, other members of the committee are changing passwords and reassessing their personal security precautions including hardware/software checks. ] (]) 22:51, 23 June 2011 (UTC) |
|
|
|
|
|
:::Should we assume that when the announcement about this is posted, it’s going to include the identity of whichever arbitrator leaked the e-mails? If it’s now been determined who was responsible for the leak, I think the community has a right to know that. --] (]) 00:44, 24 June 2011 (UTC) |
|
|
|
|
|
::::Risker seems to imply that the arbitrator in question had their account and/or email and/or other login information compromised by a third party. '''<font color="navy">]</font>''' ''(<font color="green">]</font>)'' 00:50, 24 June 2011 (UTC) |
|
|
|
|
|
:::::Coren indicated that Iridescent's account had been compromised, but some of the leaked material dates from before his time on the ArbCom. I hope the Committee will be completely transparent about what happened here. <font color="black">]</font> <small><sup><font color="gold">]</font><font color="lime">]</font></sup></small> 00:59, 24 June 2011 (UTC) |
|
|
|
|
|
::::::Part of the problem is that most passwords, including that to the email archive, were sent by email (hence the importance of having all accounts pointing at a new email account as swiftly as possible). Of course, access to the archive and wikis was immediately removed to prevent further access, but that will have had no effect on what data was already stolen.<p>In other words, it's not really possible to establish with certainty what, or how much, has been taken before the accesses were changed; our focus will be on securing things for the future so that this does not happen again. I'm going to recommend a number of procedural changes to diminish the probability of such incidents happening in the future, as well as push ''very hard'' for strong security precautions to access confidential data (for instance, two-factor authentication to access privileged wikis or archives seem important to me). — ] <sup>]</sup> 01:07, 24 June 2011 (UTC) |
|
|
|
|
|
:::::::I had a conversation with the Foundation about this around a year ago, maybe longer. Anyone gaining access to the wiki or the archives needs that access only for the briefest of periods. They download the material, and that's that. Once this immediate situation is sorted out, I think a serious discussion needs to take place about the amount of information the Committee is retaining about people. Realistically you can't guarantee its safety, and the larger the mailing list, the less of a guarantee there can be. <font color="black">]</font> <small><sup><font color="gold">]</font><font color="lime">]</font></sup></small> 01:12, 24 June 2011 (UTC) |
|
|
|
|
|
::::::::Yes, I'll spearhead that necessary work to reform myself. — ] <sup>]</sup> 01:14, 24 June 2011 (UTC) |
|
|
|
|
|
::::::::::Mike Godwin posted to one of the mailing lists recently that enlightened organizations are retaining very little data about individuals, so that if a legal issue arises, there's little to hand over. And the same principle would apply to security, that if there's a leak, there's not much that can be released. But it seems the ArbCom and functionaries take the opposite approach, retaining large archives, setting up an ArbCom wiki, and I believe a checkuser wiki. A great deal of it is unpleasant gossip about people, and some of it is material that ought to remain private. So I really question the ethics of this approach, because I think it's very unfair to editors to keep so much material for so long, and to be constantly giving new people access to it, even though the subjects of the information may not have seen it themselves. <font color="black">]</font> <small><sup><font color="gold">]</font><font color="lime">]</font></sup></small> 01:31, 24 June 2011 (UTC) |
|
|
|
|
|
:::::::::Coren, is what you’re saying that it was possible to use Iridescent’s account to access information from before Iridescent became an arbitrator, because their e-mail account contained the password to the archive of past mailing list discussions? And it’s certain that there wasn’t any leak other than whoever broke into Iridescent’s account? --] (]) 01:16, 24 June 2011 (UTC) |
|
|
|
|
|
::::::::::That is what every the evidence we have indicates, yes. I'm not going to say that it's ''certain'' that there are no other possible leaks, but it's certainly improbable. I'm probably the only arbitrator who controls every part of his email infrastructure, so I can tell you as a fact that no access has been made to my own email, but the other arbitrators have taken measures to ensure that their passwords are secure to make as sure as we can that no other leak is possible. — ] <sup>]</sup> 01:22, 24 June 2011 (UTC) |
|
|
|
|
|
::::::::::(ec) That was the issue I raised with the Foundation, that new members automatically gain access to the full archives, including material they have no need to read. Some kind of purging ought to be taking place each year, so that these secret files about individuals aren't being retained, just waiting for someone to steal them. |
|
|
|
|
|
::::::::::Also, the leaker leaked Coren's email saying it was Iridescent's account. Presumably Coren sent that email after that account's access had been removed, so that's somewhat worrying. <font color="black">]</font> <small><sup><font color="gold">]</font><font color="lime">]</font></sup></small> 01:23, 24 June 2011 (UTC) |
|
|
{{undent}} No, it was not, though it is almost certainly the last email that account received from the list: Risker needed a bit of delay to get to a secure computer to remove the accesses. — ] <sup>]</sup> 01:28, 24 June 2011 (UTC) |
|
|
:I saw some emails that were not addressed to arbcom. For example at least one email was from SV addressed to Cirt. How this got stolen and/or leaked? |
|
|
:I believe, if wikipedia review has some self respect left, it should remove these stolen emails and ban the user who posted them for good.--] (]) 02:41, 24 June 2011 (UTC) |
|
|
::My guess (provisional, and subject to revision based on new information) is that we're seeing information that was in a personal mail archive. As opposed to there being a Misplaced Pages ] cache of the entire arbcom list available. Umm, regarding banning the user who posted them - since it was a new special account, that wouldn't do a lot good even if they were so inclined (horse, barn, door). -- ] (]) 03:03, 24 June 2011 (UTC) |
|
|
|
|
|
*Just following up on what Coren has said, that was the last email on the mailing list before the account in question was fully disabled from all private mailing lists and from the arbwiki. The point about archive security is entirely valid, and it is a concern that is shared by the Arbitration Committee. We have been having discussions with the WMF specifically about alternative methods of managing archives for various private lists, some processes are already in motion, and we were continuing to examine options for the arbcom-L list. We'll be accelerating those discussions now. However, at least some of it is a moot point because it appears these are from the arbitrator's own email logs and thus even tighter security on arbcom-L or arbwiki would not have changed the outcome. The committee members are now evaluating their own personal security situations, examining methods of storing emails, changing passwords and adding two-step authentications, to reduce the risk of a further recurrence. I know the saying about the barn door (I edit-conflicted with Seth saying the same thing), but I just wanted to point out that we've been working on this in the background for a while, and unfortunately this occurred before we'd managed to hammer out the details for this specific mailing list. ] (]) 03:07, 24 June 2011 (UTC) |
|
|
|
|
|
*:For everybody who uses GMAIL there is a line below the list of your messages: |
|
|
<div style="border-style:solid; border-color:blue; background-color:AliceBlue; border-width:1px; text-align:left; padding:8px;" class="plainlinks"> |
|
|
Last account activity: 1 hour ago at this IP (xx.xxx.xxx.xxx). <b>Details</b> (I redacted my IP address here) |
|
|
{{clear}} |
|
|
</div> |
|
|
|
|
|
*:"Details" is a clickable button. If you are to click it, you will see, if any IP other than your own accessed your account. It is a very useful tool that I used to locate a dirty hacker that hacked my email.--] (]) 03:26, 24 June 2011 (UTC) |
|
|
|
|
|
Am I right in recalling that this isn't the first time something like this has happened? Didn't someone once do a complete public dump of the ArbCom archives, or something like that? If this incident is any more than a complete one-off, then I suggest we stop giving out the impression to anyone that they can communicate privately via the ArbCom mailing list; if people have anything confidential they need to bring to an arbitrator's attention, they should be advised to write to a single arbitrator whom they trust (ideally the Foundation would employ someone to deal with such matters), and information would be shared further strictly on a need-to-know basis.--] (]) 10:14, 24 June 2011 (UTC) |
|
|
|
|
|
* Some editors indeed chose the method of contacting a single arbitrator, who then forward it to every individual arbitrator when a decision needs to be reached. In this case, it would not have made any difference if the correspondence was emailed via the list or bypassing it (via every individual arbitrator email). - ] 11:09, 24 June 2011 (UTC) |
|
|
*:But my point was that it doesn't need to go to every individual arbitrator. It depends on the situation, I suppose, but I would have thought in most cases it would be enough for at most two or three of them to see it (and others to be told only what the public is told). --] (]) 11:28, 24 June 2011 (UTC) |
|
|
*::The position here is that individual arbitrators have no special authority so any actual decisions need to be made the committee as a whole. What would help considerably though would be if people brought fewer things to the committee as many of the matters raised privately could be easily be handled publicly. ] <sup>]</sup> 11:54, 24 June 2011 (UTC) |
|
|
*:::Or if the committee learnt to delegate (which would have other advantages quite apart from limiting the circulation of private information). BTW, am I right in recalling that there have been leaks of this nature in the past, or is it my imagination (or untrue gossip)?--] (]) 12:01, 24 June 2011 (UTC) |
|
|
|
|
|
From the threads on WR, it sure doesn't appear to be Iridescent who was hacked to me. Why would Iridescent have the whole SlimVirgin/Cirt/Shell thread, especially since Shell made it clear she was not sharing it with the whole of arbcom? I think your mailing list is leaking like a sieve and something needs to be done, pronto. ] (]) 14:07, 24 June 2011 (UTC) |
|
|
:The entire SV/Cirt/Shell thread was forwarded to the arbcom-l mailing list at a later date (following a call for Shell's recusal in the related arbitration case). |
|
|
:As indicated above, it is believed that the immediate cause of the breach has been identified and prevented from further access. We are exploring options to avoid a similar recurrence. –]] 14:20, 24 June 2011 (UTC) |
|
|
::So what ''was'' the cause of the breach? ] ] 14:59, 24 June 2011 (UTC) |
|
|
:::It is believed the cause was a breach of security (i.e. someone targeting an arbitrator's PC and/or email account). We intend to post a detailed statement in the near future. –]] 15:23, 24 June 2011 (UTC) |
|
|
|
|
|
== Break - security == |
|
|
What's the status regarding functionaries-en? Is there anything to indicate that material from that list was also compromised? <span style="font-family:Georgia;font-size:80%;">'''/]]]'''</span> 18:34, 24 June 2011 (UTC) |
|
|
:It's likely that some or many email from that list were also in the compromised mail account. Whether the criminal who broke into it ''cared'' enough for those email (who are, in the end, much less superficially "interesting" than arbcom-l's) to download them before access was cut, we cannot say. I note that none seem to have been leaked, though that obviously shouldn't be taken as any sort of guarantee. — ] <sup>]</sup> 19:20, 24 June 2011 (UTC) |
|
|
::As an uninvolved (I hope!) observer, I'd hate for the ArbCom to throw out the baby with the bathwater, losing important communication systems and institutional memory. Perhaps the archive can be set with a daily limit and a notice could go to the email list every time the it's accessed. Whatever the right solution is, I hope the WMF takes this issue seriously enough to devote sufficient coding resources to provide security for the largest Wikimedia project. <b>] ] </b> 19:50, 24 June 2011 (UTC) |
|
|
:::There are systematic problems to fix for which, indeed, there may be technological help available. Much of this would require a bit of coding and support from the foundation (I would, for instance, ''strongly'' suggest some sort of two-factor authentication before private data can be accessed, and a running ''log'' of such accesses).<p>By happenstance IT security is my specialty, so I've already spoken at length about stronger security mechanisms; but I'm going to work directly with the foundation to help put those mechanisms in place in the short term. If nothing else, this incident will have served to highlight the importance of doing so. — ] <sup>]</sup> 19:56, 24 June 2011 (UTC) |
|
|
::::Re Xeno's recent email to me, which hasn't yet been leaked onto WR, I hope that you will not fall into the trap of security by obscurity, or avoid disclosing what actually happened here by deploying the silly beans argument. I am not at all happy about the situation this leak has put me in. ] ] 20:03, 24 June 2011 (UTC) |
|
|
:::::I actually ''know'' security, Malleus; you'll not find me arguing for security theater. Little of what happened could have been avoided the way things are currently set up; we've plugged the immediate hole, but unless we start taking security more seriously such things ''are'' going to happen again. Like I've said, I've already approached the Foundation to start working on a review and rebuild of the way we handle private data from the ground up.<p>I take what happened to you (and the other victims) ''very'' seriously, and I don't intend to let the matter rest until I can confidently say that another incident like this will ''not'' happen again. — ] <sup>]</sup> 20:15, 24 June 2011 (UTC) |
|
|
|
|
|
* There are two separate issues here: the first is the personal IT security of individuals with access to non-public mailing lists, which we believe is what is at issue in this current event. We all know people who have taken all kinds of precautions and still wound up with hidden software in their computer; and this will always remain the most likely vector of attack. <p>The second issue is the management of archiving of private mailing lists, and we have been working with WMF on this issue for some months now. Changes are already in progress for some private mailing lists which are affiliated in whole or in part with Arbcom. The biggest challenge is the Mailman software that is currently used by WMF: it is extremely inflexible when it comes to archiving. One either has archiving turned on or off, but there is no ability to set auto-destroy or to manually remove posts from the archives. Therefore, the only way to keep current archives that are in very active use is to also keep the archives that were created at the inception of the list. We have made what we believe is a strong case for WMF to consider other mailing list software specifically for private mailing lists (Mailman's archiving function is just fine for the public lists). <p>We have also endorsed the principle of requiring two-step log-in for WMF-related private wikis, and I've been advised that the developers/sysadmins are currently looking at how this can be done, with a goal toward implementation. ] (]) 21:02, 24 June 2011 (UTC) |
|
