[Wikimedia-l] How should security of Wikimedia accounts be better?

classic Classic list List threaded Threaded
18 messages Options
Reply | Threaded
Open this post in threaded view
|

[Wikimedia-l] How should security of Wikimedia accounts be better?

Fæ
Do any of the volunteers contributing to this list have ideas for
changes that may make a significant difference to security?

Yesterday saw Jimmy Wales' Wikipedia account getting hacked, in the
process appearing to promote an organisation.[1] It was not the only
account compromised. This is being analysed, though as there are
security issues being examined, the analysis has not been made public
so far; plus it's the weekend :-)

Over the last few years, there have improvements on account set-up and
choice of passwords, along with user suggestions for better account
management. Users can also chose to use committed identities[2] to
make account recovery easier, and are encouraged to use more secure
passwords. Two-factor authentication,[3] such as using mobile phone
text messages, has been suggested a few times by volunteers, and this
might be a good moment to encourage the WMF to have better facilities
built into the projects. We could even make two-factor identification
a requirement for trusted users, such as administrators, important
bots, and "high profile" accounts, where they may have special rights
that could cause a fair amount of disruption if a hacked account were
not identified quickly. Considering that some administrator accounts
can lie dormant for many months without the actual user monitoring it,
these could end up being far more disruptive than well-watched
accounts like Jimmy's.

We may want extra security to remain mostly optional, keeping our
projects simple to access. Education of new volunteers and trusted
users may be critical for making it effective, such as avoiding social
hacking. A clearer understanding of what the community would want to
see improved would probably help set development priorities.

Links
1. https://en.wikipedia.org/wiki/User_talk:Jimbo_Wales#Compromised
2. https://en.wikipedia.org/wiki/Template:Committed_identity
3. https://en.wikipedia.org/wiki/Multi-factor_authentication

Thanks,
Fae
--
[hidden email] https://commons.wikimedia.org/wiki/User:Fae

_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
New messages to: [hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] How should security of Wikimedia accounts be better?

Craig Franklin
I know it's been said many times, but two-factor authentication, mandatory
for accounts with advanced privileges and optionally available for everyone
else, would seem to be a logical step.  It's not foolproof, but it would go
a long way to making us less of a soft target.

Cheers,
Craig

On 12 November 2016 at 22:22, Fæ <[hidden email]> wrote:

> Do any of the volunteers contributing to this list have ideas for
> changes that may make a significant difference to security?
>
> Yesterday saw Jimmy Wales' Wikipedia account getting hacked, in the
> process appearing to promote an organisation.[1] It was not the only
> account compromised. This is being analysed, though as there are
> security issues being examined, the analysis has not been made public
> so far; plus it's the weekend :-)
>
> Over the last few years, there have improvements on account set-up and
> choice of passwords, along with user suggestions for better account
> management. Users can also chose to use committed identities[2] to
> make account recovery easier, and are encouraged to use more secure
> passwords. Two-factor authentication,[3] such as using mobile phone
> text messages, has been suggested a few times by volunteers, and this
> might be a good moment to encourage the WMF to have better facilities
> built into the projects. We could even make two-factor identification
> a requirement for trusted users, such as administrators, important
> bots, and "high profile" accounts, where they may have special rights
> that could cause a fair amount of disruption if a hacked account were
> not identified quickly. Considering that some administrator accounts
> can lie dormant for many months without the actual user monitoring it,
> these could end up being far more disruptive than well-watched
> accounts like Jimmy's.
>
> We may want extra security to remain mostly optional, keeping our
> projects simple to access. Education of new volunteers and trusted
> users may be critical for making it effective, such as avoiding social
> hacking. A clearer understanding of what the community would want to
> see improved would probably help set development priorities.
>
> Links
> 1. https://en.wikipedia.org/wiki/User_talk:Jimbo_Wales#Compromised
> 2. https://en.wikipedia.org/wiki/Template:Committed_identity
> 3. https://en.wikipedia.org/wiki/Multi-factor_authentication
>
> Thanks,
> Fae
> --
> [hidden email] https://commons.wikimedia.org/wiki/User:Fae
>
> _______________________________________________
> Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/
> wiki/Mailing_lists/Guidelines
> New messages to: [hidden email]
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> <mailto:[hidden email]?subject=unsubscribe>
_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
New messages to: [hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] How should security of Wikimedia accounts be better?

Amir Sarabadani-2
As far as I know 2FA is already implemented and mandatory for WMF staff
accounts and wikitech accounts. https://phabricator.wikimedia.org/T107605

I emphasized on having 2fa for CUs, oversights and others with private data
access: https://phabricator.wikimedia.org/T107605#2570342
Not sure what's blocking this.

Best

On Sat, Nov 12, 2016 at 3:57 PM Craig Franklin <[hidden email]>
wrote:

> I know it's been said many times, but two-factor authentication, mandatory
> for accounts with advanced privileges and optionally available for everyone
> else, would seem to be a logical step.  It's not foolproof, but it would go
> a long way to making us less of a soft target.
>
> Cheers,
> Craig
>
> On 12 November 2016 at 22:22, Fæ <[hidden email]> wrote:
>
> > Do any of the volunteers contributing to this list have ideas for
> > changes that may make a significant difference to security?
> >
> > Yesterday saw Jimmy Wales' Wikipedia account getting hacked, in the
> > process appearing to promote an organisation.[1] It was not the only
> > account compromised. This is being analysed, though as there are
> > security issues being examined, the analysis has not been made public
> > so far; plus it's the weekend :-)
> >
> > Over the last few years, there have improvements on account set-up and
> > choice of passwords, along with user suggestions for better account
> > management. Users can also chose to use committed identities[2] to
> > make account recovery easier, and are encouraged to use more secure
> > passwords. Two-factor authentication,[3] such as using mobile phone
> > text messages, has been suggested a few times by volunteers, and this
> > might be a good moment to encourage the WMF to have better facilities
> > built into the projects. We could even make two-factor identification
> > a requirement for trusted users, such as administrators, important
> > bots, and "high profile" accounts, where they may have special rights
> > that could cause a fair amount of disruption if a hacked account were
> > not identified quickly. Considering that some administrator accounts
> > can lie dormant for many months without the actual user monitoring it,
> > these could end up being far more disruptive than well-watched
> > accounts like Jimmy's.
> >
> > We may want extra security to remain mostly optional, keeping our
> > projects simple to access. Education of new volunteers and trusted
> > users may be critical for making it effective, such as avoiding social
> > hacking. A clearer understanding of what the community would want to
> > see improved would probably help set development priorities.
> >
> > Links
> > 1. https://en.wikipedia.org/wiki/User_talk:Jimbo_Wales#Compromised
> > 2. https://en.wikipedia.org/wiki/Template:Committed_identity
> > 3. https://en.wikipedia.org/wiki/Multi-factor_authentication
> >
> > Thanks,
> > Fae
> > --
> > [hidden email] https://commons.wikimedia.org/wiki/User:Fae
> >
> > _______________________________________________
> > Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/
> > wiki/Mailing_lists/Guidelines
> > New messages to: [hidden email]
> > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> > <mailto:[hidden email]?subject=unsubscribe>
> _______________________________________________
> Wikimedia-l mailing list, guidelines at:
> https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
> New messages to: [hidden email]
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> <mailto:[hidden email]?subject=unsubscribe>
_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
New messages to: [hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] How should security of Wikimedia accounts be better?

Vi to
My phone number is something I consider highly sensitive. Linking this kind
of data to my online identity would be an unacceptable risk for me.

Vito

2016-11-12 13:37 GMT+01:00 Amir Ladsgroup <[hidden email]>:

> As far as I know 2FA is already implemented and mandatory for WMF staff
> accounts and wikitech accounts. https://phabricator.wikimedia.org/T107605
>
> I emphasized on having 2fa for CUs, oversights and others with private data
> access: https://phabricator.wikimedia.org/T107605#2570342
> Not sure what's blocking this.
>
> Best
>
> On Sat, Nov 12, 2016 at 3:57 PM Craig Franklin <[hidden email]>
> wrote:
>
> > I know it's been said many times, but two-factor authentication,
> mandatory
> > for accounts with advanced privileges and optionally available for
> everyone
> > else, would seem to be a logical step.  It's not foolproof, but it would
> go
> > a long way to making us less of a soft target.
> >
> > Cheers,
> > Craig
> >
> > On 12 November 2016 at 22:22, Fæ <[hidden email]> wrote:
> >
> > > Do any of the volunteers contributing to this list have ideas for
> > > changes that may make a significant difference to security?
> > >
> > > Yesterday saw Jimmy Wales' Wikipedia account getting hacked, in the
> > > process appearing to promote an organisation.[1] It was not the only
> > > account compromised. This is being analysed, though as there are
> > > security issues being examined, the analysis has not been made public
> > > so far; plus it's the weekend :-)
> > >
> > > Over the last few years, there have improvements on account set-up and
> > > choice of passwords, along with user suggestions for better account
> > > management. Users can also chose to use committed identities[2] to
> > > make account recovery easier, and are encouraged to use more secure
> > > passwords. Two-factor authentication,[3] such as using mobile phone
> > > text messages, has been suggested a few times by volunteers, and this
> > > might be a good moment to encourage the WMF to have better facilities
> > > built into the projects. We could even make two-factor identification
> > > a requirement for trusted users, such as administrators, important
> > > bots, and "high profile" accounts, where they may have special rights
> > > that could cause a fair amount of disruption if a hacked account were
> > > not identified quickly. Considering that some administrator accounts
> > > can lie dormant for many months without the actual user monitoring it,
> > > these could end up being far more disruptive than well-watched
> > > accounts like Jimmy's.
> > >
> > > We may want extra security to remain mostly optional, keeping our
> > > projects simple to access. Education of new volunteers and trusted
> > > users may be critical for making it effective, such as avoiding social
> > > hacking. A clearer understanding of what the community would want to
> > > see improved would probably help set development priorities.
> > >
> > > Links
> > > 1. https://en.wikipedia.org/wiki/User_talk:Jimbo_Wales#Compromised
> > > 2. https://en.wikipedia.org/wiki/Template:Committed_identity
> > > 3. https://en.wikipedia.org/wiki/Multi-factor_authentication
> > >
> > > Thanks,
> > > Fae
> > > --
> > > [hidden email] https://commons.wikimedia.org/wiki/User:Fae
> > >
> > > _______________________________________________
> > > Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/
> > > wiki/Mailing_lists/Guidelines
> > > New messages to: [hidden email]
> > > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> > > <mailto:[hidden email]?subject=unsubscribe>
> > _______________________________________________
> > Wikimedia-l mailing list, guidelines at:
> > https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
> > New messages to: [hidden email]
> > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> > <mailto:[hidden email]?subject=unsubscribe>
> _______________________________________________
> Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/
> wiki/Mailing_lists/Guidelines
> New messages to: [hidden email]
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> <mailto:[hidden email]?subject=unsubscribe>
>
_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
New messages to: [hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] How should security of Wikimedia accounts be better?

Fæ
Good point Vito,

I agree that mobile numbers are personal information. However, my
understanding of the two-factor process would be that it can set up so
that mobile numbers are *guaranteed* to never be logged or archived
and only stored in a constrained way for a verification number to be
issued. There are various ways of getting two-factor processes to
work, so methods that do not rely on mobile numbers may suit
volunteers that are worried about sending their mobile phone number to
any server in the USA, where there are always questions about secret
access and storage for government agencies.

We can require that guarantees are given and transparently assured for
how any personal information like this is handled by WMF implemented
software. It could even be an area that requires legally meaningful
assurance, or local processing to avoid, say, Europeans sending any
personal data to the USA.  ;-)

Fae

On 12 November 2016 at 13:53, Vi to <[hidden email]> wrote:

> My phone number is something I consider highly sensitive. Linking this kind
> of data to my online identity would be an unacceptable risk for me.
>
> Vito
>
> 2016-11-12 13:37 GMT+01:00 Amir Ladsgroup <[hidden email]>:
>
>> As far as I know 2FA is already implemented and mandatory for WMF staff
>> accounts and wikitech accounts. https://phabricator.wikimedia.org/T107605
>>
>> I emphasized on having 2fa for CUs, oversights and others with private data
>> access: https://phabricator.wikimedia.org/T107605#2570342
>> Not sure what's blocking this.
>>
>> Best
>>
>> On Sat, Nov 12, 2016 at 3:57 PM Craig Franklin <[hidden email]>
>> wrote:
>>
>> > I know it's been said many times, but two-factor authentication,
>> mandatory
>> > for accounts with advanced privileges and optionally available for
>> everyone
>> > else, would seem to be a logical step.  It's not foolproof, but it would
>> go
>> > a long way to making us less of a soft target.
>> >
>> > Cheers,
>> > Craig
>> >
>> > On 12 November 2016 at 22:22, Fæ <[hidden email]> wrote:
>> >
>> > > Do any of the volunteers contributing to this list have ideas for
>> > > changes that may make a significant difference to security?
>> > >
>> > > Yesterday saw Jimmy Wales' Wikipedia account getting hacked, in the
>> > > process appearing to promote an organisation.[1] It was not the only
>> > > account compromised. This is being analysed, though as there are
>> > > security issues being examined, the analysis has not been made public
>> > > so far; plus it's the weekend :-)
>> > >
>> > > Over the last few years, there have improvements on account set-up and
>> > > choice of passwords, along with user suggestions for better account
>> > > management. Users can also chose to use committed identities[2] to
>> > > make account recovery easier, and are encouraged to use more secure
>> > > passwords. Two-factor authentication,[3] such as using mobile phone
>> > > text messages, has been suggested a few times by volunteers, and this
>> > > might be a good moment to encourage the WMF to have better facilities
>> > > built into the projects. We could even make two-factor identification
>> > > a requirement for trusted users, such as administrators, important
>> > > bots, and "high profile" accounts, where they may have special rights
>> > > that could cause a fair amount of disruption if a hacked account were
>> > > not identified quickly. Considering that some administrator accounts
>> > > can lie dormant for many months without the actual user monitoring it,
>> > > these could end up being far more disruptive than well-watched
>> > > accounts like Jimmy's.
>> > >
>> > > We may want extra security to remain mostly optional, keeping our
>> > > projects simple to access. Education of new volunteers and trusted
>> > > users may be critical for making it effective, such as avoiding social
>> > > hacking. A clearer understanding of what the community would want to
>> > > see improved would probably help set development priorities.
>> > >
>> > > Links
>> > > 1. https://en.wikipedia.org/wiki/User_talk:Jimbo_Wales#Compromised
>> > > 2. https://en.wikipedia.org/wiki/Template:Committed_identity
>> > > 3. https://en.wikipedia.org/wiki/Multi-factor_authentication
>> > >
>> > > Thanks,
>> > > Fae
>> > > --
>> > > [hidden email] https://commons.wikimedia.org/wiki/User:Fae
>> > >
>> > > _______________________________________________
>> > > Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/
>> > > wiki/Mailing_lists/Guidelines
>> > > New messages to: [hidden email]
>> > > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
>> > > <mailto:[hidden email]?subject=unsubscribe>
>> > _______________________________________________
>> > Wikimedia-l mailing list, guidelines at:
>> > https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
>> > New messages to: [hidden email]
>> > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
>> > <mailto:[hidden email]?subject=unsubscribe>
>> _______________________________________________
>> Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/
>> wiki/Mailing_lists/Guidelines
>> New messages to: [hidden email]
>> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
>> <mailto:[hidden email]?subject=unsubscribe>

--
[hidden email] https://commons.wikimedia.org/wiki/User:Fae

_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
New messages to: [hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] How should security of Wikimedia accounts be better?

Amir Sarabadani-2
There is no need to store phone number at all.
You need to install an app called "Google Authenticator" or similar ones.
Then you scan a QR code from a special page in Wikipedia. Then every time
you want to login, you need to give username, password and a short-lived
token the app gives you. See this for more details:
https://lists.wikimedia.org/pipermail/labs-announce/2016-March/000104.html



On Sat, Nov 12, 2016 at 5:38 PM Fæ <[hidden email]> wrote:

Good point Vito,

I agree that mobile numbers are personal information. However, my
understanding of the two-factor process would be that it can set up so
that mobile numbers are *guaranteed* to never be logged or archived
and only stored in a constrained way for a verification number to be
issued. There are various ways of getting two-factor processes to
work, so methods that do not rely on mobile numbers may suit
volunteers that are worried about sending their mobile phone number to
any server in the USA, where there are always questions about secret
access and storage for government agencies.

We can require that guarantees are given and transparently assured for
how any personal information like this is handled by WMF implemented
software. It could even be an area that requires legally meaningful
assurance, or local processing to avoid, say, Europeans sending any
personal data to the USA.  ;-)

Fae

On 12 November 2016 at 13:53, Vi to <[hidden email]> wrote:
> My phone number is something I consider highly sensitive. Linking this
kind

> of data to my online identity would be an unacceptable risk for me.
>
> Vito
>
> 2016-11-12 13:37 GMT+01:00 Amir Ladsgroup <[hidden email]>:
>
>> As far as I know 2FA is already implemented and mandatory for WMF staff
>> accounts and wikitech accounts. https://phabricator.wikimedia.org/T107605
>>
>> I emphasized on having 2fa for CUs, oversights and others with private
data

>> access: https://phabricator.wikimedia.org/T107605#2570342
>> Not sure what's blocking this.
>>
>> Best
>>
>> On Sat, Nov 12, 2016 at 3:57 PM Craig Franklin <[hidden email]
>
>> wrote:
>>
>> > I know it's been said many times, but two-factor authentication,
>> mandatory
>> > for accounts with advanced privileges and optionally available for
>> everyone
>> > else, would seem to be a logical step.  It's not foolproof, but it
would

>> go
>> > a long way to making us less of a soft target.
>> >
>> > Cheers,
>> > Craig
>> >
>> > On 12 November 2016 at 22:22, Fæ <[hidden email]> wrote:
>> >
>> > > Do any of the volunteers contributing to this list have ideas for
>> > > changes that may make a significant difference to security?
>> > >
>> > > Yesterday saw Jimmy Wales' Wikipedia account getting hacked, in the
>> > > process appearing to promote an organisation.[1] It was not the only
>> > > account compromised. This is being analysed, though as there are
>> > > security issues being examined, the analysis has not been made public
>> > > so far; plus it's the weekend :-)
>> > >
>> > > Over the last few years, there have improvements on account set-up
and

>> > > choice of passwords, along with user suggestions for better account
>> > > management. Users can also chose to use committed identities[2] to
>> > > make account recovery easier, and are encouraged to use more secure
>> > > passwords. Two-factor authentication,[3] such as using mobile phone
>> > > text messages, has been suggested a few times by volunteers, and this
>> > > might be a good moment to encourage the WMF to have better facilities
>> > > built into the projects. We could even make two-factor identification
>> > > a requirement for trusted users, such as administrators, important
>> > > bots, and "high profile" accounts, where they may have special rights
>> > > that could cause a fair amount of disruption if a hacked account were
>> > > not identified quickly. Considering that some administrator accounts
>> > > can lie dormant for many months without the actual user monitoring
it,
>> > > these could end up being far more disruptive than well-watched
>> > > accounts like Jimmy's.
>> > >
>> > > We may want extra security to remain mostly optional, keeping our
>> > > projects simple to access. Education of new volunteers and trusted
>> > > users may be critical for making it effective, such as avoiding
social

>> > > hacking. A clearer understanding of what the community would want to
>> > > see improved would probably help set development priorities.
>> > >
>> > > Links
>> > > 1. https://en.wikipedia.org/wiki/User_talk:Jimbo_Wales#Compromised
>> > > 2. https://en.wikipedia.org/wiki/Template:Committed_identity
>> > > 3. https://en.wikipedia.org/wiki/Multi-factor_authentication
>> > >
>> > > Thanks,
>> > > Fae
>> > > --
>> > > [hidden email] https://commons.wikimedia.org/wiki/User:Fae
>> > >
>> > > _______________________________________________
>> > > Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/
>> > > wiki/Mailing_lists/Guidelines
>> > > New messages to: [hidden email]
>> > > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
,

>> > > <mailto:[hidden email]?subject=unsubscribe>
>> > _______________________________________________
>> > Wikimedia-l mailing list, guidelines at:
>> > https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
>> > New messages to: [hidden email]
>> > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
>> > <mailto:[hidden email]?subject=unsubscribe>
>> _______________________________________________
>> Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/
>> wiki/Mailing_lists/Guidelines
>> New messages to: [hidden email]
>> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
>> <mailto:[hidden email]?subject=unsubscribe>

--
[hidden email] https://commons.wikimedia.org/wiki/User:Fae

_______________________________________________
Wikimedia-l mailing list, guidelines at:
https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
New messages to: [hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
<mailto:[hidden email]?subject=unsubscribe>
_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
New messages to: [hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] How should security of Wikimedia accounts be better?

Vi to
In reply to this post by Fæ
At a glance I don't see any way to avoid storing numbers somewhere. Other
solutions would be physically sent card/tokens (more secure, less cheap,
more privacy concerns) or "display once and print" cards with randomly
generated numbers to use as 2nd factor (less secure, *so* cheap, no privacy
concerns).

Anyway we should provide a set of 2FA methods: 2FA with mobile numbers is
great for people being not privacy-paranoid (like me).

Vito

2016-11-12 15:08 GMT+01:00 Fæ <[hidden email]>:

> Good point Vito,
>
> I agree that mobile numbers are personal information. However, my
> understanding of the two-factor process would be that it can set up so
> that mobile numbers are *guaranteed* to never be logged or archived
> and only stored in a constrained way for a verification number to be
> issued. There are various ways of getting two-factor processes to
> work, so methods that do not rely on mobile numbers may suit
> volunteers that are worried about sending their mobile phone number to
> any server in the USA, where there are always questions about secret
> access and storage for government agencies.
>
> We can require that guarantees are given and transparently assured for
> how any personal information like this is handled by WMF implemented
> software. It could even be an area that requires legally meaningful
> assurance, or local processing to avoid, say, Europeans sending any
> personal data to the USA.  ;-)
>
> Fae
>
> On 12 November 2016 at 13:53, Vi to <[hidden email]> wrote:
> > My phone number is something I consider highly sensitive. Linking this
> kind
> > of data to my online identity would be an unacceptable risk for me.
> >
> > Vito
> >
> > 2016-11-12 13:37 GMT+01:00 Amir Ladsgroup <[hidden email]>:
> >
> >> As far as I know 2FA is already implemented and mandatory for WMF staff
> >> accounts and wikitech accounts. https://phabricator.wikimedia.
> org/T107605
> >>
> >> I emphasized on having 2fa for CUs, oversights and others with private
> data
> >> access: https://phabricator.wikimedia.org/T107605#2570342
> >> Not sure what's blocking this.
> >>
> >> Best
> >>
> >> On Sat, Nov 12, 2016 at 3:57 PM Craig Franklin <
> [hidden email]>
> >> wrote:
> >>
> >> > I know it's been said many times, but two-factor authentication,
> >> mandatory
> >> > for accounts with advanced privileges and optionally available for
> >> everyone
> >> > else, would seem to be a logical step.  It's not foolproof, but it
> would
> >> go
> >> > a long way to making us less of a soft target.
> >> >
> >> > Cheers,
> >> > Craig
> >> >
> >> > On 12 November 2016 at 22:22, Fæ <[hidden email]> wrote:
> >> >
> >> > > Do any of the volunteers contributing to this list have ideas for
> >> > > changes that may make a significant difference to security?
> >> > >
> >> > > Yesterday saw Jimmy Wales' Wikipedia account getting hacked, in the
> >> > > process appearing to promote an organisation.[1] It was not the only
> >> > > account compromised. This is being analysed, though as there are
> >> > > security issues being examined, the analysis has not been made
> public
> >> > > so far; plus it's the weekend :-)
> >> > >
> >> > > Over the last few years, there have improvements on account set-up
> and
> >> > > choice of passwords, along with user suggestions for better account
> >> > > management. Users can also chose to use committed identities[2] to
> >> > > make account recovery easier, and are encouraged to use more secure
> >> > > passwords. Two-factor authentication,[3] such as using mobile phone
> >> > > text messages, has been suggested a few times by volunteers, and
> this
> >> > > might be a good moment to encourage the WMF to have better
> facilities
> >> > > built into the projects. We could even make two-factor
> identification
> >> > > a requirement for trusted users, such as administrators, important
> >> > > bots, and "high profile" accounts, where they may have special
> rights
> >> > > that could cause a fair amount of disruption if a hacked account
> were
> >> > > not identified quickly. Considering that some administrator accounts
> >> > > can lie dormant for many months without the actual user monitoring
> it,
> >> > > these could end up being far more disruptive than well-watched
> >> > > accounts like Jimmy's.
> >> > >
> >> > > We may want extra security to remain mostly optional, keeping our
> >> > > projects simple to access. Education of new volunteers and trusted
> >> > > users may be critical for making it effective, such as avoiding
> social
> >> > > hacking. A clearer understanding of what the community would want to
> >> > > see improved would probably help set development priorities.
> >> > >
> >> > > Links
> >> > > 1. https://en.wikipedia.org/wiki/User_talk:Jimbo_Wales#Compromised
> >> > > 2. https://en.wikipedia.org/wiki/Template:Committed_identity
> >> > > 3. https://en.wikipedia.org/wiki/Multi-factor_authentication
> >> > >
> >> > > Thanks,
> >> > > Fae
> >> > > --
> >> > > [hidden email] https://commons.wikimedia.org/wiki/User:Fae
> >> > >
> >> > > _______________________________________________
> >> > > Wikimedia-l mailing list, guidelines at:
> https://meta.wikimedia.org/
> >> > > wiki/Mailing_lists/Guidelines
> >> > > New messages to: [hidden email]
> >> > > Unsubscribe: https://lists.wikimedia.org/
> mailman/listinfo/wikimedia-l,
> >> > > <mailto:[hidden email]?subject=
> unsubscribe>
> >> > _______________________________________________
> >> > Wikimedia-l mailing list, guidelines at:
> >> > https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
> >> > New messages to: [hidden email]
> >> > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
> ,
> >> > <mailto:[hidden email]?subject=unsubscribe>
> >> _______________________________________________
> >> Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/
> >> wiki/Mailing_lists/Guidelines
> >> New messages to: [hidden email]
> >> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> >> <mailto:[hidden email]?subject=unsubscribe>
>
> --
> [hidden email] https://commons.wikimedia.org/wiki/User:Fae
>
> _______________________________________________
> Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/
> wiki/Mailing_lists/Guidelines
> New messages to: [hidden email]
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> <mailto:[hidden email]?subject=unsubscribe>
>
_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
New messages to: [hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] How should security of Wikimedia accounts be better?

Vi to
In reply to this post by Amir Sarabadani-2
Actually I consider to be sensitive the google account linked to my mobile
phone :|

also lots of people might have no compatible devices.

Vito

2016-11-12 15:30 GMT+01:00 Amir Ladsgroup <[hidden email]>:

> There is no need to store phone number at all.
> You need to install an app called "Google Authenticator" or similar ones.
> Then you scan a QR code from a special page in Wikipedia. Then every time
> you want to login, you need to give username, password and a short-lived
> token the app gives you. See this for more details:
> https://lists.wikimedia.org/pipermail/labs-announce/2016-March/000104.html
>
>
>
> On Sat, Nov 12, 2016 at 5:38 PM Fæ <[hidden email]> wrote:
>
> Good point Vito,
>
> I agree that mobile numbers are personal information. However, my
> understanding of the two-factor process would be that it can set up so
> that mobile numbers are *guaranteed* to never be logged or archived
> and only stored in a constrained way for a verification number to be
> issued. There are various ways of getting two-factor processes to
> work, so methods that do not rely on mobile numbers may suit
> volunteers that are worried about sending their mobile phone number to
> any server in the USA, where there are always questions about secret
> access and storage for government agencies.
>
> We can require that guarantees are given and transparently assured for
> how any personal information like this is handled by WMF implemented
> software. It could even be an area that requires legally meaningful
> assurance, or local processing to avoid, say, Europeans sending any
> personal data to the USA.  ;-)
>
> Fae
>
> On 12 November 2016 at 13:53, Vi to <[hidden email]> wrote:
> > My phone number is something I consider highly sensitive. Linking this
> kind
> > of data to my online identity would be an unacceptable risk for me.
> >
> > Vito
> >
> > 2016-11-12 13:37 GMT+01:00 Amir Ladsgroup <[hidden email]>:
> >
> >> As far as I know 2FA is already implemented and mandatory for WMF staff
> >> accounts and wikitech accounts. https://phabricator.wikimedia.
> org/T107605
> >>
> >> I emphasized on having 2fa for CUs, oversights and others with private
> data
> >> access: https://phabricator.wikimedia.org/T107605#2570342
> >> Not sure what's blocking this.
> >>
> >> Best
> >>
> >> On Sat, Nov 12, 2016 at 3:57 PM Craig Franklin <
> [hidden email]
> >
> >> wrote:
> >>
> >> > I know it's been said many times, but two-factor authentication,
> >> mandatory
> >> > for accounts with advanced privileges and optionally available for
> >> everyone
> >> > else, would seem to be a logical step.  It's not foolproof, but it
> would
> >> go
> >> > a long way to making us less of a soft target.
> >> >
> >> > Cheers,
> >> > Craig
> >> >
> >> > On 12 November 2016 at 22:22, Fæ <[hidden email]> wrote:
> >> >
> >> > > Do any of the volunteers contributing to this list have ideas for
> >> > > changes that may make a significant difference to security?
> >> > >
> >> > > Yesterday saw Jimmy Wales' Wikipedia account getting hacked, in the
> >> > > process appearing to promote an organisation.[1] It was not the only
> >> > > account compromised. This is being analysed, though as there are
> >> > > security issues being examined, the analysis has not been made
> public
> >> > > so far; plus it's the weekend :-)
> >> > >
> >> > > Over the last few years, there have improvements on account set-up
> and
> >> > > choice of passwords, along with user suggestions for better account
> >> > > management. Users can also chose to use committed identities[2] to
> >> > > make account recovery easier, and are encouraged to use more secure
> >> > > passwords. Two-factor authentication,[3] such as using mobile phone
> >> > > text messages, has been suggested a few times by volunteers, and
> this
> >> > > might be a good moment to encourage the WMF to have better
> facilities
> >> > > built into the projects. We could even make two-factor
> identification
> >> > > a requirement for trusted users, such as administrators, important
> >> > > bots, and "high profile" accounts, where they may have special
> rights
> >> > > that could cause a fair amount of disruption if a hacked account
> were
> >> > > not identified quickly. Considering that some administrator accounts
> >> > > can lie dormant for many months without the actual user monitoring
> it,
> >> > > these could end up being far more disruptive than well-watched
> >> > > accounts like Jimmy's.
> >> > >
> >> > > We may want extra security to remain mostly optional, keeping our
> >> > > projects simple to access. Education of new volunteers and trusted
> >> > > users may be critical for making it effective, such as avoiding
> social
> >> > > hacking. A clearer understanding of what the community would want to
> >> > > see improved would probably help set development priorities.
> >> > >
> >> > > Links
> >> > > 1. https://en.wikipedia.org/wiki/User_talk:Jimbo_Wales#Compromised
> >> > > 2. https://en.wikipedia.org/wiki/Template:Committed_identity
> >> > > 3. https://en.wikipedia.org/wiki/Multi-factor_authentication
> >> > >
> >> > > Thanks,
> >> > > Fae
> >> > > --
> >> > > [hidden email] https://commons.wikimedia.org/wiki/User:Fae
> >> > >
> >> > > _______________________________________________
> >> > > Wikimedia-l mailing list, guidelines at:
> https://meta.wikimedia.org/
> >> > > wiki/Mailing_lists/Guidelines
> >> > > New messages to: [hidden email]
> >> > > Unsubscribe: https://lists.wikimedia.org/
> mailman/listinfo/wikimedia-l
> ,
> >> > > <mailto:[hidden email]?subject=
> unsubscribe>
> >> > _______________________________________________
> >> > Wikimedia-l mailing list, guidelines at:
> >> > https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
> >> > New messages to: [hidden email]
> >> > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
> ,
> >> > <mailto:[hidden email]?subject=unsubscribe>
> >> _______________________________________________
> >> Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/
> >> wiki/Mailing_lists/Guidelines
> >> New messages to: [hidden email]
> >> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> >> <mailto:[hidden email]?subject=unsubscribe>
>
> --
> [hidden email] https://commons.wikimedia.org/wiki/User:Fae
>
> _______________________________________________
> Wikimedia-l mailing list, guidelines at:
> https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
> New messages to: [hidden email]
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> <mailto:[hidden email]?subject=unsubscribe>
> _______________________________________________
> Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/
> wiki/Mailing_lists/Guidelines
> New messages to: [hidden email]
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> <mailto:[hidden email]?subject=unsubscribe>
>
_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
New messages to: [hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] How should security of Wikimedia accounts be better?

Amir Sarabadani-2
Emphasizing on this part of my message: "'Google Authenticator' *or similar
ones.*"

On Sat, Nov 12, 2016 at 6:04 PM Vi to <[hidden email]> wrote:

> Actually I consider to be sensitive the google account linked to my mobile
> phone :|
>
> also lots of people might have no compatible devices.
>
> Vito
>
> 2016-11-12 15:30 GMT+01:00 Amir Ladsgroup <[hidden email]>:
>
> > There is no need to store phone number at all.
> > You need to install an app called "Google Authenticator" or similar ones.
> > Then you scan a QR code from a special page in Wikipedia. Then every time
> > you want to login, you need to give username, password and a short-lived
> > token the app gives you. See this for more details:
> >
> https://lists.wikimedia.org/pipermail/labs-announce/2016-March/000104.html
> >
> >
> >
> > On Sat, Nov 12, 2016 at 5:38 PM Fæ <[hidden email]> wrote:
> >
> > Good point Vito,
> >
> > I agree that mobile numbers are personal information. However, my
> > understanding of the two-factor process would be that it can set up so
> > that mobile numbers are *guaranteed* to never be logged or archived
> > and only stored in a constrained way for a verification number to be
> > issued. There are various ways of getting two-factor processes to
> > work, so methods that do not rely on mobile numbers may suit
> > volunteers that are worried about sending their mobile phone number to
> > any server in the USA, where there are always questions about secret
> > access and storage for government agencies.
> >
> > We can require that guarantees are given and transparently assured for
> > how any personal information like this is handled by WMF implemented
> > software. It could even be an area that requires legally meaningful
> > assurance, or local processing to avoid, say, Europeans sending any
> > personal data to the USA.  ;-)
> >
> > Fae
> >
> > On 12 November 2016 at 13:53, Vi to <[hidden email]> wrote:
> > > My phone number is something I consider highly sensitive. Linking this
> > kind
> > > of data to my online identity would be an unacceptable risk for me.
> > >
> > > Vito
> > >
> > > 2016-11-12 13:37 GMT+01:00 Amir Ladsgroup <[hidden email]>:
> > >
> > >> As far as I know 2FA is already implemented and mandatory for WMF
> staff
> > >> accounts and wikitech accounts. https://phabricator.wikimedia.
> > org/T107605
> > >>
> > >> I emphasized on having 2fa for CUs, oversights and others with private
> > data
> > >> access: https://phabricator.wikimedia.org/T107605#2570342
> > >> Not sure what's blocking this.
> > >>
> > >> Best
> > >>
> > >> On Sat, Nov 12, 2016 at 3:57 PM Craig Franklin <
> > [hidden email]
> > >
> > >> wrote:
> > >>
> > >> > I know it's been said many times, but two-factor authentication,
> > >> mandatory
> > >> > for accounts with advanced privileges and optionally available for
> > >> everyone
> > >> > else, would seem to be a logical step.  It's not foolproof, but it
> > would
> > >> go
> > >> > a long way to making us less of a soft target.
> > >> >
> > >> > Cheers,
> > >> > Craig
> > >> >
> > >> > On 12 November 2016 at 22:22, Fæ <[hidden email]> wrote:
> > >> >
> > >> > > Do any of the volunteers contributing to this list have ideas for
> > >> > > changes that may make a significant difference to security?
> > >> > >
> > >> > > Yesterday saw Jimmy Wales' Wikipedia account getting hacked, in
> the
> > >> > > process appearing to promote an organisation.[1] It was not the
> only
> > >> > > account compromised. This is being analysed, though as there are
> > >> > > security issues being examined, the analysis has not been made
> > public
> > >> > > so far; plus it's the weekend :-)
> > >> > >
> > >> > > Over the last few years, there have improvements on account set-up
> > and
> > >> > > choice of passwords, along with user suggestions for better
> account
> > >> > > management. Users can also chose to use committed identities[2] to
> > >> > > make account recovery easier, and are encouraged to use more
> secure
> > >> > > passwords. Two-factor authentication,[3] such as using mobile
> phone
> > >> > > text messages, has been suggested a few times by volunteers, and
> > this
> > >> > > might be a good moment to encourage the WMF to have better
> > facilities
> > >> > > built into the projects. We could even make two-factor
> > identification
> > >> > > a requirement for trusted users, such as administrators, important
> > >> > > bots, and "high profile" accounts, where they may have special
> > rights
> > >> > > that could cause a fair amount of disruption if a hacked account
> > were
> > >> > > not identified quickly. Considering that some administrator
> accounts
> > >> > > can lie dormant for many months without the actual user monitoring
> > it,
> > >> > > these could end up being far more disruptive than well-watched
> > >> > > accounts like Jimmy's.
> > >> > >
> > >> > > We may want extra security to remain mostly optional, keeping our
> > >> > > projects simple to access. Education of new volunteers and trusted
> > >> > > users may be critical for making it effective, such as avoiding
> > social
> > >> > > hacking. A clearer understanding of what the community would want
> to
> > >> > > see improved would probably help set development priorities.
> > >> > >
> > >> > > Links
> > >> > > 1.
> https://en.wikipedia.org/wiki/User_talk:Jimbo_Wales#Compromised
> > >> > > 2. https://en.wikipedia.org/wiki/Template:Committed_identity
> > >> > > 3. https://en.wikipedia.org/wiki/Multi-factor_authentication
> > >> > >
> > >> > > Thanks,
> > >> > > Fae
> > >> > > --
> > >> > > [hidden email] https://commons.wikimedia.org/wiki/User:Fae
> > >> > >
> > >> > > _______________________________________________
> > >> > > Wikimedia-l mailing list, guidelines at:
> > https://meta.wikimedia.org/
> > >> > > wiki/Mailing_lists/Guidelines
> > >> > > New messages to: [hidden email]
> > >> > > Unsubscribe: https://lists.wikimedia.org/
> > mailman/listinfo/wikimedia-l
> > ,
> > >> > > <mailto:[hidden email]?subject=
> > unsubscribe>
> > >> > _______________________________________________
> > >> > Wikimedia-l mailing list, guidelines at:
> > >> > https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
> > >> > New messages to: [hidden email]
> > >> > Unsubscribe:
> https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
> > ,
> > >> > <mailto:[hidden email]
> ?subject=unsubscribe>
> > >> _______________________________________________
> > >> Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/
> > >> wiki/Mailing_lists/Guidelines
> > >> New messages to: [hidden email]
> > >> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
> ,
> > >> <mailto:[hidden email]?subject=unsubscribe>
> >
> > --
> > [hidden email] https://commons.wikimedia.org/wiki/User:Fae
> >
> > _______________________________________________
> > Wikimedia-l mailing list, guidelines at:
> > https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
> > New messages to: [hidden email]
> > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> > <mailto:[hidden email]?subject=unsubscribe>
> > _______________________________________________
> > Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/
> > wiki/Mailing_lists/Guidelines
> > New messages to: [hidden email]
> > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> > <mailto:[hidden email]?subject=unsubscribe>
> >
> _______________________________________________
> Wikimedia-l mailing list, guidelines at:
> https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
> New messages to: [hidden email]
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> <mailto:[hidden email]?subject=unsubscribe>
_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
New messages to: [hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] How should security of Wikimedia accounts be better?

Steinsplitter Wiki-2
https://en.wikipedia.org/wiki/Wikipedia:Administrators%27_noticeboard#Two-Factor_Authentication_now_available_for_admins

________________________________
Von: Wikimedia-l <[hidden email]> im Auftrag von Amir Ladsgroup <[hidden email]>
Gesendet: Samstag, 12. November 2016 15:37
An: Wikimedia Mailing List
Betreff: Re: [Wikimedia-l] How should security of Wikimedia accounts be better?

Emphasizing on this part of my message: "'Google Authenticator' *or similar
ones.*"

On Sat, Nov 12, 2016 at 6:04 PM Vi to <[hidden email]> wrote:

> Actually I consider to be sensitive the google account linked to my mobile
> phone :|
>
> also lots of people might have no compatible devices.
>
> Vito
>
> 2016-11-12 15:30 GMT+01:00 Amir Ladsgroup <[hidden email]>:
>
> > There is no need to store phone number at all.
> > You need to install an app called "Google Authenticator" or similar ones.
> > Then you scan a QR code from a special page in Wikipedia. Then every time
> > you want to login, you need to give username, password and a short-lived
> > token the app gives you. See this for more details:
> >
> https://lists.wikimedia.org/pipermail/labs-announce/2016-March/000104.html
> >
> >
> >
> > On Sat, Nov 12, 2016 at 5:38 PM Fæ <[hidden email]> wrote:
> >
> > Good point Vito,
> >
> > I agree that mobile numbers are personal information. However, my
> > understanding of the two-factor process would be that it can set up so
> > that mobile numbers are *guaranteed* to never be logged or archived
> > and only stored in a constrained way for a verification number to be
> > issued. There are various ways of getting two-factor processes to
> > work, so methods that do not rely on mobile numbers may suit
> > volunteers that are worried about sending their mobile phone number to
> > any server in the USA, where there are always questions about secret
> > access and storage for government agencies.
> >
> > We can require that guarantees are given and transparently assured for
> > how any personal information like this is handled by WMF implemented
> > software. It could even be an area that requires legally meaningful
> > assurance, or local processing to avoid, say, Europeans sending any
> > personal data to the USA.  ;-)
> >
> > Fae
> >
> > On 12 November 2016 at 13:53, Vi to <[hidden email]> wrote:
> > > My phone number is something I consider highly sensitive. Linking this
> > kind
> > > of data to my online identity would be an unacceptable risk for me.
> > >
> > > Vito
> > >
> > > 2016-11-12 13:37 GMT+01:00 Amir Ladsgroup <[hidden email]>:
> > >
> > >> As far as I know 2FA is already implemented and mandatory for WMF
> staff
> > >> accounts and wikitech accounts. https://phabricator.wikimedia.
> > org/T107605
> > >>
> > >> I emphasized on having 2fa for CUs, oversights and others with private
> > data
> > >> access: https://phabricator.wikimedia.org/T107605#2570342
> > >> Not sure what's blocking this.
> > >>
> > >> Best
> > >>
> > >> On Sat, Nov 12, 2016 at 3:57 PM Craig Franklin <
> > [hidden email]
> > >
> > >> wrote:
> > >>
> > >> > I know it's been said many times, but two-factor authentication,
> > >> mandatory
> > >> > for accounts with advanced privileges and optionally available for
> > >> everyone
> > >> > else, would seem to be a logical step.  It's not foolproof, but it
> > would
> > >> go
> > >> > a long way to making us less of a soft target.
> > >> >
> > >> > Cheers,
> > >> > Craig
> > >> >
> > >> > On 12 November 2016 at 22:22, Fæ <[hidden email]> wrote:
> > >> >
> > >> > > Do any of the volunteers contributing to this list have ideas for
> > >> > > changes that may make a significant difference to security?
> > >> > >
> > >> > > Yesterday saw Jimmy Wales' Wikipedia account getting hacked, in
> the
> > >> > > process appearing to promote an organisation.[1] It was not the
> only
> > >> > > account compromised. This is being analysed, though as there are
> > >> > > security issues being examined, the analysis has not been made
> > public
> > >> > > so far; plus it's the weekend :-)
> > >> > >
> > >> > > Over the last few years, there have improvements on account set-up
> > and
> > >> > > choice of passwords, along with user suggestions for better
> account
> > >> > > management. Users can also chose to use committed identities[2] to
> > >> > > make account recovery easier, and are encouraged to use more
> secure
> > >> > > passwords. Two-factor authentication,[3] such as using mobile
> phone
> > >> > > text messages, has been suggested a few times by volunteers, and
> > this
> > >> > > might be a good moment to encourage the WMF to have better
> > facilities
> > >> > > built into the projects. We could even make two-factor
> > identification
> > >> > > a requirement for trusted users, such as administrators, important
> > >> > > bots, and "high profile" accounts, where they may have special
> > rights
> > >> > > that could cause a fair amount of disruption if a hacked account
> > were
> > >> > > not identified quickly. Considering that some administrator
> accounts
> > >> > > can lie dormant for many months without the actual user monitoring
> > it,
> > >> > > these could end up being far more disruptive than well-watched
> > >> > > accounts like Jimmy's.
> > >> > >
> > >> > > We may want extra security to remain mostly optional, keeping our
> > >> > > projects simple to access. Education of new volunteers and trusted
> > >> > > users may be critical for making it effective, such as avoiding
> > social
> > >> > > hacking. A clearer understanding of what the community would want
> to
> > >> > > see improved would probably help set development priorities.
> > >> > >
> > >> > > Links
> > >> > > 1.
> https://en.wikipedia.org/wiki/User_talk:Jimbo_Wales#Compromised
> > >> > > 2. https://en.wikipedia.org/wiki/Template:Committed_identity
> > >> > > 3. https://en.wikipedia.org/wiki/Multi-factor_authentication
> > >> > >
> > >> > > Thanks,
> > >> > > Fae
> > >> > > --
> > >> > > [hidden email] https://commons.wikimedia.org/wiki/User:Fae
> > >> > >
> > >> > > _______________________________________________
> > >> > > Wikimedia-l mailing list, guidelines at:
> > https://meta.wikimedia.org/
> > >> > > wiki/Mailing_lists/Guidelines
> > >> > > New messages to: [hidden email]
> > >> > > Unsubscribe: https://lists.wikimedia.org/
> > mailman/listinfo/wikimedia-l
> > ,
> > >> > > <mailto:[hidden email]?subject=
> > unsubscribe>
> > >> > _______________________________________________
> > >> > Wikimedia-l mailing list, guidelines at:
> > >> > https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
> > >> > New messages to: [hidden email]
> > >> > Unsubscribe:
> https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
> > ,
> > >> > <mailto:[hidden email]
> ?subject=unsubscribe>
> > >> _______________________________________________
> > >> Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/
> > >> wiki/Mailing_lists/Guidelines
> > >> New messages to: [hidden email]
> > >> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
> ,
> > >> <mailto:[hidden email]?subject=unsubscribe>
> >
> > --
> > [hidden email] https://commons.wikimedia.org/wiki/User:Fae
> >
> > _______________________________________________
> > Wikimedia-l mailing list, guidelines at:
> > https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
> > New messages to: [hidden email]
> > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> > <mailto:[hidden email]?subject=unsubscribe>
> > _______________________________________________
> > Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/
> > wiki/Mailing_lists/Guidelines
> > New messages to: [hidden email]
> > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> > <mailto:[hidden email]?subject=unsubscribe>
> >
> _______________________________________________
> Wikimedia-l mailing list, guidelines at:
> https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
> New messages to: [hidden email]
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> <mailto:[hidden email]?subject=unsubscribe>
_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
New messages to: [hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
New messages to: [hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] How should security of Wikimedia accounts be better?

Amazon Sec. Team messages-noreply@amazon.com
In reply to this post by Vi to
I believe you can find some 2FA application that isn't affiliated with Google (actually Google Authenticatir app doesn't require Google account to be linked. Tested on iOS and Android.)

Also, some desktop application (ie. 1password*) is 2FA compatible.

* Not Free/Open Source Software.
--
Yongmin H.

Sent from my iPhone
Please note that this address is list-only address and any non-mailing list mails will be treated as spam.
Please use https://encrypt.to/0x947f156f16250de39788c3c35b625da5beff197a.

2016. 11. 12. 23:34 Vi to <[hidden email]> 작성:

> Actually I consider to be sensitive the google account linked to my mobile
> phone :|
>
> also lots of people might have no compatible devices.
>
> Vito
>
> 2016-11-12 15:30 GMT+01:00 Amir Ladsgroup <[hidden email]>:
>
>> There is no need to store phone number at all.
>> You need to install an app called "Google Authenticator" or similar ones.
>> Then you scan a QR code from a special page in Wikipedia. Then every time
>> you want to login, you need to give username, password and a short-lived
>> token the app gives you. See this for more details:
>> https://lists.wikimedia.org/pipermail/labs-announce/2016-March/000104.html
>>
>>
>>
>> On Sat, Nov 12, 2016 at 5:38 PM Fæ <[hidden email]> wrote:
>>
>> Good point Vito,
>>
>> I agree that mobile numbers are personal information. However, my
>> understanding of the two-factor process would be that it can set up so
>> that mobile numbers are *guaranteed* to never be logged or archived
>> and only stored in a constrained way for a verification number to be
>> issued. There are various ways of getting two-factor processes to
>> work, so methods that do not rely on mobile numbers may suit
>> volunteers that are worried about sending their mobile phone number to
>> any server in the USA, where there are always questions about secret
>> access and storage for government agencies.
>>
>> We can require that guarantees are given and transparently assured for
>> how any personal information like this is handled by WMF implemented
>> software. It could even be an area that requires legally meaningful
>> assurance, or local processing to avoid, say, Europeans sending any
>> personal data to the USA.  ;-)
>>
>> Fae
>>
>>> On 12 November 2016 at 13:53, Vi to <[hidden email]> wrote:
>>> My phone number is something I consider highly sensitive. Linking this
>> kind
>>> of data to my online identity would be an unacceptable risk for me.
>>>
>>> Vito
>>>
>>> 2016-11-12 13:37 GMT+01:00 Amir Ladsgroup <[hidden email]>:
>>>
>>>> As far as I know 2FA is already implemented and mandatory for WMF staff
>>>> accounts and wikitech accounts. https://phabricator.wikimedia.
>> org/T107605
>>>>
>>>> I emphasized on having 2fa for CUs, oversights and others with private
>> data
>>>> access: https://phabricator.wikimedia.org/T107605#2570342
>>>> Not sure what's blocking this.
>>>>
>>>> Best
>>>>
>>>> On Sat, Nov 12, 2016 at 3:57 PM Craig Franklin <
>> [hidden email]
>>>
>>>> wrote:
>>>>
>>>>> I know it's been said many times, but two-factor authentication,
>>>> mandatory
>>>>> for accounts with advanced privileges and optionally available for
>>>> everyone
>>>>> else, would seem to be a logical step.  It's not foolproof, but it
>> would
>>>> go
>>>>> a long way to making us less of a soft target.
>>>>>
>>>>> Cheers,
>>>>> Craig
>>>>>
>>>>>> On 12 November 2016 at 22:22, Fæ <[hidden email]> wrote:
>>>>>>
>>>>>> Do any of the volunteers contributing to this list have ideas for
>>>>>> changes that may make a significant difference to security?
>>>>>>
>>>>>> Yesterday saw Jimmy Wales' Wikipedia account getting hacked, in the
>>>>>> process appearing to promote an organisation.[1] It was not the only
>>>>>> account compromised. This is being analysed, though as there are
>>>>>> security issues being examined, the analysis has not been made
>> public
>>>>>> so far; plus it's the weekend :-)
>>>>>>
>>>>>> Over the last few years, there have improvements on account set-up
>> and
>>>>>> choice of passwords, along with user suggestions for better account
>>>>>> management. Users can also chose to use committed identities[2] to
>>>>>> make account recovery easier, and are encouraged to use more secure
>>>>>> passwords. Two-factor authentication,[3] such as using mobile phone
>>>>>> text messages, has been suggested a few times by volunteers, and
>> this
>>>>>> might be a good moment to encourage the WMF to have better
>> facilities
>>>>>> built into the projects. We could even make two-factor
>> identification
>>>>>> a requirement for trusted users, such as administrators, important
>>>>>> bots, and "high profile" accounts, where they may have special
>> rights
>>>>>> that could cause a fair amount of disruption if a hacked account
>> were
>>>>>> not identified quickly. Considering that some administrator accounts
>>>>>> can lie dormant for many months without the actual user monitoring
>> it,
>>>>>> these could end up being far more disruptive than well-watched
>>>>>> accounts like Jimmy's.
>>>>>>
>>>>>> We may want extra security to remain mostly optional, keeping our
>>>>>> projects simple to access. Education of new volunteers and trusted
>>>>>> users may be critical for making it effective, such as avoiding
>> social
>>>>>> hacking. A clearer understanding of what the community would want to
>>>>>> see improved would probably help set development priorities.
>>>>>>
>>>>>> Links
>>>>>> 1. https://en.wikipedia.org/wiki/User_talk:Jimbo_Wales#Compromised
>>>>>> 2. https://en.wikipedia.org/wiki/Template:Committed_identity
>>>>>> 3. https://en.wikipedia.org/wiki/Multi-factor_authentication
>>>>>>
>>>>>> Thanks,
>>>>>> Fae
>>>>>> --
>>>>>> [hidden email] https://commons.wikimedia.org/wiki/User:Fae
>>>>>>
>>>>>> _______________________________________________
>>>>>> Wikimedia-l mailing list, guidelines at:
>> https://meta.wikimedia.org/
>>>>>> wiki/Mailing_lists/Guidelines
>>>>>> New messages to: [hidden email]
>>>>>> Unsubscribe: https://lists.wikimedia.org/
>> mailman/listinfo/wikimedia-l
>> ,
>>>>>> <mailto:[hidden email]?subject=
>> unsubscribe>
>>>>> _______________________________________________
>>>>> Wikimedia-l mailing list, guidelines at:
>>>>> https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
>>>>> New messages to: [hidden email]
>>>>> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
>> ,
>>>>> <mailto:[hidden email]?subject=unsubscribe>
>>>> _______________________________________________
>>>> Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/
>>>> wiki/Mailing_lists/Guidelines
>>>> New messages to: [hidden email]
>>>> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
>>>> <mailto:[hidden email]?subject=unsubscribe>
>>
>> --
>> [hidden email] https://commons.wikimedia.org/wiki/User:Fae
>>
>> _______________________________________________
>> Wikimedia-l mailing list, guidelines at:
>> https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
>> New messages to: [hidden email]
>> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
>> <mailto:[hidden email]?subject=unsubscribe>
>> _______________________________________________
>> Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/
>> wiki/Mailing_lists/Guidelines
>> New messages to: [hidden email]
>> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
>> <mailto:[hidden email]?subject=unsubscribe>
>>
> _______________________________________________
> Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
> New messages to: [hidden email]
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
New messages to: [hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] How should security of Wikimedia accounts be better?

Dariusz Jemielniak-3
In reply to this post by Craig Franklin
+1 to what Craig wrote: two-factor authentication, with a key stored in an
authenticator application (which eliminates the problem of revealing the
phone number), would definitely be a great thing - and we could make it
opt-in, except for higher level functionaries.

best,

dariusz

On Sat, Nov 12, 2016 at 7:27 AM, Craig Franklin <[hidden email]>
wrote:

> I know it's been said many times, but two-factor authentication, mandatory
> for accounts with advanced privileges and optionally available for everyone
> else, would seem to be a logical step.  It's not foolproof, but it would go
> a long way to making us less of a soft target.
>
> Cheers,
> Craig
>
> On 12 November 2016 at 22:22, Fæ <[hidden email]> wrote:
>
> > Do any of the volunteers contributing to this list have ideas for
> > changes that may make a significant difference to security?
> >
> > Yesterday saw Jimmy Wales' Wikipedia account getting hacked, in the
> > process appearing to promote an organisation.[1] It was not the only
> > account compromised. This is being analysed, though as there are
> > security issues being examined, the analysis has not been made public
> > so far; plus it's the weekend :-)
> >
> > Over the last few years, there have improvements on account set-up and
> > choice of passwords, along with user suggestions for better account
> > management. Users can also chose to use committed identities[2] to
> > make account recovery easier, and are encouraged to use more secure
> > passwords. Two-factor authentication,[3] such as using mobile phone
> > text messages, has been suggested a few times by volunteers, and this
> > might be a good moment to encourage the WMF to have better facilities
> > built into the projects. We could even make two-factor identification
> > a requirement for trusted users, such as administrators, important
> > bots, and "high profile" accounts, where they may have special rights
> > that could cause a fair amount of disruption if a hacked account were
> > not identified quickly. Considering that some administrator accounts
> > can lie dormant for many months without the actual user monitoring it,
> > these could end up being far more disruptive than well-watched
> > accounts like Jimmy's.
> >
> > We may want extra security to remain mostly optional, keeping our
> > projects simple to access. Education of new volunteers and trusted
> > users may be critical for making it effective, such as avoiding social
> > hacking. A clearer understanding of what the community would want to
> > see improved would probably help set development priorities.
> >
> > Links
> > 1. https://en.wikipedia.org/wiki/User_talk:Jimbo_Wales#Compromised
> > 2. https://en.wikipedia.org/wiki/Template:Committed_identity
> > 3. https://en.wikipedia.org/wiki/Multi-factor_authentication
> >
> > Thanks,
> > Fae
> > --
> > [hidden email] https://commons.wikimedia.org/wiki/User:Fae
> >
> > _______________________________________________
> > Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/
> > wiki/Mailing_lists/Guidelines
> > New messages to: [hidden email]
> > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> > <mailto:[hidden email]?subject=unsubscribe>
> _______________________________________________
> Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/
> wiki/Mailing_lists/Guidelines
> New messages to: [hidden email]
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> <mailto:[hidden email]?subject=unsubscribe>
>



--

__________________________
prof. dr hab. Dariusz Jemielniak
kierownik katedry Zarządzania Międzynarodowego
i grupy badawczej NeRDS
Akademia Leona Koźmińskiego
http://n <http://www.crow.alk.edu.pl/>wrds.kozminski.edu.pl

członek Akademii Młodych Uczonych Polskiej Akademii Nauk

Wyszła pierwsza na świecie etnografia Wikipedii "Common Knowledge? An
Ethnography of Wikipedia" (2014, Stanford University Press) mojego
autorstwa http://www.sup.org/book.cgi?id=24010

Recenzje
Forbes: http://www.forbes.com/fdc/welcome_mjx.shtml
Pacific Standard:
http://www.psmag.com/navigation/books-and-culture/killed-wikipedia-93777/
Motherboard: http://motherboard.vice.com/read/an-ethnography-of-wikipedia
The Wikipedian:
http://thewikipedian.net/2014/10/10/dariusz-jemielniak-common-knowledge
_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
New messages to: [hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] How should security of Wikimedia accounts be better?

MZMcBride-2
In reply to this post by Fæ
Fæ wrote:
>Do any of the volunteers contributing to this list have ideas for
>changes that may make a significant difference to security?

When you log in, you're given a user session. This session, along with
local Web browser HTTP cookies, allows you to stay logged in and
authenticated as you browse and edit a wiki. We've previously discussed
the ability for a user to see all of his or her account's active sessions,
similar to what other sites (GitHub, Facebook, Google) already allow.

This type of interface lets a user see his or her own active sessions,
originating IP addresses and User-Agent strings, and sometimes the
interface allows destroying all or some sessions (e.g., if you see a
session from the time you logged in to a friend's computer). This type of
interface can also be used, for better or worse, to track typical behavior
of the user, so that if a user often logs in from a specific IP address
range (e.g., their home computer in the UK), a user session that comes
from a vastly different IP address range (e.g., a mobile device in
Australia) can be flagged and reported to the user. Or, in the case of
two-factor authentication, a "suspicious" login attempt can be required to
go through additional verification. These types of systems are common for
Gmail accounts and some credit card accounts.

Regarding a user seeing a list of his or her own active sessions and
corresponding information, there was, and there likely still is,
considerable opposition to this idea. It's akin to a "self-CheckUser"
feature (which I think we should separately support) and there were
concerns that we would help vandals, sockpuppets, and other bad users.

Some links:

* https://www.mediawiki.org/wiki/?curid=117743
* https://www.mediawiki.org/wiki/?curid=156161
* https://phabricator.wikimedia.org/T387
* https://phabricator.wikimedia.org/T29242

MZMcBride



_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
New messages to: [hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] How should security of Wikimedia accounts be better?

Fæ
Task https://phabricator.wikimedia.org/T150605

I have raised the above task for the WMF to publish an appropriate
summary of the behind the scenes analysis of the recent hack of
accounts and the claimed copying of the English Wikipedia database
(presumably user account tables). The request summary is pasted below
for those that don't want to read the detail, though I recommend that
technically minded volunteers subscribe to it on Phabricator --

"This is a request for a report of the analysis of the OurMine hack to
be published. It is understood that a non-public investigation is
necessary, but it also makes sense to be transparent about events and
as quickly as possible. This will provide an 'official' public
assurance of the steps being taken by the WMF to make the systems more
secure. Volunteers have rapidly responded by promoting two-factor
authentication, as well as working collegiately on guidance for
volunteers. A report of the behind the scenes analysis would aid these
efforts and ensure that if wider changes of passwords or the roll-out
of 2FA to non-sysop accounts makes sense, that these can be discussed
within the community in a positive way. It is likely that volunteer
discussions will continue and this will be reported in the Signpost
next week, so timing a report in the next few days would be helpful in
ensuring factual reporting."

Thanks,
Fae

On 12 November 2016 at 23:34, MZMcBride <[hidden email]> wrote:

> Fæ wrote:
>>Do any of the volunteers contributing to this list have ideas for
>>changes that may make a significant difference to security?
>
> When you log in, you're given a user session. This session, along with
> local Web browser HTTP cookies, allows you to stay logged in and
> authenticated as you browse and edit a wiki. We've previously discussed
> the ability for a user to see all of his or her account's active sessions,
> similar to what other sites (GitHub, Facebook, Google) already allow.
>
> This type of interface lets a user see his or her own active sessions,
> originating IP addresses and User-Agent strings, and sometimes the
> interface allows destroying all or some sessions (e.g., if you see a
> session from the time you logged in to a friend's computer). This type of
> interface can also be used, for better or worse, to track typical behavior
> of the user, so that if a user often logs in from a specific IP address
> range (e.g., their home computer in the UK), a user session that comes
> from a vastly different IP address range (e.g., a mobile device in
> Australia) can be flagged and reported to the user. Or, in the case of
> two-factor authentication, a "suspicious" login attempt can be required to
> go through additional verification. These types of systems are common for
> Gmail accounts and some credit card accounts.
>
> Regarding a user seeing a list of his or her own active sessions and
> corresponding information, there was, and there likely still is,
> considerable opposition to this idea. It's akin to a "self-CheckUser"
> feature (which I think we should separately support) and there were
> concerns that we would help vandals, sockpuppets, and other bad users.
>
> Some links:
>
> * https://www.mediawiki.org/wiki/?curid=117743
> * https://www.mediawiki.org/wiki/?curid=156161
> * https://phabricator.wikimedia.org/T387
> * https://phabricator.wikimedia.org/T29242
>
> MZMcBride
--
[hidden email] https://commons.wikimedia.org/wiki/User:Fae

_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
New messages to: [hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] How should security of Wikimedia accounts be better?

Craig Franklin
In reply to this post by Steinsplitter Wiki-2
This is really excellent.  Thankyou!

Cheers,
Craig

On 13 November 2016 at 01:46, Steinsplitter Wiki <[hidden email]
> wrote:

> https://en.wikipedia.org/wiki/Wikipedia:Administrators%27_
> noticeboard#Two-Factor_Authentication_now_available_for_admins
>
> ________________________________
> Von: Wikimedia-l <[hidden email]> im Auftrag von
> Amir Ladsgroup <[hidden email]>
> Gesendet: Samstag, 12. November 2016 15:37
> An: Wikimedia Mailing List
> Betreff: Re: [Wikimedia-l] How should security of Wikimedia accounts be
> better?
>
> Emphasizing on this part of my message: "'Google Authenticator' *or similar
> ones.*"
>
> On Sat, Nov 12, 2016 at 6:04 PM Vi to <[hidden email]> wrote:
>
> > Actually I consider to be sensitive the google account linked to my
> mobile
> > phone :|
> >
> > also lots of people might have no compatible devices.
> >
> > Vito
> >
> > 2016-11-12 15:30 GMT+01:00 Amir Ladsgroup <[hidden email]>:
> >
> > > There is no need to store phone number at all.
> > > You need to install an app called "Google Authenticator" or similar
> ones.
> > > Then you scan a QR code from a special page in Wikipedia. Then every
> time
> > > you want to login, you need to give username, password and a
> short-lived
> > > token the app gives you. See this for more details:
> > >
> > https://lists.wikimedia.org/pipermail/labs-announce/2016-
> March/000104.html
> > >
> > >
> > >
> > > On Sat, Nov 12, 2016 at 5:38 PM Fæ <[hidden email]> wrote:
> > >
> > > Good point Vito,
> > >
> > > I agree that mobile numbers are personal information. However, my
> > > understanding of the two-factor process would be that it can set up so
> > > that mobile numbers are *guaranteed* to never be logged or archived
> > > and only stored in a constrained way for a verification number to be
> > > issued. There are various ways of getting two-factor processes to
> > > work, so methods that do not rely on mobile numbers may suit
> > > volunteers that are worried about sending their mobile phone number to
> > > any server in the USA, where there are always questions about secret
> > > access and storage for government agencies.
> > >
> > > We can require that guarantees are given and transparently assured for
> > > how any personal information like this is handled by WMF implemented
> > > software. It could even be an area that requires legally meaningful
> > > assurance, or local processing to avoid, say, Europeans sending any
> > > personal data to the USA.  ;-)
> > >
> > > Fae
> > >
> > > On 12 November 2016 at 13:53, Vi to <[hidden email]> wrote:
> > > > My phone number is something I consider highly sensitive. Linking
> this
> > > kind
> > > > of data to my online identity would be an unacceptable risk for me.
> > > >
> > > > Vito
> > > >
> > > > 2016-11-12 13:37 GMT+01:00 Amir Ladsgroup <[hidden email]>:
> > > >
> > > >> As far as I know 2FA is already implemented and mandatory for WMF
> > staff
> > > >> accounts and wikitech accounts. https://phabricator.wikimedia.
> > > org/T107605
> > > >>
> > > >> I emphasized on having 2fa for CUs, oversights and others with
> private
> > > data
> > > >> access: https://phabricator.wikimedia.org/T107605#2570342
> > > >> Not sure what's blocking this.
> > > >>
> > > >> Best
> > > >>
> > > >> On Sat, Nov 12, 2016 at 3:57 PM Craig Franklin <
> > > [hidden email]
> > > >
> > > >> wrote:
> > > >>
> > > >> > I know it's been said many times, but two-factor authentication,
> > > >> mandatory
> > > >> > for accounts with advanced privileges and optionally available for
> > > >> everyone
> > > >> > else, would seem to be a logical step.  It's not foolproof, but it
> > > would
> > > >> go
> > > >> > a long way to making us less of a soft target.
> > > >> >
> > > >> > Cheers,
> > > >> > Craig
> > > >> >
> > > >> > On 12 November 2016 at 22:22, Fæ <[hidden email]> wrote:
> > > >> >
> > > >> > > Do any of the volunteers contributing to this list have ideas
> for
> > > >> > > changes that may make a significant difference to security?
> > > >> > >
> > > >> > > Yesterday saw Jimmy Wales' Wikipedia account getting hacked, in
> > the
> > > >> > > process appearing to promote an organisation.[1] It was not the
> > only
> > > >> > > account compromised. This is being analysed, though as there are
> > > >> > > security issues being examined, the analysis has not been made
> > > public
> > > >> > > so far; plus it's the weekend :-)
> > > >> > >
> > > >> > > Over the last few years, there have improvements on account
> set-up
> > > and
> > > >> > > choice of passwords, along with user suggestions for better
> > account
> > > >> > > management. Users can also chose to use committed identities[2]
> to
> > > >> > > make account recovery easier, and are encouraged to use more
> > secure
> > > >> > > passwords. Two-factor authentication,[3] such as using mobile
> > phone
> > > >> > > text messages, has been suggested a few times by volunteers, and
> > > this
> > > >> > > might be a good moment to encourage the WMF to have better
> > > facilities
> > > >> > > built into the projects. We could even make two-factor
> > > identification
> > > >> > > a requirement for trusted users, such as administrators,
> important
> > > >> > > bots, and "high profile" accounts, where they may have special
> > > rights
> > > >> > > that could cause a fair amount of disruption if a hacked account
> > > were
> > > >> > > not identified quickly. Considering that some administrator
> > accounts
> > > >> > > can lie dormant for many months without the actual user
> monitoring
> > > it,
> > > >> > > these could end up being far more disruptive than well-watched
> > > >> > > accounts like Jimmy's.
> > > >> > >
> > > >> > > We may want extra security to remain mostly optional, keeping
> our
> > > >> > > projects simple to access. Education of new volunteers and
> trusted
> > > >> > > users may be critical for making it effective, such as avoiding
> > > social
> > > >> > > hacking. A clearer understanding of what the community would
> want
> > to
> > > >> > > see improved would probably help set development priorities.
> > > >> > >
> > > >> > > Links
> > > >> > > 1.
> > https://en.wikipedia.org/wiki/User_talk:Jimbo_Wales#Compromised
> > > >> > > 2. https://en.wikipedia.org/wiki/Template:Committed_identity
> > > >> > > 3. https://en.wikipedia.org/wiki/Multi-factor_authentication
> > > >> > >
> > > >> > > Thanks,
> > > >> > > Fae
> > > >> > > --
> > > >> > > [hidden email] https://commons.wikimedia.org/wiki/User:Fae
> > > >> > >
> > > >> > > _______________________________________________
> > > >> > > Wikimedia-l mailing list, guidelines at:
> > > https://meta.wikimedia.org/
> > > >> > > wiki/Mailing_lists/Guidelines
> > > >> > > New messages to: [hidden email]
> > > >> > > Unsubscribe: https://lists.wikimedia.org/
> > > mailman/listinfo/wikimedia-l
> > > ,
> > > >> > > <mailto:[hidden email]?subject=
> > > unsubscribe>
> > > >> > _______________________________________________
> > > >> > Wikimedia-l mailing list, guidelines at:
> > > >> > https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
> > > >> > New messages to: [hidden email]
> > > >> > Unsubscribe:
> > https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
> > > ,
> > > >> > <mailto:[hidden email]
> > ?subject=unsubscribe>
> > > >> _______________________________________________
> > > >> Wikimedia-l mailing list, guidelines at:
> https://meta.wikimedia.org/
> > > >> wiki/Mailing_lists/Guidelines
> > > >> New messages to: [hidden email]
> > > >> Unsubscribe: https://lists.wikimedia.org/
> mailman/listinfo/wikimedia-l
> > ,
> > > >> <mailto:[hidden email]?subject=
> unsubscribe>
> > >
> > > --
> > > [hidden email] https://commons.wikimedia.org/wiki/User:Fae
> > >
> > > _______________________________________________
> > > Wikimedia-l mailing list, guidelines at:
> > > https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
> > > New messages to: [hidden email]
> > > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> > > <mailto:[hidden email]?subject=unsubscribe>
> > > _______________________________________________
> > > Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/
> > > wiki/Mailing_lists/Guidelines
> > > New messages to: [hidden email]
> > > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> > > <mailto:[hidden email]?subject=unsubscribe>
> > >
> > _______________________________________________
> > Wikimedia-l mailing list, guidelines at:
> > https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
> > New messages to: [hidden email]
> > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> > <mailto:[hidden email]?subject=unsubscribe>
> _______________________________________________
> Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/
> wiki/Mailing_lists/Guidelines
> New messages to: [hidden email]
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> <mailto:[hidden email]?subject=unsubscribe>
> _______________________________________________
> Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/
> wiki/Mailing_lists/Guidelines
> New messages to: [hidden email]
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> <mailto:[hidden email]?subject=unsubscribe>
>
_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
New messages to: [hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] How should security of Wikimedia accounts be better?

Gnangarra
I see this as not solving problems but creating barriers to participation

   - one is the complexity of the process
   https://meta.wikimedia.org/wiki/Help:Two-factor_authentication the more
   complicated the systems the more opportunity for failures, more points of
   access where data can be compromised, and the flip side the easier it is
   for people to be locked out,
   - its using 3rd party, no matter how good the system of the third party
   why should I be using anything other than the WMF system to login, my
   connection is with the WMF. Who is responsible if the connection is
   compromised or my data misused by the third party regardless of which third
   party used they need to know your user details to complete the loop in the
   authentication .
   - an authentication app is just inviting people to attempt to compromise
   the account as you have already given them part of the process should you
   lose your device

What I see could be a technical benefit has a dark side that is enabling
additional parties to monitor our activities even compromise them.  I think
that "security" card is being played poorly here as anonymity in editing is
something we have always respected the 3rd party participation in
authentication appears to be stripping that away.  Google and like minded
commercial companies only provide these free tools to gather data for their
own internal uses to enable them to better target the advertising that they
sell.

On 14 November 2016 at 08:10, Craig Franklin <[hidden email]>
wrote:

> This is really excellent.  Thankyou!
>
> Cheers,
> Craig
>
> On 13 November 2016 at 01:46, Steinsplitter Wiki <
> [hidden email]
> > wrote:
>
> > https://en.wikipedia.org/wiki/Wikipedia:Administrators%27_
> > noticeboard#Two-Factor_Authentication_now_available_for_admins
> >
> > ________________________________
> > Von: Wikimedia-l <[hidden email]> im Auftrag
> von
> > Amir Ladsgroup <[hidden email]>
> > Gesendet: Samstag, 12. November 2016 15:37
> > An: Wikimedia Mailing List
> > Betreff: Re: [Wikimedia-l] How should security of Wikimedia accounts be
> > better?
> >
> > Emphasizing on this part of my message: "'Google Authenticator' *or
> similar
> > ones.*"
> >
> > On Sat, Nov 12, 2016 at 6:04 PM Vi to <[hidden email]> wrote:
> >
> > > Actually I consider to be sensitive the google account linked to my
> > mobile
> > > phone :|
> > >
> > > also lots of people might have no compatible devices.
> > >
> > > Vito
> > >
> > > 2016-11-12 15:30 GMT+01:00 Amir Ladsgroup <[hidden email]>:
> > >
> > > > There is no need to store phone number at all.
> > > > You need to install an app called "Google Authenticator" or similar
> > ones.
> > > > Then you scan a QR code from a special page in Wikipedia. Then every
> > time
> > > > you want to login, you need to give username, password and a
> > short-lived
> > > > token the app gives you. See this for more details:
> > > >
> > > https://lists.wikimedia.org/pipermail/labs-announce/2016-
> > March/000104.html
> > > >
> > > >
> > > >
> > > > On Sat, Nov 12, 2016 at 5:38 PM Fæ <[hidden email]> wrote:
> > > >
> > > > Good point Vito,
> > > >
> > > > I agree that mobile numbers are personal information. However, my
> > > > understanding of the two-factor process would be that it can set up
> so
> > > > that mobile numbers are *guaranteed* to never be logged or archived
> > > > and only stored in a constrained way for a verification number to be
> > > > issued. There are various ways of getting two-factor processes to
> > > > work, so methods that do not rely on mobile numbers may suit
> > > > volunteers that are worried about sending their mobile phone number
> to
> > > > any server in the USA, where there are always questions about secret
> > > > access and storage for government agencies.
> > > >
> > > > We can require that guarantees are given and transparently assured
> for
> > > > how any personal information like this is handled by WMF implemented
> > > > software. It could even be an area that requires legally meaningful
> > > > assurance, or local processing to avoid, say, Europeans sending any
> > > > personal data to the USA.  ;-)
> > > >
> > > > Fae
> > > >
> > > > On 12 November 2016 at 13:53, Vi to <[hidden email]> wrote:
> > > > > My phone number is something I consider highly sensitive. Linking
> > this
> > > > kind
> > > > > of data to my online identity would be an unacceptable risk for me.
> > > > >
> > > > > Vito
> > > > >
> > > > > 2016-11-12 13:37 GMT+01:00 Amir Ladsgroup <[hidden email]>:
> > > > >
> > > > >> As far as I know 2FA is already implemented and mandatory for WMF
> > > staff
> > > > >> accounts and wikitech accounts. https://phabricator.wikimedia.
> > > > org/T107605
> > > > >>
> > > > >> I emphasized on having 2fa for CUs, oversights and others with
> > private
> > > > data
> > > > >> access: https://phabricator.wikimedia.org/T107605#2570342
> > > > >> Not sure what's blocking this.
> > > > >>
> > > > >> Best
> > > > >>
> > > > >> On Sat, Nov 12, 2016 at 3:57 PM Craig Franklin <
> > > > [hidden email]
> > > > >
> > > > >> wrote:
> > > > >>
> > > > >> > I know it's been said many times, but two-factor authentication,
> > > > >> mandatory
> > > > >> > for accounts with advanced privileges and optionally available
> for
> > > > >> everyone
> > > > >> > else, would seem to be a logical step.  It's not foolproof, but
> it
> > > > would
> > > > >> go
> > > > >> > a long way to making us less of a soft target.
> > > > >> >
> > > > >> > Cheers,
> > > > >> > Craig
> > > > >> >
> > > > >> > On 12 November 2016 at 22:22, Fæ <[hidden email]> wrote:
> > > > >> >
> > > > >> > > Do any of the volunteers contributing to this list have ideas
> > for
> > > > >> > > changes that may make a significant difference to security?
> > > > >> > >
> > > > >> > > Yesterday saw Jimmy Wales' Wikipedia account getting hacked,
> in
> > > the
> > > > >> > > process appearing to promote an organisation.[1] It was not
> the
> > > only
> > > > >> > > account compromised. This is being analysed, though as there
> are
> > > > >> > > security issues being examined, the analysis has not been made
> > > > public
> > > > >> > > so far; plus it's the weekend :-)
> > > > >> > >
> > > > >> > > Over the last few years, there have improvements on account
> > set-up
> > > > and
> > > > >> > > choice of passwords, along with user suggestions for better
> > > account
> > > > >> > > management. Users can also chose to use committed
> identities[2]
> > to
> > > > >> > > make account recovery easier, and are encouraged to use more
> > > secure
> > > > >> > > passwords. Two-factor authentication,[3] such as using mobile
> > > phone
> > > > >> > > text messages, has been suggested a few times by volunteers,
> and
> > > > this
> > > > >> > > might be a good moment to encourage the WMF to have better
> > > > facilities
> > > > >> > > built into the projects. We could even make two-factor
> > > > identification
> > > > >> > > a requirement for trusted users, such as administrators,
> > important
> > > > >> > > bots, and "high profile" accounts, where they may have special
> > > > rights
> > > > >> > > that could cause a fair amount of disruption if a hacked
> account
> > > > were
> > > > >> > > not identified quickly. Considering that some administrator
> > > accounts
> > > > >> > > can lie dormant for many months without the actual user
> > monitoring
> > > > it,
> > > > >> > > these could end up being far more disruptive than well-watched
> > > > >> > > accounts like Jimmy's.
> > > > >> > >
> > > > >> > > We may want extra security to remain mostly optional, keeping
> > our
> > > > >> > > projects simple to access. Education of new volunteers and
> > trusted
> > > > >> > > users may be critical for making it effective, such as
> avoiding
> > > > social
> > > > >> > > hacking. A clearer understanding of what the community would
> > want
> > > to
> > > > >> > > see improved would probably help set development priorities.
> > > > >> > >
> > > > >> > > Links
> > > > >> > > 1.
> > > https://en.wikipedia.org/wiki/User_talk:Jimbo_Wales#Compromised
> > > > >> > > 2. https://en.wikipedia.org/wiki/Template:Committed_identity
> > > > >> > > 3. https://en.wikipedia.org/wiki/Multi-factor_authentication
> > > > >> > >
> > > > >> > > Thanks,
> > > > >> > > Fae
> > > > >> > > --
> > > > >> > > [hidden email] https://commons.wikimedia.org/wiki/User:Fae
> > > > >> > >
> > > > >> > > _______________________________________________
> > > > >> > > Wikimedia-l mailing list, guidelines at:
> > > > https://meta.wikimedia.org/
> > > > >> > > wiki/Mailing_lists/Guidelines
> > > > >> > > New messages to: [hidden email]
> > > > >> > > Unsubscribe: https://lists.wikimedia.org/
> > > > mailman/listinfo/wikimedia-l
> > > > ,
> > > > >> > > <mailto:[hidden email]?subject=
> > > > unsubscribe>
> > > > >> > _______________________________________________
> > > > >> > Wikimedia-l mailing list, guidelines at:
> > > > >> > https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
> > > > >> > New messages to: [hidden email]
> > > > >> > Unsubscribe:
> > > https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
> > > > ,
> > > > >> > <mailto:[hidden email]
> > > ?subject=unsubscribe>
> > > > >> _______________________________________________
> > > > >> Wikimedia-l mailing list, guidelines at:
> > https://meta.wikimedia.org/
> > > > >> wiki/Mailing_lists/Guidelines
> > > > >> New messages to: [hidden email]
> > > > >> Unsubscribe: https://lists.wikimedia.org/
> > mailman/listinfo/wikimedia-l
> > > ,
> > > > >> <mailto:[hidden email]?subject=
> > unsubscribe>
> > > >
> > > > --
> > > > [hidden email] https://commons.wikimedia.org/wiki/User:Fae
> > > >
> > > > _______________________________________________
> > > > Wikimedia-l mailing list, guidelines at:
> > > > https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
> > > > New messages to: [hidden email]
> > > > Unsubscribe: https://lists.wikimedia.org/
> mailman/listinfo/wikimedia-l,
> > > > <mailto:[hidden email]?subject=unsubscribe>
> > > > _______________________________________________
> > > > Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/
> > > > wiki/Mailing_lists/Guidelines
> > > > New messages to: [hidden email]
> > > > Unsubscribe: https://lists.wikimedia.org/
> mailman/listinfo/wikimedia-l,
> > > > <mailto:[hidden email]?subject=unsubscribe>
> > > >
> > > _______________________________________________
> > > Wikimedia-l mailing list, guidelines at:
> > > https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
> > > New messages to: [hidden email]
> > > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> > > <mailto:[hidden email]?subject=unsubscribe>
> > _______________________________________________
> > Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/
> > wiki/Mailing_lists/Guidelines
> > New messages to: [hidden email]
> > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> > <mailto:[hidden email]?subject=unsubscribe>
> > _______________________________________________
> > Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/
> > wiki/Mailing_lists/Guidelines
> > New messages to: [hidden email]
> > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> > <mailto:[hidden email]?subject=unsubscribe>
> >
> _______________________________________________
> Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/
> wiki/Mailing_lists/Guidelines
> New messages to: [hidden email]
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> <mailto:[hidden email]?subject=unsubscribe>
>



--
GN.
President Wikimedia Australia
WMAU: http://www.wikimedia.org.au/wiki/User:Gnangarra
Photo Gallery: http://gnangarra.redbubble.com
_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
New messages to: [hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] How should security of Wikimedia accounts be better?

Fæ
Task: https://phabricator.wikimedia.org/T150646 - A Wikimedia hosted
two-factor authentication app

I agree there are issues, and the help files would need a lot more
work before a wider roll-out. The current advice[1] is too open ended
and many users randomly searching for two-factor authentication apps
(or browser plug-ins) will end up using Google's, or a supplier with
no track record, or even some other app with commercial adverts.

Open source solutions are around, like Authy[2] (which is what I'm
using). There is nothing to stop the WMF from hosting a build using
current open source code, and even making it available on Google Play,
with the options of customizing it in useful ways later on. For these
reasons I've kicked of the task above for the WMF to consider hosting
an app.

Links:
1. https://meta.wikimedia.org/wiki/Help:Two-factor_authentication
2. https://github.com/authy

On 14 November 2016 at 08:05, Gnangarra <[hidden email]> wrote:

> I see this as not solving problems but creating barriers to participation
>
>    - one is the complexity of the process
>    https://meta.wikimedia.org/wiki/Help:Two-factor_authentication the more
>    complicated the systems the more opportunity for failures, more points of
>    access where data can be compromised, and the flip side the easier it is
>    for people to be locked out,
>    - its using 3rd party, no matter how good the system of the third party
>    why should I be using anything other than the WMF system to login, my
>    connection is with the WMF. Who is responsible if the connection is
>    compromised or my data misused by the third party regardless of which third
>    party used they need to know your user details to complete the loop in the
>    authentication .
>    - an authentication app is just inviting people to attempt to compromise
>    the account as you have already given them part of the process should you
>    lose your device
>
> What I see could be a technical benefit has a dark side that is enabling
> additional parties to monitor our activities even compromise them.  I think
> that "security" card is being played poorly here as anonymity in editing is
> something we have always respected the 3rd party participation in
> authentication appears to be stripping that away.  Google and like minded
> commercial companies only provide these free tools to gather data for their
> own internal uses to enable them to better target the advertising that they
> sell.
>
> On 14 November 2016 at 08:10, Craig Franklin <[hidden email]>
> wrote:
>
>> This is really excellent.  Thankyou!
>>
>> Cheers,
>> Craig
>>
>> On 13 November 2016 at 01:46, Steinsplitter Wiki <
>> [hidden email]
>> > wrote:
>>
>> > https://en.wikipedia.org/wiki/Wikipedia:Administrators%27_
>> > noticeboard#Two-Factor_Authentication_now_available_for_admins
>> >
>> > ________________________________
>> > Von: Wikimedia-l <[hidden email]> im Auftrag
>> von
>> > Amir Ladsgroup <[hidden email]>
>> > Gesendet: Samstag, 12. November 2016 15:37
>> > An: Wikimedia Mailing List
>> > Betreff: Re: [Wikimedia-l] How should security of Wikimedia accounts be
>> > better?
>> >
>> > Emphasizing on this part of my message: "'Google Authenticator' *or
>> similar
>> > ones.*"
>> >
>> > On Sat, Nov 12, 2016 at 6:04 PM Vi to <[hidden email]> wrote:
>> >
>> > > Actually I consider to be sensitive the google account linked to my
>> > mobile
>> > > phone :|
>> > >
>> > > also lots of people might have no compatible devices.
>> > >
>> > > Vito
>> > >
>> > > 2016-11-12 15:30 GMT+01:00 Amir Ladsgroup <[hidden email]>:
>> > >
>> > > > There is no need to store phone number at all.
>> > > > You need to install an app called "Google Authenticator" or similar
>> > ones.
>> > > > Then you scan a QR code from a special page in Wikipedia. Then every
>> > time
>> > > > you want to login, you need to give username, password and a
>> > short-lived
>> > > > token the app gives you. See this for more details:
>> > > >
>> > > https://lists.wikimedia.org/pipermail/labs-announce/2016-
>> > March/000104.html
>> > > >
>> > > >
>> > > >
>> > > > On Sat, Nov 12, 2016 at 5:38 PM Fæ <[hidden email]> wrote:
>> > > >
>> > > > Good point Vito,
>> > > >
>> > > > I agree that mobile numbers are personal information. However, my
>> > > > understanding of the two-factor process would be that it can set up
>> so
>> > > > that mobile numbers are *guaranteed* to never be logged or archived
>> > > > and only stored in a constrained way for a verification number to be
>> > > > issued. There are various ways of getting two-factor processes to
>> > > > work, so methods that do not rely on mobile numbers may suit
>> > > > volunteers that are worried about sending their mobile phone number
>> to
>> > > > any server in the USA, where there are always questions about secret
>> > > > access and storage for government agencies.
>> > > >
>> > > > We can require that guarantees are given and transparently assured
>> for
>> > > > how any personal information like this is handled by WMF implemented
>> > > > software. It could even be an area that requires legally meaningful
>> > > > assurance, or local processing to avoid, say, Europeans sending any
>> > > > personal data to the USA.  ;-)
>> > > >
>> > > > Fae
>> > > >
>> > > > On 12 November 2016 at 13:53, Vi to <[hidden email]> wrote:
>> > > > > My phone number is something I consider highly sensitive. Linking
>> > this
>> > > > kind
>> > > > > of data to my online identity would be an unacceptable risk for me.
>> > > > >
>> > > > > Vito
>> > > > >
>> > > > > 2016-11-12 13:37 GMT+01:00 Amir Ladsgroup <[hidden email]>:
>> > > > >
>> > > > >> As far as I know 2FA is already implemented and mandatory for WMF
>> > > staff
>> > > > >> accounts and wikitech accounts. https://phabricator.wikimedia.
>> > > > org/T107605
>> > > > >>
>> > > > >> I emphasized on having 2fa for CUs, oversights and others with
>> > private
>> > > > data
>> > > > >> access: https://phabricator.wikimedia.org/T107605#2570342
>> > > > >> Not sure what's blocking this.
>> > > > >>
>> > > > >> Best
>> > > > >>
>> > > > >> On Sat, Nov 12, 2016 at 3:57 PM Craig Franklin <
>> > > > [hidden email]
>> > > > >
>> > > > >> wrote:
>> > > > >>
>> > > > >> > I know it's been said many times, but two-factor authentication,
>> > > > >> mandatory
>> > > > >> > for accounts with advanced privileges and optionally available
>> for
>> > > > >> everyone
>> > > > >> > else, would seem to be a logical step.  It's not foolproof, but
>> it
>> > > > would
>> > > > >> go
>> > > > >> > a long way to making us less of a soft target.
>> > > > >> >
>> > > > >> > Cheers,
>> > > > >> > Craig
>> > > > >> >
>> > > > >> > On 12 November 2016 at 22:22, Fæ <[hidden email]> wrote:
>> > > > >> >
>> > > > >> > > Do any of the volunteers contributing to this list have ideas
>> > for
>> > > > >> > > changes that may make a significant difference to security?
>> > > > >> > >
>> > > > >> > > Yesterday saw Jimmy Wales' Wikipedia account getting hacked,
>> in
>> > > the
>> > > > >> > > process appearing to promote an organisation.[1] It was not
>> the
>> > > only
>> > > > >> > > account compromised. This is being analysed, though as there
>> are
>> > > > >> > > security issues being examined, the analysis has not been made
>> > > > public
>> > > > >> > > so far; plus it's the weekend :-)
>> > > > >> > >
>> > > > >> > > Over the last few years, there have improvements on account
>> > set-up
>> > > > and
>> > > > >> > > choice of passwords, along with user suggestions for better
>> > > account
>> > > > >> > > management. Users can also chose to use committed
>> identities[2]
>> > to
>> > > > >> > > make account recovery easier, and are encouraged to use more
>> > > secure
>> > > > >> > > passwords. Two-factor authentication,[3] such as using mobile
>> > > phone
>> > > > >> > > text messages, has been suggested a few times by volunteers,
>> and
>> > > > this
>> > > > >> > > might be a good moment to encourage the WMF to have better
>> > > > facilities
>> > > > >> > > built into the projects. We could even make two-factor
>> > > > identification
>> > > > >> > > a requirement for trusted users, such as administrators,
>> > important
>> > > > >> > > bots, and "high profile" accounts, where they may have special
>> > > > rights
>> > > > >> > > that could cause a fair amount of disruption if a hacked
>> account
>> > > > were
>> > > > >> > > not identified quickly. Considering that some administrator
>> > > accounts
>> > > > >> > > can lie dormant for many months without the actual user
>> > monitoring
>> > > > it,
>> > > > >> > > these could end up being far more disruptive than well-watched
>> > > > >> > > accounts like Jimmy's.
>> > > > >> > >
>> > > > >> > > We may want extra security to remain mostly optional, keeping
>> > our
>> > > > >> > > projects simple to access. Education of new volunteers and
>> > trusted
>> > > > >> > > users may be critical for making it effective, such as
>> avoiding
>> > > > social
>> > > > >> > > hacking. A clearer understanding of what the community would
>> > want
>> > > to
>> > > > >> > > see improved would probably help set development priorities.
>> > > > >> > >
>> > > > >> > > Links
>> > > > >> > > 1.
>> > > https://en.wikipedia.org/wiki/User_talk:Jimbo_Wales#Compromised
>> > > > >> > > 2. https://en.wikipedia.org/wiki/Template:Committed_identity
>> > > > >> > > 3. https://en.wikipedia.org/wiki/Multi-factor_authentication
>> > > > >> > >
>> > > > >> > > Thanks,
>> > > > >> > > Fae
>> > > > >> > > --
>> > > > >> > > [hidden email] https://commons.wikimedia.org/wiki/User:Fae
>> > > > >> > >
>> > > > >> > > _______________________________________________
>> > > > >> > > Wikimedia-l mailing list, guidelines at:
>> > > > https://meta.wikimedia.org/
>> > > > >> > > wiki/Mailing_lists/Guidelines
>> > > > >> > > New messages to: [hidden email]
>> > > > >> > > Unsubscribe: https://lists.wikimedia.org/
>> > > > mailman/listinfo/wikimedia-l
>> > > > ,
>> > > > >> > > <mailto:[hidden email]?subject=
>> > > > unsubscribe>
>> > > > >> > _______________________________________________
>> > > > >> > Wikimedia-l mailing list, guidelines at:
>> > > > >> > https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
>> > > > >> > New messages to: [hidden email]
>> > > > >> > Unsubscribe:
>> > > https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
>> > > > ,
>> > > > >> > <mailto:[hidden email]
>> > > ?subject=unsubscribe>
>> > > > >> _______________________________________________
>> > > > >> Wikimedia-l mailing list, guidelines at:
>> > https://meta.wikimedia.org/
>> > > > >> wiki/Mailing_lists/Guidelines
>> > > > >> New messages to: [hidden email]
>> > > > >> Unsubscribe: https://lists.wikimedia.org/
>> > mailman/listinfo/wikimedia-l
>> > > ,
>> > > > >> <mailto:[hidden email]?subject=
>> > unsubscribe>
>> > > >
>> > > > --
>> > > > [hidden email] https://commons.wikimedia.org/wiki/User:Fae
>> > > >
>> > > > _______________________________________________
>> > > > Wikimedia-l mailing list, guidelines at:
>> > > > https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
>> > > > New messages to: [hidden email]
>> > > > Unsubscribe: https://lists.wikimedia.org/
>> mailman/listinfo/wikimedia-l,
>> > > > <mailto:[hidden email]?subject=unsubscribe>
>> > > > _______________________________________________
>> > > > Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/
>> > > > wiki/Mailing_lists/Guidelines
>> > > > New messages to: [hidden email]
>> > > > Unsubscribe: https://lists.wikimedia.org/
>> mailman/listinfo/wikimedia-l,
>> > > > <mailto:[hidden email]?subject=unsubscribe>
>> > > >
>> > > _______________________________________________
>> > > Wikimedia-l mailing list, guidelines at:
>> > > https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
>> > > New messages to: [hidden email]
>> > > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
>> > > <mailto:[hidden email]?subject=unsubscribe>
>> > _______________________________________________
>> > Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/
>> > wiki/Mailing_lists/Guidelines
>> > New messages to: [hidden email]
>> > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
>> > <mailto:[hidden email]?subject=unsubscribe>
>> > _______________________________________________
>> > Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/
>> > wiki/Mailing_lists/Guidelines
>> > New messages to: [hidden email]
>> > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
>> > <mailto:[hidden email]?subject=unsubscribe>
>> >
>> _______________________________________________
>> Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/
>> wiki/Mailing_lists/Guidelines
>> New messages to: [hidden email]
>> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
>> <mailto:[hidden email]?subject=unsubscribe>
>>
>
>
>
> --
> GN.
> President Wikimedia Australia
> WMAU: http://www.wikimedia.org.au/wiki/User:Gnangarra
> Photo Gallery: http://gnangarra.redbubble.com
> _______________________________________________
> Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
> New messages to: [hidden email]
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>



--
[hidden email] https://commons.wikimedia.org/wiki/User:Fae
Personal and confidential, please do not circulate or re-quote.

_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
New messages to: [hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] How should security of Wikimedia accounts be better?

Vi to
Reinventing the wheel is not a good idea, choosing an existing and active
open source project and take part into development is cheaper and more
sustainable, phabricator is a good example.

Vito

2016-11-14 11:45 GMT+01:00 Fæ <[hidden email]>:

> Task: https://phabricator.wikimedia.org/T150646 - A Wikimedia hosted
> two-factor authentication app
>
> I agree there are issues, and the help files would need a lot more
> work before a wider roll-out. The current advice[1] is too open ended
> and many users randomly searching for two-factor authentication apps
> (or browser plug-ins) will end up using Google's, or a supplier with
> no track record, or even some other app with commercial adverts.
>
> Open source solutions are around, like Authy[2] (which is what I'm
> using). There is nothing to stop the WMF from hosting a build using
> current open source code, and even making it available on Google Play,
> with the options of customizing it in useful ways later on. For these
> reasons I've kicked of the task above for the WMF to consider hosting
> an app.
>
> Links:
> 1. https://meta.wikimedia.org/wiki/Help:Two-factor_authentication
> 2. https://github.com/authy
>
> On 14 November 2016 at 08:05, Gnangarra <[hidden email]> wrote:
> > I see this as not solving problems but creating barriers to participation
> >
> >    - one is the complexity of the process
> >    https://meta.wikimedia.org/wiki/Help:Two-factor_authentication the
> more
> >    complicated the systems the more opportunity for failures, more
> points of
> >    access where data can be compromised, and the flip side the easier it
> is
> >    for people to be locked out,
> >    - its using 3rd party, no matter how good the system of the third
> party
> >    why should I be using anything other than the WMF system to login, my
> >    connection is with the WMF. Who is responsible if the connection is
> >    compromised or my data misused by the third party regardless of which
> third
> >    party used they need to know your user details to complete the loop
> in the
> >    authentication .
> >    - an authentication app is just inviting people to attempt to
> compromise
> >    the account as you have already given them part of the process should
> you
> >    lose your device
> >
> > What I see could be a technical benefit has a dark side that is enabling
> > additional parties to monitor our activities even compromise them.  I
> think
> > that "security" card is being played poorly here as anonymity in editing
> is
> > something we have always respected the 3rd party participation in
> > authentication appears to be stripping that away.  Google and like minded
> > commercial companies only provide these free tools to gather data for
> their
> > own internal uses to enable them to better target the advertising that
> they
> > sell.
> >
> > On 14 November 2016 at 08:10, Craig Franklin <[hidden email]>
> > wrote:
> >
> >> This is really excellent.  Thankyou!
> >>
> >> Cheers,
> >> Craig
> >>
> >> On 13 November 2016 at 01:46, Steinsplitter Wiki <
> >> [hidden email]
> >> > wrote:
> >>
> >> > https://en.wikipedia.org/wiki/Wikipedia:Administrators%27_
> >> > noticeboard#Two-Factor_Authentication_now_available_for_admins
> >> >
> >> > ________________________________
> >> > Von: Wikimedia-l <[hidden email]> im Auftrag
> >> von
> >> > Amir Ladsgroup <[hidden email]>
> >> > Gesendet: Samstag, 12. November 2016 15:37
> >> > An: Wikimedia Mailing List
> >> > Betreff: Re: [Wikimedia-l] How should security of Wikimedia accounts
> be
> >> > better?
> >> >
> >> > Emphasizing on this part of my message: "'Google Authenticator' *or
> >> similar
> >> > ones.*"
> >> >
> >> > On Sat, Nov 12, 2016 at 6:04 PM Vi to <[hidden email]> wrote:
> >> >
> >> > > Actually I consider to be sensitive the google account linked to my
> >> > mobile
> >> > > phone :|
> >> > >
> >> > > also lots of people might have no compatible devices.
> >> > >
> >> > > Vito
> >> > >
> >> > > 2016-11-12 15:30 GMT+01:00 Amir Ladsgroup <[hidden email]>:
> >> > >
> >> > > > There is no need to store phone number at all.
> >> > > > You need to install an app called "Google Authenticator" or
> similar
> >> > ones.
> >> > > > Then you scan a QR code from a special page in Wikipedia. Then
> every
> >> > time
> >> > > > you want to login, you need to give username, password and a
> >> > short-lived
> >> > > > token the app gives you. See this for more details:
> >> > > >
> >> > > https://lists.wikimedia.org/pipermail/labs-announce/2016-
> >> > March/000104.html
> >> > > >
> >> > > >
> >> > > >
> >> > > > On Sat, Nov 12, 2016 at 5:38 PM Fæ <[hidden email]> wrote:
> >> > > >
> >> > > > Good point Vito,
> >> > > >
> >> > > > I agree that mobile numbers are personal information. However, my
> >> > > > understanding of the two-factor process would be that it can set
> up
> >> so
> >> > > > that mobile numbers are *guaranteed* to never be logged or
> archived
> >> > > > and only stored in a constrained way for a verification number to
> be
> >> > > > issued. There are various ways of getting two-factor processes to
> >> > > > work, so methods that do not rely on mobile numbers may suit
> >> > > > volunteers that are worried about sending their mobile phone
> number
> >> to
> >> > > > any server in the USA, where there are always questions about
> secret
> >> > > > access and storage for government agencies.
> >> > > >
> >> > > > We can require that guarantees are given and transparently assured
> >> for
> >> > > > how any personal information like this is handled by WMF
> implemented
> >> > > > software. It could even be an area that requires legally
> meaningful
> >> > > > assurance, or local processing to avoid, say, Europeans sending
> any
> >> > > > personal data to the USA.  ;-)
> >> > > >
> >> > > > Fae
> >> > > >
> >> > > > On 12 November 2016 at 13:53, Vi to <[hidden email]>
> wrote:
> >> > > > > My phone number is something I consider highly sensitive.
> Linking
> >> > this
> >> > > > kind
> >> > > > > of data to my online identity would be an unacceptable risk for
> me.
> >> > > > >
> >> > > > > Vito
> >> > > > >
> >> > > > > 2016-11-12 13:37 GMT+01:00 Amir Ladsgroup <[hidden email]
> >:
> >> > > > >
> >> > > > >> As far as I know 2FA is already implemented and mandatory for
> WMF
> >> > > staff
> >> > > > >> accounts and wikitech accounts. https://phabricator.wikimedia.
> >> > > > org/T107605
> >> > > > >>
> >> > > > >> I emphasized on having 2fa for CUs, oversights and others with
> >> > private
> >> > > > data
> >> > > > >> access: https://phabricator.wikimedia.org/T107605#2570342
> >> > > > >> Not sure what's blocking this.
> >> > > > >>
> >> > > > >> Best
> >> > > > >>
> >> > > > >> On Sat, Nov 12, 2016 at 3:57 PM Craig Franklin <
> >> > > > [hidden email]
> >> > > > >
> >> > > > >> wrote:
> >> > > > >>
> >> > > > >> > I know it's been said many times, but two-factor
> authentication,
> >> > > > >> mandatory
> >> > > > >> > for accounts with advanced privileges and optionally
> available
> >> for
> >> > > > >> everyone
> >> > > > >> > else, would seem to be a logical step.  It's not foolproof,
> but
> >> it
> >> > > > would
> >> > > > >> go
> >> > > > >> > a long way to making us less of a soft target.
> >> > > > >> >
> >> > > > >> > Cheers,
> >> > > > >> > Craig
> >> > > > >> >
> >> > > > >> > On 12 November 2016 at 22:22, Fæ <[hidden email]> wrote:
> >> > > > >> >
> >> > > > >> > > Do any of the volunteers contributing to this list have
> ideas
> >> > for
> >> > > > >> > > changes that may make a significant difference to security?
> >> > > > >> > >
> >> > > > >> > > Yesterday saw Jimmy Wales' Wikipedia account getting
> hacked,
> >> in
> >> > > the
> >> > > > >> > > process appearing to promote an organisation.[1] It was not
> >> the
> >> > > only
> >> > > > >> > > account compromised. This is being analysed, though as
> there
> >> are
> >> > > > >> > > security issues being examined, the analysis has not been
> made
> >> > > > public
> >> > > > >> > > so far; plus it's the weekend :-)
> >> > > > >> > >
> >> > > > >> > > Over the last few years, there have improvements on account
> >> > set-up
> >> > > > and
> >> > > > >> > > choice of passwords, along with user suggestions for better
> >> > > account
> >> > > > >> > > management. Users can also chose to use committed
> >> identities[2]
> >> > to
> >> > > > >> > > make account recovery easier, and are encouraged to use
> more
> >> > > secure
> >> > > > >> > > passwords. Two-factor authentication,[3] such as using
> mobile
> >> > > phone
> >> > > > >> > > text messages, has been suggested a few times by
> volunteers,
> >> and
> >> > > > this
> >> > > > >> > > might be a good moment to encourage the WMF to have better
> >> > > > facilities
> >> > > > >> > > built into the projects. We could even make two-factor
> >> > > > identification
> >> > > > >> > > a requirement for trusted users, such as administrators,
> >> > important
> >> > > > >> > > bots, and "high profile" accounts, where they may have
> special
> >> > > > rights
> >> > > > >> > > that could cause a fair amount of disruption if a hacked
> >> account
> >> > > > were
> >> > > > >> > > not identified quickly. Considering that some administrator
> >> > > accounts
> >> > > > >> > > can lie dormant for many months without the actual user
> >> > monitoring
> >> > > > it,
> >> > > > >> > > these could end up being far more disruptive than
> well-watched
> >> > > > >> > > accounts like Jimmy's.
> >> > > > >> > >
> >> > > > >> > > We may want extra security to remain mostly optional,
> keeping
> >> > our
> >> > > > >> > > projects simple to access. Education of new volunteers and
> >> > trusted
> >> > > > >> > > users may be critical for making it effective, such as
> >> avoiding
> >> > > > social
> >> > > > >> > > hacking. A clearer understanding of what the community
> would
> >> > want
> >> > > to
> >> > > > >> > > see improved would probably help set development
> priorities.
> >> > > > >> > >
> >> > > > >> > > Links
> >> > > > >> > > 1.
> >> > > https://en.wikipedia.org/wiki/User_talk:Jimbo_Wales#Compromised
> >> > > > >> > > 2. https://en.wikipedia.org/wiki/
> Template:Committed_identity
> >> > > > >> > > 3. https://en.wikipedia.org/wiki/
> Multi-factor_authentication
> >> > > > >> > >
> >> > > > >> > > Thanks,
> >> > > > >> > > Fae
> >> > > > >> > > --
> >> > > > >> > > [hidden email] https://commons.wikimedia.org/
> wiki/User:Fae
> >> > > > >> > >
> >> > > > >> > > _______________________________________________
> >> > > > >> > > Wikimedia-l mailing list, guidelines at:
> >> > > > https://meta.wikimedia.org/
> >> > > > >> > > wiki/Mailing_lists/Guidelines
> >> > > > >> > > New messages to: [hidden email]
> >> > > > >> > > Unsubscribe: https://lists.wikimedia.org/
> >> > > > mailman/listinfo/wikimedia-l
> >> > > > ,
> >> > > > >> > > <mailto:[hidden email]?subject=
> >> > > > unsubscribe>
> >> > > > >> > _______________________________________________
> >> > > > >> > Wikimedia-l mailing list, guidelines at:
> >> > > > >> > https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
> >> > > > >> > New messages to: [hidden email]
> >> > > > >> > Unsubscribe:
> >> > > https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
> >> > > > ,
> >> > > > >> > <mailto:[hidden email]
> >> > > ?subject=unsubscribe>
> >> > > > >> _______________________________________________
> >> > > > >> Wikimedia-l mailing list, guidelines at:
> >> > https://meta.wikimedia.org/
> >> > > > >> wiki/Mailing_lists/Guidelines
> >> > > > >> New messages to: [hidden email]
> >> > > > >> Unsubscribe: https://lists.wikimedia.org/
> >> > mailman/listinfo/wikimedia-l
> >> > > ,
> >> > > > >> <mailto:[hidden email]?subject=
> >> > unsubscribe>
> >> > > >
> >> > > > --
> >> > > > [hidden email] https://commons.wikimedia.org/wiki/User:Fae
> >> > > >
> >> > > > _______________________________________________
> >> > > > Wikimedia-l mailing list, guidelines at:
> >> > > > https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
> >> > > > New messages to: [hidden email]
> >> > > > Unsubscribe: https://lists.wikimedia.org/
> >> mailman/listinfo/wikimedia-l,
> >> > > > <mailto:[hidden email]?subject=
> unsubscribe>
> >> > > > _______________________________________________
> >> > > > Wikimedia-l mailing list, guidelines at:
> https://meta.wikimedia.org/
> >> > > > wiki/Mailing_lists/Guidelines
> >> > > > New messages to: [hidden email]
> >> > > > Unsubscribe: https://lists.wikimedia.org/
> >> mailman/listinfo/wikimedia-l,
> >> > > > <mailto:[hidden email]?subject=
> unsubscribe>
> >> > > >
> >> > > _______________________________________________
> >> > > Wikimedia-l mailing list, guidelines at:
> >> > > https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
> >> > > New messages to: [hidden email]
> >> > > Unsubscribe: https://lists.wikimedia.org/
> mailman/listinfo/wikimedia-l,
> >> > > <mailto:[hidden email]?subject=
> unsubscribe>
> >> > _______________________________________________
> >> > Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/
> >> > wiki/Mailing_lists/Guidelines
> >> > New messages to: [hidden email]
> >> > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
> ,
> >> > <mailto:[hidden email]?subject=unsubscribe>
> >> > _______________________________________________
> >> > Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/
> >> > wiki/Mailing_lists/Guidelines
> >> > New messages to: [hidden email]
> >> > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
> ,
> >> > <mailto:[hidden email]?subject=unsubscribe>
> >> >
> >> _______________________________________________
> >> Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/
> >> wiki/Mailing_lists/Guidelines
> >> New messages to: [hidden email]
> >> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> >> <mailto:[hidden email]?subject=unsubscribe>
> >>
> >
> >
> >
> > --
> > GN.
> > President Wikimedia Australia
> > WMAU: http://www.wikimedia.org.au/wiki/User:Gnangarra
> > Photo Gallery: http://gnangarra.redbubble.com
> > _______________________________________________
> > Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/
> wiki/Mailing_lists/Guidelines
> > New messages to: [hidden email]
> > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> <mailto:[hidden email]?subject=unsubscribe>
>
>
>
> --
> [hidden email] https://commons.wikimedia.org/wiki/User:Fae
> Personal and confidential, please do not circulate or re-quote.
>
> _______________________________________________
> Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/
> wiki/Mailing_lists/Guidelines
> New messages to: [hidden email]
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> <mailto:[hidden email]?subject=unsubscribe>
>
_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
New messages to: [hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>