this is frankly really scary. if you’re in a socialist org, please make sure that they’re not so lax with security like this. also, why the actual fuck are they using google products. we are fucking doomed here in the west man. To be clear I think this is probably more on the local chapter of your org than the national org, but even then I really think national orgs need to be giving out a lot more training about this kind of thing, and quite frankly booting out the leadership of local chapters if they’re lax like this.
tweet text here
PSL security culture: I left almost a year ago, their members locally know I don’t like them, but I’m still in some shared folder where I can see sensitive event and recruiting information
I highly recommend to the people joining orgs to take serious steps and ask questions around security. What if this got into the wrong hands? Out of courtesy I’m censoring the names. I have plenty more screenshots of events in case they try to refute this but I recommend they just hold this L quietly
*4 images showing proof
I think they need us terminally online selfhoster Linux tankies to help them in this regard
This is our purpose after all
i would finally have some use for my hobbies.
You could reach out to a local chapter or something and offer to help them
In my experience for a local org they shrugged it off :/
That sounds so suspicious
Not necessarily, it’s really hard to get ppl to adopt new things. Of course secure plaftorms should be mandatory imo.
they are young, and i swear, everyone is a b**mer.
and yes if i saw someone comment that even with my experience i too would think it was strange.
they are ideologically so good, completely solid (excl. neurodivergent stuff, and accessibility stuff for other comrades).
i tried to explain some privacy stuff, like, info we were taking from prospective members for the youth org, and how handing that off to the affiliated party org likely breaches the institutions privacy laws (which i quoted during the regular meeting!!) and was told something about how its probably OK or it wasnt an issue before.
what no dialectics does to… a comrade??
I can confirm they will appreciate it, listen to your ideas, suggestions, and concerns, and find ways for you to contribute or consider/accept your offers to do projects for them. I’m a member of PSL and serve as their IT. I want to encourage IT comrades to join. We need all the help we can get. You can make a difference; it’s a workers’ democratic party after all.
eyy, great to hear comrade!! gives me hope, support for your IT skills!
Sign me up!
You need to sign yourself up and make tell them why they need it ;)
You seem to be joking, but this is a seriously good idea. Technologically literate people are needed in orgs. Get on it comrade <3
No wasn’t really joking just a bit sarcastic. I definitely do think it is needed. This is a new age with new kinds of anti communist methods. Those who are wisened up are needed on the front lines. We aren’t facing mere newspaper censors anymore…
I’ve tried helping local organizers with this and the onus is always on me to put in tremendous effort into explaining why it’s a big deal. Like I need to impart half an IT degree as well as an abridged history of cointelpro. People generally just don’t understand enough to put in the effort and likely add friction to their workflows.
The local socialist org where I live collaborates on Google docs. It’s cringe.
We wrote our party program with it from start to finish lol. I’ve given up on trying to talk about security.
I don’t know. You can waste a lot of effort on convincing people of the need for security, establishing significant security, not weirding people out in the process, and actually sticking to it, only to find out that it’s not as good as you think/it’s yet another program with some sketchy back door built in. Or you do everything right and there’s a fed in your group in person, a tactic they’ve used for at least a century. Or there isn’t, but a serious adversary can piece together who’s in the group and when you’re meeting based on public posts and phone data.
This isn’t saying orgs should take zero steps on information security, more that you’re never going to be able to hide a domestic political group from the U.S. government. Expect leaks and wreckers from the start and you can set up ways to minimize their harm.
copying a comment i made further down:
I understand that people use the google stuff because of how easy it is. Obviously the most sensitive stuff should be kept person to person and not put on the computer, but even with less sensitive information i think we should be doing better than potentially offering up all that info to the feds for essentially free, make them commit resources to infiltrate our groups, not just work with google real quick to get access to whatever they need. Even if our solutions are somewhat clunky, we should 100% be willing to put the time/resources into training people to be tech literate enough to use them. My point here is that we shouldn’t be making it as easy as possible for feds to infiltrate, make them expend more resources by trying to turn informants or even having to insert actual agents
Definitely, I was in PCUSA for a few months and they acted like feds. I’m almost worried what my info could be done with by them.
Could you elaborate on the PCUSA’s
behavior? I am not organized with them, but I am with the PSL. I’m just curious about the PCUSAThey’re undialectical patsocs with lots of members with info on their lists and many fewer actually participating in their zoom things (which is all they do besides support reactionary platforms against Ukraine). No one responded to my emails that I was leaving. In the interview they said I would never have to worry about feds in the org. Any serious communist party would be aware of cointelpro. The leadership is rather controlling and they constantly attack people to the left of them. Idk how much of this is fed shit or just bad organizing. If you’re interested in more dirt I’ve elaborated before and you could look it up on my profile on lemmy search.
Edit: doesn’t mean much, but they used signal.
Legitimately wondering, if not Signal what should serious activists be using? Not trying to be combative, but I’ve heard this talking point before in more reactionary parts of the net about the CIA “funding” Signal via the OTF - which tangentially, if you look at the rest of the projects OTF supports, it’s basically every moderately-sized privacy or encryption related open source project in existence… so I’m not really convinced that is necessarily a red flag, and if it is then we’re already really screwed. But then these same people typically just go on using something like Telegram which is… definitely not better. lol
It is hard enough to convince most people to use Signal which has relatively good adoption and name recognition, so it puts privacy conscious people in an awkward position when we have to almost every 6 months say to our contacts, “hey bro so please try out this new shiny chat app bro, it’s actually really secure this time I promise bro. please bro”
Matrix. Signal is a centralized, US company. That alone is enough to disqualify it.
Other than current traction towards matrix marketing, why do so few people use XMPP? Most people just sign up for the matrix.org accounts which are hosted in Britain. One can use one of the other Matrix hosts, but I don’t understand why people use matrix instead of XMPP.
Encryption was an afterthought with xmpp, whereas matrix was designed with encryption first. Xmpp has encryption as an extension, but not all clients support it.
XMPP is cool but so many things that you’d expect to be standard are extensions that both the Server and all the Clients need to have installed and enabled. Also some XMPP clients don’t support all extensions and some extensions also require third party software and extra setup. Matrix just works.
That being said signing up to matrix.org is cringe. Absolutely host your own homeserver.
Even Matrix isn’t perfect. I would consider Signal and Matrix to be pretty secure and recommended for activist organization, until the US decides to force Signal to open a backdoor into its end-to-end encryption. Signal only provided the account number, last connection date, and account creation date (in unix time format, lol) when the California grand jury issued a subpoena. Signal has also threatened to leave the US and the UK if they passed their anti-encryption bills.
Signal is not without criticism, though, considering their controversial cryptocurrency project.
Its illegal for Signal to tell you if they have a backdoor, because of US key disclosure laws. Check out the EFF’s article on NSLs, and why every US-based service can’t be trusted.
The data signal gives to state governments, is likely different from the info it gives to the federal goverment.
Very resourceful links! Thanks! I wasn’t doubting there are issues regarding Signal, especially considering its ties to the US, as I saw a video regarding its controversies. My point I wanted to make is there is no 100% secure application, and there will be bugs and vulnerabilities among applications we think we can trust. I believe Signal is still a major improvement regarding security, at least compared to Discord, but I would prefer XMPP, Matrix, etc. if I had the choice. Though I understand if an encrypted system is compromised, it’s just as a good as being unencrypted, so if it turns out the US is getting sufficient information from Signal through a backdoor and the subpoena I mentioned was just for show, I hope PSL would consider migrating to Matrix or something more trustworthy. Then again, when the going gets tough, we may have to abandon our phones and electronics to stay safe and find ways to make revolutionary change under a police state.
I don’t know. My own opsec is not great.
Actually it does mean a lot. Signal is literally funded by the CIA. https://dessalines.github.io/essays/why_not_signal.html
Bro didn’t see it was a link
Damn I pulled that shit up for nothing
What would be an alternative to Google’s spreadsheets? Best thing I can think of is a Nextcloud deployment. I would just prefer to host this kind of shit in a private git repository somewhere but of course that would understandably not fly with 99% of the people.
There are free NextCloud providers. CryptPad also seems promising and can also be self-hosted. I can’t think of any good reason to use Google Drive/Sheets/… aside from a short adjustment period when switching to an E2EE equivalent
Someone that works for whatever org you work with owns a domain. Make it run by the org. You can make nextcloud have logins for your known members to see sensitive data.
im not exactly sure either. In this case, I dont even know why you need a spread sheet for this case exactly (in one of the screenshots it looks like they just had who was responsible for what during an event?). I understand that is 100% why people use them, the ease of use, but we need to come up with better solutions imo. Obviously the most sensitive stuff should be kept person to person and not put on the computer, but even with less sensitive information i think we should be doing better than potentially offering up all that info to the feds for essentially free, make them commit resources to infiltrate our groups, not just work with google real quick to get access to whatever they need. Even if our solutions are somewhat clunky, we should 100% be willing to put the time/resources into training people to be tech literate enough to use them
The security concern is understandable and we should take necessary measures and keep important things between trusted people in real life, but we need to be honest with ourselves that we are under surveillance at all times anyways.
We’ve expressed more than communist sympathies online and in real life. We are high on the watch list (that literally everyone is on anyways).
Organizing definitely has pig and fed supervision and even infiltration. You should assume there is someone untrustworthy around you at all times.
But this does not mean we stop organizing, or slow down, or cower. If we have this weird pursuit of perfect privacy, we will do absolutely nothing. Because it doesn’t exist.
At some point we need to break through this fear of “getting got” because of bad security and recognize that it doesn’t take anything for the feds and pigs to do terrible things anyways. If you’re actually organizing in real life, if you’re actually active, you’re eventually going to need to be clear on your goals. And that right there blows your “security”.
If we are too scared to put ourselves in ANY amount of danger just through supervision, how do you expect us to actually carry a revolution forward?
I’d ask you all to consider the concept of revolutionary suicide, or at the very least, revolutionary sacrifice. It’s true, engaging in this may lead us to prison or death. And no amount of security is going to prevent that from happening when the going gets going. Is that worth it to you? Do you have the drive to live a life free that is so strong you’d give up everything for it? I say this not as a finger pointing or “you’re weak” thing, but a genuine question. I don’t blame you if the answer is no.
Once again, before I get crucified, I am not advocating against basic security measures to filter out feds and keep classified information in the hands of trusted people. I am pushing back at the overall theme I see specifically with online lefties that prioritizes security so heavily that we can’t share our names or general locations with these established orgs as if the feds don’t have this already. I’m pushing back against the overwhelming fear some people seem to have (justifiably) because we don’t need that right now. We need resistance. And that is dangerous.
physical location is most needed to be kept safe from right wing local stochastic terrorists rather than feds at least, you’re right about that. The big thing here, that i more meant to focus on, is that they let some random person who left the party get access to sensitive information for months, that is extremely bad, just because I might be on a fed list somewhere, doesn’t mean i want to be doxxed by a bitter former party member and face repercussions from anticommunist locals. I advocate for keeping the most sensitive information (like if your group is going to go sabotage something, etc.) off of computers and kept person to person anyways
I’d ask you all to consider the concept of revolutionary suicide, or at the very least, revolutionary sacrifice. It’s true, engaging in this may lead us to prison or death. And no amount of security is going to prevent that from happening when the going gets going. Is that worth it to you? Do you have the drive to live a life free that is so strong you’d give up everything for it? I say this not as a finger pointing or “you’re weak” thing, but a genuine question. I don’t blame you if the answer is no.
great thing we should all be considering, but one I’m not sure you can truly answer until the feds have got you in a jail cell threatening you with life if you dont betray your comrades to become their informant (as an example of extreme situation). I think I’m ok with it, but am I actually? we will see.
First part makes definite sense. Completely unacceptable to have that kind of thing just laying around for anyone, especially considering the pettiness that is sometimes present within leftist organizing lol.
Last part also good point. Yeah, I mean, shit we don’t really know until we are there. But I think we can get more and more of an idea and closer to saying yes as we get more involved in this organizing. We are in danger for before the feds have us in the cell. But yet we continue. That to me signals something brave
Somehow I knew this was about PSL even before clicking the spoiler text lol. The fact that you can seemingly only apply to join via Google forms gave me pause, and is the main reason I have not bothered getting involved.
If your local is anything like mine, they won’t respond to the Google forms application anyway and you’ll just get the newsletter for six months.
deleted by creator
Holy fuck
https://lemmygrad.ml/comment/3730331
This is my comment made a bit earlier to encourage tech literate comrades to join their local org as they can help improve their IT infrastructure and opsec.
https://twitter.com/hornetnezt/status/1762437507675779517
I do agree with this person. I think this would have been handled better privately even though this info is helpful. In the pre-branch I am in, we do take opsec seriously and want to find alternatives to improve our security. I’m sure other local branches would be open to change if more IT comrades joined and made their voice heard.
I believe PSL worked with tools that were most convenient and accessible to them at the time. Plus, while I hate big tech tools and prefer self-hosted solutions, the security of Google, Microsoft, and other mainstream products is nothing to scoff at (ignoring backdoors built in for the feds), though your privacy goes down the drain. PHP originally self-hosted their git repository and had to migrate to their mirror on GitHub after they were compromised.
Time is of the essence to build class consciousness among the proletariat. We have been raising awareness of the genocide in Palestine, and I don’t believe our organization is working in vain by running a campaign and accruing members and resources. Our current campaign isn’t simply to win office. Of course there’s extremely little chance we will win. The campaign is an invitation for workers to join a communist organization to fight for a better world, and the presidential election is definitely not a time to be quiet as more people are paying attention to politics now. Revolution is not going to happen overnight, and we are still in early stages of emerging in the US.
I do agree with this person. I think this would have been handled better privately even though this info is helpful. In the pre-branch I am in, we do take opsec seriously and want to find alternatives to improve our security. I’m sure other local branches would be open to change if more IT comrades joined and made their voice heard.
I think you’re a little too biased as a PSL member. quite frankly they had almost a year to notice this themselves, and speaks to an extreme problem with that local chapter that needs to be spoken about publicly. I’m not in PSL so I can’t say what national does about this kind of thing but the leadership of that chapter needs to be reprimanded or even be forced to step down imo. Does national provide training for this kind of thing?
Hey, I am just as critical in regards to security and socialist parties including my own, and I do want the party to improve on their opsec and prioritize open source, self-hosted, and encrypted/sandboxed/etc. tools, but blasting this onto twitter without the party’s consent isn’t very responsible. I don’t know if you are the same user as the one on twitter, but I do apologize for the experience and this is something I believe the local chapter as well as the national party should improve upon. I joined the party with the goal to contribute my IT skills to make the party more secure.
I’m still a bit new and still learning, and I am being careful about not sharing internal only information, but locally we do work on different trainings, and I may be helping organize one related to security. We need more IT comrades to help with the party in order to realize changes to our technical infrastructure, especially when we become larger and reach later stages of organizing and begin shining in the surveillance industrial complex’s radar. Simply slandering the organization by posting internal information does not help, especially for this issue regarding a hole in their security.
I’m not the same user, I’ve never been a member of PSL, Once again, it’s not so much the using of google products, which is bad tbc, it was that they didnt have any procedures to make sure that former members can’t burn them like this. Imagine if this person was a monster and shared this information with a local white supremacist group, it could lead to the deaths of organizers. I’m glad to hear that you’re working on organizing security training. But I think it’s important for people to see this info in the public so they know to keep an eye out for this kind of thing in whatever org they’re in.
From my experience so far in my pre-branch, we have been much better at maintaining our signal chats, restricting old users from the chats and not retaining old messages in previous temporary chats. I believe this is more of an issue with this local chapter, and I am glad that at least this wasn’t a dangerous person as you suggested burning the chapter. I can see your viewpoint, but I think the first thing to be done is to privately message the party so that we can internally discuss this and resolve the matter through democratic centralist means. That’s appropriate for any situation generally, and perhaps if this escalated and the party made poor decisions after this, then bring this to the attention of the national party, and then maybe mention it publically without exposing sensitive information (and censor a little better when showing screenshots).
I hope I am not saying too much, but I am also working on alternatives for google products within my pre-branch, and other members were going to mention their concerns about the security of using big tech tools before I suggested to help. I’m just one IT person, and I am already contributing a major difference as this pre-branch grows.
Maybe making physical spreadsheets would be better? Idk tho
No, you probably right.
deleted by creator
deleted by creator
Our local PSL chapter used a private Nextcloud instance for most organizing efforts. For what it’s worth, PSL national did start up an IT security protocol that chapters were supposed to be moving towards, with detailed guides for setting up various online infrastructure in a secure way. Out of all the socialist orgs I’ve been a member of, the PSL has ultimately been the one most interested in tightening digital security. DSA is Google Docs central (and Slack). SRA is Discord all the way down.
As a Cybersecurity professional, I completely agree with every word.
