this is frankly really scary. if you’re in a socialist org, please make sure that they’re not so lax with security like this. also, why the actual fuck are they using google products. we are fucking doomed here in the west man. To be clear I think this is probably more on the local chapter of your org than the national org, but even then I really think national orgs need to be giving out a lot more training about this kind of thing, and quite frankly booting out the leadership of local chapters if they’re lax like this.
tweet text here
PSL security culture: I left almost a year ago, their members locally know I don’t like them, but I’m still in some shared folder where I can see sensitive event and recruiting information
I highly recommend to the people joining orgs to take serious steps and ask questions around security. What if this got into the wrong hands? Out of courtesy I’m censoring the names. I have plenty more screenshots of events in case they try to refute this but I recommend they just hold this L quietly
*4 images showing proof
I don’t know. You can waste a lot of effort on convincing people of the need for security, establishing significant security, not weirding people out in the process, and actually sticking to it, only to find out that it’s not as good as you think/it’s yet another program with some sketchy back door built in. Or you do everything right and there’s a fed in your group in person, a tactic they’ve used for at least a century. Or there isn’t, but a serious adversary can piece together who’s in the group and when you’re meeting based on public posts and phone data.
This isn’t saying orgs should take zero steps on information security, more that you’re never going to be able to hide a domestic political group from the U.S. government. Expect leaks and wreckers from the start and you can set up ways to minimize their harm.
copying a comment i made further down:
I understand that people use the google stuff because of how easy it is. Obviously the most sensitive stuff should be kept person to person and not put on the computer, but even with less sensitive information i think we should be doing better than potentially offering up all that info to the feds for essentially free, make them commit resources to infiltrate our groups, not just work with google real quick to get access to whatever they need. Even if our solutions are somewhat clunky, we should 100% be willing to put the time/resources into training people to be tech literate enough to use them. My point here is that we shouldn’t be making it as easy as possible for feds to infiltrate, make them expend more resources by trying to turn informants or even having to insert actual agents