Page MenuHomePhabricator

Set channel cmode +S for wikimedia private IRC-Channels
Open, MediumPublic

Description

we have SSL at all wikis now. We try to make everything more secure, 2FA etc. But there is still one thing to do:
There are people talking in IRC, IRC allows SSL as well. Of course, we should not require SSL in IRC in every channel, for example if you use freenode webchat, you can't use SSL, so it would be bad for new users, or users asking for help etc.
But at least for channels, where people mention private data, we should require SSL, in my opinion.

What would need to be done then? At private channels, where private data gets mentioned, like #wikimedia-checkusers or #wikimedia-privacy, the channelmode +S should get set. This would mean, that every user, who is not connected via SSL would not be able to join the channel then. Instead they would recive a message about it, that they need SSL.
Currently, this feature is not enabled:

[21:54:26] * Channel #wikimedia-checkusers Modes: +cimntzf
[21:54:31] * Channel #wikimedia-privacy Modes: +FLcginsf

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptDec 11 2016, 9:02 PM

It might be a good idea to make clear up what kinds of private information can be sent over FreeNode.

#mediawiki_security should probably be added to that list

Hm:

[18:01:43] <Sagan> info #mediawiki_security
[18:01:44] -ChanServ- Information on #mediawiki_security:
[18:01:44] -ChanServ- Registered : Apr 06 18:36:11 2005 (11y 36w 1d ago)
[18:01:44] -ChanServ- Mode lock  : +ins
[18:01:44] -ChanServ- Flags      : PRIVATE
[18:01:44] -ChanServ- *** End of Info ***

[18:01:50] <Sagan> info #mediawiki-security
[18:01:51] -ChanServ- Information on #mediawiki-security:
[18:01:51] -ChanServ- Founder    : freenode-staff, wmfgc
[18:01:51] -ChanServ- Registered : Jun 02 09:55:14 2016 (27w 5d 7h ago)
[18:01:51] -ChanServ- Last used  : Jun 02 09:55:14 2016 (27w 5d 7h ago)
[18:01:51] -ChanServ- Mode lock  : +mpsC
[18:01:51] -ChanServ- Flags      : GUARD
[18:01:51] -ChanServ- *** End of Info ***

[OT] We maybe should ask the GCs, if #mediawiki_security is included in the wikimedia namespace too. (I don't know which namespaces we have exactly, but per default, only #mediawiki and #mediawiki-* are included I think.

#mediawiki_security is explicitly named with an _ so GCs don't have control over it.

Also, does this task need to be private? Anyone can look up channel modes.

Also, does this task need to be private? Anyone can look up channel modes.

Agreed. This can probably be made public.

It might be a good idea to make clear up what kinds of private information can be sent over FreeNode.

We should make a separate bug for this so we can keep track of this.

Bawolff triaged this task as Medium priority.Dec 13 2016, 10:36 PM
Bawolff changed the visibility from "Custom Policy" to "Public (No Login Required)".
Bawolff added a project: Privacy.

Bug made public

#mediawiki_security is explicitly named with an _ so GCs don't have control over it.

Then, it does not belongs to a registered group, so it violates freenodes policys about channel ownership: https://freenode.net/policies

#mediawiki_security is explicitly named with an _ so GCs don't have control over it.

Then, it does not belongs to a registered group, so it violates freenodes policys about channel ownership: https://freenode.net/policies

What? Please cite the actual part of the policy you think is being violated. Freenode doesn't require any group registration to create new primary channels.

If a channel does not belong to a group directly, freenode will not transfer the control to another person, even if the channel is expired, etc.

You're now saying something entirely different, which has nothing to do this task.

Hm:

[18:01:43] <Sagan> info #mediawiki_security
[18:01:44] -ChanServ- Information on #mediawiki_security:
[18:01:44] -ChanServ- Registered : Apr 06 18:36:11 2005 (11y 36w 1d ago)
[18:01:44] -ChanServ- Mode lock  : +ins
[18:01:44] -ChanServ- Flags      : PRIVATE
[18:01:44] -ChanServ- *** End of Info ***

[18:01:50] <Sagan> info #mediawiki-security
[18:01:51] -ChanServ- Information on #mediawiki-security:
[18:01:51] -ChanServ- Founder    : freenode-staff, wmfgc
[18:01:51] -ChanServ- Registered : Jun 02 09:55:14 2016 (27w 5d 7h ago)
[18:01:51] -ChanServ- Last used  : Jun 02 09:55:14 2016 (27w 5d 7h ago)
[18:01:51] -ChanServ- Mode lock  : +mpsC
[18:01:51] -ChanServ- Flags      : GUARD
[18:01:51] -ChanServ- *** End of Info ***

[OT] We maybe should ask the GCs, if #mediawiki_security is included in the wikimedia namespace too. (I don't know which namespaces we have exactly, but per default, only #mediawiki and #mediawiki-* are included I think.

JFishback_WMF moved this task from Intake to Backlog on the Privacy board.Mar 24 2020, 3:08 PM