PSA: be careful with the orgs you join
PSA: be careful with the orgs you join
this is frankly really scary. if you're in a socialist org, please make sure that they're not so lax with security like this. also, why the actual fuck are they using google products. we are fucking doomed here in the west man. To be clear I think this is probably more on the local chapter of your org than the national org, but even then I really think national orgs need to be giving out a lot more training about this kind of thing, and quite frankly booting out the leadership of local chapters if they're lax like this.
tweet text here
PSL security culture: I left almost a year ago, their members locally know I don’t like them, but I’m still in some shared folder where I can see sensitive event and recruiting information
I highly recommend to the people joining orgs to take serious steps and ask questions around security. What if this got into the wrong hands? Out of courtesy I’m censoring the names. I have plenty more screenshots of events in case they try to refute this but I recommend they just hold this L quietly
*4 images showing proof
I think they need us terminally online selfhoster Linux tankies to help them in this regard
This is our purpose after all
Sign me up!
You need to sign yourself up and make tell them why they need it ;)
You seem to be joking, but this is a seriously good idea. Technologically literate people are needed in orgs. Get on it comrade <3
No wasn't really joking just a bit sarcastic. I definitely do think it is needed. This is a new age with new kinds of anti communist methods. Those who are wisened up are needed on the front lines. We aren't facing mere newspaper censors anymore...
I’ve tried helping local organizers with this and the onus is always on me to put in tremendous effort into explaining why it’s a big deal. Like I need to impart half an IT degree as well as an abridged history of cointelpro. People generally just don’t understand enough to put in the effort and likely add friction to their workflows.
The local socialist org where I live collaborates on Google docs. It's cringe.
We wrote our party program with it from start to finish lol. I've given up on trying to talk about security.
I don't know. You can waste a lot of effort on convincing people of the need for security, establishing significant security, not weirding people out in the process, and actually sticking to it, only to find out that it's not as good as you think/it's yet another program with some sketchy back door built in. Or you do everything right and there's a fed in your group in person, a tactic they've used for at least a century. Or there isn't, but a serious adversary can piece together who's in the group and when you're meeting based on public posts and phone data.
This isn't saying orgs should take zero steps on information security, more that you're never going to be able to hide a domestic political group from the U.S. government. Expect leaks and wreckers from the start and you can set up ways to minimize their harm.
copying a comment i made further down:
I understand that people use the google stuff because of how easy it is. Obviously the most sensitive stuff should be kept person to person and not put on the computer, but even with less sensitive information i think we should be doing better than potentially offering up all that info to the feds for essentially free, make them commit resources to infiltrate our groups, not just work with google real quick to get access to whatever they need. Even if our solutions are somewhat clunky, we should 100% be willing to put the time/resources into training people to be tech literate enough to use them. My point here is that we shouldn't be making it as easy as possible for feds to infiltrate, make them expend more resources by trying to turn informants or even having to insert actual agents
Definitely, I was in PCUSA for a few months and they acted like feds. I’m almost worried what my info could be done with by them.
Could you elaborate on the PCUSA's
behavior? I am not organized with them, but I am with the PSL. I'm just curious about the PCUSAThey’re undialectical patsocs with lots of members with info on their lists and many fewer actually participating in their zoom things (which is all they do besides support reactionary platforms against Ukraine). No one responded to my emails that I was leaving. In the interview they said I would never have to worry about feds in the org. Any serious communist party would be aware of cointelpro. The leadership is rather controlling and they constantly attack people to the left of them. Idk how much of this is fed shit or just bad organizing. If you’re interested in more dirt I’ve elaborated before and you could look it up on my profile on lemmy search.
Edit: doesn’t mean much, but they used signal.
What would be an alternative to Google's spreadsheets? Best thing I can think of is a Nextcloud deployment. I would just prefer to host this kind of shit in a private git repository somewhere but of course that would understandably not fly with 99% of the people.
There are free NextCloud providers. CryptPad also seems promising and can also be self-hosted. I can't think of any good reason to use Google Drive/Sheets/... aside from a short adjustment period when switching to an E2EE equivalent
Someone that works for whatever org you work with owns a domain. Make it run by the org. You can make nextcloud have logins for your known members to see sensitive data.
im not exactly sure either. In this case, I dont even know why you need a spread sheet for this case exactly (in one of the screenshots it looks like they just had who was responsible for what during an event?). I understand that is 100% why people use them, the ease of use, but we need to come up with better solutions imo. Obviously the most sensitive stuff should be kept person to person and not put on the computer, but even with less sensitive information i think we should be doing better than potentially offering up all that info to the feds for essentially free, make them commit resources to infiltrate our groups, not just work with google real quick to get access to whatever they need. Even if our solutions are somewhat clunky, we should 100% be willing to put the time/resources into training people to be tech literate enough to use them
The security concern is understandable and we should take necessary measures and keep important things between trusted people in real life, but we need to be honest with ourselves that we are under surveillance at all times anyways.
We've expressed more than communist sympathies online and in real life. We are high on the watch list (that literally everyone is on anyways).
Organizing definitely has pig and fed supervision and even infiltration. You should assume there is someone untrustworthy around you at all times.
But this does not mean we stop organizing, or slow down, or cower. If we have this weird pursuit of perfect privacy, we will do absolutely nothing. Because it doesn't exist.
At some point we need to break through this fear of "getting got" because of bad security and recognize that it doesn't take anything for the feds and pigs to do terrible things anyways. If you're actually organizing in real life, if you're actually active, you're eventually going to need to be clear on your goals. And that right there blows your "security".
If we are too scared to put ourselves in ANY amount of danger just through supervision, how do you expect us to actually carry a revolution forward?
I'd ask you all to consider the concept of revolutionary suicide, or at the very least, revolutionary sacrifice. It's true, engaging in this may lead us to prison or death. And no amount of security is going to prevent that from happening when the going gets going. Is that worth it to you? Do you have the drive to live a life free that is so strong you'd give up everything for it? I say this not as a finger pointing or "you're weak" thing, but a genuine question. I don't blame you if the answer is no.
Once again, before I get crucified, I am not advocating against basic security measures to filter out feds and keep classified information in the hands of trusted people. I am pushing back at the overall theme I see specifically with online lefties that prioritizes security so heavily that we can't share our names or general locations with these established orgs as if the feds don't have this already. I'm pushing back against the overwhelming fear some people seem to have (justifiably) because we don't need that right now. We need resistance. And that is dangerous.
physical location is most needed to be kept safe from right wing local stochastic terrorists rather than feds at least, you're right about that. The big thing here, that i more meant to focus on, is that they let some random person who left the party get access to sensitive information for months, that is extremely bad, just because I might be on a fed list somewhere, doesn't mean i want to be doxxed by a bitter former party member and face repercussions from anticommunist locals. I advocate for keeping the most sensitive information (like if your group is going to go sabotage something, etc.) off of computers and kept person to person anyways
I’d ask you all to consider the concept of revolutionary suicide, or at the very least, revolutionary sacrifice. It’s true, engaging in this may lead us to prison or death. And no amount of security is going to prevent that from happening when the going gets going. Is that worth it to you? Do you have the drive to live a life free that is so strong you’d give up everything for it? I say this not as a finger pointing or “you’re weak” thing, but a genuine question. I don’t blame you if the answer is no.
great thing we should all be considering, but one I'm not sure you can truly answer until the feds have got you in a jail cell threatening you with life if you dont betray your comrades to become their informant (as an example of extreme situation). I think I'm ok with it, but am I actually? we will see.
First part makes definite sense. Completely unacceptable to have that kind of thing just laying around for anyone, especially considering the pettiness that is sometimes present within leftist organizing lol.
Last part also good point. Yeah, I mean, shit we don't really know until we are there. But I think we can get more and more of an idea and closer to saying yes as we get more involved in this organizing. We are in danger for before the feds have us in the cell. But yet we continue. That to me signals something brave
Somehow I knew this was about PSL even before clicking the spoiler text lol. The fact that you can seemingly only apply to join via Google forms gave me pause, and is the main reason I have not bothered getting involved.
If your local is anything like mine, they won't respond to the Google forms application anyway and you'll just get the newsletter for six months.
i joined an org. In retrospect i think one of the head organisers was a cop running a honey pot. The org required personal details to join including home address. Things like this shouldnt have been necessary to show up to a club, but i think maybe it was because they were trying to be a legally constituted organisation
Holy fuck
https://lemmygrad.ml/comment/3730331
This is my comment made a bit earlier to encourage tech literate comrades to join their local org as they can help improve their IT infrastructure and opsec.
https://twitter.com/hornetnezt/status/1762437507675779517
I do agree with this person. I think this would have been handled better privately even though this info is helpful. In the pre-branch I am in, we do take opsec seriously and want to find alternatives to improve our security. I'm sure other local branches would be open to change if more IT comrades joined and made their voice heard.
I believe PSL worked with tools that were most convenient and accessible to them at the time. Plus, while I hate big tech tools and prefer self-hosted solutions, the security of Google, Microsoft, and other mainstream products is nothing to scoff at (ignoring backdoors built in for the feds), though your privacy goes down the drain. PHP originally self-hosted their git repository and had to migrate to their mirror on GitHub after they were compromised.
Time is of the essence to build class consciousness among the proletariat. We have been raising awareness of the genocide in Palestine, and I don't believe our organization is working in vain by running a campaign and accruing members and resources. Our current campaign isn't simply to win office. Of course there's extremely little chance we will win. The campaign is an invitation for workers to join a communist organization to fight for a better world, and the presidential election is definitely not a time to be quiet as more people are paying attention to politics now. Revolution is not going to happen overnight, and we are still in early stages of emerging in the US.
I do agree with this person. I think this would have been handled better privately even though this info is helpful. In the pre-branch I am in, we do take opsec seriously and want to find alternatives to improve our security. I’m sure other local branches would be open to change if more IT comrades joined and made their voice heard.
I think you're a little too biased as a PSL member. quite frankly they had almost a year to notice this themselves, and speaks to an extreme problem with that local chapter that needs to be spoken about publicly. I'm not in PSL so I can't say what national does about this kind of thing but the leadership of that chapter needs to be reprimanded or even be forced to step down imo. Does national provide training for this kind of thing?
Hey, I am just as critical in regards to security and socialist parties including my own, and I do want the party to improve on their opsec and prioritize open source, self-hosted, and encrypted/sandboxed/etc. tools, but blasting this onto twitter without the party's consent isn't very responsible. I don't know if you are the same user as the one on twitter, but I do apologize for the experience and this is something I believe the local chapter as well as the national party should improve upon. I joined the party with the goal to contribute my IT skills to make the party more secure.
I'm still a bit new and still learning, and I am being careful about not sharing internal only information, but locally we do work on different trainings, and I may be helping organize one related to security. We need more IT comrades to help with the party in order to realize changes to our technical infrastructure, especially when we become larger and reach later stages of organizing and begin shining in the surveillance industrial complex's radar. Simply slandering the organization by posting internal information does not help, especially for this issue regarding a hole in their security.
Maybe making physical spreadsheets would be better? Idk tho
No, you probably right.
Our local PSL chapter used a private Nextcloud instance for most organizing efforts. For what it's worth, PSL national did start up an IT security protocol that chapters were supposed to be moving towards, with detailed guides for setting up various online infrastructure in a secure way. Out of all the socialist orgs I've been a member of, the PSL has ultimately been the one most interested in tightening digital security. DSA is Google Docs central (and Slack). SRA is Discord all the way down.
You're blowing a small mistake up into something. As a PSL member (I've been in for a few months, I'm not brainwashed or anything, I just understand how things work on the inside):
The PSL broadly does not engage in covert illegal actions, and the branches that may have tighter security. The stuff in the broadly accessible parts of the Google Drive is sometimes sensitive, but not secret. We're talking meeting notes and pics of events, not addresses and SSNs of members.
The PSL expects members (with some exceptions, such as undocumented immigrants) to be public with their membership with their real name. There is no such thing as doxxing a PSL member (aside from posting addresses/SSNs/etc.) because our names and affiliations with the party eventually become a matter of public record anyways.
Yes, they should have had tighter security. No, the leadership of the branch does not need to step down lmao. PSL branches are, like 90% of lefty orgs out there, 3-5 volunteers actually doing work and organizing stuff while the other 10-20 occasionally attend events and meetings.
I've seen so many projects by other orgs fail due to overzealous security culture; jumping from telegram channel to signal group and constantly losing people every step of the way, no one using their real names and constantly changing their alias. Nothing actually gets done.
I think the PSL strikes a good balance of security with ease of access. Most branches don't need the opsec of an insurgency cell. We're just organizing protests and hosting educational events. It doesn't really matter if some details get public.
I’m not brainwashed or anything,
brainwashing isnt real. but you are biased as a member, I'm glad this isn't a big deal for you. It is, for me.
I’ve seen so many projects by other orgs fail due to overzealous security culture; jumping from telegram channel to signal group and constantly losing people every step of the way, no one using their real names and constantly changing their alias. Nothing actually gets done.
good thing that's not what im advocating for then!
PSL branches are, like 90% of lefty orgs out there, 3-5 volunteers actually doing work and organizing stuff while the other 10-20 occasionally attend events and meetings.
eventually these branches are going to have to grow, i think this is a terrible argument against why leadership should step down, just stick with you think it's not a big deal, not that the branches are small.
As a Cybersecurity professional, I completely agree with every word.