BoyWiki:Agora/9 April 2016: Difference between revisions
→Does javascript at BoyWiki compromise user security: js use is elective, not mandated by wiki software |
|||
(14 intermediate revisions by 3 users not shown) | |||
Line 15: | Line 15: | ||
:::: | :::: | ||
::::I can now confirm that the enhanced discussion display on discussion pages (including Agora) is also js-dependent. __[[User:Meco|meco]] ([[User talk:Meco|talk]]) 18:23, 9 April 2016 (UTC) | ::::I can now confirm that the enhanced discussion display on discussion pages (including Agora) is also js-dependent. __[[User:Meco|meco]] ([[User talk:Meco|talk]]) 18:23, 9 April 2016 (UTC) | ||
:::::'''Option 1''', I can remove the Agora altogether. '''Option 2''' I can move forward on the BoyWiki council's recommendation that only admins be allowed to see who is posting as there is really no need for people to know who is posting, interact, and discussion can be limited to editing issues only. This will also improve your security as no one will know who posted what. '''Option 3''' Things are working out reasonably well as they are and there is no pressing need to change at this point. --[[Etenne]] [[File:BLSmileyface.png|50 px|link=Etenne]] 18:36, 9 April 2016 (UTC) | |||
::::::As for '''Option 2''' even if all edits are anonymous that would not, as far as I surmise, prevent the possibility of the hypothetical scenario I conjure up above, i.e. the use of javascript including a 'silent' function which requests the contributing editor's computer to disgorge its current IP and forward it to some other address. | |||
:::::: | |||
::::::And why couldn't you perceive an '''Option 4''' Proscribing calls to all functions that employ js? __[[User:Meco|meco]] ([[User talk:Meco|talk]]) 18:44, 9 April 2016 (UTC) | |||
:::::::Some of the JS is simply built into the software and can't easily be removed other things like the Agora are simply the best we can do with the resources we currently have available to us. Don't get me wrong, I would love to be able to add improvements but we don't have a tech person who is available to do that and the ones who are available have never worked on a wiki before. So yes under optimal conditions, there are many things that could be done without JS but we simply don't have that and need to be grateful for what we do have as it is the best we can do right now. But to answer your question... is it possible to use JS to harvest IP on BoyWiki or any wiki? I don't know and that is a question you need to ask the programers at [https://www.mediawiki.org/wiki/MediaWiki MediaWiki] --[[Etenne]] [[File:BLSmileyface.png|50 px|link=Etenne]] 18:58, 9 April 2016 (UTC) | |||
::::::::I've been following up on the security/privacy aspect of this from a sense of community since I personally has nothing invested in protecting my privacy. I'm letting it go thus. __[[User:Meco|meco]] ([[User talk:Meco|talk]]) 20:21, 9 April 2016 (UTC) | |||
: | |||
::::::::: Etenne: You said, | |||
:::::::::: "''other things like the Agora are simply the best we can do with the resources we currently have available to us''" | |||
::::::::: Please see: [[Agora#How_is_the_current_Agora_using_javascript_superior_to_that_found_at_the_link_below_.28aside_from_automatic_date_insertion.29.3F]] | |||
== News articles on FBI "click this link" pornography stings == | == News articles on FBI "click this link" pornography stings == | ||
Line 24: | Line 34: | ||
*pornography web link sting | *pornography web link sting | ||
:...for more.[[User:User4|User4]] ([[User talk:User4|talk]]) 17:05, 9 April 2016 (UTC) | :...for more.[[User:User4|User4]] ([[User talk:User4|talk]]) 17:05, 9 April 2016 (UTC) | ||
: | |||
::Etenne--aren't these articles above what you wanted? ("Someone needs to write a news article - Etenne 2016-April-9 08:26:50, Saturday (0)" | |||
*https://www.boychat.org/messages/1470669.htm | |||
:::While these are interesting and I would welcome someone writing a news article about this too, these entries are about a FBI operation and not [[Operation Spade]] lead by the United States Postal Inspection Service. But thanks for trying. --[[Etenne]] [[File:BLSmileyface.png|50 px|link=Etenne]] 12:38, 12 April 2016 (UTC) | |||
::::Close, but no cigar, eh? (But I see you used one of them anyway...) [[User:User4|User4]] ([[User talk:User4|talk]]) 13:12, 12 April 2016 (UTC) |
Latest revision as of 16:37, 12 April 2016
Agora/9 April 2016
Does javascript at BoyWiki compromise user security
Recent conversation between myself and User4 (and briefly including Etenne) has made it apparent that BoyWiki uses javascript to assist in formatting Agora subpages upon their creation. With a user base as sensitive to security issues and the preservation of anonymity as that of BoyWiki, is it at all responsible on the part of the site operators to lay as a premise for smooth interfacing with the website that users have javascript enabled?
I just wonder if it is at all conceivable that such a script could e.g. request the user's computer to disgorge its current IP address and submit it to some nefarious recipient. From previous discussions at Agora I have come to understand that the technical knowhow of the wiki operators is not always up to par, so perhaps they also wouldn't know the answer to that hypothetical.
Perhaps it would be prudent not to base any user interactions on the use of javascript?
In addition to preformatting new Agora subpages, I can also identify javascript needed in order for the Agora link to appear in the left menu frame. __meco (talk) 16:42, 9 April 2016 (UTC)
- The administration and BoyWiki techs do our best to keep BoyWiki secure. As far as I know, only the original software programmers and BoyWiki admins can add JS to BoyWiki. NO site is 100 percent safe from hackers and people with bad intentions. You have to decide what risk you are willing to take. Even TOR and other percussions will not keep you 100 percent safe... the only safe way to use the internet is not to use it at all. BoyWiki is no more or less safe then any other site on the internet. --Etenne 17:34, 9 April 2016 (UTC)
-
- As more and more BoyLovers become more and more cautious (or, perhaps, sensible?), and begin to use the Tor browser bundle as their browser for BoyLove-related browsing, then any javascript applications installed on BoyWiki will interfere with their enjoyment of the BoyWiki resources, won't they? 17:42, 9 April 2016 (UTC)~
- Well. it is like this... unless you are a computer programmer and are willing to spend the next 6 months to a year of your life developing new wiki software for us... I don't have the answer to that problem. Please address these issues to MediaWiki --Etenne 17:50, 9 April 2016 (UTC)
- The use of a javascript function to initialize new subpages for Agora is something BoyWiki operators decide to do. Similarly to use a javascript-dependent function for displaying the Agora link in the left menu frame is a choice, no other links in the left frame appear to be dependent on javascript being enabled.
- I can now confirm that the enhanced discussion display on discussion pages (including Agora) is also js-dependent. __meco (talk) 18:23, 9 April 2016 (UTC)
- Option 1, I can remove the Agora altogether. Option 2 I can move forward on the BoyWiki council's recommendation that only admins be allowed to see who is posting as there is really no need for people to know who is posting, interact, and discussion can be limited to editing issues only. This will also improve your security as no one will know who posted what. Option 3 Things are working out reasonably well as they are and there is no pressing need to change at this point. --Etenne 18:36, 9 April 2016 (UTC)
- As for Option 2 even if all edits are anonymous that would not, as far as I surmise, prevent the possibility of the hypothetical scenario I conjure up above, i.e. the use of javascript including a 'silent' function which requests the contributing editor's computer to disgorge its current IP and forward it to some other address.
- And why couldn't you perceive an Option 4 Proscribing calls to all functions that employ js? __meco (talk) 18:44, 9 April 2016 (UTC)
- Some of the JS is simply built into the software and can't easily be removed other things like the Agora are simply the best we can do with the resources we currently have available to us. Don't get me wrong, I would love to be able to add improvements but we don't have a tech person who is available to do that and the ones who are available have never worked on a wiki before. So yes under optimal conditions, there are many things that could be done without JS but we simply don't have that and need to be grateful for what we do have as it is the best we can do right now. But to answer your question... is it possible to use JS to harvest IP on BoyWiki or any wiki? I don't know and that is a question you need to ask the programers at MediaWiki --Etenne 18:58, 9 April 2016 (UTC)
- Option 1, I can remove the Agora altogether. Option 2 I can move forward on the BoyWiki council's recommendation that only admins be allowed to see who is posting as there is really no need for people to know who is posting, interact, and discussion can be limited to editing issues only. This will also improve your security as no one will know who posted what. Option 3 Things are working out reasonably well as they are and there is no pressing need to change at this point. --Etenne 18:36, 9 April 2016 (UTC)
- Well. it is like this... unless you are a computer programmer and are willing to spend the next 6 months to a year of your life developing new wiki software for us... I don't have the answer to that problem. Please address these issues to MediaWiki --Etenne 17:50, 9 April 2016 (UTC)
- As more and more BoyLovers become more and more cautious (or, perhaps, sensible?), and begin to use the Tor browser bundle as their browser for BoyLove-related browsing, then any javascript applications installed on BoyWiki will interfere with their enjoyment of the BoyWiki resources, won't they? 17:42, 9 April 2016 (UTC)~
-
- Etenne: You said,
- "other things like the Agora are simply the best we can do with the resources we currently have available to us"
- Please see: Agora#How_is_the_current_Agora_using_javascript_superior_to_that_found_at_the_link_below_.28aside_from_automatic_date_insertion.29.3F
- Etenne: You said,
News articles on FBI "click this link" pornography stings
- http://www.cnet.com/news/fbi-posts-fake-hyperlinks-to-snare-child-porn-suspects/
- http://www.queerty.com/fbi-arrests-anyone-who-even-clicks-on-child-porn-fair-20090327
Google:
- pornography web link sting
- ...for more.User4 (talk) 17:05, 9 April 2016 (UTC)
-
- Etenne--aren't these articles above what you wanted? ("Someone needs to write a news article - Etenne 2016-April-9 08:26:50, Saturday (0)"
- While these are interesting and I would welcome someone writing a news article about this too, these entries are about a FBI operation and not Operation Spade lead by the United States Postal Inspection Service. But thanks for trying. --Etenne 12:38, 12 April 2016 (UTC)