Tuesday, September 22, 2009

A Warning About "GUN" The New Social Networking Website for Radicals

According to posts on Indymedia sites:

'The Guerrilla Underground Network (GUN) is an autonomous & rhizomal co-mutiny of resistance, & is open to all who seek social change from below.

You can customize your page, share photos, post your own videos and music, post blogs, start your own groups, CHAT, and much more! Feel free to invite your friends.

Obviously social networking (mapping) sites are sketch as fuck and should be approached with caution and the utmost security culture (see our Online Security discussion for tips on internet anonymity), but hey, it's better than facebook or myspace.

Hope to see you there.

guerrillaunderground.ning.com"



SnitchWire STRONGLY cautions people to NOT USE this site. Here are our reasons for doing so.

1. It is hosted on a third party host (ning.com) (like Geocities or Blogger for social networking sites). This means that ALL information gathered by this site is viewable by a third party.

2. The domain registration information for Ning.com does not list any real names, only their postal address (735 Emerson St. Pal Alto, CA).

3. The property listed in the domain registration is owned by "Strategic Decisions Group" which sounds like an intel collection firm if we've ever heard of one. According to their website "Strategic Decisions Group is a strategy consulting firm renowned for its expertise in strategic decision-making, risk management, and shareholder value creation." On their website, they list their allies and customers. Among the list is Nuclear Power, known gentrifying forces, and pretty much anybody evil you can think of. They were targeted by Santa Cruz activists for their association with military recruiting centers.

4. The advertising on ning.com will hand over your IP address to advertisers such as Google and anybody who chooses to buy an ad (as they must be displayed to you, causing you to connect to them). If you have javascript enabled, these banners can grab your browser history. If you have javascript and flash enabled (if YouTube works for you), even using the "clear private data" function on your computer/browser won't protect you from things such as flash cookies.

5. Ning.com has a horrible privacy policy, allowing them source information about you from external sources and release your personally identifiable information if "we have a good-faith belief that doing so is required by a subpoena or other judicial or administrative order or otherwise required by law". In other words, they don't require a warrant or other legal process, only the threat that it will be enforced. "Additionally, Ning may disclose Personal Information where we, in good faith, deem it appropriate or necessary to prevent violation of the Ning Terms of Service, or our other agreements; take precautions against liability; protect the rights, property, or safety of Ning, any individual, or the general public; maintain and protect the security and integrity of our services or infrastructure; protect ourselves and our services from fraudulent, abusive, or unlawful uses; investigate and defend ourselves against third-party claims or allegations; or assist government enforcement agencies." SO, they'll be giving your information to anybody in a suit who asks for it if they aren't the suits themselves. They will also give your information to any entity who buys Ning. It's worth nothing that many such services and organizations have been set up by spooks in the past for the purpose of gathering information.

6. Social networking in general is a bad idea. There's no reason to use it given the privacy you're giving up.

7. Tech collectives that have a long track record in the activist world such as Riseup.net already have social networking platforms such as crabgrass (we.riseup.net) if you really must use social networking.

8. Unlike Riseup and other activist-run services who encrypt the data on their servers and have vowed to protect their user information (and only gather it when absolutely necessary), Ning does not encrypt their information or at least I couldn't find any proof of it.

9. In their posts advertising their site, they encourage people to check out the "security advice" on their website, which suggests that people use a one-hop proxy to "protect their anonymity" but these proxies are completely worthless. They also provide non-https links to https://www.torproject.org and other legitimate anonymity/encryption systems, allowing an intermediary (such as the NSA) to see what you're doing on those sites with ease. It also allows an intermediary to inject a fake program in place of the real program without your knowledge.

Anybody with additional interesting information is encouraged to contact SnitchWire (at) gmail [ dot] com. If you get down with encryption, use our PGP key.

6 comments:

  1. thanks to snitchwire for these concerns.

    i am "Ab Irato," the creator of GUN.

    i would like to say that the lack of communication on this issue is unfortunate.

    i like to be accountable to my community and wish you all had just come to me with these concerns.

    i was unaware of the issues with nign, which are legit concerns.

    would you say it's any worse than myspace, facebook, blogger, etc.?

    i should also say that i know jack shit about internet anonymity and that is something i'm trying to learn right now. i apologize to the community if the social network i created has become a liability or something. such was not my intent.

    ReplyDelete
  2. "SnitchWire exists solely for the purpose of investigating and objectively reporting on the existence and actions of known informants, infiltrators, rats, snitches, and provocatuers."

    well, apparently not solely.

    ReplyDelete
  3. "They also provide non-https links to
    https://www.torproject.org"

    fixed.

    ReplyDelete
  4. a social networking site for radicals? yeah let's map out all of friendships and association and save the pigs a bit of time! stupid.

    ReplyDelete
  5. "...does not list any real names..."

    Taken from http://about.ning.com/
    Ning is the social platform for the world’s interests and passions online. Based in Palo Alto, Calif., Ning offers an easy-to-use service that allows people to join and create Ning Networks. With more than 1.6 million Ning Networks created and 36 million registered users, millions of people every day are coming together across Ning to explore and express their interests, discover new passions, and meet new people around shared pursuits. Ning was founded in October 2004 by Gina Bianchini and Marc Andreessen. The company is privately held.

    ReplyDelete
  6. these folks went to great lengths with their legal disclaimers: http://fertileground1.ning.com/

    The Flobots have a Fight With Tools project site hosted by ning. you can pay a fee to remove ning from the url: http://www.fightwithtools.org/

    i still feel GUN has been unfairly singled out by snitchwire and has pretty much killed it because people are afraid to join it now.

    ReplyDelete