this is frankly really scary. if you’re in a socialist org, please make sure that they’re not so lax with security like this. also, why the actual fuck are they using google products. we are fucking doomed here in the west man. To be clear I think this is probably more on the local chapter of your org than the national org, but even then I really think national orgs need to be giving out a lot more training about this kind of thing, and quite frankly booting out the leadership of local chapters if they’re lax like this.

tweet text here

PSL security culture: I left almost a year ago, their members locally know I don’t like them, but I’m still in some shared folder where I can see sensitive event and recruiting information

I highly recommend to the people joining orgs to take serious steps and ask questions around security. What if this got into the wrong hands? Out of courtesy I’m censoring the names. I have plenty more screenshots of events in case they try to refute this but I recommend they just hold this L quietly

*4 images showing proof

  • Imnecomrade@lemmygrad.ml
    link
    fedilink
    English
    arrow-up
    17
    ·
    edit-2
    9 months ago

    https://lemmygrad.ml/comment/3730331

    This is my comment made a bit earlier to encourage tech literate comrades to join their local org as they can help improve their IT infrastructure and opsec.

    https://twitter.com/hornetnezt/status/1762437507675779517

    I do agree with this person. I think this would have been handled better privately even though this info is helpful. In the pre-branch I am in, we do take opsec seriously and want to find alternatives to improve our security. I’m sure other local branches would be open to change if more IT comrades joined and made their voice heard.

    I believe PSL worked with tools that were most convenient and accessible to them at the time. Plus, while I hate big tech tools and prefer self-hosted solutions, the security of Google, Microsoft, and other mainstream products is nothing to scoff at (ignoring backdoors built in for the feds), though your privacy goes down the drain. PHP originally self-hosted their git repository and had to migrate to their mirror on GitHub after they were compromised.

    Time is of the essence to build class consciousness among the proletariat. We have been raising awareness of the genocide in Palestine, and I don’t believe our organization is working in vain by running a campaign and accruing members and resources. Our current campaign isn’t simply to win office. Of course there’s extremely little chance we will win. The campaign is an invitation for workers to join a communist organization to fight for a better world, and the presidential election is definitely not a time to be quiet as more people are paying attention to politics now. Revolution is not going to happen overnight, and we are still in early stages of emerging in the US.

    • destroyamerica@lemmygrad.mlOP
      link
      fedilink
      arrow-up
      6
      arrow-down
      1
      ·
      9 months ago

      I do agree with this person. I think this would have been handled better privately even though this info is helpful. In the pre-branch I am in, we do take opsec seriously and want to find alternatives to improve our security. I’m sure other local branches would be open to change if more IT comrades joined and made their voice heard.

      I think you’re a little too biased as a PSL member. quite frankly they had almost a year to notice this themselves, and speaks to an extreme problem with that local chapter that needs to be spoken about publicly. I’m not in PSL so I can’t say what national does about this kind of thing but the leadership of that chapter needs to be reprimanded or even be forced to step down imo. Does national provide training for this kind of thing?

      • Imnecomrade@lemmygrad.ml
        link
        fedilink
        English
        arrow-up
        9
        ·
        edit-2
        9 months ago

        Hey, I am just as critical in regards to security and socialist parties including my own, and I do want the party to improve on their opsec and prioritize open source, self-hosted, and encrypted/sandboxed/etc. tools, but blasting this onto twitter without the party’s consent isn’t very responsible. I don’t know if you are the same user as the one on twitter, but I do apologize for the experience and this is something I believe the local chapter as well as the national party should improve upon. I joined the party with the goal to contribute my IT skills to make the party more secure.

        I’m still a bit new and still learning, and I am being careful about not sharing internal only information, but locally we do work on different trainings, and I may be helping organize one related to security. We need more IT comrades to help with the party in order to realize changes to our technical infrastructure, especially when we become larger and reach later stages of organizing and begin shining in the surveillance industrial complex’s radar. Simply slandering the organization by posting internal information does not help, especially for this issue regarding a hole in their security.

        • destroyamerica@lemmygrad.mlOP
          link
          fedilink
          arrow-up
          7
          ·
          9 months ago

          I’m not the same user, I’ve never been a member of PSL, Once again, it’s not so much the using of google products, which is bad tbc, it was that they didnt have any procedures to make sure that former members can’t burn them like this. Imagine if this person was a monster and shared this information with a local white supremacist group, it could lead to the deaths of organizers. I’m glad to hear that you’re working on organizing security training. But I think it’s important for people to see this info in the public so they know to keep an eye out for this kind of thing in whatever org they’re in.

          • Imnecomrade@lemmygrad.ml
            link
            fedilink
            English
            arrow-up
            7
            ·
            edit-2
            9 months ago

            From my experience so far in my pre-branch, we have been much better at maintaining our signal chats, restricting old users from the chats and not retaining old messages in previous temporary chats. I believe this is more of an issue with this local chapter, and I am glad that at least this wasn’t a dangerous person as you suggested burning the chapter. I can see your viewpoint, but I think the first thing to be done is to privately message the party so that we can internally discuss this and resolve the matter through democratic centralist means. That’s appropriate for any situation generally, and perhaps if this escalated and the party made poor decisions after this, then bring this to the attention of the national party, and then maybe mention it publically without exposing sensitive information (and censor a little better when showing screenshots).

            I hope I am not saying too much, but I am also working on alternatives for google products within my pre-branch, and other members were going to mention their concerns about the security of using big tech tools before I suggested to help. I’m just one IT person, and I am already contributing a major difference as this pre-branch grows.