Previous Entry Share Next Entry
Signal-boost: the Great Migration
device
jducoeur
I suspect that many of my friends have heard about this by now, but for those who haven't:

The tl;dr is that the Sword of Damocles that has been hanging over LJ for several years is starting to cut. LiveJournal has been owned by a Russian company for some time now; evidence says that they recently moved the servers to Russia. That almost certainly means that the Russian government is going to begin actively listening to everything posted here (if they weren't already); knowing them, it is *extremely* likely that this monitoring will not in any way respect your privacy settings. On top of that, there are indications (not yet confirmed that I've heard) that they've begun actively censoring accounts critical of the Russian government.

siderea has made several recent posts about this; for more details, see this entry, and this one.

The upshot is that a *lot* of people are finally bailing from LiveJournal to DreamWidth, with various degrees of prejudice ranging from "doing primary posting on DW from here on out" to "deleting all traces of my LJ history". This is *not* paranoid: odds are good that the Russian spooks are going to read not just your new stuff but your history of private posts, so if that matters, you may want to take steps.

(For those who haven't come across it: DreamWidth is essentially an alternate LiveJournal -- one of many, but the best of the lot. It was originally based on the same code, although LJ and DW have begun to go their separate ways over the years. As far as I can tell, it's a deeply wholesome project: open-source, non-profit, non-commercial, supported entirely by memberships. While I don't use it much yet, I've been a paid member there for a long time -- they're good folks.)

Anyway: personally, I'm a bit less het-up about the change -- I've always been cynical about online security, and have been assuming for some years now that LJ was at best marginally more secure than Facebook (that is, not), so I generally don't post sensitive material. And I've been expecting this particular twist for some time now. I haven't decided whether to make the leap to DW-primary yet, although I might do so depending on how things progress.  Don't be surprised if this account becomes secondary, copied from the DW one.

So, putting that together: if you're an LJ user, and don't have one already, I recommend getting a DreamWidth account. If you care about your LJ history, seriously consider backing it up to DW. And if you haven't already friended me over there, I encourage you to do so. (Same account name, as usual.)

  • 1
OMG, you don't understand the difference between spooks and narcs, do you?

The fact that the NSA is reading all your emails doesn't mean they're sharing them with the FBI.

Nothing has changed about whether NSA's Russian colleagues are reading your friends-locked posts. What's changed is that now the Russian FBI-equivalent are too. And, indeed, so are anybody who shows up at the right network closet/colo in person and points a gun in somebody's face.

Frankly, I've been assuming for several years that there was a significant chance that all of the above were effectively already true. I don't distinguish because I've seen little evidence that the lines between Russian government agencies are anywhere near as sharp as those in the US. So while I understand the difference, I'm unconvinced that it's especially relevant in practice.

To the last point, I'm less concerned with physical security of the servers, and more with the odds that the people with access/authority could be *coerced* into providing it to random bad actors -- that's both more effective and more in the wheelhouse of said bad actors. Ever since ownership moved to Russia, I've figured there was a growing chance of that happening. That hasn't *much* changed: I'm still less worried about somebody breaking into the cage than I am some manager's wife being held hostage, which seems the more likely threat profile.

Honestly, it wouldn't surprise me if the only *real* change here is that, since the service is now entirely Russian, they can censor it much more blatantly without any other government having any basis to complain: that diplomatic fig leaf might well be the entire reason for the move. The rest was always moderately likely...

Thanks for the heads-up. I backed up my LJ to my long-abandoned DW. I'm less concerned about security than about losing years and years of writing.

I'm somewhat personally acquainted with one of the DW owners (... I served as a background historical magical theory consultant for one of her characters in a call it a roleplaying game...) and she's good folks.

So... how does one back up LJ to dw?

Let's see:

From the main DreamWidth page, on the menu select Organize -> Import Content.

Press the "Start Another Import" button.

Choose where to import from, and give it your account info. (Yes, you have to give them your password. Given that they are importing your private info, that's not surprising.)

Provide details about exactly what to import -- profile, posts, comments, etc. Note that my attempt to re-import my profile this time failed. (I think that's relatively minor.)

Tell it to go. It starts up a background process, which will spend a while chewing through your LJ and pulling it all in. In the meantime, the Import Content page will show you the progress.

Overall, it's fairly painless -- not precisely something I'd want to present as a mass-market product, but straightforward enough to use...

I post from DW and have it cross post to here. Every couple of weeks or so I back up to DW to catch any comments. It is kind of clunky, but it works.

Privacy on the internet is an oxymoron.

Thanks, this is good to know. I've been thinking more and more about jumping to DW since LJ screwed up my photo albums in that last round of site maintenance. Most of my friends have already gafiated from LJ, so I'm barely using the site anymore, certainly not enough to justify a paid account.

As this more or less coincides with the imminent change of administration in the States, it wouldn't surprise me in the least if Russian and American spy agencies start collaborating on sites like this one.

Yeah I'm sort of with siderea on this one. Where you wrote "the Russian government is going to begin actively listening to everything posted here"

I would have written "the Russian government is going to join the US and the other Five Eyes countries in actively listening to everything posted here."

Which is annoying as fuck, I grant you, but not a big change in the ultimate scheme of things. That said, the idea of backing up the LJ over to DW is a good one, thank you for that tip.

For me, it's mostly a change in probabilities. Before, I would have given it 1-in-3 odds that the Russians were already listening to everything on LJ, regardless of privacy settings. Now, it elevates to something fairly close to certainty...

I think it's a matter of stopping to think about it. Like all the people who were shocked in the past when the US Gov't disclosed it could root an iPhone. Why anyone in the world would think they could root a phone and the gov't couldn't? Beyond me, but we don't really think about it that way.

What I think the Russians lack is not the money, brains, or people to do this, but the access and corporate complicity. It's been clear at least since Snowden that the Five Eyes countries got what they got because they had physical access to cables and because the big tech companies gave it to them. Now the Russians get the same.

Corporate complicity, totally agreed -- that's why I've been cautious on this point ever since LJ got its new Russian owners. Regardless of whether they were good people or not, it meant that the Russian government and mob likely had more leverage available to gain access.

I'm still dubious that *physical* access to the servers is all that relevant, though. Yes, it's useful, but I suspect it's both easier and much more useful to simply lean on somebody to give you the passwords. (As opposed to the NSA's phone-tapping, where being able to intercept the actual signals was probably crucial. Different technologies, different threat profiles.)

I believe it was in response to actual physical taps that Google and Yahoo both started encrypting data traffic between their server farms.

That said, the criminal mafia element is a very real problem here.

  • 1
?

Log in