marahmarie: Sheep go to heaven, goats go to hell (Default)
[personal profile] marahmarie

Your hostess is not feeling too hot (it's been a rather rough winter) so my usual wordiness has gone wanly MIA, with apologies if you actually read me for my wordiness.

I've been kind of outed by one of my friends (*cough [personal profile] darkoshi*) for discussing this under access lock, so since I'm rather alarmed by one aspect of it I was going to make a public-facing post to discuss it more thoroughly, anyhow. I just didn't know when, but as I like to own what I've been quoted as saying, I guess that'll be right about now.

What Anyone Knows

There are zero confirmed reports that anything's changed for LiveJournal. There are many unconfirmed reports, IP tests and pings done to find on a per-user basis that LiveJournal moved its servers (which store content such as user's journal entries, comments written and received, pictures, Scrapbooks, usericons, mood icons, profile information, friends lists and payment information) from San Francisco, California over to servers located within Russia.

Here's a MetaFilter written by our own [personal profile] brainwane, with enlightening comments made by many people:
https://www.metafilter.com/164293/LiveJournal-represents-social-media-without-borders - written Dec. 30, 2016

I don't want to create public editorial on what it means because I left LiveJournal six years ago over clickjacking done by SUP, the Russian company that runs LiveJournal to this day, and I didn't do so with the expectation I'd ever look back and feel I have to make public comments on any fresh fiascos from here. I really do wash my hands of the place.

Other people have made excellent editorial on it, though. Some links:
https://lynnenne.dreamwidth.org/305395.html - written Dec. 30, 2016
https://twistedchick.dreamwidth.org/4141297.html - written Dec. 29, 2016

What Concerns Me, Part I

The least important thing is many people seem to think if they hit "delete" then poof! LiveJournal can never touch, change, disseminate, share, prosecute them for, or republish any of their stuff again. But LJ still has their stuff; hitting "delete" doesn't change that.

You know how Windows has a thing where you can go into the Recycle Bin when you hit "delete" on files you forgot you needed and just point your mouse at them and hit "restore"? It's pretty neat, isn't it? Lifesaver, sometimes. Same idea.

Nothing changes, you just can't see your LJ anymore, but it's sitting around in a "to be purged" file somewhere on LJ's servers - unpurged and restorable with just a click or two. So don't think deleting it protects your copyright or ensures your freedom from any possible Russian prosecution.

Deleting, as others have said, might make a nice political statement, or make it just a bit harder on LJ staff as they might have to dig around a bit in a server version of a Recycle Bin to find what they want, but that's about it.

What's most important is what you post to LJ from now on. It's basically too late for anything you've already put there.

What you post from Dec. 23rd on (yes, flex with me back in time to the actual date the server move occurred!) is now sitting on servers operating under Russian law, so from Dec. 23rd on, their law applies, not ours (US/stateside here). Act accordingly, as again, I have little desire to make additional comments.

What Concerns Me (the most), Part II

According to scattered user reports like this one and my own at-home tests, at the same time the server change was made the https:// URL protocol was suddenly no longer live nor allowed to function on any part of LiveJournal (and as of this writing, the HTTPS Everywhere add-on won't help, so if that's the only reason you're tempted to install it...*shakes head*...don't bother).

Lack of secure socket technology (in simple language, "sudden lack of a private web connection to LJ") means hackers, spies, governments, and yes, even your nosy next-door neighbor can easily spy on you while you're on LJ.

As almost any LJ/DW user already knows, the implications of that last paragraph are fairly terrifying, as friends locks (LJ) and access locks (DW) are important to nearly all of us, so this change should scare everyone and convince people to stop using LJ until it's corrected, if indeed it ever is.


Because Dreamwidth is a place that's always encouraged people to continue using LiveJournal (DW supports both full imports of all LJs and crossposting to LJ and Wordpress.com) I'll add a disclaimer that by reporting on the LJ server switch and by talking about the current lack of secure browsing on LJ I'm in no way suggesting, "Stop using LJ and forever and ever!!!111!".

In referring to LJ's lack of secure browsing, I *am* simply suggesting you stop using LJ until that gets fixed, but ultimately, what works - and feels - best for you is always your own decision to make.

As far as making comments here goes, I welcome them, but really don't want to talk about Russia. I do enough of that under lock, so if you're on my subscribe list I can consider adding access so you can share all of my sheer, overwhelming joy on that. There is so much joy. But I'm always keen to answer any question(s) you might have on "how to Dreamwidth" or to point you in the right direction if I can't (or shouldn't try to) answer myself.

(no subject)

Date: Jan. 2nd, 2017 05:15 pm (UTC)
lethe1: (itc: clueless short)
From: [personal profile] lethe1
How odd, when I click on Dreamwidth URLs, I also sometimes see http instead of https. Not all the time, though. F.e., I have two tabs open of this same page:
http://dw-maintenance.dreamwidth.org/73907.html
https://dw-maintenance.dreamwidth.org/73907.html

Eep! Do you know if clicking through from an email notification causes the insecure connection?

ETA Hmm, I checked the DW crosspost URLs on my LJ and they also have http instead of https...
*paranoid*
Edited Date: Jan. 2nd, 2017 05:21 pm (UTC)

Re: Had to delete my last two comments because....

Date: Jan. 3rd, 2017 09:22 am (UTC)
lethe1: (itc: the internet!)
From: [personal profile] lethe1
Thank you so much for your thorough investigation!

I have now added HTTPS Everywhere. I'm afraid I'm still a newbie in the field of add-ons.

Re: Had to delete my last two comments because....

Date: Jan. 3rd, 2017 11:15 am (UTC)
lethe1: (ba: shocked)
From: [personal profile] lethe1
Do you know, I just renewed the books I had borrowed from my public library.

I first tried it in Safari (because that is where most of my bookmarks are - but there is no HTTPS Everywhere or something similar for Safari), and I noticed there was no padlock in the URL field, so I tried manually typing https:// . Didn't work.

Went over to Firefox, copy/pasted the URL, and still no padlock. Info said this site does not support https. I went to my "own" page (where I can see my name, the books in my possession, date due, fines to pay if any) and not even that one was a secure connection! Tsk tsk tsk. You'd think they'd be more careful with people's privacy.

I used to keep myself logged in on that site, but now I know it isn't safe, I won't do that anymore.

Re: Had to delete my last two comments because....

Date: Jan. 4th, 2017 10:17 am (UTC)
lethe1: (thinking)
From: [personal profile] lethe1
Maybe the next time you're there, in person, you could explain to them their site is insecure and ask if that information could be passed along to their IT department so it can be upgraded.

Oh I will, definitely!

(Here we pay for a library subscription, plus 10 cents per book per day overdue.)

(no subject)

Date: Jan. 3rd, 2017 01:39 pm (UTC)
darkoshi: (Default)
From: [personal profile] darkoshi
I agree with you regarding deleting LJ entries; I'm sure the government(s) will still have and will keep backups of everything regardless of if or when it gets removed from the LJ servers. So it would be sort of pointless.

But I'm beginning to see the appeal of disassociating myself more completely from LJ, and reducing my footprint over there. So I might end up deleting my old entries and/or whole journal there (or as mentioned in one of the links, editing the entries first to overlay most of the content, just in case that might delete it a little better, if I can find a way to automate it like subbes did.)

(no subject)

Date: Jan. 3rd, 2017 01:51 pm (UTC)
darkoshi: (Default)
From: [personal profile] darkoshi
Should I not have mentioned your name in my post? Do you want me to edit it to remove your name? I purposely didn't include a link to your protected post, because it was protected. But it didn't feel right to share the links you had found without at least crediting them to you. I thought the way I did it was vague enough that no one could be sure if you had mentioned the topic in an email or comment versus a post, and didn't think that might still bother you. I apologize if that assumption was wrong. In the future, I'll try to remember to ask first in that kind of situation.
Edited Date: Jan. 3rd, 2017 01:58 pm (UTC)

(no subject)

Date: Jan. 4th, 2017 06:18 am (UTC)
darkoshi: (Default)
From: [personal profile] darkoshi
Yep, in regards to protected posts, I definitely should always remind myself to err on the side of most caution. Sorry again.