Re: [Wikitech-l] MediaWiki and OpenID Connect

[David Barratt]

Although... while I don't think we should encourage private data
disclosure, if people want to discluse that data, I think it should be
structured.

Therefor, I think global users should be Wikibase items on Meta
https://phabricator.wikimedia.org/T173145

This would allow people to expose data they are already exposing on their
user page in a structured system.

On Thu, May 10, 2018 at 10:53 PM Adam Sobieski 
wrote:

> A quick update: I moved a summary of our discussion from the encyclopedic
> content at the Account Verification article to an essay:
> https://en.wikipedia.org/wiki/Wikipedia:Account_Verification .
>
>
> Best regards,
> Adam Sobieski
> http://www.phoster.com/contents/
>
> ___
> Wikitech-l mailing list
> Wikitech-l@lists.wikimedia.org
> https://lists.wikimedia.org/mailman/listinfo/wikitech-l
___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l

Re: [Wikitech-l] MediaWiki and OpenID Connect

[Adam Sobieski]

A quick update: I moved a summary of our discussion from the encyclopedic 
content at the Account Verification article to an essay: 
https://en.wikipedia.org/wiki/Wikipedia:Account_Verification .


Best regards,
Adam Sobieski
http://www.phoster.com/contents/

___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l

Re: [Wikitech-l] MediaWiki and OpenID Connect

[Andre Klapper]

On Wed, 2018-05-09 at 00:12 +, Adam Sobieski wrote:
> My thanks to all for an interesting discussion / debate. I hope that
> those who participated also enjoyed the exchange of ideas.
> 
> Those so interested are expressly welcomed to contribute on the
> encyclopedia article(s) Account Verification (https://en.wikipedia.or
> g/wiki/Account_verification) and a potential Account Verification on
> Wikipedia section or article where I will collate and summarize our
> discussion and what I learned during it. I will be sure to reference
> content utilized in our discussion (e.g. [1]).

A potential Account Verification on [English] Wikipedia article already
exists and you already linked to it:

> [1] https://en.wikipedia.org/wiki/Wikipedia:There_is_no_credential_policy

Cheers,
andre
-- 
Andre Klapper | Wikimedia Bugwrangler
https://blogs.gnome.org/aklapper/


___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l

Re: [Wikitech-l] MediaWiki and OpenID Connect

[Adam Sobieski]

My thanks to all for an interesting discussion / debate. I hope that those who 
participated also enjoyed the exchange of ideas.

Those so interested are expressly welcomed to contribute on the encyclopedia 
article(s) Account Verification 
(https://en.wikipedia.org/wiki/Account_verification) and a potential Account 
Verification on Wikipedia section or article where I will collate and summarize 
our discussion and what I learned during it. I will be sure to reference 
content utilized in our discussion (e.g. [1]).


Best regards,
Adam

P.S.: My thanks again to Gergo. I may take Gergo up on petitioning the 
MediaWiki OpenID Connect team with regard to these highly configurable features 
or myself contributing to the MediaWiki codebase 
(https://www.mediawiki.org/wiki/Developer_hub). I do write software and know 
PHP.

[1] https://en.wikipedia.org/wiki/Wikipedia:There_is_no_credential_policy

From: Kaartic Sivaraam<mailto:kaarticsivaraam91...@gmail.com>
Sent: Tuesday, May 8, 2018 1:26 PM
To: Wikimedia developers<mailto:wikitech-l@lists.wikimedia.org>; Adam 
Sobieski<mailto:adamsobie...@hotmail.com>
Subject: Re: [Wikitech-l] MediaWiki and OpenID Connect

On Tuesday 08 May 2018 07:57 PM, Adam Sobieski wrote:
> In response to some discussion, I now consider there to be two distinct 
> topics: (1) MediaWiki software should provide configurable OpenID Connect 
> features for account verification and account linking, (2) Wikipedia should 
> utilize and configure such features at all, in a certain way or have a 
> certain policy.
>

I think Gergo has made a valid and strong point by pointing out a
decision that has already been made [0].

Regardless, you might be very interested in finding a conclusion to a
long-standing problem. Unfortunately, this doesn't seem to be the right
place to discuss this (as already noted by someone else on this thread).
Try discussing this in the "Wikimedia Forum" [1] or the "Village pump of
enwiki" [2] and similar pages on other projects. You would get a better
discussion there.

[0]: https://en.wikipedia.org/wiki/Wikipedia:There_is_no_credential_policy

[1]: https://meta.wikimedia.org/wiki/Wikimedia_Forum

[2]: https://en.wikipedia.org/wiki/Wikipedia:Village_pump


--
Sivaraam

QUOTE:

“The most valuable person on any team is the person who makes everyone
else on the team more valuable, not the person who knows the most.”

  - Joel Spolsky


Sivaraam?

You possibly might have noticed that my signature recently changed from
'Kaartic' to 'Sivaraam' both of which are parts of my name. I find the
new signature to be better for several reasons one of which is that the
former signature has a lot of ambiguities in the place I live as it is a
common name (NOTE: it's not a common spelling, just a common name). So,
I switched signatures before it's too late.

That said, I won't mind you calling me 'Kaartic' if you like it [of
course ;-)]. You can always call me using either of the names.


KIND NOTE TO THE NATIVE ENGLISH SPEAKER:

As I'm not a native English speaker myself, there might be mistaeks in
my usage of English. I apologise for any mistakes that I make.

It would be "helpful" if you take the time to point out the mistakes.

It would be "super helpful" if you could provide suggestions about how
to correct those mistakes.

Thanks in advance!


___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l

Re: [Wikitech-l] MediaWiki and OpenID Connect

[Kaartic Sivaraam]

On Tuesday 08 May 2018 07:57 PM, Adam Sobieski wrote:
> In response to some discussion, I now consider there to be two distinct 
> topics: (1) MediaWiki software should provide configurable OpenID Connect 
> features for account verification and account linking, (2) Wikipedia should 
> utilize and configure such features at all, in a certain way or have a 
> certain policy.
> 

I think Gergo has made a valid and strong point by pointing out a
decision that has already been made [0].

Regardless, you might be very interested in finding a conclusion to a
long-standing problem. Unfortunately, this doesn't seem to be the right
place to discuss this (as already noted by someone else on this thread).
Try discussing this in the "Wikimedia Forum" [1] or the "Village pump of
enwiki" [2] and similar pages on other projects. You would get a better
discussion there.

[0]: https://en.wikipedia.org/wiki/Wikipedia:There_is_no_credential_policy

[1]: https://meta.wikimedia.org/wiki/Wikimedia_Forum

[2]: https://en.wikipedia.org/wiki/Wikipedia:Village_pump


-- 
Sivaraam

QUOTE:

“The most valuable person on any team is the person who makes everyone
else on the team more valuable, not the person who knows the most.”

  - Joel Spolsky


Sivaraam?

You possibly might have noticed that my signature recently changed from
'Kaartic' to 'Sivaraam' both of which are parts of my name. I find the
new signature to be better for several reasons one of which is that the
former signature has a lot of ambiguities in the place I live as it is a
common name (NOTE: it's not a common spelling, just a common name). So,
I switched signatures before it's too late.

That said, I won't mind you calling me 'Kaartic' if you like it [of
course ;-)]. You can always call me using either of the names.


KIND NOTE TO THE NATIVE ENGLISH SPEAKER:

As I'm not a native English speaker myself, there might be mistaeks in
my usage of English. I apologise for any mistakes that I make.

It would be "helpful" if you take the time to point out the mistakes.

It would be "super helpful" if you could provide suggestions about how
to correct those mistakes.

Thanks in advance!



signature.asc
Description: OpenPGP digital signature
___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l

Re: [Wikitech-l] MediaWiki and OpenID Connect

[Adam Sobieski]

Gergo,



In response to some discussion, I now consider there to be two distinct topics: 
(1) MediaWiki software should provide configurable OpenID Connect features for 
account verification and account linking, (2) Wikipedia should utilize and 
configure such features at all, in a certain way or have a certain policy.



With respect to topic one, MediaWiki software, there are dozens of projects at 
and outside of the Wikimedia Foundation which utilize MediaWiki software. There 
is also an OpenID Connect extension: 
https://www.mediawiki.org/wiki/Extension:OpenID_Connect .



With respect to topic two, Wikipedia, account verification features and 
resultant options and tools for administrators mitigate a number of problems, 
including but not limited to: sockpuppetry [1][2][3], multiple accounts [4], 
conflict of interest editing [5][6], advocacy editing [7], propaganda [8], bots 
[9], griefing [10], trolling [11], spamming, vandalism [12], fake news 
[13][14], misinformation [13][14] / disinformation [14], political manipulation 
and election interference.



While data is scarce with regard to the number of occurrences of each on 
Wikipedia, we can see that the administrative processes of mitigating 
sockpuppetry, for instance, are costly and continual, investigations occurring 
daily [3].



To indicate the importance of the problems listed above, I am searching for 
more Wikimedia Foundation materials [14].



Thank you for the hyperlinks. Those interested in the future of credentials 
technology might find the W3C Credentials Community Group interesting 
(https://www.w3.org/community/credentials/).





Best regards,

Adam



[1] https://en.wikipedia.org/wiki/Wikipedia:Sock_puppetry

[2] https://en.wikipedia.org/wiki/Wikipedia:Signs_of_sock_puppetry

[3] https://en.wikipedia.org/wiki/Wikipedia:Sockpuppet_investigations

[4] 
https://en.wikipedia.org/wiki/Wikipedia:Username_policy#Using_multiple_accounts

[5] https://en.wikipedia.org/wiki/Wikipedia:Conflict_of_interest

[6] https://en.wikipedia.org/wiki/Conflict-of-interest_editing_on_Wikipedia

[7] https://en.wikipedia.org/wiki/Wikipedia:Advocacy

[8] https://en.wikipedia.org/wiki/Wikipedia:Propaganda

[9] https://en.wikipedia.org/wiki/Wikipedia:Bot_policy

[10] https://en.wikipedia.org/wiki/Wikipedia:Griefing

[11] https://meta.wikimedia.org/wiki/What_is_a_troll%3F

[12] https://en.wikipedia.org/wiki/Wikipedia:Vandalism

[13] https://blog.wikimedia.org/2017/07/17/misinformation-fake-news-censorship/

[14] 
https://meta.wikimedia.org/wiki/Strategy/Wikimedia_movement/2017/Sources/Considering_2030:_Misinformation,_verification,_and_propaganda




From: Wikitech-l <wikitech-l-boun...@lists.wikimedia.org> on behalf of Gergo 
Tisza <gti...@wikimedia.org>
Sent: Tuesday, May 8, 2018 6:33:24 AM
To: Wikimedia developers
Subject: Re: [Wikitech-l] MediaWiki and OpenID Connect

On Fri, May 4, 2018 at 10:21 PM Adam Sobieski <adamsobie...@hotmail.com>
wrote:

> In the scenario, after choosing to verify their name on their Wikipedia
> account, a user logs onto Wikipedia and uses OpenID Connect to link their
> Wikipedia account to multiple verified accounts, for example their Facebook
> and LinkedIn accounts. At the end of the process, we can envision the user
> obtaining a checkmark next to their full name on Wikipedia, their real name
> and a verification icon appearing next to their edits and on their user
> page. There might even be, per user settings, hyperlinks to their Facebook
> and LinkedIn pages on their Wikipedia user page. With such features, we can
> envision allowing groups of users or admins to determine that certain
> articles require a verified account to edit.
>

There has been a fair amount of discussion (mainly after the Essjay affair)
on verified expert accounts on English Wikipedia, but ultimately the idea
has been rejected. You can read about it at [1].
As others have noted, account linking is a fairly minor convenience for
having verified real-life identities; if there was any intent to make that
happen it would have happened regardless of software support.

Having non-public account linking (as an antispam measure that has better
user experience than captchas) is a more feasible idea IMO; I wrote some
thoughts on that at [2].

If you just want public links to verified accounts in MediaWiki (as opposed
to Wikipedia / other Wikimedia projects), there is nothing stopping you;
you should propose a patch to the OpenID Connect maintainer (all it takes
is probably just adding a hook such as GetPreferences to display the
information at the appropriate place) or write your own extension.

[1] https://en.wikipedia.org/wiki/Wikipedia:There_is_no_credential_policy
[2] https://www.mediawiki.org/wiki/User:Tgr_(WMF)/external_login
___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
http

Re: [Wikitech-l] MediaWiki and OpenID Connect

[Gergo Tisza]

On Fri, May 4, 2018 at 10:21 PM Adam Sobieski 
wrote:

> In the scenario, after choosing to verify their name on their Wikipedia
> account, a user logs onto Wikipedia and uses OpenID Connect to link their
> Wikipedia account to multiple verified accounts, for example their Facebook
> and LinkedIn accounts. At the end of the process, we can envision the user
> obtaining a checkmark next to their full name on Wikipedia, their real name
> and a verification icon appearing next to their edits and on their user
> page. There might even be, per user settings, hyperlinks to their Facebook
> and LinkedIn pages on their Wikipedia user page. With such features, we can
> envision allowing groups of users or admins to determine that certain
> articles require a verified account to edit.
>

There has been a fair amount of discussion (mainly after the Essjay affair)
on verified expert accounts on English Wikipedia, but ultimately the idea
has been rejected. You can read about it at [1].
As others have noted, account linking is a fairly minor convenience for
having verified real-life identities; if there was any intent to make that
happen it would have happened regardless of software support.

Having non-public account linking (as an antispam measure that has better
user experience than captchas) is a more feasible idea IMO; I wrote some
thoughts on that at [2].

If you just want public links to verified accounts in MediaWiki (as opposed
to Wikipedia / other Wikimedia projects), there is nothing stopping you;
you should propose a patch to the OpenID Connect maintainer (all it takes
is probably just adding a hook such as GetPreferences to display the
information at the appropriate place) or write your own extension.

[1] https://en.wikipedia.org/wiki/Wikipedia:There_is_no_credential_policy
[2] https://www.mediawiki.org/wiki/User:Tgr_(WMF)/external_login
___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l

Re: [Wikitech-l] MediaWiki and OpenID Connect

[Adam Sobieski]

David,



Pertinent data to our discussion includes the number of occurrences of 
sockpuppetry, bots, trolls, spam, vandalism, fake news, disinformation and 
election interference on Wikipedia. Are these not important problems to be 
solved?



Regarding online harassment, which I opine is also an important problem to be 
solved, there could be a number of categories of scenarios to consider: whether 
the harassing party is anonymous, pseudonymous or using their real name, and 
whether the harassed party is anonymous, pseudonymous or using their real-name. 
There appears to be a total of 9 categories of scenarios to consider and that 
could be a part of the complexity discussing the topic of mitigating online 
harassment. I can put some thought into innovations for Wikipedia in this 
regard.



You might be interested in: Jang, M., Foley, J., Dori-Hacohen, S., & Allan, J. 
(2016). Probabilistic Approaches to Controversy Detection. In Proceedings of 
the 25th ACM International on Conference on Information and Knowledge 
Management (pp. 2069–2072). New York, NY, USA: ACM. 
https://doi.org/10.1145/2983323.2983911 . As we can consider the detection of 
controversy, we might also be able to algorithmically detect occurrences of 
harassment in Wikipedia discussion areas.



Regarding whether real names promote safer or less safe communities, I observe 
from your hyperlink that those voicing concerns with respect to Facebook and 
real names, the Nameless Coalition, include: Access, ACLU, Center for Democracy 
and Technology, Digital Rights Foundation, Electronic Frontier Foundation, 
#forabetterFB, Global Voices Advocacy, Human Rights Watch, Internet Democracy 
Project, One World Platform, Point of View and Take Back the Tech.



Providing options for users to display a real name or pseudonym, including 
after optional account verification processes, seems to address the specific 
concerns raised by the Nameless Coalition.





Best regards,

Adam




From: Wikitech-l <wikitech-l-boun...@lists.wikimedia.org> on behalf of David 
Barratt <dbarr...@wikimedia.org>
Sent: Monday, May 7, 2018 9:49:35 AM
To: Wikimedia developers
Subject: Re: [Wikitech-l] MediaWiki and OpenID Connect

"As aforementioned, system administrative configuration options could
include allowing verified users to choose whether to display their real
names or to display their usernames."

I think you might be missing the point, we don't even want to collect that
data in the first place, let alone allow non-marginalized users to display
their real name (thereby identifying the marginalized users who opted out).

It is clear that using your real name has real-world harm (
https://www.eff.org/deeplinks/2014/09/facebooks-real-name-policy-can-cause-real-world-harm-lgbtq-community)
and there is a coalition to stop Facebook from enforcing this policy (
https://act.eff.org/action/dear-facebook-authentic-names-are-authentically-dangerous-for-your-users
).

In fact, Wikipedia itself recommends against using your real name (
https://en.wikipedia.org/wiki/Wikipedia:Username_policy). I truly regret
using my real name in my personal user account (
https://en.wikipedia.org/wiki/User:Davidwbarratt), just from my
contributions (
https://en.wikipedia.org/wiki/Special:Contributions/Davidwbarratt) you can
very easily figure out the region where I live. Next, put my last name into
a public record search for my region (
http://www.ocpafl.org/searches/ParcelSearch.aspx) and you will have my
physical address and a nice picture of where I live.

Thankfully I am not in a marganziled group, but I hope you see how easy
that would be. Even if the identity is not displayed, if it's stored in our
database, there is a potential for that data to be exposed.

I will probably take a moment at some point to change my username to a
pseudonym (when I come up with a good one), but username changes are
public, so it would be pretty easy to search for my new username and find
the record of the name change.

The pew study you referenced (
http://www.pewinternet.org/2014/10/22/online-harassment/) does not suggest
that users were anonymized only that a plurality of the victims of
harassment "said a stranger was responsible for their most recent
incident." Also, correlation does not imply causation (
https://en.wikipedia.org/wiki/Correlation_does_not_imply_causation).

There are many things we could do to mitigate harassment on Wikipedia, but
a real name or account verification is not one of them. As an experiment, I
would recommend finding, and attempting to go through, all of the steps
required to report harassment. It's depressingly difficult. Another thing
we can do is implement granular blocks (
https://phabricator.wikimedia.org/T190350) to block accounts from specific
pages, categories, or namespaces rather than a whole site block.

There are probably many more ideas that can be implemented, but again, I
don't k

Re: [Wikitech-l] MediaWiki and OpenID Connect

[Adam Sobieski]

Masti,



Technically speaking, OpenID Connect includes user information 
(https://openid.net/specs/openid-connect-core-1_0.html#UserInfo , 
https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims) and this 
data, possibly extending to include “name_verified”, “account_verified” and 
“account_verification_score”, facilitates the corroboration of user data across 
accounts and account linking.



As you indicate, these unfolding topics could be, instead of a technical 
discussion, a community discussion. It seems that the mitigation of 
sockpuppetry, bots, trolls, spam, vandalism, fake news, disinformation and 
election interference, on the one hand, is being weighed against optional data 
collection on the other hand (see also configurability discussed at: 
https://lists.wikimedia.org/pipermail/wikitech-l/2018-May/089922.html).



That is an excellent point about GDPR. I will read more about GDPR.





Best regards,

Adam




From: Wikitech-l <wikitech-l-boun...@lists.wikimedia.org> on behalf of masti 
<mast...@gmail.com>
Sent: Monday, May 7, 2018 10:05:09 AM
To: wikitech-l@lists.wikimedia.org
Subject: Re: [Wikitech-l] MediaWiki and OpenID Connect

Adam,
this is not technical but community problem. That should be first
discussed with the communities - all of them - not only en.wiki whether
there is any need for that solution. Which I doubt.

I do not see many positives coming from using it but a lot of negatives.
Enforcing that would mean having much less contributors.

Also as already stated it would force us into getting more information
about contributors which is not what the communities want. Especially in
the moment of upcoming GDPR regulation that affects whole commmunity.

masti

On 04.05.2018 22:21, Adam Sobieski wrote:
> Wikitech-l,
>
> Greetings. I would like to describe an exciting scenario possible with OpenID 
> Connect.
>
> In the scenario, after choosing to verify their name on their Wikipedia 
> account, a user logs onto Wikipedia and uses OpenID Connect to link their 
> Wikipedia account to multiple verified accounts, for example their Facebook 
> and LinkedIn accounts. At the end of the process, we can envision the user 
> obtaining a checkmark next to their full name on Wikipedia, their real name 
> and a verification icon appearing next to their edits and on their user page. 
> There might even be, per user settings, hyperlinks to their Facebook and 
> LinkedIn pages on their Wikipedia user page. With such features, we can 
> envision allowing groups of users or admins to determine that certain 
> articles require a verified account to edit.
>
> Presently, OpenID Connect functionality is available for MediaWiki as an 
> extension. I would like to see the OpenID Connect functionality under 
> discussion expanded to support scenarios including aforementioned and also 
> integrated into MediaWiki.
>
> Thank you. I hope that the above ideas are also interesting to you in the 
> Wikitech-l community.
>
>
> Best regards,
> Adam Sobieski
> http://www.phoster.com/contents/
>
> ___
> Wikitech-l mailing list
> Wikitech-l@lists.wikimedia.org
> https://lists.wikimedia.org/mailman/listinfo/wikitech-l


___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l

Re: [Wikitech-l] MediaWiki and OpenID Connect

[masti]

Adam,
this is not technical but community problem. That should be first 
discussed with the communities - all of them - not only en.wiki whether 
there is any need for that solution. Which I doubt.


I do not see many positives coming from using it but a lot of negatives. 
Enforcing that would mean having much less contributors.


Also as already stated it would force us into getting more information 
about contributors which is not what the communities want. Especially in 
the moment of upcoming GDPR regulation that affects whole commmunity.


masti

On 04.05.2018 22:21, Adam Sobieski wrote:

Wikitech-l,

Greetings. I would like to describe an exciting scenario possible with OpenID 
Connect.

In the scenario, after choosing to verify their name on their Wikipedia 
account, a user logs onto Wikipedia and uses OpenID Connect to link their 
Wikipedia account to multiple verified accounts, for example their Facebook and 
LinkedIn accounts. At the end of the process, we can envision the user 
obtaining a checkmark next to their full name on Wikipedia, their real name and 
a verification icon appearing next to their edits and on their user page. There 
might even be, per user settings, hyperlinks to their Facebook and LinkedIn 
pages on their Wikipedia user page. With such features, we can envision 
allowing groups of users or admins to determine that certain articles require a 
verified account to edit.

Presently, OpenID Connect functionality is available for MediaWiki as an 
extension. I would like to see the OpenID Connect functionality under 
discussion expanded to support scenarios including aforementioned and also 
integrated into MediaWiki.

Thank you. I hope that the above ideas are also interesting to you in the 
Wikitech-l community.


Best regards,
Adam Sobieski
http://www.phoster.com/contents/

___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l



___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l

Re: [Wikitech-l] MediaWiki and OpenID Connect

[David Barratt]

"As aforementioned, system administrative configuration options could
include allowing verified users to choose whether to display their real
names or to display their usernames."

I think you might be missing the point, we don't even want to collect that
data in the first place, let alone allow non-marginalized users to display
their real name (thereby identifying the marginalized users who opted out).

It is clear that using your real name has real-world harm (
https://www.eff.org/deeplinks/2014/09/facebooks-real-name-policy-can-cause-real-world-harm-lgbtq-community)
and there is a coalition to stop Facebook from enforcing this policy (
https://act.eff.org/action/dear-facebook-authentic-names-are-authentically-dangerous-for-your-users
).

In fact, Wikipedia itself recommends against using your real name (
https://en.wikipedia.org/wiki/Wikipedia:Username_policy). I truly regret
using my real name in my personal user account (
https://en.wikipedia.org/wiki/User:Davidwbarratt), just from my
contributions (
https://en.wikipedia.org/wiki/Special:Contributions/Davidwbarratt) you can
very easily figure out the region where I live. Next, put my last name into
a public record search for my region (
http://www.ocpafl.org/searches/ParcelSearch.aspx) and you will have my
physical address and a nice picture of where I live.

Thankfully I am not in a marganziled group, but I hope you see how easy
that would be. Even if the identity is not displayed, if it's stored in our
database, there is a potential for that data to be exposed.

I will probably take a moment at some point to change my username to a
pseudonym (when I come up with a good one), but username changes are
public, so it would be pretty easy to search for my new username and find
the record of the name change.

The pew study you referenced (
http://www.pewinternet.org/2014/10/22/online-harassment/) does not suggest
that users were anonymized only that a plurality of the victims of
harassment "said a stranger was responsible for their most recent
incident." Also, correlation does not imply causation (
https://en.wikipedia.org/wiki/Correlation_does_not_imply_causation).

There are many things we could do to mitigate harassment on Wikipedia, but
a real name or account verification is not one of them. As an experiment, I
would recommend finding, and attempting to go through, all of the steps
required to report harassment. It's depressingly difficult. Another thing
we can do is implement granular blocks (
https://phabricator.wikimedia.org/T190350) to block accounts from specific
pages, categories, or namespaces rather than a whole site block.

There are probably many more ideas that can be implemented, but again, I
don't know of any evidence that a real name or account verification policy
actually works, but there's a growing consensus that the policy causes more
harm than good.

On Sat, May 5, 2018 at 7:50 AM Adam Sobieski 
wrote:

> Thank you again for the concerns and comments responded to in the
> following letter.
>
> INTRODUCTION
>
> Two distinct topics are discussed: (1) MediaWiki should provide its
> software users with OpenID Connect functionality including to verify their
> names and accounts via account linking, and (2) Wikipedia should make use
> of such MediaWiki features.
>
> On topic one, there are a large number of MediaWiki software users [1][2]
> and use case scenarios. On topic two, “MediaWiki's most famous use has been
> in Wikipedia” [3], thus it makes sense to carefully discuss MediaWiki
> software and Wikipedia simultaneously.
>
> CONFIGURABILITY
>
> Importantly, we can consider options for configuration for system
> administrators (users of MediaWiki software) and their end users. For
> example, a system administrative option could be whether to activate the
> account verification features. Account verification could then be either
> optional or required for their users. Allowing their users to verify their
> accounts, system administrative configuration can specify whether their
> verified users have a configuration setting with regard to whether to
> display their real names or their usernames.
>
> Configuration options for MediaWiki system administrators and subsequently
> contingent configuration options for end users can maximize utility for all
> parties concerned across a large number of MediaWiki use case scenarios.
>
> In this way, Wikipedia can choose whether and configurably how to utilize
> MediaWiki account verification features in a manner that exactly aligns
> with their policy.
>
> SOCKPUPPETRY
>
> “In 2012, Wikipedia launched one of its largest sockpuppet investigations,
> when editors reported suspicious activity suggesting 250 accounts had been
> used to engage in paid editing.” [4]
>
> “On August 31, 2015, the English Wikipedia community discovered 381
> sockpuppet accounts operating a secret paid editing ring.” [5]
>
> PAGE PROTECTION OPTIONS AND ACCOUNT VERIFICATION
>
> System 

Re: [Wikitech-l] MediaWiki and OpenID Connect

[Adam Sobieski]

Thank you again for the concerns and comments responded to in the following 
letter.

INTRODUCTION

Two distinct topics are discussed: (1) MediaWiki should provide its software 
users with OpenID Connect functionality including to verify their names and 
accounts via account linking, and (2) Wikipedia should make use of such 
MediaWiki features.

On topic one, there are a large number of MediaWiki software users [1][2] and 
use case scenarios. On topic two, “MediaWiki's most famous use has been in 
Wikipedia” [3], thus it makes sense to carefully discuss MediaWiki software and 
Wikipedia simultaneously.

CONFIGURABILITY

Importantly, we can consider options for configuration for system 
administrators (users of MediaWiki software) and their end users. For example, 
a system administrative option could be whether to activate the account 
verification features. Account verification could then be either optional or 
required for their users. Allowing their users to verify their accounts, system 
administrative configuration can specify whether their verified users have a 
configuration setting with regard to whether to display their real names or 
their usernames.

Configuration options for MediaWiki system administrators and subsequently 
contingent configuration options for end users can maximize utility for all 
parties concerned across a large number of MediaWiki use case scenarios.

In this way, Wikipedia can choose whether and configurably how to utilize 
MediaWiki account verification features in a manner that exactly aligns with 
their policy.

SOCKPUPPETRY

“In 2012, Wikipedia launched one of its largest sockpuppet investigations, when 
editors reported suspicious activity suggesting 250 accounts had been used to 
engage in paid editing.” [4]

“On August 31, 2015, the English Wikipedia community discovered 381 sockpuppet 
accounts operating a secret paid editing ring.” [5]

PAGE PROTECTION OPTIONS AND ACCOUNT VERIFICATION

System administrators of MediaWiki could configure MediaWiki to allow 
administrative users the capability to protect content with a mode such that 
only verified accounts could edit that content.

“Why would this be desirable?”

Reasons include, but are not limited to: (1) per the rationale for 
semi-protection [6] and extended confirmed protection [7], (2) an administrator 
determines that one or multiple unverified accounts involved in an incident are 
sockpuppets, bots, trolls, spammers, vandals, etc, (3) detecting or preventing 
conflict of interest editing.

TWITTER ACCOUNT VERIFICATION CONTROVERSY

“Given how much controversy and unhealthy dynamics surrounds verified accounts 
on Twitter, I do not think it is a good idea to copy it.”

Some of the confusion around account verification on Twitter stems from 
misunderstanding. What is the checkmark? What does it mean? What does account 
verification mean when controversial figures’ accounts are verified? Some 
people, for example, misunderstood that it suggested endorsement by Twitter. 
“In July 2016, Twitter announced […] that verification ‘does not imply an 
endorsement.’” [8]

ACCOUNT VERIFICATION AND USER PAGES

“If there's an individual need to establish link between legal identity of 
somebody and their Wiki credentials, there are easy ways to do it – e.g. 
publish a signed message both on wiki user page under the account and on the 
resource known to be controlled by the person, etc.”

System administrators could also configure for users to have an option to 
select for their linked account pages to be hyperlinked to from their user 
pages. Collaboration on Wikipedia articles can be an opportunity to socialize 
and connect on other websites.

REAL NAMES AND SAFETY

“Everywhere online, exposing your real life identity means a possibility of 
real life problems: stalking, harassment, attempts to get someone you have a 
content dispute with fired. And I'm not even theorizing: all the above things 
have happened on Wikipedia, multiple times.”

“Requiring people to take that risk to edit certain pages is not really a good 
thing.”

As aforementioned, system administrative configuration options could include 
allowing verified users to choose whether to display their real names or to 
display their usernames.

Proponents of real-name policies include Mark Zuckerberg. “Facebook’s CEO and 
Founder Mark Zuckerberg defended [Facebook’s real-name policy], saying, ‘We 
know people are much less likely to try to act abusively towards other members 
of our community when they’re using their real names.’ A Pew Research study 
from 2014 supports Zuckerberg’s claim, proving that ‘half of those who have 
experienced online harassment did not know the person involved in their most 
recent incident.’” [9]

SOCIAL MEDIA EXECUTIVES

“Social networks want to have people's confirmed identities so that they could 
sell them to the highest bidder.”

Social networks are in a crisis, as evidenced by recent testimony before 
Congress. Their 

Re: [Wikitech-l] MediaWiki and OpenID Connect

[Adam Sobieski]

Max,



Thank you. These ideals of which you speak are similar to those of 
argumentation. In the ideals of argumentation, reason should prevail. In this 
way, it doesn’t matter who makes an utterance, what matters is the utterance, 
its veracity, logical soundness, and so forth. The ideals of collaboration in 
argumentation are for reason to prevail, for the quality of the discussion, in 
software engineering, for the quality of the software, and in Wikipedia, for 
the quality of the encyclopedia article.



I will collect together all of the points raised over the weekend and respond 
to them early next week in a lengthy letter. Also, I think that after some 
discussion, we should have material for a Wikipedia article, Account 
Verification on Wikipedia which I would link to from a new section of Account 
Verification.



I think that we can untangle MediaWiki and Wikipedia. If it becomes possible 
for MediaWiki projects to utilize OpenID Connect to link accounts, as I am 
describing, then we would be able to say that every MediaWiki software user 
including Wikipedia could choose to activate and configure such MediaWiki 
features and the matter would be one of discussing whether the Wikipedia 
project should use the MediaWiki software features. I think that there are two 
points, whether MediaWiki could/should provide account verification features 
for its users and whether Wikipedia should make use of such features.





Best regards,

Adam




From: Wikitech-l <wikitech-l-boun...@lists.wikimedia.org> on behalf of Max 
Semenik <maxsem.w...@gmail.com>
Sent: Friday, May 4, 2018 10:37:36 PM
To: Wikimedia developers
Subject: Re: [Wikitech-l] MediaWiki and OpenID Connect

Have you tried discussing this with the community? Let me tell you what
their reaction will be: "we don't care who you are, we care what are your
sources". Everywhere online, exposing your real life identity means a
possibility of real life problems: stalking, harassment, attempts to get
someone you have a content dispute with fired. And I'm not even theorizing:
all the above things have happened on Wikipedia, multiple times. Social
networks want to have people's confirmed identities so that they could sell
them to the highest bidder. We at Wikimedia are different - we want to know
as little about our users as possible, and a bit less than that.

On Fri, May 4, 2018 at 7:14 PM, Adam Sobieski <adamsobie...@hotmail.com>
wrote:

> Chad,
>
> I’m working on a new Wikipedia article, Account Verification (
> https://en.wikipedia.org/wiki/Account_verification).
> Account verification can enhance the quality of online services,
> mitigating sockpuppetry, bots, trolls, spam, vandalism, fake news,
> disinformation and election interference.
>
> Account verification was initially a feature for public figures and
> accounts of public interest, individuals in music, acting, fashion,
> government, politics, religion, journalism, media, sports, business and
> other key interest areas. Account verification was introduced to Twitter in
> June 2009, Google+ in August 2011, Facebook in February 2012, Instagram in
> December 2014, and Pinterest in June 2015.
>
> In July 2016, Twitter announced that, beyond public figures, any
> individual could apply for account verification. In March 2018, during a
> live-stream on Periscope, Jack Dorsey, co-founder and CEO of Twitter,
> discussed the idea of allowing any individual to get a verified account (
> https://variety.com/2018/digital/news/twitter-verified-
> account-open-everyone-1202722587/).
>
> In April 2018, Mark Zuckerberg, co-founder and CEO of Facebook, announced
> that purchasers of political or issue-based advertisements would be
> required to verify their identities and locations. He also indicated that
> Facebook would require individuals who manage large pages to be verified (
> https://www.facebook.com/zuck/posts/10104784125525891).
>
> These events of March and April of 2018 occurred just recently. These
> issues are both important and contemporary.
>
> I’m looking at administrative functions such as page protection and
> considering scenarios where one or more administrators would determine that
> a page requires a verified account to edit. “Verified users” would be
> another column in the table, Interaction of Wikipedia user groups and page
> protection levels, at: https://en.wikipedia.org/wiki/
> Wikipedia:Protection_policy#Overview_of_types_of_protection .
>
> I would like to respond to your question both quickly and thoroughly. This
> is part one (quickly) and I will work on part two (thoroughly) over the
> weekend and respond early next week.
>
>
> Best regards,
> Adam
>
> From: Chad<mailto:innocentkil...@gmail.com>
> Sent: Friday, May 4, 2018 9:03 PM
> To: Wikimedia develop

Re: [Wikitech-l] MediaWiki and OpenID Connect

[Stas Malyshev]

Hi!

> Account verification was initially a feature for public figures and
> accounts of public interest, individuals in music, acting, fashion,
> government, politics, religion, journalism, media, sports, business
> and other key interest areas. Account verification was introduced to
> Twitter in June 2009, Google+ in August 2011, Facebook in February
> 2012, Instagram in December 2014, and Pinterest in June 2015.

Given how much controversy and unhealthy dynamics surrounds verified
accounts on Twitter (not sure about Pinterest etc. - don't have any info
there) I do not think it is a good idea to copy it. If there's an
individual need to establish link between legal identity of somebody and
their Wiki credentials, there are easy ways to do it - e.g. publish a
signed message both on wiki user page under the account and on the
resource known to be controlled by the person, etc. But I don't think
special status like that would be very useful or very welcome.
Also note linking one's legal identity to Wiki edits may be very
dangerous in some countries. Requiring people to take that risk to edit
certain pages is not really a good thing.

-- 
Stas Malyshev
smalys...@wikimedia.org

___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l

Re: [Wikitech-l] MediaWiki and OpenID Connect

[Max Semenik]

Have you tried discussing this with the community? Let me tell you what
their reaction will be: "we don't care who you are, we care what are your
sources". Everywhere online, exposing your real life identity means a
possibility of real life problems: stalking, harassment, attempts to get
someone you have a content dispute with fired. And I'm not even theorizing:
all the above things have happened on Wikipedia, multiple times. Social
networks want to have people's confirmed identities so that they could sell
them to the highest bidder. We at Wikimedia are different - we want to know
as little about our users as possible, and a bit less than that.

On Fri, May 4, 2018 at 7:14 PM, Adam Sobieski <adamsobie...@hotmail.com>
wrote:

> Chad,
>
> I’m working on a new Wikipedia article, Account Verification (
> https://en.wikipedia.org/wiki/Account_verification).
> Account verification can enhance the quality of online services,
> mitigating sockpuppetry, bots, trolls, spam, vandalism, fake news,
> disinformation and election interference.
>
> Account verification was initially a feature for public figures and
> accounts of public interest, individuals in music, acting, fashion,
> government, politics, religion, journalism, media, sports, business and
> other key interest areas. Account verification was introduced to Twitter in
> June 2009, Google+ in August 2011, Facebook in February 2012, Instagram in
> December 2014, and Pinterest in June 2015.
>
> In July 2016, Twitter announced that, beyond public figures, any
> individual could apply for account verification. In March 2018, during a
> live-stream on Periscope, Jack Dorsey, co-founder and CEO of Twitter,
> discussed the idea of allowing any individual to get a verified account (
> https://variety.com/2018/digital/news/twitter-verified-
> account-open-everyone-1202722587/).
>
> In April 2018, Mark Zuckerberg, co-founder and CEO of Facebook, announced
> that purchasers of political or issue-based advertisements would be
> required to verify their identities and locations. He also indicated that
> Facebook would require individuals who manage large pages to be verified (
> https://www.facebook.com/zuck/posts/10104784125525891).
>
> These events of March and April of 2018 occurred just recently. These
> issues are both important and contemporary.
>
> I’m looking at administrative functions such as page protection and
> considering scenarios where one or more administrators would determine that
> a page requires a verified account to edit. “Verified users” would be
> another column in the table, Interaction of Wikipedia user groups and page
> protection levels, at: https://en.wikipedia.org/wiki/
> Wikipedia:Protection_policy#Overview_of_types_of_protection .
>
> I would like to respond to your question both quickly and thoroughly. This
> is part one (quickly) and I will work on part two (thoroughly) over the
> weekend and respond early next week.
>
>
> Best regards,
> Adam
>
> From: Chad<mailto:innocentkil...@gmail.com>
> Sent: Friday, May 4, 2018 9:03 PM
> To: Wikimedia developers<mailto:wikitech-l@lists.wikimedia.org>
> Subject: Re: [Wikitech-l] MediaWiki and OpenID Connect
>
> On Fri, May 4, 2018, 1:21 PM Adam Sobieski <adamsobie...@hotmail.com>
> wrote:
>
> > With such features, we can envision allowing groups of users or admins to
> > determine that certain articles require a verified account to edit.
> >
>
> Why would this be desirable?
>
> -Chad
>
> >
> ___
> Wikitech-l mailing list
> Wikitech-l@lists.wikimedia.org
> https://lists.wikimedia.org/mailman/listinfo/wikitech-l
>
> ___
> Wikitech-l mailing list
> Wikitech-l@lists.wikimedia.org
> https://lists.wikimedia.org/mailman/listinfo/wikitech-l
>



-- 
Best regards,
Max Semenik ([[User:MaxSem]])
___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l

Re: [Wikitech-l] MediaWiki and OpenID Connect

[Adam Sobieski]

Chad,

I’m working on a new Wikipedia article, Account Verification 
(https://en.wikipedia.org/wiki/Account_verification).
Account verification can enhance the quality of online services, mitigating 
sockpuppetry, bots, trolls, spam, vandalism, fake news, disinformation and 
election interference.

Account verification was initially a feature for public figures and accounts of 
public interest, individuals in music, acting, fashion, government, politics, 
religion, journalism, media, sports, business and other key interest areas. 
Account verification was introduced to Twitter in June 2009, Google+ in August 
2011, Facebook in February 2012, Instagram in December 2014, and Pinterest in 
June 2015.

In July 2016, Twitter announced that, beyond public figures, any individual 
could apply for account verification. In March 2018, during a live-stream on 
Periscope, Jack Dorsey, co-founder and CEO of Twitter, discussed the idea of 
allowing any individual to get a verified account 
(https://variety.com/2018/digital/news/twitter-verified-account-open-everyone-1202722587/).

In April 2018, Mark Zuckerberg, co-founder and CEO of Facebook, announced that 
purchasers of political or issue-based advertisements would be required to 
verify their identities and locations. He also indicated that Facebook would 
require individuals who manage large pages to be verified 
(https://www.facebook.com/zuck/posts/10104784125525891).

These events of March and April of 2018 occurred just recently. These issues 
are both important and contemporary.

I’m looking at administrative functions such as page protection and considering 
scenarios where one or more administrators would determine that a page requires 
a verified account to edit. “Verified users” would be another column in the 
table, Interaction of Wikipedia user groups and page protection levels, at: 
https://en.wikipedia.org/wiki/Wikipedia:Protection_policy#Overview_of_types_of_protection
 .

I would like to respond to your question both quickly and thoroughly. This is 
part one (quickly) and I will work on part two (thoroughly) over the weekend 
and respond early next week.


Best regards,
Adam

From: Chad<mailto:innocentkil...@gmail.com>
Sent: Friday, May 4, 2018 9:03 PM
To: Wikimedia developers<mailto:wikitech-l@lists.wikimedia.org>
Subject: Re: [Wikitech-l] MediaWiki and OpenID Connect

On Fri, May 4, 2018, 1:21 PM Adam Sobieski <adamsobie...@hotmail.com> wrote:

> With such features, we can envision allowing groups of users or admins to
> determine that certain articles require a verified account to edit.
>

Why would this be desirable?

-Chad

>
___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l

___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l

Re: [Wikitech-l] MediaWiki and OpenID Connect

[Chad]

On Fri, May 4, 2018, 1:21 PM Adam Sobieski  wrote:

> With such features, we can envision allowing groups of users or admins to
> determine that certain articles require a verified account to edit.
>

Why would this be desirable?

-Chad

>
___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l