Gregory Maxwell: > On Thu, Apr 18, 2013 at 2:57 PM, Jacob Appelbaum <[email protected]> wrote: >> It is possible to request a special flag on a Wikipedia account that is >> granted by way of some special handshake. It is possible to take an >> already created account and use it for edits as the flag overrides the >> Tor block. > > The flag is called ipblock-exempt >
Right - it might make sense to make a second flag - anonymity-allowed and set it to true for everyone until they abuse it. > You can see the the list of uses on english wikipedia that have it here: > > http://en.wikipedia.org/w/index.php?title=Special%3AListUsers&username=&group=ipblock-exempt&limit=500 > (bot accounts and administrators also inherit this ability without the > ipblock-exempt flag) That page is a very predictable side effect of having a flag for people with strong need for privacy. I guess we know which Wikipedia users are valuable or doing something interesting, right? o_0 > > (As an aside, your own account was previously flagged this way, (by > Wikimedia's chairman of the board), but the flag has since been > removed because your account has been inactive: > http://en.wikipedia.org/w/index.php?title=Special%3ALog&type=&user=&page=User%3AIoerror&year=&month=-1&tagfilter= > ) > I did not know that the flag times out - that is rather sad - privacy is automatically removed, even for people who don't abuse it? Is there any way to get it back? Or do I now have to deanonymize myself again and attempt some other secret handshakes? :( > [snip] >> I think we should ensure that Wikipedia understands that the account was >> created with Tor and that the user may be using this to circumvent >> censorship, to protect what they are reading or editing from their local >> network censors or surveillance regime as well as to protect IP address >> information that the US currently doesn't really protect (see USA vs. >> Appelbaum; re: my Twitter case). Since the US can see a lot of the >> traffic to Wikipedia, I'd guess that this is important worldwide. > > I've been generally unable to convince people that surveillance of > Wikipedia access is both happening and actually important. The people > participating in the creation and administration Wikipedia (and > likewise those employed by the Wikimedia foundation) enjoy the > privileged of having the greatest intellectual freedom that has ever > been enjoyed by anyone anywhere. This is unsurprising: People without > substantial freedom of all kinds are not the most likely to go about > assembling a Free Encyclopedia. Like any other privileged it's not > always obvious to the beholder. > I know a few people that work/ed at the Wikimedia and they did not suffer from such blindness. I think though that the best retort to claims that it isn't happening is actually found on the Wikipedia servers themselves: http://meta.wikimedia.org/wiki/XFF_project I seem to remember the full list of proxies: http://svn.wikimedia.org/viewvc/mediawiki/trunk/extensions/TrustedXFF/trusted-hosts.txt > The idea that someone's Wikipedia editing (or, much less _reading_) > habits might be highly private and personal and likely to cause harm > if monitored isn't really appreciated by people who really find that > kind of monitoring hard to believe (even, ironically, when it's > currently happening to them— the illusion of intellectual freedom is > greater than the actual intellectual freedom) > How could anyone suggest that they do not have massive user surveillance with such a huge list of proxies *in their own source code* tree? Here is the list again: http://svn.wikimedia.org/viewvc/mediawiki/trunk/extensions/TrustedXFF/trusted-hosts.txt?view=co > I was unsuccessful in the last major datacenter reworking convincing > the technical staff to adopt an architecture which could reasonably > scale to supporting SSL always on for all readers (one where SSL > wasn't handled by a separate cluster but was instead run in parallel > on the existing non-ssl frontends). > I'm sorry to hear that. > Unfortunately, I think it will probably take someone being killed for > reasons considered unjust by western standards before the considerable > expenditure necessary to HSTS the entire site will be justified. > Pressure on this front needs to come from activists, not from > technology people. I tend to agree. Though I'd be happy to give a talk at a brown bag lunch or something, if it would help. > >> A workable solution would be to continue to use such a list to detect >> Tor usage and then to ensure that we now allow new accounts to be >> created over Tor. The MediaWiki should ensure that HSTS is sent to the >> user and that the user only ever uses HTTPS to connect to Wikipedia. > > Account creation via tor is explicitly and intentionally disabled. I remember, I'm sad to hear that this hasn't changed. > >> If the user is abusive and an IP block would normally apply, Wikipedia >> would not block by IP but would rather use the normal Wikipedia process >> to resolve disputes (in edits, discussions, etc) > > The blocking of tor (and other IP) addresses is never intended to be a > part of the regular "disagreeable behavior for otherwise well meaning > and sane contributors" process. It doesn't aid in that process. > > In theory blocking is really only a measure against people who are > malicious or (temporarily?) mentally ill. Wikipedia will try to > reason you out of doing something, and if that fails, _tell_ you to > stop doing something, and then only block you if you don't listen. > That is very frustrating indeed. >> and if the account is >> just being used for automated jerk behavior, I think it would be >> reasonable to lock the account, perhaps even forcing the user to solve a >> captcha, or whatever other process is used when accounts are abused in >> an automated fashion. > > Mostly the really automated behavior is not that huge of an issue— the > thousands of wiki administrators have access sophisticated to > automated behavioral blocking tools (I think the rule expression > language in abusefilter is turing complete), account creation requires > solving a captcha... and marketers have discovered that spamming > Wikipedia can have certain unexpected negative effects once caught > (like completely disappearing from search engine indexes), so only > idiot marketers spam overtly. That is an interesting data point, thanks. > > But what is an issue is an issue is _non-automated_ or semi-automated > jerk behavior. A single bored kid or irate mentally ill person can > easily fully saturate the time of ten or more Wikipedia volunteer > editors with a barrage of fake identities making subtle undermining > edits or over massive scale one time automated attacks. To some people > this kind of thing is just a really excellent MMORPG, this is, no > doubt, amplified by the fact that most of the sites operation is > conspicuously performed by human hands and minds. Much of the bad > behavior is benign but time consuming, though some is quite concerning > and violent (e.g. blasting pages with images of child porn mixed with > photos of contributors children). Beyond the pure time consumption, > it is demoralizing and dehumanizing to the volunteer editors to > constantly be non-consensually made a target in some jerks MMORPG-fun. > I find it strange that so much human time may *only* be saved by an ip address. I mean, nymbler and other systems solve this problem for a given user and I can't imagine that there aren't common patterns of abuse that would say, leave a non-jerk, tor user out of their database culling? I'm with you that bad behavior exists - I also feel like by blocking Tor, we find ourselves in a position where regular people have basically no options and the jerks will often be one step ahead. As a classic example, I didn't realize the flag had been lifted from my account and I was without my normal computing environment. I did however want to correct a mistake on a page - so I used Tor to reach a third system and performed my edit routing through the third system. It was such a pain to have to use a third system and boy, if you think Tor is slow, try using Tor to bounce to another system just to edit the Wikipedia! Ouch! > There aren't many of these jerks, however— I'd guess that for any > major language there are only dozen or so world wide any any time > (they either change obsessions, grow out of it, or end up incarcerated > (no kidding), so they seem to be constantly shifting). Because of > this aggressively blocking every IP address they have access to is > actually _quite_ effective. You eventually get all the networks they > have ready access too (in some cases where the problem has come from > an institution, Wikipedians have traded blocking the whole institution > for eliminating the problem with disciplinary action), including > whatever open wifi they can easily reach... the first one to have paid > for botnet access gets the botnet largely blocked and so on. It's > demonstratively effective... and in cases where overbroad blocks hit > established users, they can be exempted on an account by account > basis. > That seems reasonable in a sense. I'd say that I'd like to see an automatic expiration for any such block; I'd also say that any user who is logged in and *known* to be "good" should automatically be exempt. Does that seem reasonable or has this been tried only to end in tears? > So if creating an account that can edit via tor is as simple as > solving a captcha then it will be impossible to stop these abusive > people— they will happily pipeline out account creation as fast as > whatever rate-limiters will allow them, jump through whatever hoops, > they have nearly unbounded time and motivation ... and then they can > continue to victimize Wikipedia contributors (and readers, though the > readers don't seem to take bad information of Wikipedia personally) > without consequence. > I think that in such a case, we'd want to deploy a system like Nymbler rather than a captcha - so that an abusive user's edits could be reverted in a way that doesn't harm everyone or discriminate entire classes of users. > Sometimes you can be victimized by forces outside of your control and > there is just nothing you can really do about it. But thats not the > case here, blocking every proxy the jerks use _works_. It has > collateral damage of unknown magnitude, but the part that is > specifically known can be largely solved with exemptions. The harm it > solves is insanely salient: the jerks rub your face in their success, > the harm is causes is invisible (since the visible parts get solved > with exemptions). > Sure, I understand. I find it pretty sad all around too. >> Most of that isn't technical - it is a matter of accepting that some of >> us are not free. Some of us who are not free require systems like Tor to >> participate in the Free Culture community curated by the Wikipedia >> community on Wikipedia. Some of us will then be free to be part of that >> community and perhaps, if we work smartly, other freedoms will follow >> from the knowledge of the community. > > There are so many hurdles to equitable participation: Access to > computers, _literacy_, educational differentials, perceived societal > roles, social norms within the community making some people feel like > outsiders ... the people excluded because they are not free and for > whom the exemption process is inadequate seem like something of a > rounding error by comparison— especially to people who find that whole > not-freeness thing to be a kind of vague and distant concept. Doubly > so when it's easy to ignore the importance of participating in that > culture and say "for your own protection, if editing Wikipedia would > put you in danger we prefer you to not do it!" I agree - I find it pretty sad that Wikipedia is creating more of them in an almost unique manner. I also acknowledge at the very same time that Wikipedia is helping to improve the world and I understand that there is a balance to be struck. How many people have their access to Wikipedia censored? How many try to edit once they find a way around the censorship and are stopped? It is hard to measure these things and as a result, censorship wins again. All the best, Jacob _______________________________________________ tor-talk mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
