That's why I think we need "signatures"
which is my shorthand for things
like a hash function or a bounding box, a means by which many non-matching
accounts can be eliminated at low cost, reserving the high cost comparisons
(machine or human) only for high probability candidates. It is
machine-computed and *stored* on the banning/blocking of a user. When a
suspect user is presented, it calculates their signature and then compares
them against the pre-calculated signatures of the bad users. I don't think
it is too expensive if we can find the right "signature". CPU cycles are
pretty fast. I only have an average laptop CPU-wise but I burn through
loads of comparisons of geographic boundaries (complex polygons with many
points) thanks to bounding boxes which reduce the complex shape to the
smallest rectangle that contains it. Testing intersection of polygons is
expensive, testing the intersection of rectangles is trivial.
I think we can probably ignore the myriad of trivial bad guys for the
purposes of signature collecting, eg blocked for vandalism after their
first few edits. Sock puppets or their masters don't immediately appear as
bad guys on individual edits. It's often more about long-term behaviours
like POV pushing, refusal to engage in consensus building, slow burning
edit wars, etc, that does not show on individual edits.
Kerry
Sent from my iPad
On 23 Aug 2019, at 11:42 pm, Timothy Wood <timothyjosephwood(a)gmail.com>
wrote:
You are correct that in all but the most obvious cases, filing an SPI can
be exceptionally time consuming. I'm afraid there is no obvious technical
solution there that would not involve a complicated AI that is probably
beyond the ability of the foundation to produce.
There is quite a bit of data available in the form of years of SPIs, but
it seems like you're talking about Facebook or Google levels of machine
learning, and even years of SPIs is tiny compared to the amount of data
they work with.
On a separate note, frequently changing IP adresses is most often an
indicator of nothing more than someone who is editing on a mobile
connection. This can usually be easily verified with an online IP lookup.
V/r
TJW/GMG
On Fri, Aug 23, 2019, 02:44 RhinosF1 <rhinosf1(a)gmail.com> wrote:
Just a note that you can still go through
warnings for vandalism etc. and
report to AIV.
Or at that edit speed, you may have a chance at AN at reporting for
bot-like edits which will draw attention to the account.
If you ever need help, things like #wikipedia-en-help on Freenode IRC
exist
so you can ask other users.
RhinosF1
Miraheze Volunteer
On Fri, 23 Aug 2019 at 06:57, Kerry Raymond <kerry.raymond(a)gmail.com>
wrote:
Currently, to open a sockpuppet investigation,
you must name the two (or
more) accounts that you believe to be sockpuppets with "clear,
behavioural
evidence of sock puppetry" which is
typically in the form of pairs of
edits
that demonstrate similar edit behaviours that are
unlikely to naturally
occur. Now if you spend enough time on-wiki, you develop an intuition
about
behaviours you see on your watchlist and in
article edit histories.
Often I
am highly suspicious that an account is a
sockpuppet, but I cannot
report
them because I don't know which other account
is involved.
As a example, I recently encounted User:Shelati an account about 1 day
old
at that time with nearly 100 edits in that day
all about 1-2 minutes
apart,
mostly making a similar change to a large number
of Australian place
infoboxes.
https://en.wikipedia.org/w/index.php?title=Special:Contributions/Shelati
<
https://en.wikipedia.org/w/index.php?title=Special:Contributions/Shelati&am…
fset=20190728053057&limit=100&target=Shelati
<
https://en.wikipedia.org/w/index.php?title=Special:Contributions/Shelati&am…
&offset=20190728053057&limit=100&target=Shelati
Genuine new users do not edit that quickly, do not use templates and do
not
mess structurally with infoboxes (at most they
try to change the
values).
It
"smelled" like a sockpuppet. However, as I did not recognise that
pattern
of
edit behaviour as being that of any other user I was familiar with, it
wasn't something I could report for sockpuppet investigation. Anyhow
after
about 2 weeks, the user was blocked as a
sockpuppet. Someone must have
noticed and figured out the other account:
https://en.wikipedia.org/wiki/Wikipedia:Sockpuppet_investigations/Meganesia/
Archive
Two weeks and 1,279 edits later . that's over 1000 possibly problematic
edits after I first suspected them. But that's nothing compared with
another
ongoing situation in which a very large number of different IPs are
engaged
in a pattern of problem edits on mostly
Australian articles (a few
different
types of edits but an obvious "quack like a duck" situation). The IP
number
changes frequently (and one assumes
deliberately). The edits
potentially go
back to 2013 but appear to have intensified in
2018/2019. Here's one
user's
summary of all the IP addresses involved, and the
extent to which they
have
been cleaned up, given many thousands of edits
are involved, see:
https://en.wikipedia.org/wiki/User:IamNotU/History_cleanup
As well as the damage done to the content (which harms the readers),
these
IP sockpuppets are consuming enormous amounts of
effort to track them
down
and revert them, which could be more productively
used to improve the
content. We need better tools to foil these pests. So I want to put that
challenge out to this list.
Kerry
_______________________________________________
Wiki-research-l mailing list
Wiki-research-l(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wiki-research-l
--
RhinosF1
Miraheze Volunteer
_______________________________________________
Wiki-research-l mailing list
Wiki-research-l(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wiki-research-l