On 6/15/07, Slim Virgin slimvirgin@gmail.com wrote:
Trojan admin accounts can do a lot of damage. They can view and copy deleted material; unblock abusive users; unprotect pages that would be better left protected; cause endless arguments on AN/I by questioning other admins; log and hand out conversations on the admins' channel, and doubtless other things I haven't thought of.
With all the talk about this "trojan admin" business, this question has to be asked. Is there any evidence that this is actually happening or has happened? Have any trojan admin accounts been desysopped and blocked? I don't believe that a few idiots bragging about doing this off wiki is real evidence BTW. It's more likely the bragging is either to impress other trolls and/or to get us all paranoid about it.
And multiple accounts? A disruptor would have a hard enough time getting one account through all the RFA hoops. However if this really is happening/will happen then it is a serious problem which is why I like the idea of admins identifying themselves to the foundation like checkusers do. Sure it's possible for a troublemaker to get around that too but it would raise the bar for that kind of lamage.
On 6/18/07, Ron Ritzman ritzman@gmail.com wrote:
On 6/15/07, Slim Virgin slimvirgin@gmail.com wrote:
Trojan admin accounts can do a lot of damage. They can view and copy deleted material; unblock abusive users; unprotect pages that would be better left protected; cause endless arguments on AN/I by questioning other admins; log and hand out conversations on the admins' channel, and doubtless other things I haven't thought of.
With all the talk about this "trojan admin" business, this question has to be asked. Is there any evidence that this is actually happening or has happened? Have any trojan admin accounts been desysopped and blocked? I don't believe that a few idiots bragging about doing this off wiki is real evidence BTW. It's more likely the bragging is either to impress other trolls and/or to get us all paranoid about it.
And multiple accounts? A disruptor would have a hard enough time getting one account through all the RFA hoops. However if this really is happening/will happen then it is a serious problem which is why I like the idea of admins identifying themselves to the foundation like checkusers do. Sure it's possible for a troublemaker to get around that too but it would raise the bar for that kind of lamage.
WikiEN-l mailing list WikiEN-l@lists.wikimedia.org To unsubscribe from this mailing list, visit: http://lists.wikimedia.org/mailman/listinfo/wikien-l
We've had hacked accounts deleting the main page for one.
On 6/18/07, MacGyverMagic/Mgm macgyvermagic@gmail.com wrote:
On 6/18/07, Ron Ritzman ritzman@gmail.com wrote:
On 6/15/07, Slim Virgin slimvirgin@gmail.com wrote:
Trojan admin accounts can do a lot of damage. They can view and copy deleted material; unblock abusive users; unprotect pages that would be better left protected; cause endless arguments on AN/I by questioning other admins; log and hand out conversations on the admins' channel, and doubtless other things I haven't thought of.
With all the talk about this "trojan admin" business, this question has to be asked. Is there any evidence that this is actually happening or has happened? Have any trojan admin accounts been desysopped and blocked? I don't believe that a few idiots bragging about doing this off wiki is real evidence BTW. It's more likely the bragging is either to impress other trolls and/or to get us all paranoid about it.
And multiple accounts? A disruptor would have a hard enough time getting one account through all the RFA hoops. However if this really is happening/will happen then it is a serious problem which is why I like the idea of admins identifying themselves to the foundation like checkusers do. Sure it's possible for a troublemaker to get around that too but it would raise the bar for that kind of lamage.
We've had hacked accounts deleting the main page for one.
We also had an admin sockpuppet account un hard-blocking TOR proxies and then soft blocking so his other sockpuppets could use them. And somehow Wikitruth has access to every single deleted page on Wikipedia.
Hi JayJG, All,
Von: jayjg jayjg99@gmail.com wrote:
And somehow Wikitruth has access to every single deleted page on Wikipedia.
Ask the developers to add steganographic watermarking to viewing deleted pages, encoding the admin's account as small schanges in the text (only 11 bits needed).
That would make it possible to trace back leaked complete articles (but not short snippets).
Regards, Peter
On 6/18/07, Peter Jacobi peter_jacobi@gmx.net wrote:
Hi JayJG, All,
Von: jayjg jayjg99@gmail.com wrote:
And somehow Wikitruth has access to every single deleted page on Wikipedia.
Ask the developers to add steganographic watermarking to viewing deleted pages, encoding the admin's account as small schanges in the text (only 11 bits needed).
That would make it possible to trace back leaked complete articles (but not short snippets).
Regards, Peter
WikiEN-l mailing list WikiEN-l@lists.wikimedia.org To unsubscribe from this mailing list, visit: http://lists.wikimedia.org/mailman/listinfo/wikien-l
We could just start tracking who is accessing deleted material, just as we monitor checkuser access.
On 6/18/07, jayjg jayjg99@gmail.com wrote:
We've had hacked accounts deleting the main page for one.
But those weren't necessarily "them". I assumed those were otherwise good faith admins who picked goober passwords.
We also had an admin sockpuppet account un hard-blocking TOR proxies and then soft blocking so his other sockpuppets could use them.
You might have something there. Did you examine the approval process and previous editing patterns of these accounts?
And somehow Wikitruth has access to every single deleted page on Wikipedia.
Those could have been grabbed before they were deleted. Just snarf up everything that has an AFD/prod/speedy tag on it and stick it on Wikitruth if it does get deleted.
On 6/18/07, Ron Ritzman ritzman@gmail.com wrote:
Those could have been grabbed before they were deleted. Just snarf up everything that has an AFD/prod/speedy tag on it and stick it on Wikitruth if it does get deleted.
We have solid evidence otherwise.
On 6/18/07, geni geniice@gmail.com wrote:
On 6/18/07, Ron Ritzman ritzman@gmail.com wrote:
Those could have been grabbed before they were deleted. Just snarf up everything that has an AFD/prod/speedy tag on it and stick it on Wikitruth if it does get deleted.
We have solid evidence otherwise.
Frankly, it's very good that critics of the project have access to deleted history.
Would a logging system be nice, probably. Is it number one priority for the devs to implement, I'm not so sure. There are other things I'd like to see, such as the ability to move images, and to protect images. (Two needs of commons). Also another "nice to have" would be to be able to delete single revisions. (This would probably have to be implented before the logging system could be done anyway :S, not sure) Unfortunately the English wikipedia is not the only project that uses the mediawiki engine.
On 6/18/07, The Cunctator cunctator@gmail.com wrote:
On 6/18/07, geni geniice@gmail.com wrote:
On 6/18/07, Ron Ritzman ritzman@gmail.com wrote:
Those could have been grabbed before they were deleted. Just snarf up everything that has an AFD/prod/speedy tag on it and stick it on Wikitruth if it does get deleted.
We have solid evidence otherwise.
Frankly, it's very good that critics of the project have access to deleted history.
WikiEN-l mailing list WikiEN-l@lists.wikimedia.org To unsubscribe from this mailing list, visit: http://lists.wikimedia.org/mailman/listinfo/wikien-l
On 18/06/07, Eagle 101 eagle.wikien.l@gmail.com wrote:
Would a logging system be nice, probably. Is it number one priority for the devs to implement, I'm not so sure. There are other things I'd like to see, such as the ability to move images, and to protect images. (Two needs of commons). Also another "nice to have" would be to be able to delete single revisions. (This would probably have to be implented before the logging system could be done anyway :S, not sure) Unfortunately the English wikipedia is not the only project that uses the mediawiki engine.
VoiceOfAll has been working on a rather 'l33t change to deletions, so that deletions and oversights show up in the revision history, optionally minus the log messages. I believe it was due to land in the current MediaWiki revision cycle.
- d.
On 6/18/07, David Gerard dgerard@gmail.com wrote:
On 18/06/07, Eagle 101 eagle.wikien.l@gmail.com wrote:
Would a logging system be nice, probably. Is it number one priority for
the
devs to implement, I'm not so sure. There are other things I'd like to
see,
such as the ability to move images, and to protect images. (Two needs of commons). Also another "nice to have" would be to be able to delete
single
revisions. (This would probably have to be implented before the logging system could be done anyway :S, not sure) Unfortunately the English wikipedia is not the only project that uses the mediawiki engine.
VoiceOfAll has been working on a rather 'l33t change to deletions, so that deletions and oversights show up in the revision history, optionally minus the log messages. I believe it was due to land in the current MediaWiki revision cycle.
- d.
Link: http://www.mediawiki.org/wiki/Bitfields_for_rev_deleted
Right, thats what I was referring to :) Thanks for pointing that out.
On 6/18/07, David Gerard dgerard@gmail.com wrote:
On 18/06/07, Eagle 101 eagle.wikien.l@gmail.com wrote:
Would a logging system be nice, probably. Is it number one priority for
the
devs to implement, I'm not so sure. There are other things I'd like to
see,
such as the ability to move images, and to protect images. (Two needs of commons). Also another "nice to have" would be to be able to delete
single
revisions. (This would probably have to be implented before the logging system could be done anyway :S, not sure) Unfortunately the English wikipedia is not the only project that uses the mediawiki engine.
VoiceOfAll has been working on a rather 'l33t change to deletions, so that deletions and oversights show up in the revision history, optionally minus the log messages. I believe it was due to land in the current MediaWiki revision cycle.
- d.
WikiEN-l mailing list WikiEN-l@lists.wikimedia.org To unsubscribe from this mailing list, visit: http://lists.wikimedia.org/mailman/listinfo/wikien-l
On 6/18/07, Eagle 101 eagle.wikien.l@gmail.com wrote:
There are other things I'd like to see, such as the ability to move images, and to protect images.
Wait, we can't protect images? What's the point of c-uploaded, then?
Rory
We can protect the image description (the part with the license tag {{gdfl}} or whatever), but as far as I know even if an image is full protected, you can still upload a new image in its place... at least I think thats the case. -- Eagle 101
On 6/18/07, Rory Stolzenberg rory096@gmail.com wrote:
On 6/18/07, Eagle 101 eagle.wikien.l@gmail.com wrote:
There are other things I'd like to see, such as the ability to move images, and to protect images.
Wait, we can't protect images? What's the point of c-uploaded, then?
Rory _______________________________________________ WikiEN-l mailing list WikiEN-l@lists.wikimedia.org To unsubscribe from this mailing list, visit: http://lists.wikimedia.org/mailman/listinfo/wikien-l
On 6/18/07, Eagle 101 eagle.wikien.l@gmail.com wrote:
On 6/18/07, Rory Stolzenberg rory096@gmail.com wrote:
On 6/18/07, Eagle 101 eagle.wikien.l@gmail.com wrote:
There are other things I'd like to see, such as the ability to move images, and to protect images.
Wait, we can't protect images? What's the point of c-uploaded, then?
Rory
See the source code of SpecialUpload.php (SVN available at http://svn.wikimedia.org/viewvc/mediawiki/trunk/phase3/includes/SpecialUploa... )
/** * If the image is protected, non-sysop users won't be able * to modify it by uploading a new revision. */ if( !$nt->userCan( 'edit' ) ) { return $this->uploadError( wfMsgWikiHtml( 'protectedpage' ) ); }
If an image is protected on Wikipedia, a new version can't be uploaded over it, and (of course) the image description itself can't be edited.
If you try to upload an image over one that's protected, you'll get the contents of [[MediaWiki:Protectedpage]] thrown at you, surrounded by <span class="error"> and </span>. However, there is no way to have both the description editable by anyone and to prohibit uploads, which Eagle was possibly referring to.
The current situation does not apply to uploading a local copy of an image protected on commons, and I don't think it works so well with cascading protection either (transcluding image description pages).
On 6/18/07, Ron Ritzman ritzman@gmail.com wrote:
On 6/18/07, jayjg jayjg99@gmail.com wrote:
We've had hacked accounts deleting the main page for one.
But those weren't necessarily "them". I assumed those were otherwise good faith admins who picked goober passwords.
That wasn't one of my points, someone else said that.
We also had an admin sockpuppet account un hard-blocking TOR proxies and then soft blocking so his other sockpuppets could use them.
You might have something there. Did you examine the approval process and previous editing patterns of these accounts?
I'm not sure what you mean.
And somehow Wikitruth has access to every single deleted page on Wikipedia.
Those could have been grabbed before they were deleted. Just snarf up everything that has an AFD/prod/speedy tag on it and stick it on Wikitruth if it does get deleted.
That would be an extraordinarily large effort. It's possible, but I think it again makes more sense to apply Occam's razor here.
From the day i came here, I routinely copied all the text from
articles on AfD that I thought might get deleted but that I would want to try to improve and re-create, and stored it off wiki. I still do it. I have gone back and used a few for new articles, but most are still for use "when I have the time". (But I keep it inaccessible to Google.)
I do something similar with email and other online services in my real work. It's been very useful there, once with respect to a malicious system administrator who went in and changed the metadata.
On 6/18/07, jayjg jayjg99@gmail.com wrote:
On 6/18/07, Ron Ritzman ritzman@gmail.com wrote:
On 6/18/07, jayjg jayjg99@gmail.com wrote:
And somehow Wikitruth has access to every single deleted page on Wikipedia.
Those could have been grabbed before they were deleted. Just snarf up everything that has an AFD/prod/speedy tag on it and stick it on Wikitruth if it does get deleted.
That would be an extraordinarily large effort. It's possible, but I think it again makes more sense to apply Occam's razor here.
WikiEN-l mailing list WikiEN-l@lists.wikimedia.org To unsubscribe from this mailing list, visit: http://lists.wikimedia.org/mailman/listinfo/wikien-l
On 6/18/07, Ron Ritzman ritzman@gmail.com wrote:
And somehow Wikitruth has access to every single deleted page on Wikipedia.
Those could have been grabbed before they were deleted. Just snarf up everything that has an AFD/prod/speedy tag on it and stick it on Wikitruth if it does get deleted.
They're not being grabbed before deleted. Wikitruth is run by people with admin accounts on Wikipedia.
Slim Virgin wrote:
On 6/18/07, Ron Ritzman ritzman@gmail.com wrote:
And somehow Wikitruth has access to every single deleted page on Wikipedia.
Those could have been grabbed before they were deleted. Just snarf up everything that has an AFD/prod/speedy tag on it and stick it on Wikitruth if it does get deleted.
They're not being grabbed before deleted. Wikitruth is run by people with admin accounts on Wikipedia.
Could you say more about the evidence for that?
With 1200 admins, it seems equally plausible to me that there are ones that are willing to give copies of deleted revisions to anybody who has a reasonable reason for wanting to know.
William
http://en.wikipedia.org/wiki/Wikitruth http://upload.wikimedia.org/wikipedia/en/thumb/4/46/Restore_Wikitruth_info.p... 2007/6/20, William Pietri william@scissor.com:
Slim Virgin wrote:
On 6/18/07, Ron Ritzman ritzman@gmail.com wrote:
And somehow Wikitruth has access to every single deleted page on Wikipedia.
Those could have been grabbed before they were deleted. Just snarf up everything that has an AFD/prod/speedy tag on it and stick it on Wikitruth if it does get deleted.
They're not being grabbed before deleted. Wikitruth is run by people with admin accounts on Wikipedia.
Could you say more about the evidence for that?
With 1200 admins, it seems equally plausible to me that there are ones that are willing to give copies of deleted revisions to anybody who has a reasonable reason for wanting to know.
William
WikiEN-l mailing list WikiEN-l@lists.wikimedia.org To unsubscribe from this mailing list, visit: http://lists.wikimedia.org/mailman/listinfo/wikien-l
On 19/06/07, William Pietri william@scissor.com wrote:
With 1200 admins, it seems equally plausible to me that there are ones that are willing to give copies of deleted revisions to anybody who has a reasonable reason for wanting to know.
Yeah, lots of admins will do this for uncontroversial deletions. The problem is more controversial ones.
- d.
On 6/20/07, David Gerard dgerard@gmail.com wrote:
On 19/06/07, William Pietri william@scissor.com wrote:
With 1200 admins, it seems equally plausible to me that there are ones that are willing to give copies of deleted revisions to anybody who has a reasonable reason for wanting to know.
Yeah, lots of admins will do this for uncontroversial deletions. The problem is more controversial ones.
You mean, the ones that shouldn't be deleted in the first place?
On 6/20/07, Anthony wikimail@inbox.org wrote:
You mean, the ones that shouldn't be deleted in the first place?
Nah things like hoaxes and zero impact bands.
On 6/19/07, William Pietri william@scissor.com wrote:
Slim Virgin wrote:
On 6/18/07, Ron Ritzman ritzman@gmail.com wrote:
And somehow Wikitruth has access to every single deleted page on Wikipedia.
Those could have been grabbed before they were deleted. Just snarf up everything that has an AFD/prod/speedy tag on it and stick it on Wikitruth if it does get deleted.
They're not being grabbed before deleted. Wikitruth is run by people with admin accounts on Wikipedia.
Could you say more about the evidence for that?
With 1200 admins, it seems equally plausible to me that there are ones that are willing to give copies of deleted revisions to anybody who has a reasonable reason for wanting to know.
I took it for granted (from the description by Sarah) that some of the stuff Wikitruth was obtaining using this admin access was the kind of information that any admin would know not to give out. You know, stuff like admin addresses and phone numbers and crap.
If all they're doing is republishing articles like [[Brian Peppers]] and [[Encyclopædia Dramatica]], then I fail to see what the big deal is in the first place.
jayjg wrote:
We also had an admin sockpuppet account un hard-blocking TOR proxies and then soft blocking so his other sockpuppets could use them. And somehow Wikitruth has access to every single deleted page on Wikipedia.
I must have missed the excitement surrounding that. What was that admin account? And were there others?
Thanks,
William
Runcorn.
On 19/06/07, William Pietri william@scissor.com wrote:
jayjg wrote:
We also had an admin sockpuppet account un hard-blocking TOR proxies and then soft blocking so his other sockpuppets could use them. And somehow Wikitruth has access to every single deleted page on Wikipedia.
I must have missed the excitement surrounding that. What was that admin account? And were there others?
Thanks,
William
WikiEN-l mailing list WikiEN-l@lists.wikimedia.org To unsubscribe from this mailing list, visit: http://lists.wikimedia.org/mailman/listinfo/wikien-l
As far as the cracked passwords, that happening again (at least vie the usual means of iterating through all possible passes or using a common pass list) will have a very hard time of succeeding due to the captchas put into place after the last incident.
Regards, Eagle 101
On 6/18/07, MacGyverMagic/Mgm macgyvermagic@gmail.com wrote:
On 6/18/07, Ron Ritzman ritzman@gmail.com wrote:
On 6/15/07, Slim Virgin slimvirgin@gmail.com wrote:
Trojan admin accounts can do a lot of damage. They can view and copy deleted material; unblock abusive users; unprotect pages that would be better left protected; cause endless arguments on AN/I by questioning other admins; log and hand out conversations on the admins' channel, and doubtless other things I haven't thought of.
With all the talk about this "trojan admin" business, this question has to be asked. Is there any evidence that this is actually happening or has happened? Have any trojan admin accounts been desysopped and blocked? I don't believe that a few idiots bragging about doing this off wiki is real evidence BTW. It's more likely the bragging is either to impress other trolls and/or to get us all paranoid about it.
And multiple accounts? A disruptor would have a hard enough time getting one account through all the RFA hoops. However if this really is happening/will happen then it is a serious problem which is why I like the idea of admins identifying themselves to the foundation like checkusers do. Sure it's possible for a troublemaker to get around that too but it would raise the bar for that kind of lamage.
WikiEN-l mailing list WikiEN-l@lists.wikimedia.org To unsubscribe from this mailing list, visit: http://lists.wikimedia.org/mailman/listinfo/wikien-l
We've had hacked accounts deleting the main page for one. _______________________________________________ WikiEN-l mailing list WikiEN-l@lists.wikimedia.org To unsubscribe from this mailing list, visit: http://lists.wikimedia.org/mailman/listinfo/wikien-l
On 18/06/07, Ron Ritzman ritzman@gmail.com wrote:
On 6/15/07, Slim Virgin slimvirgin@gmail.com wrote:
Trojan admin accounts can do a lot of damage. They can view and copy deleted material; unblock abusive users; unprotect pages that would be better left protected; cause endless arguments on AN/I by questioning other admins; log and hand out conversations on the admins' channel, and doubtless other things I haven't thought of.
With all the talk about this "trojan admin" business, this question has to be asked. Is there any evidence that this is actually happening or has happened? Have any trojan admin accounts been desysopped and blocked?
We had a spate of delete-the-main-page-etc vandalism from admin accounts about a month or two back; five or so were desysopped. Of those, I believe most were forcibly cracked via bad passwords; one was possibly malicious (I haven't followed up since, so I can't say what was decided.) There was also a similar case a little time before with an admin who had quit - this one did appear to be them "going out with a bang", as it were, rather than a broken account.
Corrections welcomed.