(For those trying to play catch-up on the Wikipedia-in-China issue, I recommend diving into some old Signpost archives: [1] ("The BBC looks at Chinese government editing"), [2] ("Interview: Carl Miller on Wikipedia Wars"), [3] ("Community View: Observations from the mainland"), [4] ("Special report: Hardball in Hong Kong"), and maybe [5] ("Chinese man detained and penalized for reading Wikipedia") and [6] ("China and the Chinese Wikipedia"). Note that the author of the community view piece and the subject of the special report, User:Techyan and User:Walter_Grassroot respectively, are both among those banned in this action. I have not found sources covering the more recent events relating to the canvassing policy.)

I'm having a difficult time understanding the notice, particularly which parts are relating to the NDA change and which are relating to the more recent actions. If I am understanding correctly, the NDA change:
* was prompted by credible threats against contributors,
* involved risks pertaining to private data being taken by hostile entities,
* could not be communicated in advance even to stewards without creating serious risks.

Meanwhile, regarding the bans and desysoppings:
* The message vaguely implies, but does not state, that "credible threats to [Chinese users'] safety" were relevant to this decision.
* A second justification is similarly implied: That the actions were necessary to avoid community capture/infiltration on zhwiki, presumably by the government of the PRC. Particularly highlighted issues of relevance to this are canvassing and fraud, presumably for community manipulation.
* Some relevant information on this cannot be revealed publicly ("limits to what we can reveal").

Maggie has stated on-wiki that those desysopped will be permitted to run for adminship again [7], while the WMF will "monitor the integrity of elections for those seeking sysop rights again (after this action) until we are able to help the local community adopt a more secure system." I am fairly confident that, if the desysoppings were necessary to avoid actual harm (that is, if there was a threat to safety from those users holding advanced rights), the WMF would not allow the restoring of those rights. Maggie's on-list response to Yaroslav mentioning desysoppings of those "whose behavior has been problematic in relation largely to canvassing or demonstrated abuse of their roles" seems to further support that this was not about harm.

The canvassing rationale for the desysoppings (and possibly for some of the bans, if all seven were not for the same reasons) is not sufficient to justify this action by the WMF; preventing local canvassing is not within the T&S's remit. This may not have been the actual rationale (per "limits to what we can reveal"), but there are clear indications that it was, per the posts.

This decision may have needed to be made. The decision also might not have been the WMF's decision to make.

Outside of specific limited situations, desysoppings are decisions made by volunteers. It is possible that circumstances have made functioning local discussion impossible, in which case a global discussion could take place. If necessary secrecy of certain information makes public global discussion unable to independently provide judgement, it could fall to the stewards to assist. Unless this situation relates to one of the responsibilities that the community has delegated to T&S, at no point does this fall to them.

While the lack of disclosure makes it impossible to be sure, it looks quite likely to me that the WMF has acted inappropriately in desysopping these users.

-- Yair Rand

[1] https://en.wikipedia.org/wiki/Wikipedia:Wikipedia_Signpost/2019-10-31/In_focus
[2] https://en.wikipedia.org/wiki/Wikipedia:Wikipedia_Signpost/2019-10-31/Interview
[3] https://en.wikipedia.org/wiki/Wikipedia:Wikipedia_Signpost/2019-10-31/Community_view
[4] https://en.wikipedia.org/wiki/Wikipedia:Wikipedia_Signpost/2021-07-25/Special_report
[5] https://en.wikipedia.org/wiki/Wikipedia:Wikipedia_Signpost/2020-11-01/In_the_media#Chinese_man_detained_and_penalized_for_reading_Wikipedia
[6] https://en.wikipedia.org/wiki/Wikipedia:Wikipedia_Signpost/2019-08-30/Community_view#China_and_the_Chinese_Wikipedia
[7] https://meta.wikimedia.org/wiki/User_talk:WMFOffice#Recent_desysops

‫בתאריך יום ב׳, 13 בספט׳ 2021 ב-12:15 מאת ‪Maggie Dennis‬‏ <‪mdennis@wikimedia.org‬‏>:‬
(on-wiki:  ; Google translated notice that there is a professional Chinese translation of the email below - 中文翻譯見下文)

Hello, everyone.

I’m Maggie Dennis, the Wikimedia Foundation’s Vice President of Community Resilience & Sustainability.[1] I’m reaching out to you today to talk about a series of actions the Foundation has recently taken to protect communities across the globe.

I apologize in advance for the length and the ambiguity in certain areas. These are complicated issues, and I will try to summarize a lot of what may be unfamiliar information to some of you succinctly. I will answer questions to the best of my ability within safety parameters, and I will be hosting an office hour in a few weeks where I can discuss these issues in more depth. We’re currently getting that set up in regards to availability of support staff and will announce it on Wikimedia-L and Meta as soon as that information is prepared.

Many of you are already aware of recent changes that the Foundation has made to its NDA policy. These changes have been discussed on Meta, and I won’t reiterate all of our disclosures there,[2] but I will briefly summarize that due to credible information of threat, the Foundation has modified its approach to accepting “non-disclosure agreements” from individuals. The security risk relates to information about infiltration of Wikimedia systems, including positions with access to personally identifiable information and elected bodies of influence. We could not pre-announce this action, even to our most trusted community partner groups (like the stewards), without fear of triggering the risk to which we’d been alerted. We restricted access to these tools immediately in the jurisdictions of concern, while working with impacted users to determine if the risk applied to them.

I want to pause to emphasize that we do not mean to accuse any specific individual whose access was restricted by that policy change of bad intent. Infiltration can occur through multiple mechanisms. What we have seen in our own movement includes not only people deliberately seeking to ingratiate themselves with their communities in order to obtain access and advance an agenda contrary to open knowledge goals, but also individuals who have become vulnerable to exploitation and harm by external groups because they are already trusted insiders. This policy primarily served to address the latter risk, to reduce the likelihood of recruitment or (worse) extortion. We believe that some of the individuals impacted by this policy change were also themselves in danger, not only the people whose personal information they could have been forced to access.

Today, the Foundation has rolled out a second phase of addressing infiltration concerns, which has resulted in sweeping actions in one of the two currently affected jurisdictions. We have banned seven users and desysopped a further 12 as a result of long and deep investigations into activities around some members of the unrecognized group Wikimedians of Mainland China.[3] We have also reached out to a number of other editors with explanations around canvassing guidelines and doxing policies and requests to modify their behaviors.

When it comes to office actions, the Wikimedia Foundation typically defaults to little public communication, but this case is unprecedented in scope and nature. While there remain limits to what we can reveal in order to protect the safety and privacy of users in that country and in that unrecognized group, I want to acknowledge that this action is a radical one and that this decision was not easily made. We struggled with not wanting to discourage and destroy the efforts of good faith users in China who have worked so hard to fight for free and open knowledge, including some of those involved in this group. We do not want them to fear that their contributions are unwelcome. We also could not risk exposing them to danger by doing nothing to protect them after we became aware of credible threats to their safety.

While some time ago we limited the exposure of personal information to users in mainland China, we know that there has been the kind of infiltration we describe above in the project. And we know that some users have been physically harmed as a result. With this confirmed, we have no choice but to act swiftly and appropriately in response.

I take it as both a triumph and a challenge that in the years of my own involvement I have seen Wikimedia go from a suspect non-mainstream website to a highly trusted and widely relied upon source across the world. When I first started editing the projects in about 2007, I already believed Wikimedia had the capacity to be one of the greatest achievements of the world--collective knowledge, at your fingertips. What an amazing gesture of goodwill on the part of all of its many editors. It didn’t take me long after I started editing to realize how entrenched the battles could be over how to present information and how that can be exploited to achieve specific ends. I’m not trying to suggest that I was astonishingly prescient; I think there were many who realized that risk long before I stumbled naively on the scene. I do think that the risk is greater than ever now, when Wikimedia projects are widely trusted, and when the stakes are so high for organized efforts to control the information they share.

Community “capture” is a real and present threat. For years, the movement has been widely aware of challenges in the Croatian Wikipedia, with documentation going back nearly a decade. The Foundation recently set up a disinformation team, which is still finding its footing and assessing the problem, but which began by contracting an external researcher to review that project and the challenges and help us understand potential causes and solutions for such situations.[4] We have also recently staffed a human rights team to deal with urgent threats to the human rights of communities across the group as a result of such organized efforts to control information. The situation we are dealing with today has shown me how much we need as a movement to grapple with the hard questions of how we remain open to editing by anyone, anywhere, while ensuring that individuals who take us up on that offer are not harmed by those who want to silence them.

With respect to the desysopping, we hope to connect with the international Chinese language community in the near future to talk about approaches to elections that avoid the risk of project capture and ensure that people are and feel safe contributing to the Chinese language Wikipedia. We need to make sure that the community can hold fair elections, without canvassing or fraud. We hope that helping to establish such a fair approach to elections will allow us to reinstate CheckUser rights in time.

I want to close this email by noting that I am personally deeply sorry to those of you for whom this will be a shock. This will undoubtedly include those who wonder if they should fear that their personal information has been exposed (we do not believe so; we believe we acted in time to prevent that) and also those who fear that further such bold action is in the works which may disrupt them and their work and their communities (at this point, with this action, we believe the identified risks have been contained in the short to medium term). I am also truly sorry to those communities who have been uneasy in the shadow of such threats for some time. The Foundation continues to build our capacity to support every community that wants or needs its support - and we are still learning how to do so well when we do. One of the key areas we seek improvement is in our ability to understand our human rights impact and in our ability to address those challenges. You have not had the service you’ve deserved. We can’t fix things immediately, but we are working to improve, actively, intentionally, and with focus.

To the 4,000 active Chinese language Wikimedians distributed across the world and serving readers in multiple continents,[5][6] I would like to communicate my sorrow and regret. I want to assure you that we will do better. The work you do in sharing knowledge to Chinese readers everywhere has great meaning, and we are committed to supporting you in doing this work into the future, with the tools you need to succeed in a safe, secure, and productive environment.

Again, I will answer what questions I can, also relying on the support of others in Legal and perhaps beyond. We’re setting up a page on Meta to talk, and I will be hosting an office hour in coming weeks.

Best regards,

[1] https://meta.wikimedia.org/wiki/Community_Resilience_and_Sustainability
[2] https://meta.wikimedia.org/wiki/Talk:Access_to_nonpublic_personal_data_policy#Policy_adjustment_on_behalf_of_Legal
[3] https://meta.wikimedia.org/wiki/Wikimedians_of_Mainland_China
[4] https://meta.wikimedia.org/wiki/Croatian_Wikipedia_Disinformation_Assessment-2021
[5] https://stats.wikimedia.org/#/zh.wikipedia.org
[6] https://stats.wikimedia.org/#/zh.wikipedia.org/reading/page-views-by-country/normal|map|last-month|(access)~desktop*mobile-app*mobile-web|monthly



我是 Maggie Dennis, 维基媒体基金会社团及延续性的领导。[1] 今天我想和大家分享维基媒体基金会在全球保护社团采取的一系列办事行动。

我在这里先向大家说声对不起。这封信会比较长,有些方面也会比较歧义。这些事的确比较复杂,但我会尽量简化但明确的把这些资料和大家分享。我会在安全范围内尽我所能的回答问题,我也会在未来的几个星期主办 office hour 在和大家更详细的研讨。我们正在设置有关于人力资源上的问题并会在 Wikimedia-L 和 Meta 发布讯息。

相信大家已经知道基金会在几周前对 NDA 政策的改变。这些改变已经在 Meta 讨论过了,我也不必在这里重申,[2]但让我在这里简要地说明。基金会收到了有关各人威胁的可信消息并调整了接受各人“non-disclosure agreements”的姿态。这个安全风险是有关于浸入及索取基金会的系统,也包括取数个人识别资料和选举管理机构的影响。我们不能预先宣布这新的策略即使是我们最信任的团体 (stewards), 为了不触发这些风险。我们在受影响的区域限制了使用权并且和受影响的使用者讨论风险对它们的影响。


今天,维基媒体基金会在两个受影响的区域之一,推出了第二阶段寻址浸入风险的扫荡行动。经过了深入调查非附属团体 Wikimedians of Mainland China 的活动, 我们禁止了七个用户和删除了十二个管理员权限。[3] 我们还联系了一些其他编辑,解释了有关拉票指南和人肉政策的解释,,并要求它们调整这些行为。

有关于办事行动维基媒体基金会通常不会向外公开但这个案件的范围和性质是前所未有的。在安全和隐私的范围内我们不能透露在非附属团体的这些用户,但我想承认这行动是激进的,而且做出这一决定并不容易。 我们努力地不想阻止和破坏中文真诚用户的努力,他们为自由和开放的知识而努力奋斗,包括参与该群体的一些人。我们也不想让真诚的用户觉得不实欢迎,当我们收到了对它们安全可信的威胁,我们也不能冒险采取任何措施保护他们,从而使他们面临危险。

一些时间前, 我们限制了在中国用户的个人资料暴露,也知道在中文维基百科有相似的浸入。我们也确认了有些用户为某些因故而受了身体伤害。我们别无选者必须快速做回应。

当我回顾我在维基媒体的这些年,从一个非主流的网站转变成一个全求都信任的线上百科全书,我把这个案件当作是一个挑战和胜利。 在2007年当我钢开始改编的时候我已经相信维基媒体会是全球最大成就之一, 那就是集体知识,在手指上。 不用多久时间,我就发现了许多编辑人员善意的姿态和那些用来呈现资料角度的战争。我不是在暗示我有预见性的警告,我觉得很多用户在我参与前就知道这事会发生。我不认为这个风险在这个时候比较高,当维基媒体的项目收到这么庞大的信任,还有组织的努力来控制我们分享的知识。

团体“占领” 是一个真是的风险。多年已来,基金会意识到的克罗地亚维基百科面临的挑战。我们也有进十年的文档。基金会在最近设立了虚假信息团队,但是我们还在评估克罗地亚维基百科的问题。这些问题是基金会较早前聘请的承包商来帮我们理解原因和解决办法。[4] 为了应付团体组织的资料控制,我们也设立了一组人权团队来应对紧急人权危机。我们惊天所免领的问题也让我看到了我们所需要的来应付这些困难问题,像是如何继续开放编辑给每个人,在每个地方但能够确保我们的用户在编辑中受到被封的威胁下感到安全。

在管理员权限,我们希望能够与国际华语群体链接来参与及讨论选举的方向为了避免团体占领也绕着不知让中文维基百科的用户感到安全也绝对是安全。 我们也必须确认中文项目的用户可以举办公平的选举,没有拉票或欺诈。 我们希望建设这些公平的法则来维持选举能够让我们在未来恢复 CheckUser 权利.



同样,我将回答我能回答的问题,也依赖于法律领域甚至其他领域的其他人的支持。我们正在 Meta 上建立一个页面来讨论,我将在未来几周内主办 office hour 在和大家更详细的研讨。


[1] https://meta.wikimedia.org/wiki/Community_Resilience_and_Sustainability
[2] https://meta.wikimedia.org/wiki/Talk:Access_to_nonpublic_personal_data_policy#Policy_adjustment_on_behalf_of_Legal
[3] https://meta.wikimedia.org/wiki/Wikimedians_of_Mainland_China
[4] https://meta.wikimedia.org/wiki/Croatian_Wikipedia_Disinformation_Assessment-2021
[5] https://stats.wikimedia.org/#/zh.wikipedia.org
[6] https://stats.wikimedia.org/#/zh.wikipedia.org/reading/page-views-by-country/normal|map|last-month|(access)~desktop*mobile-app*mobile-web|monthly

Maggie Dennis
Vice President, Community Resilience & Sustainability
Wikimedia Foundation, Inc.
Wikimedia-l mailing list -- wikimedia-l@lists.wikimedia.org, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/wiki/Wikimedia-l
Public archives at https://lists.wikimedia.org/hyperkitty/list/wikimedia-l@lists.wikimedia.org/message/6ANVSSZWOGH27OXAIN2XMJ2X7NWRVURF/
To unsubscribe send an email to wikimedia-l-leave@lists.wikimedia.org