From: David Gerard dgerard@gmail.com Date: 2008/6/5 Subject: Re: [Wikitech-l] TorBlock extension enabled To: Wikimedia developers wikitech-l@lists.wikimedia.org
2008/6/5 Tim Starling tstarling@wikimedia.org:
Andrew Garrett wrote:
The TorBlock extension will override local IP blocks to provide a consistent treatment of tor.
I've disabled this behaviour for now, so that we can have a more orderly phase-in period with community discussion. Admin blocks of Tor exit nodes will continue to work. The new protections which have been introduced will also work, and so Tor anonymous users on the English Wikipedia will typically see two block messages.
Thanks for holding off on this :-)
I've asked the other checkusers concerned about this to post useful information to wikitech-l about what we actually see in practice on en:wp (buckets of toxic waste through Tor, the fabulously illustrative case of Runcorn concerning softblocks, etc), so as to supply the devs with good info.
I don't have the records to do a statistically valid analysis of the use of Tor by sockpuppets and vandals as compared to other types of proxies. I'm sure that the new extension, which amounts to global "firm" blocking of Tor exits (more than a soft block but less than a hard block) will cut down on the use of Tor by casual or lazy vandals.
However, the firm block would not address the problem of determined abusive users using proxies to conceal their activities. The two most prominent cases that come to mind are Poetlister (whose sock Runcorn downgraded blocks on Tor exits so that her other socks could use them) and Mantanmoreland, who created a second account that exclusively used proxies in order to avoid checkuser confirmation. Or see http://en.wikipedia.org/wiki/Wikipedia:Requests_for_checkuser/Case/Fantevd, where a nominally good user with 6000 edits was found to be running a sock farm via open proxies, ultimately involving 24 accounts with 3000 edits to
Both of these accounts caused significant disruption and drama. Blocking all proxies that exit to Wikipedia could potentially prevent similar future situations, but not if all the puppetmaster has to do is to keep a low profile for 90 days.
And at least on enwiki, the "moral" reason for softblocking Tor exits (to allow people to edit from repressive locations, etc) has been voided by the enabling of the IP block exemption.
Gmaxwell correctly pointed out in an email to checkuser-L that if Tor exits are hardblocked, smart puppetmasters will use other proxies. True, but we can block those proxies. We *can't* block Tor exits, at least if the override behavior is in place. In fact, with the override enabled, the new extension will actually *encourage* sockpuppeteers to use Tor, because it will guarantee they will always be able to edit as long as they have the patience to wait for their socks to be autoconfirmed. They will no longer run the risk of enrolling in a commercial anonymizing service only to discover that we have blocked it.
I think this extension is a great idea and I thank all the volunteers who worked on it, but I think the override is a very bad idea.
Thatcher
Thatcher131 Wikipedia wrote:
Gmaxwell correctly pointed out in an email to checkuser-L that if Tor exits are hardblocked, smart puppetmasters will use other proxies. True, but we can block those proxies. We *can't* block Tor exits, at least if the override behavior is in place. In fact, with the override enabled, the new extension will actually *encourage* sockpuppeteers to use Tor, because it will guarantee they will always be able to edit as long as they have the patience to wait for their socks to be autoconfirmed. They will no longer run the risk of enrolling in a commercial anonymizing service only to discover that we have blocked it.
Then it could be configured to perform a complete block for those wikis which really want that (not as the default, although completely blocking tor is tempting). It will still keep an updated Tor list, as opposed to having half tor edits working or not, or running a bot as sysop each X time to block exit nodes. It might be a good idea to set a magic IP address, such as 255.255.255.tor whose blocks affected to any exit node in case of tor vandalism.
Good work, Andrew. Nonetheless, i encourage you to rename $wgTorIPs. It's counterintuitive, as $wgTorIPs aren't the Tor IPs but the server ones! What about $wgTorExitsMediawikiIPs ?
2008/6/5 Platonides Platonides@gmail.com:
Then it could be configured to perform a complete block for those wikis which really want that (not as the default, although completely blocking tor is tempting).
I fear that would be much-needed on en:wp. Tor edits have been less and less tolerated as we discover how much rubbish comes through them.
Is there a way to allow exempt IPs to edit through Tor anyway?
It will still keep an updated Tor list, as opposed to having half tor edits working or not, or running a bot as sysop each X time to block exit nodes.
Oh yesss :-)
- d.
2008/6/5 David Gerard dgerard@gmail.com:
Is there a way to allow exempt IPs to edit through Tor anyway?
I mean exempt usernames (I believe sysops are presently immune to IP blocks, for example).
- d.
You could always create a ipblockexempt flag linked to the permission and give that out when a Tor user with a valid reason shows up.
~Daniel Friesen(Dantman) of: -The Nadir-Point Group (http://nadir-point.com) --It's Wiki-Tools subgroup (http://wiki-tools.com) --Games-G.P.S. (http://ggps.org) -And Wikia ACG on Wikia.com (http://wikia.com/wiki/Wikia_ACG)
David Gerard wrote:
2008/6/5 David Gerard dgerard@gmail.com:
Is there a way to allow exempt IPs to edit through Tor anyway?
I mean exempt usernames (I believe sysops are presently immune to IP blocks, for example).
- d.
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
David Gerard wrote:
Is there a way to allow exempt IPs to edit through Tor anyway?
I mean exempt usernames (I believe sysops are presently immune to IP blocks, for example).
- d.
Yes, the permissions at wgTorBypassPermissions allow bypassing it, so i suppose exempt users are being given the torunblocked right.
On Fri, Jun 6, 2008 at 6:51 AM, David Gerard dgerard@gmail.com wrote:
2008/6/5 David Gerard dgerard@gmail.com:
Is there a way to allow exempt IPs to edit through Tor anyway?
I mean exempt usernames (I believe sysops are presently immune to IP blocks, for example).
See http://en.wikipedia.org/wiki/Special:ListGroupRights
You'll notice an extra permission under User, called torblock-unblocked, or something. All that would need to be done is for that to be reassigned to a user group given out.
However, I don't like the idea of hard-blocking tor, even when we do give out flags to people who need to use it. I maintain that we are best to come up with some other form of novel handling that balances the need to prevent vandalism with other needs.
I think that, for users who don't have a certain permission, marking tor edits as such in recentchanges would be an excellent step in that direction.
On Thu, Jun 5, 2008 at 5:50 PM, Andrew Garrett andrew@epstone.net wrote:
See http://en.wikipedia.org/wiki/Special:ListGroupRights
You'll notice an extra permission under User, called torblock-unblocked, or something. All that would need to be done is for that to be reassigned to a user group given out.
Shouldn't ipblock-exempt imply torunblocked?
2008/6/5 Andrew Garrett andrew@epstone.net:
However, I don't like the idea of hard-blocking tor, even when we do give out flags to people who need to use it. I maintain that we are best to come up with some other form of novel handling that balances the need to prevent vandalism with other needs.
Not many people do like the idea of blocking it. The hard-blocking on en:wp is because people like the realities of not blocking it even less.
- d.
On Thu, Jun 5, 2008 at 5:50 PM, Andrew Garrett andrew@epstone.net wrote:
On Fri, Jun 6, 2008 at 6:51 AM, David Gerard dgerard@gmail.com wrote:
2008/6/5 David Gerard dgerard@gmail.com:
Is there a way to allow exempt IPs to edit through Tor anyway?
I mean exempt usernames (I believe sysops are presently immune to IP blocks, for example).
See http://en.wikipedia.org/wiki/Special:ListGroupRights
You'll notice an extra permission under User, called torblock-unblocked, or something. All that would need to be done is for that to be reassigned to a user group given out.
However, I don't like the idea of hard-blocking tor, even when we do give out flags to people who need to use it. I maintain that we are best to come up with some other form of novel handling that balances the need to prevent vandalism with other needs.
Why do you not like the idea of hard-blocking tor? What other needs are you referring to?
On Fri, Jun 6, 2008 at 7:16 AM, jayjg jayjg99@gmail.com wrote:
On Thu, Jun 5, 2008 at 5:50 PM, Andrew Garrett andrew@epstone.net wrote:
On Fri, Jun 6, 2008 at 6:51 AM, David Gerard dgerard@gmail.com wrote:
2008/6/5 David Gerard dgerard@gmail.com:
Is there a way to allow exempt IPs to edit through Tor anyway?
I mean exempt usernames (I believe sysops are presently immune to IP blocks, for example).
See http://en.wikipedia.org/wiki/Special:ListGroupRights
You'll notice an extra permission under User, called torblock-unblocked, or something. All that would need to be done is for that to be reassigned to a user group given out.
However, I don't like the idea of hard-blocking tor, even when we do give out flags to people who need to use it. I maintain that we are best to come up with some other form of novel handling that balances the need to prevent vandalism with other needs.
Why do you not like the idea of hard-blocking tor? What other needs are you referring to?
Can't speak for the other person, but assuming good faith, not biting newcomers, and the recognition that many legitimate reasons exist for using tor under repressive governments as the reasons for not liking hard blocks. As for other needs, id say, you know, being Wikipedia, the free encyclopedia that *anyone* can edit is a pretty important need. The more we close off the club, the more we stagnate.
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
2008/6/6 Brock Weller brock.weller@gmail.com:
Can't speak for the other person, but assuming good faith, not biting newcomers, and the recognition that many legitimate reasons exist for using tor under repressive governments as the reasons for not liking hard blocks. As for other needs, id say, you know, being Wikipedia, the free encyclopedia that *anyone* can edit is a pretty important need. The more we close off the club, the more we stagnate.
This is what I mean when I say that hard-blocking Tor is a bad idea, and why it's obviously necessary to enlighten the devs as to why (whether casually or ideologically) disabling hard-blocking Tor will be an even worse one.
- d.
On Fri, Jun 6, 2008 at 4:47 PM, Brock Weller brock.weller@gmail.com wrote:
On Fri, Jun 6, 2008 at 7:16 AM, jayjg jayjg99@gmail.com wrote:
On Thu, Jun 5, 2008 at 5:50 PM, Andrew Garrett andrew@epstone.net wrote:
On Fri, Jun 6, 2008 at 6:51 AM, David Gerard dgerard@gmail.com wrote:
2008/6/5 David Gerard dgerard@gmail.com:
Is there a way to allow exempt IPs to edit through Tor anyway?
I mean exempt usernames (I believe sysops are presently immune to IP blocks, for example).
See http://en.wikipedia.org/wiki/Special:ListGroupRights
You'll notice an extra permission under User, called torblock-unblocked, or something. All that would need to be done is for that to be reassigned to a user group given out.
However, I don't like the idea of hard-blocking tor, even when we do give out flags to people who need to use it. I maintain that we are best to come up with some other form of novel handling that balances the need to prevent vandalism with other needs.
Why do you not like the idea of hard-blocking tor? What other needs are you referring to?
Can't speak for the other person, but assuming good faith, not biting newcomers, and the recognition that many legitimate reasons exist for using tor under repressive governments as the reasons for not liking hard blocks. As for other needs, id say, you know, being Wikipedia, the free encyclopedia that *anyone* can edit is a pretty important need. The more we close off the club, the more we stagnate.
I appreciate why someone in China would want to use tor. Would any of that apply to someone in a Western democracy?
On Fri, Jun 6, 2008 at 5:39 PM, jayjg jayjg99@gmail.com wrote:
On Fri, Jun 6, 2008 at 4:47 PM, Brock Weller brock.weller@gmail.com wrote:
On Fri, Jun 6, 2008 at 7:16 AM, jayjg jayjg99@gmail.com wrote:
On Thu, Jun 5, 2008 at 5:50 PM, Andrew Garrett andrew@epstone.net wrote:
On Fri, Jun 6, 2008 at 6:51 AM, David Gerard dgerard@gmail.com wrote:
2008/6/5 David Gerard dgerard@gmail.com:
Is there a way to allow exempt IPs to edit through Tor anyway?
I mean exempt usernames (I believe sysops are presently immune to IP blocks, for example).
See http://en.wikipedia.org/wiki/Special:ListGroupRights
You'll notice an extra permission under User, called torblock-unblocked, or something. All that would need to be done is for that to be reassigned to a user group given out.
However, I don't like the idea of hard-blocking tor, even when we do give out flags to people who need to use it. I maintain that we are best to come up with some other form of novel handling that balances the need to prevent vandalism with other needs.
Why do you not like the idea of hard-blocking tor? What other needs are you referring to?
Can't speak for the other person, but assuming good faith, not biting newcomers, and the recognition that many legitimate reasons exist for using tor under repressive governments as the reasons for not liking hard blocks. As for other needs, id say, you know, being Wikipedia, the free encyclopedia that *anyone* can edit is a pretty important need. The more we close off the club, the more we stagnate.
I appreciate why someone in China would want to use tor. Would any of that apply to someone in a Western democracy?
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Perhaps someone who prefers to browse the web more anonymously?
-Chad
On Fri, Jun 6, 2008 at 6:01 PM, Chad innocentkiller@gmail.com wrote:
On Fri, Jun 6, 2008 at 5:39 PM, jayjg jayjg99@gmail.com wrote:
On Fri, Jun 6, 2008 at 4:47 PM, Brock Weller brock.weller@gmail.com wrote:
On Fri, Jun 6, 2008 at 7:16 AM, jayjg jayjg99@gmail.com wrote:
On Thu, Jun 5, 2008 at 5:50 PM, Andrew Garrett andrew@epstone.net wrote:
On Fri, Jun 6, 2008 at 6:51 AM, David Gerard dgerard@gmail.com wrote:
2008/6/5 David Gerard dgerard@gmail.com:
> Is there a way to allow exempt IPs to edit through Tor anyway?
I mean exempt usernames (I believe sysops are presently immune to IP blocks, for example). only editi
See http://en.wikipedia.org/wiki/Special:ListGroupRights
You'll notice an extra permission under User, called torblock-unblocked, or something. All that would need to be done is for that to be reassigned to a user group given out.
However, I don't like the idea of hard-blocking tor, even when we do give out flags to people who need to use it. I maintain that we are best to come up with some other form of novel handling that balances the need to prevent vandalism with other needs.
Why do you not like the idea of hard-blocking tor? What other needs are you referring to?
Can't speak for the other person, but assuming good faith, not biting newcomers, and the recognition that many legitimate reasons exist for using tor under repressive governments as the reasons for not liking hard blocks. As for other needs, id say, you know, being Wikipedia, the free encyclopedia that *anyone* can edit is a pretty important need. The more we close off the club, the more we stagnate.
I appreciate why someone in China would want to use tor. Would any of that apply to someone in a Western democracy?
Perhaps someone who prefers to browse the web more anonymously?
-Chad
Browsing via TOR is not blocked.
On Fri, Jun 6, 2008 at 6:30 PM, jayjg jayjg99@gmail.com wrote:
On Fri, Jun 6, 2008 at 6:01 PM, Chad innocentkiller@gmail.com wrote:
Perhaps someone who prefers to browse the web more anonymously?
Browsing via TOR is not blocked.
And as for someone who prefers to *edit* the web more anonymously, well, I don't see any reason Wikipedia (or anyone else) needs to indulge them. They only gain anonymity from checkusers, and I *hope* we think that's a bad thing -- else why have the rank to begin with?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Simetrical wrote:
On Fri, Jun 6, 2008 at 6:30 PM, jayjg jayjg99@gmail.com wrote:
On Fri, Jun 6, 2008 at 6:01 PM, Chad innocentkiller@gmail.com wrote:
Perhaps someone who prefers to browse the web more anonymously?
Browsing via TOR is not blocked.
And as for someone who prefers to *edit* the web more anonymously, well, I don't see any reason Wikipedia (or anyone else) needs to indulge them. They only gain anonymity from checkusers, and I *hope* we think that's a bad thing -- else why have the rank to begin with?
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
I think it's also because there have been vandal related issues.
- --CWii
On Fri, Jun 6, 2008 at 6:38 PM, Simetrical Simetrical+wikilist@gmail.com wrote:
On Fri, Jun 6, 2008 at 6:30 PM, jayjg jayjg99@gmail.com wrote:
On Fri, Jun 6, 2008 at 6:01 PM, Chad innocentkiller@gmail.com wrote:
Perhaps someone who prefers to browse the web more anonymously?
Browsing via TOR is not blocked.
And as for someone who prefers to *edit* the web more anonymously, well, I don't see any reason Wikipedia (or anyone else) needs to indulge them. They only gain anonymity from checkusers, and I *hope* we think that's a bad thing -- else why have the rank to begin with?
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
From the raw IPs, I agree. However, if we have a user wishing to edit
via TOR and they have a registered account, we should grant them ipblock-exempt. TOR's still hardblocked, yes. Anon edits aren't allowed in. However, single users who wish to edit and can be trusted should be allowed to do so.
It's not as though giving them ipblock-exempt suddenly makes the IP free and wild for everyone. Nor does it permit them to confer the right onto other accounts. It's easy to keep an eye on a single user.
-Chad
jayjg schrieb:
I appreciate why someone in China would want to use tor. Would any of that apply to someone in a Western democracy?
Living in a Western democracy doesn't necessarily mean that you can surf the web or use internet services freely, look at all those blocks for Bittorrent, the dozens of blocks for Nazi hosters, and especially the German court decision about YouPorn, which actually led to >2 million websites being invisible by Arcor customers; they can only be helped through proxys (though I don't think watching porn via proxys is good).
And please also do not forget that some people indeed care about their privacy - what many people unfortunately do not, and so freedom passes more and more away.
Marco
On Fri, Jun 6, 2008 at 8:06 PM, Marco Schuster marco@harddisk.is-a-geek.org wrote:
jayjg schrieb:
I appreciate why someone in China would want to use tor. Would any of that apply to someone in a Western democracy?
Living in a Western democracy doesn't necessarily mean that you can surf the web or use internet services freely, look at all those blocks for Bittorrent, the dozens of blocks for Nazi hosters, and especially the German court decision about YouPorn, which actually led to >2 million websites being invisible by Arcor customers; they can only be helped through proxys (though I don't think watching porn via proxys is good).
As has been pointed out, while porn sites may be blocked, Wikipedia rarely (if ever) is, so the analogy fails.
And please also do not forget that some people indeed care about their privacy - what many people unfortunately do not, and so freedom passes more and more away.
Wikipedia is an on-line encyclopedia, not an experiment in internet anonymity. If it were, then we would discard all checkuser logs immediately. We give editors a reasonable level of anonymity, a balance that provides the most net benefit to *Wikipedia*. Allowing TOR open proxies to edit (why TOR and no others, I wonder?) has an overall net dis-benefit to Wikipedia.
Hoi, We are discussing a tool that is to be implemented WMF wide. There are projects that are utterly different, there are languages spoken in countries where the sheer audacity of printing the historic election communiques of the ruling government can get you killed. They are largely the less and least resourced languages and consequently these projects are comparatively tiny.
There are people I am aware off who want to contribute to Wikinews but it is EXACTLY their need to be outside of their country and to be anonymous that may give them the courage to start doing a journalistic job.. We all now how great our community is at keeping secrets, there are people who insist that everything should be available to them. I am fearful that removing the option for these people to use TOR will kill off what is essential to our goal; bring information to our public..
Even our public figures, people living in the "free world" are harassed, stalked, threatened...Rape, murder, the use of sulphuric acid they are the kind of threats that are issued. This is in my opinion the greatest threat that we face. This threatens our NPOV. For some people safety exists in anonymity but there are people who are loose lipped, who think that the issue is not that dire and who as a consequence will carelessly endanger their fellow wikimedians.
There is a balance between on the one hand the vandals, the sock puppeteers, the insane and on the other hand the people who need the anonymity that TOR can offer. At this moment I am afraid that only one side of the picture has been considered. Thanks, GerardM
On Sun, Jun 8, 2008 at 7:58 PM, jayjg jayjg99@gmail.com wrote:
On Fri, Jun 6, 2008 at 8:06 PM, Marco Schuster marco@harddisk.is-a-geek.org wrote:
jayjg schrieb:
I appreciate why someone in China would want to use tor. Would any of that apply to someone in a Western democracy?
Living in a Western democracy doesn't necessarily mean that you can surf the web or use internet services freely, look at all those blocks for Bittorrent, the dozens of blocks for Nazi hosters, and especially the German court decision about YouPorn, which actually led to >2 million websites being invisible by Arcor customers; they can only be helped through proxys (though I don't think watching porn via proxys is good).
As has been pointed out, while porn sites may be blocked, Wikipedia rarely (if ever) is, so the analogy fails.
And please also do not forget that some people indeed care about their privacy - what many people unfortunately do not, and so freedom passes more and more away.
Wikipedia is an on-line encyclopedia, not an experiment in internet anonymity. If it were, then we would discard all checkuser logs immediately. We give editors a reasonable level of anonymity, a balance that provides the most net benefit to *Wikipedia*. Allowing TOR open proxies to edit (why TOR and no others, I wonder?) has an overall net dis-benefit to Wikipedia.
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
On Sun, Jun 8, 2008 at 3:56 PM, Gerard Meijssen gerard.meijssen@gmail.com wrote:
Hoi, We are discussing a tool that is to be implemented WMF wide. There are projects that are utterly different, there are languages spoken in countries where the sheer audacity of printing the historic election communiques of the ruling government can get you killed. They are largely the less and least resourced languages and consequently these projects are comparatively tiny.
There are people I am aware off who want to contribute to Wikinews but it is EXACTLY their need to be outside of their country and to be anonymous that may give them the courage to start doing a journalistic job.. We all now how great our community is at keeping secrets, there are people who insist that everything should be available to them. I am fearful that removing the option for these people to use TOR will kill off what is essential to our goal; bring information to our public..
Even our public figures, people living in the "free world" are harassed, stalked, threatened...Rape, murder, the use of sulphuric acid they are the kind of threats that are issued. This is in my opinion the greatest threat that we face. This threatens our NPOV. For some people safety exists in anonymity but there are people who are loose lipped, who think that the issue is not that dire and who as a consequence will carelessly endanger their fellow wikimedians.
There is a balance between on the one hand the vandals, the sock puppeteers, the insane and on the other hand the people who need the anonymity that TOR can offer. At this moment I am afraid that only one side of the picture has been considered.
Ah, but which side? As far as I know, the proposal was to unilaterally implement a change in *all* wikis which would *force* TOR exit nodes to be soft blocked, regardless of Foundation policy, or of local wiki policy. A number of wiki-en CheckUsers found out about this and objected, stating that, on wiki-en at least, the damage would far outweigh any benefit.
And here we are.
2008/6/8 Gerard Meijssen gerard.meijssen@gmail.com:
We are discussing a tool that is to be implemented WMF wide. There are projects that are utterly different, there are languages spoken in countries where the sheer audacity of printing the historic election communiques of the ruling government can get you killed. They are largely the less and least resourced languages and consequently these projects are comparatively tiny.
So leave it entirely off unless and until it's asked for and there's a clear and checkable consensus, one wiki at a time. Not blithely switched on by default.
- d.
2008/6/8 Gerard Meijssen gerard.meijssen@gmail.com:
There is a balance between on the one hand the vandals, the sock puppeteers, the insane and on the other hand the people who need the anonymity that TOR can offer. At this moment I am afraid that only one side of the picture has been considered.
Yes, you are quite right that only the pro-TOR side of the picture was considered in implementing this extension. That's why those of us with serious concerns are now raising them.
- d.
On Mon, Jun 9, 2008 at 6:08 AM, David Gerard dgerard@gmail.com wrote:
Yes, you are quite right that only the pro-TOR side of the picture was considered in implementing this extension.
Certainly, I see quite significant benefit in tor - more than most do. However, I strongly object to your insinuation that my extension was not written with the best interests of the Wikimedia projects at heart.
The extension was not written for the tor people (although they were quite happy when I spoke to them of my plans - as I needed their technical co-operation to produce the list in software), and I reject any insinuation that I am somehow writing code to benefit tor, rather than the foundation.
I saw a problem - in this case, the fact that tor is now blocked using a hodgepodge of blocks by various bots, scripts, and people, many of which are no longer tor nodes, and many tor nodes are not blocked. It is suboptimal that tor nodes are hard-blocked, and it was my impression (perhaps mistaken?) that the general consensus is that while we are loathe to hard-block tor, we are forced to do it by the amount of nonsense that comes through it.
I recognised that a solution was possible - in-software handling of tor exit nodes. I realised that I could kill two birds with one stone here - both standardise the treatment of Tor by Wikimedia wikis, AND remove the hard-blocks on Wikimedia wikis by instituting some kind of special treatment of tor, which balances the needs of individuals who require privacy, and Wikipedia as a whole, which needs to have this sort of nonsense removed.
I must note that those checkusers who indicated that most of what comes through tor is nonsense have the sample they're working with skewed - they will only ever see the bad tor nodes, because (I hope) they don't go running checkusers on random users to see if they're using tor. I would imagine that we get quite a considerable amount of good editing from tor, which goes unnoticed because we have some semblance of a privacy policy.
Evidently, this is a situation requiring compromise, and I would like to see some suggested compromises from those who still maintain that hard-blocks are the only option. Remember that this is being implemented in software (something FT2 indicated that he had not realised), and therefore the sky's the limit. ANY special technical handling of tor nodes is possible. Here are a few ideas to get started: * A special page listing all recent tor users/contributions/edits. * Special marking in recentchanges, checkuser, contribs, diff pages. * Allow disabling tor per-page or per-user. * Allow temporary disabling of tor site-wide with good cause (through a special page). * Require a user to be autoconfirmed before using tor (causes a catch-22 situation, though).
As I've stated before, ipblock-exempt or a similar process will be ineffective unless torblock-unblocked is granted liberally, as a catch-22 situation is produced.
On Sat, Jun 7, 2008 at 7:39 AM, jayjg jayjg99@gmail.com wrote:
I appreciate why someone in China would want to use tor. Would any of that apply to someone in a Western democracy?
Tor has written this FAQ on this question: https://www.torproject.org/torusers.html.en
I had a discussion with FT2 on IRC a few hours ago. He said that he would be happy to have a soft-block, with these provisions: 1. A special page exists which allows the monitoring of recent tor edits. Perhaps Special:Recentchanges/tor? 2. A new protection level is added, which allows tor users to be prevented from editing an article, which, for instance, has concerns with regard to sockpuppeting and so on.
What do others think of these?
On Sat, Jun 7, 2008 at 11:28 AM, Andrew Garrett andrew@epstone.net wrote:
I had a discussion with FT2 on IRC a few hours ago. He said that he would be happy to have a soft-block, with these provisions:
- A special page exists which allows the monitoring of recent tor
edits. Perhaps Special:Recentchanges/tor?
Also on user contribs would be good place.
- A new protection level is added, which allows tor users to be
prevented from editing an article, which, for instance, has concerns with regard to sockpuppeting and so on.
You mean protect article A from user X (or x1,x2,x3) ? If that is possible, I don't see why not make it work for any user and not restrict it to tor users.
Andrew Garrett wrote:
I had a discussion with FT2 on IRC a few hours ago. He said that he would be happy to have a soft-block, with these provisions:
- A special page exists which allows the monitoring of recent tor
edits. Perhaps Special:Recentchanges/tor? 2. A new protection level is added, which allows tor users to be prevented from editing an article, which, for instance, has concerns with regard to sockpuppeting and so on.
What do others think of these?
With the extended Tor autoconfirm requirements, the second doesn't really seem necessary, semi-protection should work. If there are still problems with Tor abuse on semi-protected articles, the Tor autoconfirm restrictions can be raised without having to worry about significant impact to most users. As for the first, would users who meet the extended autoconfirm requirements or have ipblockexempt still be listed?
On Sun, Jun 8, 2008 at 3:41 AM, Alex mrzmanwiki@gmail.com wrote:
With the extended Tor autoconfirm requirements, the second doesn't really seem necessary, semi-protection should work. If there are still problems with Tor abuse on semi-protected articles, the Tor autoconfirm restrictions can be raised without having to worry about significant impact to most users. As for the first, would users who meet the extended autoconfirm requirements or have ipblockexempt still be listed?
The idea is to prevent sophisticated sockpuppeting through tor. FT2 spoke of users who keep a clean account and a dirty account (good hand, bad hand), and users who have multiple sockpuppets from tor. The idea is that if an admin suspects sockpuppeting on a debate, they may disable all tor editing for that page.
On Sat, Jun 7, 2008 at 4:28 AM, Andrew Garrett andrew@epstone.net wrote:
I had a discussion with FT2 on IRC a few hours ago. He said that he would be happy to have a soft-block, with these provisions:
- A special page exists which allows the monitoring of recent tor
edits. Perhaps Special:Recentchanges/tor? 2. A new protection level is added, which allows tor users to be prevented from editing an article, which, for instance, has concerns with regard to sockpuppeting and so on.
What do others think of these?
Actually, FT2 has said that he did not, in fact, say this, and apologizes if that was the impression you were left with.
As for me, I don't see any reason why TOR proxies should be afforded any special consideration; like all proxies, they should be hard banned, per policy, and developers shouldn't implement ways of over-turning the actions of wikis that quite properly do so. On the contrary, they should be implementing extensions that automatically block TOR exit nodes. And I don't see any particular reason why we should be adding layer upon layer of complexity to this scheme whose underlying premise is fatally flawed.
I'm not sure why the IP block exemption wouldn't work for the incredibly small number of wiki-en editors who actually have a *legitimate* reasons to use TOR.
2008/6/8 jayjg jayjg99@gmail.com:
As for me, I don't see any reason why TOR proxies should be afforded any special consideration; like all proxies, they should be hard banned, per policy, and developers shouldn't implement ways of over-turning the actions of wikis that quite properly do so. On the contrary, they should be implementing extensions that automatically block TOR exit nodes. And I don't see any particular reason why we should be adding layer upon layer of complexity to this scheme whose underlying premise is fatally flawed. I'm not sure why the IP block exemption wouldn't work for the incredibly small number of wiki-en editors who actually have a *legitimate* reasons to use TOR.
Indeed. This extension appears to be for the benefit of TOR and no-one else. Why not all open proxies? (Because that would not be of benefit to the projects.) Why TOR? Ideological reasons to be pro-TOR? How does specifically enabling TOR fit the Wikimedia Foundation's mission?
- d.
On Sun, Jun 8, 2008 at 2:16 PM, David Gerard dgerard@gmail.com wrote:
Indeed. This extension appears to be for the benefit of TOR and no-one else. Why not all open proxies? (Because that would not be of benefit to the projects.) Why TOR? Ideological reasons to be pro-TOR? How does specifically enabling TOR fit the Wikimedia Foundation's mission?
I would imagine that detecting Tor is easier than detecting anonymous proxies in general, although I haven't looked at the extension.
Simetrical wrote:
On Sun, Jun 8, 2008 at 2:16 PM, David Gerard wrote:
Indeed. This extension appears to be for the benefit of TOR and no-one else. Why not all open proxies? (Because that would not be of benefit to the projects.) Why TOR? Ideological reasons to be pro-TOR? How does specifically enabling TOR fit the Wikimedia Foundation's mission?
I would imagine that detecting Tor is easier than detecting anonymous proxies in general, although I haven't looked at the extension.
That's exactly the point. Tor outgoing servers go in[1] and out. The client is always the same (=no work for its abusers) but servers vary. Tor provides a list of ips at an instant able to reach your site. That's which these extension uses. It can also softblock or change the autoconfirmation status of people with these ips... apart of hardblocking them. Let each wiki choose its configuration, but don't leave it "entirely off" as David Gerard proposes and then run sysop bots to mass block their ips!
As for doing it for any open proxy, if you know how to do it, please share it. I think it was proposed a long time ago to automatically scan for open proxys. Don't know it if was really done, but it's certainly impossible to do now.
enwikipedists are too blockist...
1-Bad, people will be able to bypass the blocks. 2-Also bad, innocents will be blocked.
On Sun, Jun 8, 2008 at 4:26 PM, Platonides Platonides@gmail.com wrote:
As for doing it for any open proxy, if you know how to do it, please share it. I think it was proposed a long time ago to automatically scan for open proxys. Don't know it if was really done, but it's certainly impossible to do now.
You just do a portscan. It's fairly straightforward. (Also not *totally* reliable, but what is in life?) Wikimedia could then maintain its own DNSBL, if it were feeling nice. Each view would trigger a portscan on that IP, although no more than once every X days. Any hit would be added to a table of proxies that would be checked on edits, etc.
This would happen asynchronously, because portscans take time. That's not really a problem effectiveness-wise; even on a fresh hit, at most one quick edit should be able to get through before the IP gets blocked.
This would all require a substantial amount of server setup, and would be considerably more complicated than just writing an extension. Probably the web servers are firewalled such that they can't portscan, and even if not, people's firewalls would freak out and block them. (Although that might not matter, since the actual traffic goes through the Squids. Doesn't really matter if the Apaches get blocked.)
Of course, you could also use an existing DNSBL, but those aren't necessarily reliable. An in-house solution might be a better idea here.
enwikipedists are too blockist...
Which says to me that vandalism handling needs to be made easier.
On Mon, Jun 9, 2008 at 7:08 AM, Simetrical Simetrical+wikilist@gmail.com wrote:
On Sun, Jun 8, 2008 at 4:26 PM, Platonides Platonides@gmail.com wrote:
As for doing it for any open proxy, if you know how to do it, please share it. I think it was proposed a long time ago to automatically scan for open proxys. Don't know it if was really done, but it's certainly impossible to do now.
You just do a portscan. It's fairly straightforward. (Also not *totally* reliable, but what is in life?) Wikimedia could then maintain its own DNSBL, if it were feeling nice. Each view would trigger a portscan on that IP, although no more than once every X days. Any hit would be added to a table of proxies that would be checked on edits, etc.
This exists in our codebase, but was turned off because very few ISPs, nor our network admin Mark, liked our software portscanning ~20% of the internet per day.
On Sun, Jun 8, 2008 at 7:35 PM, Andrew Garrett andrew@epstone.net wrote:
This exists in our codebase, but was turned off because very few ISPs, nor our network admin Mark, liked our software portscanning ~20% of the internet per day.
ISPs don't care if you portscan as long as it's for legitimate purposes. IRC networks, for instance, do it routinely. I doubt you're going to have to portscan anywhere near 20% of the Internet, even allowing for some hyperbole, given that scanning is only needed on edit, and can be cached for a quite long time (say, a month) for confirmed non-proxies. You could also manually skip ranges that are known to be dynamic, which would kill a ton more of the load, in fact quite possibly almost all of it.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
David Gerard wrote:
Indeed. This extension appears to be for the benefit of TOR and no-one else.
False!
Why not all open proxies?
Because we have a list of TOR nodes, so that's a pretty easy place to start.
Stop being an ass, please.
- -- brion
wikitech-l@lists.wikimedia.org