[WikiEN-l] Editing with open proxies

Tue Jun 19 02:00:25 UTC 2007

On 6/18/07, Sheldon Rampton <sheldon at prwatch.org> wrote:
> Slim Virgin wrote:
>
> > On 6/18/07, Sheldon Rampton <sheldon at prwatch.org> wrote:
>  ... No one has presented any evidence suggesting that anyone
> used a TOR proxy in any way to obtain the admin account which you
> believe is responsible for posting material to Wikitruth. Since
> CharlotteWebb is not a sysop, we know it's not her in any case. So
> why is WIkitruth being dragged into this discussion?

First, with respect, you don't know anything about the person who
operates the CharlotteWebb account. S/he has gone to great lengths to
ensure that you don't.

Secondly, I can't say why anyone else mentioned Wikitruth, but I
mentioned it because it's an example of the damage admin accounts in
the wrong hands can cause, and because the easiest way to build up
multiple admin accounts is by focusing on vandalism for a few months.
The reason I mentioned it is because I'd like us to stop promoting
those kinds of accounts, so that getting adminship involves more
sustantial contributions.
>
> >> To embellish it with ad
> >> hominem references to unrelated topics such as WR and WikiTruth takes
> >> it into tinfoil hats territory.
> >
> > You might want to take into account that there are issues you're not
> > aware of. And the "tinfoil hats" insult is unhelpful.
>
> If there are issues I'm not aware of, make me aware of them.

Not everyone can be made aware of every issue. What I'm getting at is
that reasonable people should assume that those who deal with
sockpuppetry a lot, and particularly those who have access to
checkuser, may be aware of issues the rest of us are not aware of, and
not all those issues can be made public. So some people on the list
are criticizing without knowing the full facts, and others are having
to respond with one arm tied behind their backs. That's why it has
been a largely fruitless discussion.

> >> There's
> >> probably no way to prevent someone from getting admin status and
> >> using it indefinitely for purposes that CANNOT be visibly connected
> >> to their user name (such as looking up deleted pages).
> >
> > As I said earlier, your argument is like that of an airline that
> > withdraws all security measures because 100 percent security is
> > impossible.
> >
> > We can't prevent it, but we can make it harder.
>
> You're making a straw man argument. I haven't advocated "withdrawing
> all security measures" from Wikipedia, and I haven't seen anyone else
> argue for that either. The question is not WHETHER to have security
> measures but WHAT KIND of security measures to have.

People who argue that admins shouldn't even have to reveal their IPs
to the Foundation are indeed arguing that we should withdraw all
security.
>
> An airline that screens passengers for weapons is using an effective
> security measure. An airline that turned away all passengers who
> haven't flown recently would just be alienating customers for no
> security benefit.
>
> Similarly, a security argument could be made for desysopping admins
> with easily crackable passwords, but desysopping people simply
> because they're not currently active is just a bad idea. I'm all for
> security, but chasing phantoms actually HURTS security.

That's a fair point, but just because you disagree with something
doesn't necessarily make it a phantom, or tin-foil-hat time.