Context:
https://lists.wikimedia.org/pipermail/wikien-l/2015-March/thread.html
Brian believes that Wikimedia recording non-logged-in editors' IPs is *literally* the same as the NSA hoovering up all data they can get anywhere.
On 30 March 2015 at 18:13, Katherine Casey fluffernutter.wiki@gmail.com wrote:
Publicly identifying anonymous Wikimedians, especially with reference to their editing histories, is not just an academic way to make a point; it's messing with people's real lives, and it's not something I'm particularly comfortable seeing suggested, especially for a reward, on a wikimedia-hosted listserv. I mean, I see the point you're trying to make, but making people whose privacy may already be imperfect into explicitly-outed victims is rather like burning down the house to prove it ought to have been fireproofed better: you've made your point, but now you have no house. If you want to see if you can identify people using leaky data, ask for volunteers from among those who are comfortable having their identities researched this way and work on identifying them with their consent.
On Mon, Mar 30, 2015 at 12:48 PM, Richard Symonds < richard.symonds@wikimedia.org.uk> wrote:
I worry that encouraging people to do this to prove a political point could be inappropriate. It's one thing to point out a potential privacy flaw, but paying people to exploit it may be seen as a step too far.
Richard Symonds Wikimedia UK 0207 065 0992
Wikimedia UK is a Company Limited by Guarantee registered in England and Wales, Registered No. 6741827. Registered Charity No.1144513. Registered Office 4th Floor, Development House, 56-64 Leonard Street, London EC2A 4LT. United Kingdom. Wikimedia UK is the UK chapter of a global Wikimedia movement. The Wikimedia projects are run by the Wikimedia Foundation (who operate Wikipedia, amongst other projects).
*Wikimedia UK is an independent non-profit charity with no legal control over Wikipedia nor responsibility for its contents.*
On 29 March 2015 at 23:25, Brian reflection@gmail.com wrote:
I'm sure many of you recall the Netflix Prize http://en.wikipedia.org/wiki/Netflix_Prize. This is that, for
Wikipedia!
Although the initial goal of the Netflix Prize was to design a collaborative filtering algorithm, it became notorious when the data was used to de-anonymize Netflix users. Researchers proved that given just a user's movie ratings on one site, you can plug those ratings into another site, such as the IMDB. You can then take that information, and with some Google searches and optionally a bit of cash (for websites that sell user information, including, in some cases, their SSN) figure out who they
are.
You could even drive up to their house and take a selfie with them, or follow them to work and meet their boss and tell them about their views
on
the topics they were editing.
Here, we'll cut straight to the privacy chase. Using just the full
history
dump of the English Wikipedia, excluding edits from any logged-in users, identify five people. You must confirm their identities with them, and privately prove to me that you've done this. I will then nominate you as the winner and send you one million Satoshis (the smallest unit of
Bitcoin,
times 1 million), in addition to updating this thread.
I suspect this challenge will be very easy for anyone who is determined. Indeed, even if MediaWiki no longer displayed IP addresses, there would still be enough information to identify people. Completely getting rid of the edit history would largely solve the problem. In the mean time, this Prize will serve as a reminder that when Wikipedia says "Your IP address will be publicly visible if you make any edits." what they mean is,
"People
will probably be able to figure out where you live and embarrass you."
An extra million Satoshis for each NSA employee that you identify. A full bitcoin if you take a selfie with them.
Let the games begin!
Brian Mingus _______________________________________________ Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe