[HN Gopher] The value of Tor and anonymous contributions to Wiki... ___________________________________________________________________ The value of Tor and anonymous contributions to Wikipedia Author : blendergeek Score : 140 points Date : 2020-06-26 15:46 UTC (7 hours ago) (HTM) web link (blog.torproject.org) (TXT) w3m dump (blog.torproject.org) | vmception wrote: | tl;dr preventing spam by blocking all TOR users is lazy. | coronadisaster wrote: | Maybe they had to block TOR because someone asked them to, like | the Government | hombre_fatal wrote: | Just depends on the service. | | You're not lazy just because you decide something isn't worth | it. | | I've worked on some services where I'm not exaggerating to say | that almost all Tor traffic was abuse. | vmception wrote: | But its more likely that one person was doing one thing | taking up the majority of the badnwidth originating from tor | | And the distinct users would be trying to do another thing | commoner wrote: | If you are using Tor for security or privacy reasons, and you | would like to edit Wikipedia while using Tor, you can request | permission to do so: | | https://en.wikipedia.org/wiki/Wikipedia:IP_block_exemption | | This requires a Wikipedia account and an email address (which can | be used exclusively for Wikipedia). Signing up for a Wikipedia | account involves providing a username and a password, but no | personal information is needed. | | The "Advice to users using Tor" page has more information: | | https://en.wikipedia.org/wiki/Wikipedia:Advice_to_users_usin... | 77pt77 wrote: | > This requires a Wikipedia account and an email address | | It's borderline impossible nowadays to create an email address | without a phone number or a pre-existing email address. | | Also almost impossible to do using Tor. | mkup wrote: | Last time I tried to create e-mail address via Tor, | ProtonMail worked flawlessly. No phone number required. They | even have .onion domain available exclusively via Tor. | | But other e-mail providers like GMail and Hotmail won't like | Tor and ask user to provide phone number, you are partially | right. So solution is simply not to use these e-mail | providers. | metrokoi wrote: | ProtonMail does not allow new account creation over VPN or | Tor without donation or SMS. I checked just now. The point | of creating an account with Tor is that it's completely | untraceable. Yandex does, however. | Funes- wrote: | >Last time I tried to create e-mail address via Tor, | ProtonMail worked flawlessly. No phone number required. | | It must've been some time ago, then, because they now | require an SMS (your phone number), a donation, or another | e-mail account. | TechBro8615 wrote: | I don't think that's true for every exit node. Keep | cycling your IP and you may find one where it's not | required. | jandrese wrote: | Even if you get the account created it will tend to self- | lock after a short time and ask for SMS verification. | | Email services that don't SMS verify on VPN or TOR | endpoints usually find themselves on anti-spam blacklists | sooner rather than later. Spammers are constantly on the | lookout for email services that don't have trashed | reputations to get around Gmail and other provider's | filters. | young_unixer wrote: | I always use cock.li for temporary emails and it never asks | for anything. As long as you don't feel _offended_ by the | domain names, you can use it too. | [deleted] | [deleted] | lucasmullens wrote: | _Any_ email address? Surely there 's still unpopular email | services out there that don't require a phone number. There's | even websites that provide instant temporary email addresses. | dustingetz wrote: | You can host a mailserver, it comes with linux | jandrese wrote: | You'll need a domain, and getting one anonymously is | another issue roughly on par with getting an anonymous | email account. In fact the domain provider is pretty much | always going to ask you for an email account and a form of | payment. The whole point of this exercise is to avoid | having your nation's secret police kidnap and kill you | because you posted the list of details about how the | leaders are stealing from the people and killing | dissidents. | dustingetz wrote: | Subdomain works, get on IRC and ask someone for one | slipheen wrote: | Perhaps the best way to do this right now may be renting a | phone number online. | | There are services you can pay in btc, which will receive a | verification code for you, using a real phone number, rather | than a voip number. | | AFAIK they're often used by relatively unscrupulous people to | bypass bans in games, etc, but could also be used here. | jandrese wrote: | The threat model of Blizzards anti-gold farming department | vs. your national government's secret police isn't the | same. | slipheen wrote: | Sure? But most Tor users aren't trying to avoid their | national secret police. | jandrese wrote: | Yeah, but that's the design goal for Tor. The designers | don't need to cater to the needs of people buying drugs | or scamming old people. | pbhjpbhj wrote: | Don't you just shift things down the road, now you need to | buy BTC, in UK I think you need a bank account (to setup | PayPal, say) or phone number (to buy a disposable payment | card). | slipheen wrote: | I don't know your particular situation, but there are | places you can buy bitcoin in cash. At least in the US, | this doesn't need a bank account or phone number. | | Googling suggests you could try https://coinatmradar.com/ | alasdair_ wrote: | Find someone with bitcoin and have them give you some for | cash? | em-bee wrote: | but once i have an account, why would i still need tor? | | what protection does tor give to someone logged in to | wikipedia? | | i don't like to get an account because that would leave a | public trail of all my edits, and given the eclectic selection | of topics i am interested, in this would allow anyone to | deanonymize me. whereas if my edits get spread over multiple ip | addresses you may tie a particular edit to an ip of mine, but | you won't be able to build a profile of my person from all my | edits. | | hackernews has the same problem, but on hn the topic selection | is more limited, and not all topics i am interested in are | being discussed here. also it is a lot more difficult to | categorize hn comments compared to wikipedia edits. | Hello71 wrote: | If you believe you require privacy in your contributions, you | can create multiple accounts pursuant to the policy on | sockpuppetry: https://en.wikipedia.org/wiki/Wikipedia:Sock_pu | ppetry#Legiti.... In these cases, you "must not use | alternative accounts to mislead, deceive, disrupt, or | undermine consensus". It is also recommended to "notify a | checkuser or members of the arbitration committee if they | believe editing will attract scrutiny". | FabHK wrote: | I have requested permission, and it was denied. | | You have to "demonstrate the need" and "be trusted not to | abuse". | | > Editors who may reasonably request an exemption include users | who show they can contribute to the encyclopedia, and existing | users with a history of valid non-disruptive contribution. | | So, "a Wikipedia account and an email address", as you write, | is not enough. | | EDIT to add: As acknowledged by Wikipedia in your second link: | | > IP block exemptions for this purpose should be requested by | following these instructions. However, it may be difficult to | establish good standing and remain completely anonymous, as the | former requires editing without using Tor. | lucb1e wrote: | Wait, am I just completely misreading this or is this | contradicting itself? | | > the research team found that Tor users made similar quality | edits to those of IP editors [...] and first-time editors. The | paper notes that Tor users, on average, contributed higher- | quality changes to articles than non-logged-in IP editors. | | Is it similar quality or higher-quality now? The text also | appears (word for word) on the linked website at nyu.edu. Reading | the original paper, guess what I found? | | > Using hand-coded data and a machine-learning classifier, we | estimated that edits from Tor users are of similar quality to | those by IP editors and First-time editors. We estimated that Tor | users make more higher quality contributions than other IP | editors, on average, as measured by PTRs. | | Almost the same contradiction. There is a subtle change, namely | that the "of similar quality" judgement is a result of hand- and | machine-classifying, and "more higher quality contributions" is | the judgement of a metric called PTR* . There might also be a | difference between "similar quality edits" and "more high quality | edits" (e.g. Tor users might do more crap edits and more great | edits by one metric but simply be about average by another | metric), but I'm not sure if that's just random variation in | phrasing or intentional. | | * PTRs are "persistent token revisions". I don't find it very | succinctly/adequately explained at first use, but probably if you | read the whole paper it makes more sense. To my understanding, | it's basically just how much of the contribution was later | changed (within a fixed number of subsequent edits), presuming | that if it was largely left unchanged, it was probably a welcome | edit. | | While the article and paper are all positive, I'm not sure | whether this might just be because _of course_ we 'd all love to | hear how great Tor users are (many of us are also Tor users: we | like to think of ourselves as freedom fighters, privacy | advocates, etc.), but I'm not sure that's what this unambiguously | shows. Perhaps it's worth the moderation effort to unban them, | perhaps not. The paper does acknowledge this to an extent: "We | simply cannot know if our sample of Tor edits is representative | of the edits that would occur if Wikipedia did not block | anonymity-seeking users." | | Perhaps, instead of ban vs unban, we just need another system to | anonymously contribute changes, like a moderation queue, which | would make it less attractive for vandalism. | | (On StackOverflow/StackExchange, anyone can edit without logging | in and not even your IP address is shown. While moderating it, I | very very rarely see trolls or spambots there. I'm not sure if | that's because of some magic system I don't know about or if it's | simply because a manual review filters all the garbage and there | is no point in trying.) | bawolff wrote: | I think this somewhat misses the point though - i dont think | people are worried about the average TOR user. The average tor | user is probably just fine. People are worried about the one | person with an axe to grind making everyone's life miserable who | turns to tor after being blocked through normal means. | | Should people be worried about that? Idk, i think there are | probably ways to mitigate the risk of that at least somewhat. | However the article didn't address that concern, and you can't | change hearts and minds if you don't talk about what people are | actually worried about. | Jap2-0 wrote: | Exactly. With an IP, it can be pretty easy to stop someone from | doing anything - block one IP (maybe a small range for IPv6), | and maybe another for their phone, and then block account | creation from those IPs (I'm a bit rusty on the technical | details of how that works - if it's something that happens | automatically when blocking an IP, or is separate, or I think I | heard something about doing it based on a cookie at one point). | No such luck with Tor. | nullc wrote: | I burned myself out advocating for this some seven years ago: | | https://lists.wikimedia.org/pipermail/wikitech-l/2013-Decemb... | | Unfortunately, the incentive structure at Wikipedia has | challenges. Editors suffer under every ounce of abuse but the | cost of excluded contributions is nearly invisible and not felt | personally by anyone. | | The result is that convincing people to take even small risks (of | abuse) or costs (of tech measures to mitigate abuse without | compromising user privacy) is extremely hard. | | Hopefully this research will help shift the balance. | FabHK wrote: | Hope so. I nearly always use a VPN, and can't contribute to | Wikipedia (even if logged in) due to that. I've once requested | an exemption, but it was not granted. | | So, they basically exclude anyone that's somewhat privacy | conscious, or frequently travels to weird jurisdictions that | make use of a VPN advisable, or lives in such jurisdictions. As | you say, an invisible loss. | [deleted] | ryanisnan wrote: | Technically speaking, does Wikipedia just keep IPs of all exit | nodes? Other than that, I'm curious what attributes designates | traffic as "TOR" traffic. | bawolff wrote: | Yes, it downloads a list of all exit nodes. | | Code is open source and viewable at | https://github.com/wikimedia/mediawiki-extensions-TorBlock | ryanisnan wrote: | I'm curious why TOR would maintain a list of exit nodes so | that this is possible? | bawolff wrote: | Tor is a pretty centralized architecture-the client using | tor gets to choose its path through the tor network. It | needs to know all the nodes in the system in order to | construct a valid path | ryanisnan wrote: | Gotcha. Thanks! | FirstLvR wrote: | i've said this everywhere... we all need to invest on wikipedia, | to make it powerful, free and useful | | it may not work as intented, if you are doing university research | but ... for general purpose we must have a general encyclopedia | that actually works | frandroid wrote: | Huh, Wikipedia is already free and useful? | | Anyway, Wikipedia raises TONS of money but it goes to staff of | dubious purpose with regards to its goals. | metrokoi wrote: | Same with most non-profits. | kevin_thibedeau wrote: | Not going to happen so long as self-appointed kings decide what | gets to stay. Exhaustive list of Pokemon? Sure thing. "Non- | notable" programming language? Not worthy. | amatecha wrote: | Yep, I see so many pages get deleted due to "non-notability". | Meanwhile you see exhaustive content about temporarily- | popular subjects like a complete plot synopsis for an entire | TV series, plus detailed information about every location | ever described in that series. Like this comprehensive list | of all the characters in the ReBoot series[0]. Hey, I liked | the series at the time, but come on. I can't help but feel a | bit frustrated when valuable information is deleted | permanently, but content hundreds of times the size persists | for super-obscure topics that a couple people feel passionate | about enough to fight for and rally their fellow account- | holders to vote for. | | [0] https://en.wikipedia.org/wiki/List_of_ReBoot_characters | jancsika wrote: | I'd be interested to know more about the nature of the actual | vandalism and abuse that came from Tor exit nodes prior to | Wikipedia implementing the ban. How long did it stay up before | being reverted? How difficult was it to track, revert, etc. | compared to non-Tor-based vandalism? And how effective a tool was | IP-banning for non-Tor-based vandalism at the time? | | Plus anything else I haven't thought about regarding the severity | of the vandalism during that time. | | Any Wiki admins have first-hand experience? | | Edit: clarifications | duskwuff wrote: | Not an administrator, but an onlooker during that period. | | Before Wikipedia had any explicit policy re. Tor exit nodes, | their IPs would typically be blocked anyway -- either under | longstanding policy regarding open proxies, or as a result of | spam/vandalism edits originating from the IP. Automatically | blocking all Tor exit nodes wasn't a huge change in practice; | it just meant that the process was automatic (so new exit nodes | would be blocked more quickly, and old exit node IPs would be | unblocked automatically), and that the block messages for users | on those IPs became more informative. | surround wrote: | Is there any reason why Wikipedia doesn't assign non-logged-in | users a unique user ID instead of exposing their IP address? | bawolff wrote: | There are some proposals in this direction (serious proposals | that might actually happen. Not just wishful thinking | proposals) | | https://meta.wikimedia.org/wiki/IP_Editing:_Privacy_Enhancem... | surround wrote: | This proposal echoes my concerns and ideas very closely, | thank you. Unfortunately, the project is "currently in very | early phases," there's no "particular deadline," and there's | a lot of opposition to the proposal [0], so perhaps it's | wishful thinking after all. | | [0]https://meta.m.wikimedia.org/wiki/Talk:IP_Editing:_Privacy | _E... | fsflover wrote: | Because now you can do something like | | https://news.ycombinator.com/item?id=8024417 | | https://news.ycombinator.com/item?id=15457335 | AnthonyMouse wrote: | What stops them from just making their edits from home or | coffee house wifi? | fsflover wrote: | Laziness probably. And it works very well. | kevin_thibedeau wrote: | The coffee house WiFi is logging your MAC for the | oppressive regime you live under. One night you get | disappeared for being disruptive. | AnthonyMouse wrote: | This is the thing you believe would be happening to | members of the Norwegian parliament who edit their own | wikipedia articles? | nullc wrote: | Doing so would diminish the user community's ability to self | police those edits somewhat. It's important to understand that | Wikipedia is a public collaboration to a much greater degree | than any other large websites are-- it's more like a big open | source software project. | | Wikipedia's viability depends critically on hundreds of | millions of dollars of year of uncompensated volunteer labor by | self-selecting contributors-- and a major component of that | includes anti-vandalism. | | As my sibling comment laments, Wikipedians directly feel the | pain of any reduction in their anti-abuse toolchest-- while the | countributor's privacy is almost a pure externality. | | It's trivial to create an account, so any contributor that | cares can self-serve a solution-- at least if they're | sophisticated enough. If they're not even that sophisticated | they're not exactly likely to make a case for this kind of | change. | | It also provide a bit of a false sense of privacy since the | information is still retained by the site and available to | many-- though the same situation exists for logged in users. | | I think advocating access via tor would be more important: It's | unfortunate to create a situation where a user's life or | freedom might be endangered due to their contributions | unethical-but-lawful order (or an accidental data breach) | forces Wikimedia to expose them. | surround wrote: | But how does allowing everyone to see IP addresses help with | anti-vandalism? There's already the CheckUser if there needs | to be an IP-block ban. | | https://en.m.wikipedia.org/wiki/Wikipedia:CheckUser | | As for privacy, allowing everyone to associate your IP | address with your edit history is quite different than only | allowing the website to see it. | | The reason I bring this up is because there have been quite a | few times where I've wanted to make a quick copy edit, but I | don't, because I don't want the edit and the name of the | article I read to be permanently associated with my IP | address. Preferring anonymity and the ability to change | identities, I hate having a permanent account for online | interactions. I've made a lot of temporary account on various | websites, but most of the time it's not worth creating a | temporary account for a tiny edit on Wikipedia. So I don't | bother. | | Maybe I'm a unique case, but I'm still willing to bet that | there would be more interaction from non-logged-in users on | Wikipedia if their IP address were hidden. | | (As a side note, the reason why I've stuck with this HN | account for so long is because there is a limit to how many | accounts an IP address can make before getting banned.) | capableweb wrote: | I guess you're one of few with a static address, where | doing something via your IP can automatically be connected | to you as a person. I've made plenty of Wikipedia | contributions, but going to "my" user page with my current | one, I find none. I don't care about if someone can connect | the IP with my contributions. | | But I completely understand if you're making more "risky" | edits and/or have a IP address attached to you like that. | Then it makes sense. And if it's too much to create an | account for the tiny edit, I guess it'll be left like it | is. Some things I see on Wikipedia are wrong too, but the | work to verify, archive, link and do the edit, is more than | the edit is worth in terms of shared knowledge, so I skip | it too. | | On the other hand, I quite like that you can connect the | ASN with edits on Wikipedia. Makes it very obvious what | organizations are trying to influence what in which | direction. But maybe the information doesn't have to be | fully public, require a different access rule than just | user. | surround wrote: | I don't have a static IP (but I do share one), and I | don't really make any "risky" edits. Yet the thought of | my online activity potentially being tied back to myself | makes me uncomfortable enough to not contribute. | nullc wrote: | > But how does allowing everyone to see IP addresses help | with anti-vandalism? There's already the CheckUser if there | needs to be an IP-block ban. | | It scales better. | | Pretty much just that. | | > Maybe I'm a unique case, but I'm still willing to bet | that there would be more interaction from non-logged-in | users on Wikipedia if their IP address were hidden. | | You're not. Though WP would generally prefer you not use | throwaway accounts (as would HN, for that matter!). | | It's unclear how many people it discourages-- a lot of | people manage to make edits without realizing their IP will | be displayed because they miss the warnings. Users asking | the site to delete edits that were accidentally IP-exposing | is a not-infrequent support request. | | Users suffering unwelcome exposure is largely an external | cost (except for those support requests, and the invisible | long term discouragement-to-contribution). | surround wrote: | Another thought: If anyone can make an account to hide | their IP anyways, why not hide the IP of all users? But I | guess the answer is that enough vandals don't create | accounts to warrant keeping IP addresses public. | nullc wrote: | And other users can make an account easily enough to not | bother fixing it. | | Probably on the balance, considering everyone's costs and | risks it would be better to make IP edits private. But | the decision to do this is made by Wikipedians, and | considering just their costs, favours not doing it more | strongly. | Hitton wrote: | Wikipedia has rather heavy handed admins. I remember being caught | in /17 IP range ban. It was apparently because single vandal with | ISP which granted dynamic IPs and had carrier-grade NAT. It | caught tens of thousands households. Luckily the damage was not | that great, because the ban was only on english wikipedia but | imho still overkill. | jfengel wrote: | Given Wikipedia's demand for citations, is there really any | advantage to allowing anonymous edits? If somebody has privileged | information, that may be valuable knowledge, but it's not what | Wikipedia was intended for. I'd expect anything like that to be | deleted as Original Research, or marked as Citation Needed. | | If the citation is public, a non-anonymous person could make the | edit as easily as an anonymous one. That's not to say it will | necessarily be made, but there doesn't seem to be a case that | only one person could make the edit. Allowing anonymous | contributions does increase the work force to include people who | feel the need to be more secure, but they don't have access to | special information that makes them uniquely qualified. | nullc wrote: | Under your argument, why should Wikpedia even exist at all? If | it's sufficient that the information is "out there" -- well | then it's all already out there. | | The relevant expertise-- which sometimes includes privileged | information-- is part of what lets you know which _public_ | information is valuable, relevant, and worth the effort to | bother including. | | A user's reason for protecting their privacy may also have | absolutely nothing to do with their possession of any | privileged knowledge. It's really impossible to predict what | the long term consequence of compromised privacy are, and we | know that any interaction online can be an invitation to abuse | by crazy people. | | So, for example, as part of some discussion online I might find | myself reading an article on some venereal disease. While | reading the article I might notice some omissions or errors and | decide to fix them. Later, my edits could end up as part of a | debate about the content of the article (even if my edits were | utterly unobjectionable) ... with an end result of this | potentially embarrassing subject turning up in search results | about me, or being discovered by a political opponent in an | entirely unrelated debate a decade later, and being pulled out | of context just to smear me. | | This isn't conjectural. I can speak to it personally: For | example, over 13 years ago I got in an edit war on Wikipedia | over some site policy thing about users including copyright law | violating images on their user pages. I was a bit of a hothead | about it and got myself blocked from editing for 24 hours. I | was appropriately chastised for being an idiot about how it was | handled. All the edits all ultimately went through. But I get | regularly slandered by abusive anonymous accounts about it that | are mad at me about unrelated Bitcoin debates (and can find | literally nothing else negative to say about me). They love to | characteristics it in various ways ("fired from wikipedia!"), | divorce it from the context, yank out completely inaccurate off | the cuff comments from other wikipedians made during the event | (apparently some random troll was mistaken for me for a little | bit during discussions about the incident). | | I would have been much better off contributing anonymously as a | result. And for the little personal benefit I got out of | contributing, I would have been better off not contributing at | all rather than end up with this nonsense. | | Is Wikipedia or the world really a better place where only | people who either fail to make the above calculation correctly | or whom expect some big personal pay-off by contributing are | left editing the site? I don't think so. | hatmatrix wrote: | It doesn't seem to discuss the justification for considering the | ban in the first place. I can imagine as an example, Exxon-Mobile | trying dominating the climate change discussion through anonymous | edits (though they didn't, at least partially; they were | retroactively caught trying to modify relevant pages from IP | associated with their business). | readhn wrote: | Totally makes sense. Fun fact: In the past i was involved in a | company where they implemented anonymous feedback system. The | feedback system did so well .... that they shut it down in a | month and never discussed the results. It uncovered too many | problems that nobody in the management wanted to address. This | company is on the verge of bankruptcy now, 5 years after those | surveys.. | | When people are allowed to speak up freely - truth will come out | quickly. (Yes, you will get some noise too, but id rather adjust | my signal to noise ratio then just deal with meaningless noise | all the time). | MintelIE wrote: | I use Tor for most of my browsing these days. While I'm under no | illusion that it protects me from the US government (it IS NSA | software after all), I'm fairly confident that it does protect me | against non-15-eyes and corporate spying and data collection. | slim wrote: | 15 eyes is a good one (supposed to be 5 eyes) ___________________________________________________________________ (page generated 2020-06-26 23:00 UTC)