[tor-talk] CloudFlare

Fri Apr 19 02:34:00 UTC 2013

On Thu, Apr 18, 2013 at 2:57 PM, Jacob Appelbaum <jacob at appelbaum.net> wrote:
> It is possible to request a special flag on a Wikipedia account that is
> granted by way of some special handshake. It is possible to take an
> already created account and use it for edits as the flag overrides the
> Tor block.

The flag is called ipblock-exempt

You can see the the list of uses on english wikipedia that have it here:

http://en.wikipedia.org/w/index.php?title=Special%3AListUsers&username=&group=ipblock-exempt&limit=500
(bot accounts and administrators also inherit this ability without the
ipblock-exempt flag)

(As an aside, your own account was previously flagged this way, (by
Wikimedia's chairman of the board), but the flag has since been
removed because your account has been inactive:
http://en.wikipedia.org/w/index.php?title=Special%3ALog&type=&user=&page=User%3AIoerror&year=&month=-1&tagfilter=
)

[snip]
> I think we should ensure that Wikipedia understands that the account was
> created with Tor and that the user may be using this to circumvent
> censorship, to protect what they are reading or editing from their local
> network censors or surveillance regime as well as to protect IP address
> information that the US currently doesn't really protect (see USA vs.
> Appelbaum; re: my Twitter case). Since the US can see a lot of the
> traffic to Wikipedia, I'd guess that this is important worldwide.

I've been generally unable to convince people that surveillance of
Wikipedia access is both happening and actually important. The people
participating in the creation and administration Wikipedia (and
likewise those employed by the Wikimedia foundation) enjoy the
privileged of having the greatest intellectual freedom that has ever
been enjoyed by anyone anywhere. This is unsurprising: People without
substantial freedom of all kinds are not the most likely to go about
assembling a Free Encyclopedia. Like any other privileged it's not
always obvious to the beholder.

The idea that someone's Wikipedia editing (or, much less _reading_)
habits might be highly private and personal and likely to cause harm
if monitored isn't really appreciated by people who really find that
kind of monitoring hard to believe (even, ironically, when it's
currently happening to them— the illusion of intellectual freedom is
greater than the actual intellectual freedom)

I was unsuccessful in the last major datacenter reworking convincing
the technical staff to adopt an architecture which could reasonably
scale to supporting SSL always on for all readers (one where SSL
wasn't handled by a separate cluster but was instead run in parallel
on the existing non-ssl frontends).

Unfortunately, I think it will probably take someone being killed for
reasons considered unjust by western standards before the considerable
expenditure necessary to HSTS the entire site will be justified.
Pressure on this front needs to come from activists, not from
technology people.

> A workable solution would be to continue to use such a list to detect
> Tor usage and then to ensure that we now allow new accounts to be
> created over Tor. The MediaWiki should ensure that HSTS is sent to the
> user and that the user only ever uses HTTPS to connect to Wikipedia.

Account creation via tor is explicitly and intentionally disabled.

> If the user is abusive and an IP block would normally apply, Wikipedia
> would not block by IP but would rather use the normal Wikipedia process
> to resolve disputes (in edits, discussions, etc)

The blocking of tor (and other IP) addresses is never intended to be a
part of the regular "disagreeable behavior for otherwise well meaning
and sane contributors" process. It doesn't aid in that process.

In theory blocking is really only a measure against people who are
malicious or (temporarily?) mentally ill.  Wikipedia will try to
reason you out of doing something, and if that fails, _tell_ you to
stop doing something, and then only block you if you don't listen.

> and if the account is
> just being used for automated jerk behavior, I think it would be
> reasonable to lock the account, perhaps even forcing the user to solve a
> captcha, or whatever other process is used when accounts are abused in
> an automated fashion.

Mostly the really automated behavior is not that huge of an issue— the
thousands of wiki administrators have access sophisticated  to
automated behavioral blocking tools (I think the rule expression
language in abusefilter is turing complete), account creation requires
solving a captcha... and marketers have discovered that spamming
Wikipedia can have certain unexpected negative effects once caught
(like completely disappearing from search engine indexes), so only
idiot marketers spam overtly.

But what is an issue is an issue is _non-automated_ or semi-automated
jerk behavior.  A single bored kid or irate mentally ill person can
easily fully saturate the time of ten or more Wikipedia volunteer
editors with a barrage of fake identities making subtle undermining
edits or over massive scale one time automated attacks. To some people
this kind of thing is just a really excellent MMORPG, this is, no
doubt, amplified by the fact that most of the sites operation is
conspicuously performed by human hands and minds. Much of the bad
behavior is benign but time consuming, though some is quite concerning
and violent (e.g. blasting pages with images of child porn mixed with
photos of contributors children).  Beyond the pure time consumption,
it is demoralizing and dehumanizing to the volunteer editors to
constantly be non-consensually made a target in some jerks MMORPG-fun.

There aren't many of these jerks, however— I'd guess that for any
major language there are only dozen or so world wide any any time
(they either change obsessions, grow out of it, or end up incarcerated
(no kidding), so they seem to be constantly shifting).  Because of
this aggressively blocking every IP address they have access to is
actually _quite_ effective.  You eventually get all the networks they
have ready access too (in some cases where the problem has come from
an institution, Wikipedians have traded blocking the whole institution
for eliminating the problem with disciplinary action), including
whatever open wifi they can easily reach... the first one to have paid
for botnet access gets the botnet largely blocked and so on.  It's
demonstratively effective... and in cases where overbroad blocks hit
established users, they can be exempted on an account by account
basis.

So if creating an account that can edit via tor is as simple as
solving a captcha then it will be impossible to stop these abusive
people— they will happily pipeline out account creation as fast as
whatever rate-limiters will allow them, jump through whatever hoops,
they have nearly unbounded time and motivation ... and then they can
continue to victimize Wikipedia contributors (and readers, though the
readers don't seem to take bad information of Wikipedia personally)
without consequence.

Sometimes you can be victimized by forces outside of your control and
there is just nothing you can really do about it.  But thats not the
case here, blocking every proxy the jerks use _works_. It has
collateral damage of unknown magnitude, but the part that is
specifically known can be largely solved with exemptions. The harm it
solves is insanely salient: the jerks rub your face in their success,
the harm is causes is invisible (since the visible parts get solved
with exemptions).

> Most of that isn't technical - it is a matter of accepting that some of
> us are not free. Some of us who are not free require systems like Tor to
> participate in the Free Culture community curated by the Wikipedia
> community on Wikipedia. Some of us will then be free to be part of that
> community and perhaps, if we work smartly, other freedoms will follow
> from the knowledge of the community.

There are so many hurdles to equitable participation: Access to
computers, _literacy_, educational differentials, perceived societal
roles, social norms within the community making some people feel like
outsiders ...  the people excluded because they are not free and for
whom the exemption process is inadequate seem like something of a
rounding error by comparison— especially to people who find that whole
not-freeness thing to be a kind of vague and distant concept.  Doubly
so when it's easy to ignore the importance of participating in that
culture and say "for your own protection, if editing Wikipedia would
put you in danger we prefer you to not do it!"