Community Wishlist Survey 2019/Anti-harassment/Wikipedia mirrored in Tor .onion

From Meta, a Wikimedia project coordination wiki
Jump to navigation Jump to search
Random proposal ►

Support ◄ Back to Anti-harassment


  • Problem: Surveillance without limitation creates a chilling effect where people can be afraid to read Wikipedia for general information. Also some bad actors, including governments, corporations, and powerful individuals, sometimes block access to Wikipedia at the level of the Internet service provider. Everyone with an Internet connection needs to be able to access Wikipedia but there are safety barriers against them doing so.
  • Who would benefit: Everyone who values their right to access Wikipedia articles in private.
  • Proposed solution: The Wikimedia Foundation hosts a .onion mirror of Wikipedia which anyone can read with the most privacy which we can provide. This mirror will not permit editing, but at least it provides some private access.

Discussion[edit]

  • I think this would be good, but I'm not sure that it would necessarily be useful in fighting surveillance. Operating an .onion service doesn't help those in regions where Tor itself is blocked, and it doesn't improve access for those who can already use Tor. Jc86035 (talk) 14:55, 30 October 2018 (UTC)
  • This would be one of the many solutions to the Chinese government in blocking Wikimedia access. It is sure that it is a fundamental right to obtain uncensored knowledge, though I doubt if this is anti-harassment but more of the Miscellaneous side. To the proposer User:Bluerasberry, I have fixed some meaning problem.--1233 | Questions?| This message is left by him at 16:40, 30 October 2018 (UTC)
    • Except Tor cannot be reliably used within China. And yes why is this anti-harassment? C933103 (talk) 17:53, 1 November 2018 (UTC)
@C933103: Whenever the community hears of someone getting persecuted for engagement with Wikipedia we refer that fact to the WMF. They might have records but they have never said. I have no idea if they even file reports. When anyone is threatened over reading Wikipedia then I would call this harassment.
We had a guy show up to Wikimania some years ago saying that he had to leave his country because of government agents coming to his home about his wiki editing. I would call that harassment. Other people have similarly reported that they feel afraid to read politics, LGBT+, health especially reproductive health, information about illegal activities even for general knowledge, and many other topics. The right to privacy is an established culture and there are people who call a disruption to the right to privacy harassment.
About China and other countries blocking Tor - the right to privacy is an en:arms race where technology will always increase. I am not saying that a .onion mirror will solve all the problems, but it is part of a solution. It is a relatively inexpensive entry point, there is a userbase which advocates for this heightened sort of privacy, taking any step sooner and now will incite the conversation about when and how to take next steps, and this is a technological step which also makes a social demonstration that we stand for the right to read Wikipedia articles in private.
If a typical person's browser history were made public against their wishes, they would call that harassment. That is why this proposal fits as "anti-harassment". In 2013 when Snowden said that the government and tech companies watched people's Internet activities some people felt disturbed by the surveillance. I know that sentiment has mostly changed and most people now are happy for multiple entities to have all their online data, but there are still people who feel that privacy of 10 years ago would be nice. This is not a perfect idea but I am looking for the best idea that anyone has for the budget that we have, which is approximately 1 month of staff time from 2-3 WMF workers. Blue Rasberry (talk) 20:14, 1 November 2018 (UTC)
My understanding is that, while network traffic is one of the tool that can be used by governments to detect browsing activity of people on the Wikipedia site, https encyrpted connection have already reduced the role that can be played by such activity. Social engineering is apparently a more direct threat against Chinese users who're using international websites and is also reasons why they can pinpoint and jail twitter users. Another mean they would use is that they would directly scan the hardware of devices owned/carried by individuals within the country for activity history and files and software exists in the system. Having Tor won't help. Also I heard there're some fake tor nodes setup by the government in the network. C933103 (talk) 20:51, 1 November 2018 (UTC)
  • Does it provide any additonal privacy, compared to just accessing wikipedia.org over TOR? MaxSem (WMF) (talk) 20:11, 30 October 2018 (UTC)
@MaxSem (WMF): Yes. I apologize that our Wikipedia articles are not orderly so I cannot quickly point you to general reference information. I can give an example. Facebook says yes with en:facebookcorewwwi.onion. Blue Rasberry (talk) 13:50, 31 October 2018 (UTC)
@Bluerasberry: That article is very outadated. The only reason I see is that TOR prevents interception of HTTP between TOR and our servers, however it's not a problem anymore becuase all our domains are secured via HTTPS and we're on HSTS preload list for every major browser so even if a user types http://en.wikipedia.org, no insecure request will be made. Any other security/privacy benefit? MaxSem (WMF) (talk) 20:22, 31 October 2018 (UTC)
@MaxSem (WMF): A 2016 Facebook initiative at the edge of innovation is outdated less than 2 years later? There are other benefits - let me get back after some time. Blue Rasberry (talk) 20:44, 31 October 2018 (UTC)
One of the main benefits people often tout, is that exit-bandwidth in the tor network is at a premium. Using a hidden service, users may get better performance, especially for larger files (e.g. Videos on commons). At least in theory. There are probably other factors at play too (more hops) and I have certainly not measured what the difference is. BWolff (WMF) (talk)
  • What would this be good for? Wikipeda uses SSL and no external trackers. No one can actually find out what article you are reading. If you use a tool likem TOR, a hostile regime might go after you only for using such a tool (like China does with VPN and TOR, or Turkey with an App that is said to belong to Gulen). --𝔊 (Gradzeichen DiſkTalk) 14:36, 31 October 2018 (UTC)
@°: Someone could watch your internet traffic and see what sites you try to connect to. SSL won't stop your ISP from seeing what pages you try to connect to. --Terra  (talk) 11:09, 2 November 2018 (UTC)
The browser sends a CONNECT request to the http-Server, no one can see the page names you access unless you have a key logger or trojan or other malware on your computer (and Wikipedia can do nothing about that). It may be suspect to access en.wikipeida.org, but in tha case it is even more suspect to use TOR or anything similar at all. --𝔊 (Gradzeichen DiſkTalk) 15:43, 2 November 2018 (UTC)
  • I'd just like to note that a .onion site is not necessary for accessing Wikipedia through the Tor network, if anyone unfamiliar was unsure about this. Tor can connect to the main Wikipedia site just fine; the purpose of the .onion site would be to allow Tor users to connect to Wikipedia without their request leaving the Tor network. Jc86035 (talk) 16:07, 2 November 2018 (UTC)
  • I assume this is meant to be a "read only". We don't need to make it easier for IP vandalism edits. This proposal should be clarified. Thanks! • SbmeirowTalk • 19:53, 5 November 2018 (UTC)
@Sbmeirow: already says "anyone can read with the most privacy which we can provide. This mirror will not permit editing". I will think about how to make this more clear, but I tried to communicate what you describe. Blue Rasberry (talk) 17:06, 7 November 2018 (UTC)
  • I'm not opposed to WMF doing this, but anybody could create a .onion clone of Wikipedia since the content is open source. Andrewman327 (talk) 13:27, 7 November 2018 (UTC)
@Andrewman327: Anyone could and some people have, see where some Facebook guy got media at There’s Now a Dark Web Version of Wikipedia. Here are some problems with being only community based:
  1. Random third party mirrors lack reliability The stakes are access to Wikipedia. With a third party, access could vanish at any time. With a WMF / community partnership the service is dependable. The cost is low and the benefits are high for making this service dependably accessible.
  2. We need WMF trustworthiness in addition to technical execution For this to come from a community group and be successful there is a high cost of establishing trust and dependability in addition to the technical execution. The WMF already has trust and dependability, so if the WMF did this, it would not incur the costs to establish those things that a small community group would have to pay. There are various .onion clones but none of them have a community fanbase because they come from sources with challenges for trust and dependability. The existing third-party clones have not achieved a community base of support because this is not just a technical problem, this is a challenge to get hosting at a trusted source.
  3. Also a model for others We should encourage other people to set up .onion clones of Wikipedia, and if the WMF does this once then that makes for a more inviting workflow for others to do this too and make it more normal. This wishlist is more than getting the task, and also about getting the WMF to do the usual technical documentation for how they did something and what community participation they got. This is not so complicated, and does not require a lot of documentation, but a little documentation and a little community consultation would be a big help for anyone else who wanted to provide the same protection with their own Wiki mirror or a mirror of any other website which would benefit from wiki-style community management.
Blue Rasberry (talk) 17:06, 7 November 2018 (UTC)
Random people setting up wikipedia mirrors kind of defeats the point if user privacy is what you care about. Whomever sets up the mirror has full access to everything you view when viewing the mirror. BWolff (WMF) (talk) 13:03, 8 November 2018 (UTC)
  • Endorse. Feminist (talk) 15:22, 8 November 2018 (UTC)
  • Here are the arguments from nos-oignons.net members (an association that offers tor exit nodes). I copy it because they were not able to post this comment by themselves because contributing via Tor even if we are logged in to our user account is not allowed (I opened a Phabricator ticket about that):
    https relies on the CA system, which isn't really trustworthy given how many entities can actually issue certificates for any website on the web. Onion services don't have this issue. Moreover, exit bandwidth is a precious resource for the tor network, running an onion service doesn't consume it, reducing the resources consumption of the network. Also, some exit nodes are doing passive traffic analysis, they wouldn't be able to do that on the onion service: I wouldn't be surprised if some states were running high-speed exit nodes to measure if given censorship method and its chilling effect are efficient.
    In addition, Wikimedia projects are currently accessible via the TCP+HTTPS protocol, using .onion+HTTPS protocol offers other secutiry properties that may be useful for some readers.
    Providing .onion is also a strong political message from the WMF saying that Wikimedia projects will never be censored.
    Finally, you can also read this Cloudfare blog post that gives some arguments.
Pamputt (talk) 21:59, 11 November 2018 (UTC)
I respectfully disagree with the certificate authority point. I think the risk of phising via tor (As nobody can memorize those insanely long non-human memorable hashes), far outweighs the benefits of not having to rely on the imperfect CA system. For example, if someone setup a fake version of duck duck go at http://3g2upl4pq2hkl4r.onion would you notice that it is different from http://3g2upl4pq6kufc4m.onion ? AFAIK, the main two solutions to this problem is EV certs, or alt-svc for a (clearnet) https domain, both of which end up relying on WebPKI infastructure anyways. Furthermore, with the advent of certificate-transparency (And hopefully one day we will enable the expect-ct header) the risk of a malicious CA is much less as the liklihood of being caught is much higher. BWolff (WMF) (talk) 22:38, 11 November 2018 (UTC)

Voting[edit]