Community Wishlist Survey 2023/Larger suggestions/Keep Chinese (zh) editors safe
Appearance
This proposal is a larger suggestion that is out of scope for the Community Tech team. Participants are welcome to vote on it, but please note that regardless of popularity, there is no guarantee this proposal will be implemented. Supporting the idea helps communicate its urgency to the broader movement. |
Keep Chinese (zh) editors safe
- Problem: According to unnamed reliable source(s), Internet operators in mainland China (i.e. controlled by CCP & with GFW) often disable proxying or VPN being used by Wikimedia project editors, right after clicking on the "Publish / Show changes / preview" or during generating references by "automatic tab", which means those operators could identify Wikimedia project uploads. Thereby, combining detected upload traffics to Wikimedia project with publicly available "Recent changes" stats, mainland Chinese authorities might identify and locate individuals responsible for specific changes with unique features - the time and "byte size change" displayed on "Recent changes". In recent years, moreover, separate residents there have been caught, detained and even arrested, as claimed by mainland Chinese authorities, simply for viewing Wikipedia or Youtube without posting anything. Additionally, given that local laws require Internet operators to keep weblogs containing personal information for at least 6 months, editors of conscience located in Mainland China and even future Hong Kong and Macau inevitably face severe ricks including political repressions, maybe tougher than in Russia. Therefore, erasing or recoding "date / time stamp", "byte size change" and any other doxing-inducing stats should be done as follows in all chinese (zh) Wikimedia projects since 2022.
- Proposed solution: Apply to all chinese (zh) Wikimedia projects since 2022:
- Conceal exact "byte size change" and classify that into several grades, e.g.
- within ±20 bytes as "light" (輕); between ±21 and ±500 bytes as "medium" (中); more than ±500 bytes as "weighty" (重); or
- ~10~70~500~ or ~10~100~1000~ into 4 grades.
- Conceal the actual time of each edit on "Recent changes", "History", "Watchlist" and similar pages in that date and order would be sufficient.
- Recode and disguise timestamp where signature is needed such as talk / wiki- pages by one of two following ways:
- Replace last digit of timestamp by an English letter assigned in line with the order of post in the thread within 10-minute period. E.g. if there are 2 comments posted at 14:20~30 (UTC) on the same day in the same thread, their timestamps should be 14:2A (UTC), 14:2B (UTC) respectively. In case of more than 26 comments emerged in the same thread within 10-minute period, Roman numerals would function like 14:2ⅡA, 14:2ⅡB, etc. OR
- Replace timestamp by purely ordinal numbers assigned in line with the order of post in the thread history while remaining date unchanged. E.g. if in 2023 someone replied to a thread contained 3 comments from past years, the date / time stamp might be "#04 26 January 2023" (2023年1月26日 #04); if there are more than 99 comments in the same thread, corresponding number should be in place of "#".
- Automatically delay the release of "Recent changes", "Watchlist" and "History" for each page ranging from 0 to 120 seconds, so as to mislead real-time crawling, while all edits are published immediately and "History" for each page are arranged in actual order. However, likely "bad-faith" or "problem" edits, changes to top edited articles in the latest hours or by recently (un)blocked users and protected titles creations should be excluded and their records displayed instantly.
- Refactor links, elements and code that may reveal the actual time of edits.
- Reframe and disguise data traffic of Wikimedia sites, especially uploads.
- Automatically conceal essential personal information of user without any edit or log action in the past 6 months as default - which users could reject. Those information includes location, contacts and more.
- Request the Internet archivers to delete all user page archives that contain the following userbox or word:
- Anti- CCP / Xi Jinping / PRC / Tiananmen Square Massacre;
- Pro- DPP / Pan-democracy camp / Occupy Central / Umbrella Revolution / 2019 HK protests;
- Support independence of Taiwan / HK / Macau / Tibet / Uyghur.
Meanwhile, neither any (interface-) admin nor anyone else could access any concealed details, except certified Foundation staff.
- Who would benefit: Chinese (zh) editors
- More comments: Chinese (zh) Wikimedia projects means all Sinitic languages (Chinese languages) projects, including Southern Min (Min-nan / nan), Eastern Min (Cdo), Cantonese (Yue), Wu (Wuu), Classical Chinese (zh-classical / lzh), Hakka Chinese (Hak), Gan ones. Gohan 03:25, 11 February 2023 (UTC)
- Phabricator tickets:
- Proposer: Gohan 07:04, 30 January 2023 (UTC)
Discussion
- This should be discussed on zhwiki Village pump first. It is out of the scope of Community Wishlist Survey. Thanks. SCP-2000 09:00, 30 January 2023 (UTC)
- Less active zh (chinese) communities, where it is difficult to discuss effectively, have more pressing needs, since their upload datas are easier to be identified. Gohan 03:13, 11 February 2023 (UTC)
- @神秘悟饭: have you informed Trust and Safety of these concerns ? —TheDJ (talk • contribs) 10:45, 30 January 2023 (UTC)
- Not yet. Gohan 10:47, 30 January 2023 (UTC)
- If these are reliable sources, surely they could be named here? MarioGom (talk) 20:56, 31 January 2023 (UTC)
- This seems pointless. You cannot meaningfully hide diff sizes without hiding the wikitext of the involved revisions; you cannot hide upload sizes without hiding the uploaded file. I suppose you could obfuscate timestamps but it would do little to prevent deanonymizing someone who makes several edits. Using a proxy solution that the ISP is able to turn off just seems like a bad idea. Explore evasion methods of state-level censorship across Wikimedia movement szerkesztése seems like a more feasible approach. (Or doing something about Tor blocks, etc.) --Tgr (talk) 00:19, 1 February 2023 (UTC)
- Yeah, it can't eliminate risks entirely. But the whole idea is to drastically increase the cost for catching wanted editors, forcing 99.9% of Chinese cyber police to give up their attempts. WMF censorship circumvention is more helpful, which brings concerns about how long it will work, and recalls memories of escalating VPN interfered and disconnected escalatingly that WMF's approach will be treated the same way. Also, censorship circumvention would not allay doubts about point 7 above. Gohan 04:20, 1 February 2023 (UTC)
- So why don't simply hide username in the article history? Thanks. --SCP-2000 04:41, 1 February 2023 (UTC)
- If so, I don't know how the community can figure out who's responsible for specific edit. Gohan 04:49, 1 February 2023 (UTC)
- I mean, using Revision Deletion to hide username. Technically sysop (and oversighter) still could figure out who's responsible for specific edit. Thanks. SCP-2000 05:48, 1 February 2023 (UTC)
- This can only hide the link between multiple edits by one user, not the link between one single detected edit with publicly visible time & byte size change and the netizen behind. Gohan 06:56, 1 February 2023 (UTC)
- Moreover, not every zh local sysop may be trusted. Gohan 07:00, 1 February 2023 (UTC)
- I don't know whether zh wikipedia uses similarly free licensing, but on enwp you can't do this because of copyright issues. In addition, I don't think I have to explain that there are a lot of issues with hiding the underlying identity of 90% of edits on zh wikipedia. Snowmanonahoe (talk) 14:39, 22 February 2023 (UTC)
- I mean, using Revision Deletion to hide username. Technically sysop (and oversighter) still could figure out who's responsible for specific edit. Thanks. SCP-2000 05:48, 1 February 2023 (UTC)
- If so, I don't know how the community can figure out who's responsible for specific edit. Gohan 04:49, 1 February 2023 (UTC)
- So why don't simply hide username in the article history? Thanks. --SCP-2000 04:41, 1 February 2023 (UTC)
- In addition, direct connections with Wikimedia are still available in Hong Kong. We cannot force all Hong Kong users to use censorship circumvention method. Even if censorship circumvention works really well, Hong Kong National Security Police, which spends HK$8 billion a year on 7 million citizens, will have no trouble finding Hong Kong editors with direct connections. Gohan 04:56, 1 February 2023 (UTC)
- People at risk should probably use some technology that hides their traffic entirely (such as Tor). Using unreliable security measures can be worse than not having security measures at all, as it gives a false sense of security and people might do things they wouldn't do if they realized that their edits can be traced back to them. Unless Wikipedia gets rewritten from scratch, there will always be many ways edit timestamps and sizes can be recovered, as the entire software stack was designed to be private about reading but transparent about editing. That might not be a satisfying answer but that's just the reality we have to work with IMO. (I'm not a censorship expert or anything but have been following work in this area for a while.) Tgr (talk) 07:46, 5 February 2023 (UTC)
- Yeah, it can't eliminate risks entirely. But the whole idea is to drastically increase the cost for catching wanted editors, forcing 99.9% of Chinese cyber police to give up their attempts. WMF censorship circumvention is more helpful, which brings concerns about how long it will work, and recalls memories of escalating VPN interfered and disconnected escalatingly that WMF's approach will be treated the same way. Also, censorship circumvention would not allay doubts about point 7 above. Gohan 04:20, 1 February 2023 (UTC)
- One way or another, these Chinese editors (and other people at risk for political reasons) should be protected by Wikimedia. Perhaps a list with measures they can take themselves, supplemented with technical measures Wikimedia can take, as asked here. --JopkeB (talk) 14:56, 11 February 2023 (UTC)
Voting
- Support TheAmerikaner (talk) 20:24, 10 February 2023 (UTC)
- Support Great idea Pmsyyz (talk) 01:14, 11 February 2023 (UTC)
Support Hehua (talk) 02:34, 11 February 2023 (UTC)Weak oppose per scp--Hehua (talk) 13:18, 11 February 2023 (UTC)- Oppose Per Tgr above comments. And this should be discussed on zhwiki first. Thanks.--SCP-2000 03:03, 11 February 2023 (UTC)
- Less active zh (chinese) communities, where it is difficult to discuss effectively, have more pressing needs, since their upload datas are easier to be identified. So where to discuss would be a problem. Gohan 03:10, 11 February 2023 (UTC)
- Oppose The Chinese Wikipedia community haven't been informed of this propose, nor have the Trust and Safety team. Without a community consensus, I don't think the community will go along with this kind of action. --BlackShadowG (talk) 03:40, 11 February 2023 (UTC)
- Support Arado Ar 196 (talk) 08:36, 11 February 2023 (UTC)
- Support Smetanakaviar (talk) 12:10, 11 February 2023 (UTC)
- Support HumbleLady (talk) 13:41, 11 February 2023 (UTC)
- Support OwenBlacker (Talk) 14:45, 11 February 2023 (UTC)
- Support JopkeB (talk) 14:55, 11 February 2023 (UTC)
- Support There is very little documented conversation between Wikimedia Foundation and community groups with safety issues. Bluerasberry (talk) 15:06, 11 February 2023 (UTC)
- Support Abzeronow (talk) 19:21, 11 February 2023 (UTC)
- Weak oppose People should be free to make expressions in favor of the pro-democracy camp and/or speak fankly about Tienanmen Square without us rushing to delete their user pages. I don't know that the community would actually go for this, and these very same measures that are aimed to protect user privacy would also make it a lot easier to sock on the project without being detected. Wikipedians have so much fewer resources than nation-states, and while it would probably protect both good-faith editors and sockmasters from other Wikipedians, I'm not sure that the proposed solution above would be anywhere near enough to protect editors from the Chinese state. — Red-tailed hawk (nest) 21:42, 11 February 2023 (UTC)
- Point 8 only aims at external page archives, neither the current user page nor in Wikimedia sites. So it wouldn't limit free speech. And in fact, many Chinese Wikipedians have asked to delete their user pages out of the same concern. Gohan 02:32, 12 February 2023 (UTC)
- Support Ivario (talk) 22:02, 11 February 2023 (UTC)
- Support 我虽然用镜像站参与编辑,但仍旧冒着一定风险。此举对于和我一样身处中国大陆的编辑者来说无疑是社群给予的一重保障。/Although I participated in editing with the mirror site, I still took some risks. This is undoubtedly a guarantee given by the community to editors in Chinese Mainland like me. 范博2004 (talk) 01:42, 12 February 2023 (UTC)
- Strong support QuickQuokka [talk • contribs] 17:25, 12 February 2023 (UTC)
- Support PtolemyXV (talk) 18:50, 12 February 2023 (UTC)
- Support Libcub (talk) 06:21, 14 February 2023 (UTC)
- Support Mikxth (talk) 11:53, 14 February 2023 (UTC)
- Support Lion-hearted85 (talk) 11:56, 14 February 2023 (UTC)
- Support ZandDev (talk) 11:22, 15 February 2023 (UTC)
- Support —(ping on reply)—CX Zoom (A/अ/অ) (let's talk|contribs) 07:42, 18 February 2023 (UTC)
- Support Lupe (talk) 14:37, 18 February 2023 (UTC)
- Support Vulcan❯❯❯Sphere! 16:34, 18 February 2023 (UTC)
- Oppose This is too much an “adapt to the circumstances” approach, it does not “fight” any measures. It singles out the PRC, but other entities monitor WP, too. Kays (talk) 04:19, 19 February 2023 (UTC)
- Oppose As talked about in the discussion section, this doesn't really solve the problem. Zhwiki should advise their users to use Tor browser maybe. It's up to them to figure it out, not the WMF. Snowmanonahoe (talk) 14:49, 22 February 2023 (UTC)
- Support Thingofme (talk) 02:13, 23 February 2023 (UTC)
- Support cyrfaw (talk) 13:42, 23 February 2023 (UTC)
- Support E0126E (talk) 02:23, 24 February 2023 (UTC)