Jump to content

Community Wishlist Survey 2023/Larger suggestions/Keep Chinese (zh) editors safe

From Meta, a Wikimedia project coordination wiki

Keep Chinese (zh) editors safe

  • Problem: According to unnamed reliable source(s), Internet operators in mainland China (i.e. controlled by CCP & with GFW) often disable proxying or VPN being used by Wikimedia project editors, right after clicking on the "Publish / Show changes / preview" or during generating references by "automatic tab", which means those operators could identify Wikimedia project uploads. Thereby, combining detected upload traffics to Wikimedia project with publicly available "Recent changes" stats, mainland Chinese authorities might identify and locate individuals responsible for specific changes with unique features - the time and "byte size change" displayed on "Recent changes". In recent years, moreover, separate residents there have been caught, detained and even arrested, as claimed by mainland Chinese authorities, simply for viewing Wikipedia or Youtube without posting anything. Additionally, given that local laws require Internet operators to keep weblogs containing personal information for at least 6 months, editors of conscience located in Mainland China and even future Hong Kong and Macau inevitably face severe ricks including political repressions, maybe tougher than in Russia. Therefore, erasing or recoding "date / time stamp", "byte size change" and any other doxing-inducing stats should be done as follows in all chinese (zh) Wikimedia projects since 2022.
  • Proposed solution: Apply to all chinese (zh) Wikimedia projects since 2022:
  1. Conceal exact "byte size change" and classify that into several grades, e.g.
    • within ±20 bytes as "light" (輕); between ±21 and ±500 bytes as "medium" (中); more than ±500 bytes as "weighty" (重); or
    • ~10~70~500~ or ~10~100~1000~ into 4 grades.
  2. Conceal the actual time of each edit on "Recent changes", "History", "Watchlist" and similar pages in that date and order would be sufficient.
  3. Recode and disguise timestamp where signature is needed such as talk / wiki- pages by one of two following ways:
    1. Replace last digit of timestamp by an English letter assigned in line with the order of post in the thread within 10-minute period. E.g. if there are 2 comments posted at 14:20~30 (UTC) on the same day in the same thread, their timestamps should be 14:2A (UTC), 14:2B (UTC) respectively. In case of more than 26 comments emerged in the same thread within 10-minute period, Roman numerals would function like 14:2ⅡA, 14:2ⅡB, etc. OR
    2. Replace timestamp by purely ordinal numbers assigned in line with the order of post in the thread history while remaining date unchanged. E.g. if in 2023 someone replied to a thread contained 3 comments from past years, the date / time stamp might be "#04 26 January 2023" (2023年1月26日 #04); if there are more than 99 comments in the same thread, corresponding number should be in place of "#".
  4. Automatically delay the release of "Recent changes", "Watchlist" and "History" for each page ranging from 0 to 120 seconds, so as to mislead real-time crawling, while all edits are published immediately and "History" for each page are arranged in actual order. However, likely "bad-faith" or "problem" edits, changes to top edited articles in the latest hours or by recently (un)blocked users and protected titles creations should be excluded and their records displayed instantly.
  5. Refactor links, elements and code that may reveal the actual time of edits.
  6. Reframe and disguise data traffic of Wikimedia sites, especially uploads.
  7. Automatically conceal essential personal information of user without any edit or log action in the past 6 months as default - which users could reject. Those information includes location, contacts and more.
  8. Request the Internet archivers to delete all user page archives that contain the following userbox or word:
    1. Anti- CCP / Xi Jinping / PRC / Tiananmen Square Massacre;
    2. Pro- DPP / Pan-democracy camp / Occupy Central / Umbrella Revolution / 2019 HK protests;
    3. Support independence of Taiwan / HK / Macau / Tibet / Uyghur.

Meanwhile, neither any (interface-) admin nor anyone else could access any concealed details, except certified Foundation staff.

  • Who would benefit: Chinese (zh) editors
  • More comments: Chinese (zh) Wikimedia projects means all Sinitic languages (Chinese languages) projects, including Southern Min (Min-nan / nan), Eastern Min (Cdo), Cantonese (Yue), Wu (Wuu), Classical Chinese (zh-classical / lzh), Hakka Chinese (Hak), Gan ones. Gohan 03:25, 11 February 2023 (UTC)[reply]
  • Phabricator tickets:
  • Proposer: Gohan 07:04, 30 January 2023 (UTC)[reply]

Discussion

This should be discussed on zhwiki Village pump first. It is out of the scope of Community Wishlist Survey. Thanks. SCP-2000 09:00, 30 January 2023 (UTC)[reply]
Less active zh (chinese) communities, where it is difficult to discuss effectively, have more pressing needs, since their upload datas are easier to be identified. Gohan 03:13, 11 February 2023 (UTC)[reply]
  • @神秘悟饭: have you informed Trust and Safety of these concerns ? —TheDJ (talkcontribs) 10:45, 30 January 2023 (UTC)[reply]
    Not yet. Gohan 10:47, 30 January 2023 (UTC)[reply]
  • If these are reliable sources, surely they could be named here? MarioGom (talk) 20:56, 31 January 2023 (UTC)[reply]
  • This seems pointless. You cannot meaningfully hide diff sizes without hiding the wikitext of the involved revisions; you cannot hide upload sizes without hiding the uploaded file. I suppose you could obfuscate timestamps but it would do little to prevent deanonymizing someone who makes several edits. Using a proxy solution that the ISP is able to turn off just seems like a bad idea. Explore evasion methods of state-level censorship across Wikimedia movement szerkesztése seems like a more feasible approach. (Or doing something about Tor blocks, etc.) --Tgr (talk) 00:19, 1 February 2023 (UTC)[reply]
    Yeah, it can't eliminate risks entirely. But the whole idea is to drastically increase the cost for catching wanted editors, forcing 99.9% of Chinese cyber police to give up their attempts. WMF censorship circumvention is more helpful, which brings concerns about how long it will work, and recalls memories of escalating VPN interfered and disconnected escalatingly that WMF's approach will be treated the same way. Also, censorship circumvention would not allay doubts about point 7 above. Gohan 04:20, 1 February 2023 (UTC)[reply]
    So why don't simply hide username in the article history? Thanks. --SCP-2000 04:41, 1 February 2023 (UTC)[reply]
    If so, I don't know how the community can figure out who's responsible for specific edit. Gohan 04:49, 1 February 2023 (UTC)[reply]
    I mean, using Revision Deletion to hide username. Technically sysop (and oversighter) still could figure out who's responsible for specific edit. Thanks. SCP-2000 05:48, 1 February 2023 (UTC)[reply]
    This can only hide the link between multiple edits by one user, not the link between one single detected edit with publicly visible time & byte size change and the netizen behind. Gohan 06:56, 1 February 2023 (UTC)[reply]
    Moreover, not every zh local sysop may be trusted. Gohan 07:00, 1 February 2023 (UTC)[reply]
    I don't know whether zh wikipedia uses similarly free licensing, but on enwp you can't do this because of copyright issues. In addition, I don't think I have to explain that there are a lot of issues with hiding the underlying identity of 90% of edits on zh wikipedia. Snowmanonahoe (talk) 14:39, 22 February 2023 (UTC)[reply]
    In addition, direct connections with Wikimedia are still available in Hong Kong. We cannot force all Hong Kong users to use censorship circumvention method. Even if censorship circumvention works really well, Hong Kong National Security Police, which spends HK$8 billion a year on 7 million citizens, will have no trouble finding Hong Kong editors with direct connections. Gohan 04:56, 1 February 2023 (UTC)[reply]
    People at risk should probably use some technology that hides their traffic entirely (such as Tor). Using unreliable security measures can be worse than not having security measures at all, as it gives a false sense of security and people might do things they wouldn't do if they realized that their edits can be traced back to them. Unless Wikipedia gets rewritten from scratch, there will always be many ways edit timestamps and sizes can be recovered, as the entire software stack was designed to be private about reading but transparent about editing. That might not be a satisfying answer but that's just the reality we have to work with IMO. (I'm not a censorship expert or anything but have been following work in this area for a while.) Tgr (talk) 07:46, 5 February 2023 (UTC)[reply]
  • One way or another, these Chinese editors (and other people at risk for political reasons) should be protected by Wikimedia. Perhaps a list with measures they can take themselves, supplemented with technical measures Wikimedia can take, as asked here. --JopkeB (talk) 14:56, 11 February 2023 (UTC)[reply]

Voting