Talk:Strategy/Wikimedia movement/2018-20/Recommendations/Iteration 1/Community Health/Safety

From Meta, a Wikimedia project coordination wiki
The following discussion is closed. Please do not modify it.
Most likely, new comments will not be taken into account by the new three Working Group members in their work of developing the final Recommendations. You are free however to continue discussing in the spirit of "discussing about Wikipedia is a work in progress". :)

Physical security[edit]

Strong oppose[edit]

> Supporting anonymizing technologies like TOR, VPNs for the users that would require the support.

Is ipblockexempt not sufficient? Are you seriously considering relaxing "No Open Proxies"? How are you supposed to tell the difference between good-faith editors using VPNs and social-engineering LTAs? Did anyone bother to gather data about the positive versus abusive use of VPNs or TOR? (Hint: VPNs are blocked on sight for a very good reason.)

> Anonymising of IP addresses in public domain to protect IP contributor privacy.

This belongs in the trash can.

> We currently do not have a systematic approach to support users at risk due to their participation in movement activities and lack the essential local capacity to support users as demonstrated in recent events like the political instability in Venezuela and Turkey. We will continue to face state and state-sponsored censorship efforts impacting the movement and currently do not have publicly available material to support contributors who are affected by such measures.

Why does whoever wrote this think the We Make Failures engineering department are capable of taking on state-sponsored entities with budgets bigger than the entire foundation (both in absolute dollars and purchasing power parity) when We Make Failures can't even get the basics right?

> Current bureaucratic structures and decision making processes do not counteract established inequality in informal community power relations (eg. veteran editors vs newbies, dominant groups vs marginalised groups, Foundation vs affiliate).

So we should we stop ignoring meatpuppets? What about those "newbies" that the WMF so desperately wants to court to pad its statistics targeted at donors, but have zero idea of what an encyclopedia is, or actively try to undermine it in various ways (e.g. advocacy, undisclosed paid editing)? How about equal decision making power of the community versus the WMF in all aspects?

> term limits

Explicitly rejected on en.wikipedia. No, just no. MER-C (talk) 14:40, 11 August 2019 (UTC)[reply]

Not to be argumentative, but VPNs are in much wider use today than 5 years ago. How can the organization which is currently suing the NSA seriously argue that it is inappropriate to allow users to communicate through VPNs? Hlevy2 (talk) 03:14, 16 August 2019 (UTC)[reply]
an organization community that privileges its own ability to ip snoop, over the health or lives of its editors. Slowking4 (talk) 09:15, 21 August 2019 (UTC)[reply]
Using a VPN is generally bad for the user, the EFF is unable to recommend any. Unless the VPN is owned by you or some entity you have direct control or accountability on, there is no good reason in general to let them collect and handle your private data instead of the WMF directly. Of course there can be good reasons locally, for instance if you're forced by your government. Nemo 10:30, 21 August 2019 (UTC)[reply]
The sheer chutzpah of saying this, after having close to 50 tagged socks...... Winged Blades of Godric (talk) 08:49, 24 August 2019 (UTC)[reply]
thank-you: your ad hominem is a complement. and every block a badge of honor. if you violate the block policy, you should expect to be ignored. and you should expect your vituperation about sock hunting to be discounted. Slowking4 (talk) 16:47, 25 August 2019 (UTC)[reply]
Slowking4, Your post above is incomprehensible. If it is intended as a private communication with Winged Blades of Godric, this is not the appropriate venue. If it is intended to be meaningful to other people contributing here, it fails to make your point. Some clarification might help. Cheers, · · · Peter (Southwood) (talk): 18:35, 25 August 2019 (UTC)[reply]
just so we're clear: the ip tracking tools are limited in their utility, and there are no Kevin Gormans here; the misuse of those tools and policy is a notorious scandal, as seen in many cases; and the ad hominem attacks against working group members tends to undermine your credibility. if you wish to be heard, you will be civil; if not you should expect to be circumvented as a network obstruction. Slowking4 (talk) 22:45, 25 August 2019 (UTC)[reply]
Slowking4, Still not at all clear.
I am getting:
  • You do not think that ip tracking tools are useful, but have no better option to suggest.
  • One or more of the several people known as Kevin Gorman has some unspecified relevance.
  • There has been misuse of ip tracking tools which you and presumably others consider scandalous.
  • There have been ad hominem attacks against working group members, which you appear to be attributing to me, but maybe you are using the generic "your" and referring to another person or persons.
  • You suggest that uncivil communication will result in the user being "circumvented as a network obstruction", but do not explain what that is intended to mean in practice.
This is not effective communication. Cheers · · · Peter (Southwood) (talk): 05:25, 26 August 2019 (UTC)[reply]


The point of supporting anonymizing technologies is based on an non-existant problem. Browsers nowadays have good privacy measures. WMF websites and Mediawiki itself does not try to uncover information about the user at the same rate as The Washington post. Instead of this point, the goal should be to educate readers just how little WMF actually tracks them. We are not trying to profile browsers or bypass icongnito mode like the Washington Post does.

Trying to have as much privacy as possible is a moot point. That an editor feels like he needs to use Thor to anonimize himself is not normal, infact it is a red flag. Thor can be used to access the dark web and is compleatly overkill for use on Wikipedia. This is even an point that an senior developer of WMF has agreed to and Jimbo himself, see the links at the bottom of No open proxies.

There has been an global policy over all of the WMF wikis against these methods for thirteen years now, at No open proxies. VPNs are even worse than proxies, as they encrypt from the users computer to the VPN. Again, this method is overkill for Wikipedia. There are regular spammers that edit from proxies and VPNs. Even long term abusers use these methods, including the George Reeves user which WMF itself banned in an office action. If this policy will be inforced, then the administrators on WMF wikis cannot enforce that editors that WMF blocked via office action won't just bypass that action alltogether. That is not becouse of an lack of intrest, but becouse of an oversight on WMF's behalf.--Snaevar (talk) 12:17, 12 August 2019 (UTC)[reply]

VPN/TOR editing by IP addresses should be blocked on sight, but I do not see any good reason to not allow properly registered accounts to use TOR/VPNs to edit. If those accounts are misused, they will simply get blocked, as usual.--- Darwin Ahoy! 12:22, 15 August 2019 (UTC)[reply]

Trade offs in privacy and security[edit]

I've written an essay at wikimania:2019:Thriving_in_Safety/Three_Contradictions_of_Safety describing some of the tensions involved in privacy and security on our projects. For example, the tension between content integrity/robust distribution of content and being "the encyclopedia that anyone can edit". Distributing our content more robustly and more broadly usually makes updating the content more difficult; closing the loop and allowing our readers to actually edit the encyclopedia is important, as is ensuring that our readers can get updates over time as the encyclopedia grows and articles are improved.

There is a similar tension between our reputation system, used to safeguard the reliability of our edits, and the privacy and security of our editors. This is seen most clearly in the debate over the use of Tor, which safeguards our editors at the same time as it endangers our content. Most of our long time editors have over time slipped and revealed personal identifying information on wiki. That information is completely public and never goes away. This cements their reputation but puts them at risk if they are ever targeted for their work on wiki. Our reputation system is endangering privacy, and privacy endangers our reputation system.

There is a third conflict identified, between scalability and independence, but that perhaps is of more interest to a different working group.

I don't have any brilliant solutions to these conflicts. I think it is simply useful to keep in mind the inherent tension as we seek to balance competing demands. Cscott (talk) 23:36, 15 August 2019 (UTC)[reply]


I support the overall sentiment of this set of recommendations, especially things like keeping people safe from NSA and the USA federal general government in general, as much as possible with our resources (which include friendship with experts like the EFF, EPIC, ACLU etc.). However, the list clearly needs some work as it's quite messy (and several points can be misunderstood, for instance about Tor). Sorry for not making more specific suggestions at this time. Nemo 13:58, 17 August 2019 (UTC)[reply]

What is WMF's position on sockpuppeting?[edit]

Does the WMF have an official position or policy on the use of alternative accounts? If so, where is it available? How does it relate to this proposal? · · · Peter (Southwood) (talk): 05:39, 26 August 2019 (UTC)[reply]

From Catalan Salon[edit]

We wonder which technical consequences would have the ability of editing via TOR (...).