On Mon, Oct 13, 2014 at 9:10 AM, Derric Atzrott
wrote:
>> Although my suggestion is similar in kind to what had already been proposed,
>> the main object to it was that it would create too much work for our
>> already constrained resources. The addition of rate limiting is a technical
>> solution
> Although my suggestion is similar in kind to what had already been proposed,
> the main object to it was that it would create too much work for our
> already constrained resources. The addition of rate limiting is a technical
> solution that may or may not be feasible.
>
> The people on this list
On Sunday, October 12, 2014 at 4:45 PM, Marc A. Pelletier wrote:
> On 10/12/2014 12:50 PM, Arlo Breault wrote:
> > The people on this list can best answer that.
>
>
> What the people on this list cannot answer is /whether/ and under what
> conditions it would desirable to allow proxy editing in
On 10/12/2014 12:50 PM, Arlo Breault wrote:
> The people on this list can best answer that.
What the people on this list cannot answer is /whether/ and under what
conditions it would desirable to allow proxy editing in the first place.
-- Marc
___
Wik
> Unless there is further discussion to be had on a new *technical* solution
> to Tor users, this is the wrong mailing list to be making these proposals.
> At the very least take it to the main wikimedia list, or on-wiki, where
> this is a lot more relevant.
Thanks Tyler. I kept the discussion goi
On Sun, Oct 12, 2014 at 3:24 AM, Arlo Breault
wrote:
> Proposal:
Unless there is further discussion to be had on a new *technical* solution
to Tor users, this is the wrong mailing list to be making these proposals.
At the very least take it to the main wikimedia list, or on-wiki, where
this is
Thanks for initiating the conversation Derric. I've tried to put together a
proposal addressing the general problem of allowing edits from a proxy.
Feedback is appreciated.
Proposal:
* Require an account to edit via proxy.
* Allow creating accounts from proxies but globally rate limit account cr
I heard from one editor, who shall remain nameless, that they had a lot to
fear from certain people for political reasons and they edit anyway.
As we have seen with incidents in even democratic countries, even their
officials, deep-pocketed litigators, businesses, or extrimists sometimes
threaten
On 10/02/2014 09:57 PM, Kevin Wayne Williams wrote:
> I'm just amused by people that view making such edits anonymously as
> some intrinsic right.
I would expect that most of the people who (sincerely) feel strongly
about a putative right to edit anonymously are more likely to be looking
for edits
Marc A. Pelletier schreef op 2014/10/02 18:39:
On 10/02/2014 09:07 PM, Kevin Wayne Williams wrote:
Anybody that risks death by editing Wikipedia is an idiot: no privacy
system is secure enough and no information is important enough to make
that a reasonable decision.
I wouldn't have put it that
On 10/02/2014 09:07 PM, Kevin Wayne Williams wrote:
> Anybody that risks death by editing Wikipedia is an idiot: no privacy
> system is secure enough and no information is important enough to make
> that a reasonable decision.
I wouldn't have put it that way, but I've been saying something to that
Bryan Davis schreef op 2014/10/02 8:46:
On Wed, Oct 1, 2014 at 11:27 PM, Kevin Wayne Williams
wrote:
Focusing on what signature we can obtain from (or plant on) the device and
how to make that signature available to and manageable by admins is the key.
I used to do this for a living in the nam
On Wed, Oct 1, 2014 at 11:27 PM, Kevin Wayne Williams
wrote:
>
> Focusing on what signature we can obtain from (or plant on) the device and
> how to make that signature available to and manageable by admins is the key.
I used to do this for a living in the name of "credit card fraud
prevention".
On 10/02/2014 01:27 AM, Kevin Wayne Williams wrote:
> Focusing on what signature we can obtain from (or plant on) the device
> and how to make that signature available to and manageable by admins is
> the key.
... wait. Did you just suggest that we mitigate the inability to use an
anonymizing sys
> The problem with proof of work things is that they kind of have the wrong
> kind of scarcity for this problem.
>
> *someone legit wants to edit, takes them hours to be able to. (Which is not
> ideal)
Indeed, this isn't ideal, but its better than the current situation, and
at least it is only a
>>> Hello everyone,
>>> [snip]
>>> There must be a way that we can allow users to work from Tor.
>>> [snip more]
>>>
>> I think the first step is to work harder to block devices, not IP
>> addresses. [snip]
>>
>> Focusing on what signature we can obtain from (or plant on) the device
>> and how to m
On 10/2/14, Kevin Wayne Williams wrote:
> Derric Atzrott schreef op 2014/09/30 6:08:
>> Hello everyone,
>> [snip]
>> There must be a way that we can allow users to work from Tor.
>> [snip more]
>>
> I think the first step is to work harder to block devices, not IP
> addresses. One jerk with a cell
Derric Atzrott schreef op 2014/09/30 6:08:
Hello everyone,
[snip]
There must be a way that we can allow users to work from Tor.
[snip more]
I think the first step is to work harder to block devices, not IP
addresses. One jerk with a cell phone cycles through so many IP
addresses so quickly in
On 10/1/14 8:02 AM, John wrote:
> Prior to TOR being enabled we need to be able to flag both logged in and
> logged out edits made via TOR.
There's a $wgTorTagChanges option which does exactly that, except it's
currently disabled in CommonSettings.php.
-- Legoktm
On 10/1/14 9:09 AM, John wrote:
> The abuse filter has no way of identifying TOR exit nodes, thus it cannot
> be used for this. Some developer will need to interface with the TOR
> blocking code and use the same TOR identification methods to ID and label
> both logged in and logged out edits made
My example means that unless TOR is hard blocked attackers can create 6
accounts per day on there home IP and just wait till they go stale and use
6 attack accounts per day. There isn't a need for infinite accounts, just
that soft blocking is pointless in this case
On Wednesday, October 1, 2014, B
On Oct 1, 2014 3:56 PM, "Derric Atzrott"
wrote:
>
> Another idea for a potential technical solution, this one provided
> by the user Mirimir on the Tor mailing list. I thought this was
> actually a pretty good idea.
>
> > Wikimedia could authenticate users with GnuPG keys. As part of the
> > proc
Another idea for a potential technical solution, this one provided
by the user Mirimir on the Tor mailing list. I thought this was
actually a pretty good idea.
> Wikimedia could authenticate users with GnuPG keys. As part of the
> process of creating a new account, Wikimedia could randomly specif
On Wed, Oct 1, 2014 at 11:05 AM, Jackmcbarn wrote:
> Good point; I hadn't thought of that. What if we made some sort of
> semi-soft IP block that allowed accounts to edit only if they had fresh
> CheckUser data from a non-blocked IP, or something along those lines?
>
That would rather defeat the
>>
>>
> I wish it was a contrived problem. However, this is the conceit by which
> the edits are attributed for licensing purposes, and it's a non-trivial
> matter. While I'm fully supportive of finding another way to do this, it
> is a fundamental issue that would require fairly extensive
> lega
The abuse filter has no way of identifying TOR exit nodes, thus it cannot
be used for this. Some developer will need to interface with the TOR
blocking code and use the same TOR identification methods to ID and label
both logged in and logged out edits made via TOR.
___
On 1 October 2014 11:00, Brian Wolff wrote:
>
> >
> > > > There also needs to be a good answer to the "attribution problem"
> that
> > > has
> > > > long been identified as a secondary concern related to Tor and other
> > > proxy
> > > > systems. The absence of a good answer to this issue may
> Prior to TOR being enabled we need to be able to flag both logged in and
> logged out edits made via TOR.
This is something that can be handled easily by AbuseFilter. It has the
option to flag edits made by certain users or from certain IP addresses
if I remember correctly.
Even if it doesn't
Good point; I hadn't thought of that. What if we made some sort of
semi-soft IP block that allowed accounts to edit only if they had fresh
CheckUser data from a non-blocked IP, or something along those lines?
On Wed, Oct 1, 2014 at 10:57 AM, John wrote:
> Uh, Creating sleeper accounts from good
Prior to TOR being enabled we need to be able to flag both logged in and
logged out edits made via TOR.
On Wed, Oct 1, 2014 at 11:00 AM, Brian Wolff wrote:
> On Oct 1, 2014 11:40 AM, "Brad Jorsch (Anomie)"
> wrote:
> >
> > On Wed, Oct 1, 2014 at 10:29 AM, Brian Wolff wrote:
> >
> > > On Oct 1,
On Oct 1, 2014 11:40 AM, "Brad Jorsch (Anomie)"
wrote:
>
> On Wed, Oct 1, 2014 at 10:29 AM, Brian Wolff wrote:
>
> > On Oct 1, 2014 10:55 AM, "Risker" wrote:
> > >
> > > This is something that has to be discussed *on the projects
themselves*,
> > > not on mailing lists that have (comparatively)
And any kind of account creation block will cause issues with users who
work across multiple projects as SUL auto account creation is also blocked.
On Wed, Oct 1, 2014 at 10:57 AM, John wrote:
> Uh, Creating sleeper accounts from good IPs lettting them go stale beyond
> CU retention, and you hav
Uh, Creating sleeper accounts from good IPs lettting them go stale beyond
CU retention, and you have an infinite number of accounts you can then use
to skip past the softblocks on tor and create havoc. Anything short of a
hard block wont stop open proxy abuse.
On Wed, Oct 1, 2014 at 10:44 AM, Jack
On Wed, Oct 1, 2014 at 10:40 AM, Brad Jorsch (Anomie) wrote:
> One simple solution would be to disallow IP edits via Tor, i.e.
> softblock[1] all Tor exit nodes instead of hardblocking them.
>
>
> [1]:
>
> https://en.wikipedia.org/wiki/Wikipedia:Blocking_policy#Setting_block_options
>
I'd agree
On Wed, Oct 1, 2014 at 10:29 AM, Brian Wolff wrote:
> On Oct 1, 2014 10:55 AM, "Risker" wrote:
> >
> > This is something that has to be discussed *on the projects themselves*,
> > not on mailing lists that have (comparatively) very low participation by
> > active editors.
>
> Unless people want
On Oct 1, 2014 10:55 AM, "Risker" wrote:
>
> This is something that has to be discussed *on the projects themselves*,
> not on mailing lists that have (comparatively) very low participation by
> active editors.
Unless people want to trial on mw.org (assuming there is dev buy in, not
sure we are t
This is something that has to be discussed *on the projects themselves*,
not on mailing lists that have (comparatively) very low participation by
active editors. Sending to another mailing list, even a broader one than
this, isn't going to get the buy-in needed from the people who will have to
cle
> If, as it seems right now, the problem is technical (weed out the bots
> and vandals) rather than ideological (as we allow anonymous
> contributions after all) we can find a way to allow people to edit any
> wikipedia via TOR while minimizing the amount of vandalism allowed.
>
> Of course, let's
> If, as it seems right now, the problem is technical (weed out the bots
> and vandals) rather than ideological (as we allow anonymous
> contributions after all) we can find a way to allow people to edit any
> wikipedia via TOR while minimizing the amount of vandalism allowed.
>
> Of course, let's
From my experience too, though I definitely appreciate Tor's
transparency/fairness compared to VPNs/other stuffs'.
Vito
Inviato con AquaMail per Android
http://www.aqua-mail.com
Il 30 settembre 2014 23:02:27 "Marc A. Pelletier" ha
scritto:
On 09/30/2014 09:08 AM, Derric Atzrott wrote:
>
The impact of Tor upon editors' accountability must be, anyway, clearly
discussed with the Foundation as maintainer (from a legal pov too).
I can be considered a sort of "stakeholder" for patrollers and what I want
is "something" lowering Tor risk of vandalism/sockpuppeting at an ADSL-like
level
On Tue, Sep 30, 2014 at 2:33 PM, Federico Leva (Nemo)
wrote:
>> There must be a way that we can allow users to work from Tor.
> RESOLVED FIXED http://meta.wikimedia.org/wiki/NOP
Not quite; if your _only_ means of access is Tor and you have no prior
editing history to point to (which may be a sit
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 30/09/14 23:02, Marc A. Pelletier wrote:
> On 09/30/2014 09:08 AM, Derric Atzrott wrote:
>> "[H]ow can we quantify the loss to Wikipedia, and to society at
>> large, from turning away anonymous contributors? Wikipedians say
>> 'we have to blacklist
Yep but last time I checked I wasn't able to gblock an exit node because it
was already blocked by tb.
Vito
Inviato con AquaMail per Android
http://www.aqua-mail.com
Il 30 settembre 2014 21:41:42 "Derric Atzrott"
ha scritto:
> Speaking frainkly I find (on a daily basis) too many abused V
There are some possible alternatives but none of them will apply to our
overall (non-geek) audience.
Vito
Inviato con AquaMail per Android
http://www.aqua-mail.com
Il 30 settembre 2014 23:39:50 Brian Wolff ha scritto:
>
> We need to transition away from a framework where IP addresses are o
It's not true for you then ;)
Dealing with IPBE we tend to be conservative but if you want to send me an
off-list email I'll take your reasons into the deepest consideration possible.
Vito
Inviato con AquaMail per Android
http://www.aqua-mail.com
Il 30 settembre 2014 20:45:22 "Derric Atzrot
>
> We need to transition away from a framework where IP addresses are our only
> means to block problematic editors and towards a framework where we can do
> so via other less intrusive means.
>
And use what instead? Identities based on proof of possession of a
phone numbers? Surety bonds paid in
There must be a way that we can allow users to work from Tor.
RESOLVED FIXED http://meta.wikimedia.org/wiki/NOP
Nemo
P.s.: Indeed, a million times, and every time more boring. Please reopen
the issue only with concrete experience of issues with the fix.
_
On 09/30/2014 09:08 AM, Derric Atzrott wrote:
> "[H]ow can we quantify the loss to Wikipedia, and to society at large, from
> turning away anonymous contributors? Wikipedians say 'we have to blacklist all
> these IP addresses because of trolls' and 'Wikipedia is rotting because nobody
> wants to ed
On 30 September 2014 15:46, Derric Atzrott
wrote:
> > Okay, so I have to ask. What is this obsession with enabling TOR
> editing?
>
> It's the most well-known of the anonymizers and probably has the most
> traffic.
>
>
I suspect it's the most well known anonymizer amongst a limited group of
tech
> Okay, so I have to ask. What is this obsession with enabling TOR editing?
It's the most well-known of the anonymizers and probably has the most
traffic.
> I'd encourage all of you to focus on technical ways to prevent
> abusive/inappropriate editing from all types of anonymizing edit platforms
I still believe that Nymble is the way to go here. It is the only solution
that
successfully allows negotiation of a secure collateral that can still be
blacklisted after abuse has occurred.
Although, as mentioned, it is all about the collateral. Making the user
provide
something that requires wor
> Speaking frainkly I find (on a daily basis) too many abused VPNs to think
> TOR won't bring tons of abuses. Some months ago (I cannot remember when)
> TORblock stopped working. Having a look at what did happen at time would be
> an interesting path. In my perception it did bring to an increase
Okay, so I have to ask. What is this obsession with enabling TOR editing?
Stewards are having to routinely disable significant IP ranges because of
spamming/vandalism/obvious paid editing/etc through anonymizing proxies,
open proxies, and VPNs - so I'm not really seeing a positive advantage in
en
On 9/30/14, Derric Atzrott wrote:
> Alright, this is a long email, and it acts to basically summarise all of the
> discussions that have already happened on this topic. I'll be posting a
> copy
> of it to Mediawiki.org as well so that it will be easier to find out about
> what has already been pr
Speaking frainkly I find (on a daily basis) too many abused VPNs to think
TOR won't bring tons of abuses. Some months ago (I cannot remember when)
TORblock stopped working. Having a look at what did happen at time would be
an interesting path. In my perception it did bring to an increase in abus
> On the other hand there are no evidences blocking TOR significantly reduced
> the number of editors. Btw anyone with a good reason to use TOR has been
> granted with global exemption.
This is demonstrably not true. I for one have a good reason to use Tor and
have not been granted an IPBE. Con
On the other hand there are no evidences blocking TOR significantly reduced
the number of editors. Btw anyone with a good reason to use TOR has been
granted with global exemption.
Vito
Inviato con AquaMail per Android
http://www.aqua-mail.com
Il 30 settembre 2014 16:40:13 Gilles Dubuc ha sc
Alright, this is a long email, and it acts to basically summarise all of the
discussions that have already happened on this topic. I'll be posting a copy
of it to Mediawiki.org as well so that it will be easier to find out about
what has already been proposed in the future.
There is a policy side
Are there figures proving that closing Tor/open proxy access significantly
reduced the amount of vandalism/sock pupetting in the long term? Versus
just making the unwanted users switch to another way of achieving their
goal?
Sure, Tor traffic will have a high correlation with unwanted activity, bu
I agree, it's a matter of consensus which is definitely beyond any
technical discussion.
Vito
Inviato con AquaMail per Android
http://www.aqua-mail.com
Il 30 settembre 2014 15:55:34 Amir Ladsgroup ha scritto:
Hey,
Overall you are suggesting that WMF changes the policy about anonymity and
a
>> Hey,
>> Overall you are suggesting that WMF changes the policy about anonymity and
>> accept anonymous users. In my view it's not a technical thing and it should
>> be brought up in wikimedia-l.
>>
> I agree, it's a matter of consensus which is definitely beyond any
> technical discussion.
Fa
I hope we can make this work and help Tor users at least contribute some
content to some Wikimedia projects, even if English Wikipedia needs to keep
up its current policy.
Places to convene to work on this include: the MediaWiki developers' summit
in January in San Francisco
https://www.mediawiki.o
Hey,
Overall you are suggesting that WMF changes the policy about anonymity and
accept anonymous users. In my view it's not a technical thing and it should
be brought up in wikimedia-l.
BTW: I need to add something about anonymous users and how the system
treats them. When you block all open proxi
Hello everyone,
I've been a Tor user for many years and I frequently make use of anonymising
proxies services. Recently (yesterday), I set up my first Tor relay.[1] This
has once again gotten the use of Tor and other anonymising services with
Wikipedia on my mind again.
In a recent article on t
65 matches
Mail list logo