Re: [Wikitech-l] Tor and Anonymous Users (I know, we've had this discussion a million times)

On 10/2/14, Kevin Wayne Williams wrote: > Derric Atzrott schreef op 2014/09/30 6:08: >> Hello everyone, >> [snip] >> There must be a way that we can allow users to work from Tor. >> [snip more] >> > I think the first step is to work harder to block devices, not IP > addresses. One jerk with a cell

Re: [Wikitech-l] State of the DumpHTML extension

Thank you Daniel for this email. On Mon, Sep 29, 2014 at 10:16 AM, Daniel Friesen wrote: > The DumpHTML extension looks like it's in a pretty bad state, it doesn't > work at all in the current version of MediaWiki. > > This seems to be an unfortunate symptom of how it's used and how it's > treat

Re: [Wikitech-l] Tor and Anonymous Users (I know, we've had this discussion a million times)

Derric Atzrott schreef op 2014/09/30 6:08: Hello everyone, [snip] There must be a way that we can allow users to work from Tor. [snip more] I think the first step is to work harder to block devices, not IP addresses. One jerk with a cell phone cycles through so many IP addresses so quickly in

Re: [Wikitech-l] MediaWiki Security and Maintenance Releases: 1.19.20, 1.22.12 and 1.23.5

On 10/1/14, Markus Glaser wrote: > Hello everyone, > > I would like to announce the release of MediaWiki 1.19.20, 1.22.12 and > 1.23.5. This is a security release. Download links are given at the end of > this email. > > == Security == > * (bug 70672) SECURITY: OutputPage: Remove separation of css

Re: [Wikitech-l] Tor and Anonymous Users (I know, we've had this discussion a million times)

On 10/1/14 8:02 AM, John wrote: > Prior to TOR being enabled we need to be able to flag both logged in and > logged out edits made via TOR. There's a $wgTorTagChanges option which does exactly that, except it's currently disabled in CommonSettings.php. -- Legoktm

Re: [Wikitech-l] Tor and Anonymous Users (I know, we've had this discussion a million times)

On 10/1/14 9:09 AM, John wrote: > The abuse filter has no way of identifying TOR exit nodes, thus it cannot > be used for this. Some developer will need to interface with the TOR > blocking code and use the same TOR identification methods to ID and label > both logged in and logged out edits made

Re: [Wikitech-l] Tor and Anonymous Users (I know, we've had this discussion a million times)

My example means that unless TOR is hard blocked attackers can create 6 accounts per day on there home IP and just wait till they go stale and use 6 attack accounts per day. There isn't a need for infinite accounts, just that soft blocking is pointless in this case On Wednesday, October 1, 2014, B

Re: [Wikitech-l] Tor and Anonymous Users (I know, we've had this discussion a million times)

On Oct 1, 2014 3:56 PM, "Derric Atzrott" wrote: > > Another idea for a potential technical solution, this one provided > by the user Mirimir on the Tor mailing list. I thought this was > actually a pretty good idea. > > > Wikimedia could authenticate users with GnuPG keys. As part of the > > proc

[Wikitech-l] MediaWiki Security and Maintenance Releases: 1.19.20, 1.22.12 and 1.23.5

Hello everyone, I would like to announce the release of MediaWiki 1.19.20, 1.22.12 and 1.23.5. This is a security release. Download links are given at the end of this email. == Security == * (bug 70672) SECURITY: OutputPage: Remove separation of css and js module allowance. Full release notes

[Wikitech-l] Bash update to fix shellshock

Some of you may have heard of the latest bash vulnerability (codenamed "Shellshock"). Bash has been patched, but you may need to update. In most cases, you can update GNU/Linux distributions with the standard update tool (e.g. apt-get, yum, or the graphical equivalent). For OS X, you current

[Wikitech-l] Tech Talk: The Dashboarding Problem: October 6

Please join us for the following tech talk: Tech Talk: *The Dashboarding Problem* Date: October 6 Time: 1900 UTC Link to live YouTube stream

Re: [Wikitech-l] Tor and Anonymous Users (I know, we've had this discussion a million times)

Another idea for a potential technical solution, this one provided by the user Mirimir on the Tor mailing list. I thought this was actually a pretty good idea. > Wikimedia could authenticate users with GnuPG keys. As part of the > process of creating a new account, Wikimedia could randomly specif

Re: [Wikitech-l] Wrapping signatures with a for discoverability

2014-10-01 17:17 GMT+02:00 Ryan Schmidt : > The idea of seems fine to me as a way to semantically designate > signatures, however I'd like to caution against using a in the > expanded text, as while it may not be an issue with WMF wikis, some > third-party wikis format signatures like you woul

Re: [Wikitech-l] Tor and Anonymous Users (I know, we've had this discussion a million times)

On Wed, Oct 1, 2014 at 11:05 AM, Jackmcbarn wrote: > Good point; I hadn't thought of that. What if we made some sort of > semi-soft IP block that allowed accounts to edit only if they had fresh > CheckUser data from a non-blocked IP, or something along those lines? > That would rather defeat the

Re: [Wikitech-l] Tor and Anonymous Users (I know, we've had this discussion a million times)

>> >> > I wish it was a contrived problem. However, this is the conceit by which > the edits are attributed for licensing purposes, and it's a non-trivial > matter. While I'm fully supportive of finding another way to do this, it > is a fundamental issue that would require fairly extensive > lega

Re: [Wikitech-l] Tor and Anonymous Users (I know, we've had this discussion a million times)

The abuse filter has no way of identifying TOR exit nodes, thus it cannot be used for this. Some developer will need to interface with the TOR blocking code and use the same TOR identification methods to ID and label both logged in and logged out edits made via TOR. ___

Re: [Wikitech-l] Tor and Anonymous Users (I know, we've had this discussion a million times)

On 1 October 2014 11:00, Brian Wolff wrote: > > > > > > > There also needs to be a good answer to the "attribution problem" > that > > > has > > > > long been identified as a secondary concern related to Tor and other > > > proxy > > > > systems. The absence of a good answer to this issue may

Re: [Wikitech-l] Wrapping signatures with a for discoverability

On 1 October 2014 08:17, Ryan Schmidt wrote: > The idea of seems fine to me as a way to semantically designate > signatures, however I'd like to caution against using a in the > expanded text, as while it may not be an issue with WMF wikis, some > third-party wikis format signatures like you wo

Re: [Wikitech-l] Tor and Anonymous Users (I know, we've had this discussion a million times)

> Prior to TOR being enabled we need to be able to flag both logged in and > logged out edits made via TOR. This is something that can be handled easily by AbuseFilter. It has the option to flag edits made by certain users or from certain IP addresses if I remember correctly. Even if it doesn't

Re: [Wikitech-l] Wrapping signatures with a for discoverability

The idea of seems fine to me as a way to semantically designate signatures, however I'd like to caution against using a in the expanded text, as while it may not be an issue with WMF wikis, some third-party wikis format signatures like you would in a forum (in that there is a signature "block

Re: [Wikitech-l] Tor and Anonymous Users (I know, we've had this discussion a million times)

Good point; I hadn't thought of that. What if we made some sort of semi-soft IP block that allowed accounts to edit only if they had fresh CheckUser data from a non-blocked IP, or something along those lines? On Wed, Oct 1, 2014 at 10:57 AM, John wrote: > Uh, Creating sleeper accounts from good

Re: [Wikitech-l] Tor and Anonymous Users (I know, we've had this discussion a million times)

Prior to TOR being enabled we need to be able to flag both logged in and logged out edits made via TOR. On Wed, Oct 1, 2014 at 11:00 AM, Brian Wolff wrote: > On Oct 1, 2014 11:40 AM, "Brad Jorsch (Anomie)" > wrote: > > > > On Wed, Oct 1, 2014 at 10:29 AM, Brian Wolff wrote: > > > > > On Oct 1,

Re: [Wikitech-l] Tor and Anonymous Users (I know, we've had this discussion a million times)

On Oct 1, 2014 11:40 AM, "Brad Jorsch (Anomie)" wrote: > > On Wed, Oct 1, 2014 at 10:29 AM, Brian Wolff wrote: > > > On Oct 1, 2014 10:55 AM, "Risker" wrote: > > > > > > This is something that has to be discussed *on the projects themselves*, > > > not on mailing lists that have (comparatively)

Re: [Wikitech-l] Tor and Anonymous Users (I know, we've had this discussion a million times)

And any kind of account creation block will cause issues with users who work across multiple projects as SUL auto account creation is also blocked. On Wed, Oct 1, 2014 at 10:57 AM, John wrote: > Uh, Creating sleeper accounts from good IPs lettting them go stale beyond > CU retention, and you hav

Re: [Wikitech-l] Tor and Anonymous Users (I know, we've had this discussion a million times)

Uh, Creating sleeper accounts from good IPs lettting them go stale beyond CU retention, and you have an infinite number of accounts you can then use to skip past the softblocks on tor and create havoc. Anything short of a hard block wont stop open proxy abuse. On Wed, Oct 1, 2014 at 10:44 AM, Jack

Re: [Wikitech-l] Tor and Anonymous Users (I know, we've had this discussion a million times)

On Wed, Oct 1, 2014 at 10:40 AM, Brad Jorsch (Anomie) wrote: > One simple solution would be to disallow IP edits via Tor, i.e. > softblock[1] all Tor exit nodes instead of hardblocking them. > > > [1]: > > https://en.wikipedia.org/wiki/Wikipedia:Blocking_policy#Setting_block_options > I'd agree

Re: [Wikitech-l] Tor and Anonymous Users (I know, we've had this discussion a million times)

On Wed, Oct 1, 2014 at 10:29 AM, Brian Wolff wrote: > On Oct 1, 2014 10:55 AM, "Risker" wrote: > > > > This is something that has to be discussed *on the projects themselves*, > > not on mailing lists that have (comparatively) very low participation by > > active editors. > > Unless people want

Re: [Wikitech-l] Tor and Anonymous Users (I know, we've had this discussion a million times)

On Oct 1, 2014 10:55 AM, "Risker" wrote: > > This is something that has to be discussed *on the projects themselves*, > not on mailing lists that have (comparatively) very low participation by > active editors. Unless people want to trial on mw.org (assuming there is dev buy in, not sure we are t

Re: [Wikitech-l] Tor and Anonymous Users (I know, we've had this discussion a million times)

This is something that has to be discussed *on the projects themselves*, not on mailing lists that have (comparatively) very low participation by active editors. Sending to another mailing list, even a broader one than this, isn't going to get the buy-in needed from the people who will have to cle

Re: [Wikitech-l] Tor and Anonymous Users (I know, we've had this discussion a million times)

> If, as it seems right now, the problem is technical (weed out the bots > and vandals) rather than ideological (as we allow anonymous > contributions after all) we can find a way to allow people to edit any > wikipedia via TOR while minimizing the amount of vandalism allowed. > > Of course, let's

Re: [Wikitech-l] Tor and Anonymous Users (I know, we've had this discussion a million times)

> If, as it seems right now, the problem is technical (weed out the bots > and vandals) rather than ideological (as we allow anonymous > contributions after all) we can find a way to allow people to edit any > wikipedia via TOR while minimizing the amount of vandalism allowed. > > Of course, let's

Re: [Wikitech-l] Wrapping signatures with a for discoverability

>> From the standpoint of programmatically detecting a signature, the above >> could be cleaned up and work well enough. >> > Would this mean that if people had a fancy sig, and they changed it, > it would automatically update everywhere with this magic tag instead > of just applying to new signatu

Re: [Wikitech-l] Tor and Anonymous Users (I know, we've had this discussion a million times)

From my experience too, though I definitely appreciate Tor's transparency/fairness compared to VPNs/other stuffs'. Vito Inviato con AquaMail per Android http://www.aqua-mail.com Il 30 settembre 2014 23:02:27 "Marc A. Pelletier" ha scritto: On 09/30/2014 09:08 AM, Derric Atzrott wrote: >

Re: [Wikitech-l] Tor and Anonymous Users (I know, we've had this discussion a million times)

The impact of Tor upon editors' accountability must be, anyway, clearly discussed with the Foundation as maintainer (from a legal pov too). I can be considered a sort of "stakeholder" for patrollers and what I want is "something" lowering Tor risk of vandalism/sockpuppeting at an ADSL-like level

Re: [Wikitech-l] Tor and Anonymous Users (I know, we've had this discussion a million times)

On Tue, Sep 30, 2014 at 2:33 PM, Federico Leva (Nemo) wrote: >> There must be a way that we can allow users to work from Tor. > RESOLVED FIXED http://meta.wikimedia.org/wiki/NOP Not quite; if your _only_ means of access is Tor and you have no prior editing history to point to (which may be a sit

Re: [Wikitech-l] Tor and Anonymous Users (I know, we've had this discussion a million times)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 30/09/14 23:02, Marc A. Pelletier wrote: > On 09/30/2014 09:08 AM, Derric Atzrott wrote: >> "[H]ow can we quantify the loss to Wikipedia, and to society at >> large, from turning away anonymous contributors? Wikipedians say >> 'we have to blacklist