I'm not really here, but I figured I should drop a note to share something I recently learned. I got an email from someone I know from Wikipedia, asking lots of questions about proxies. No, they weren't trying to learn how to become evil sock puppets, they wanted to understand what was going on here.

Apparently, this admin is blocking IP's left and right on suspicions that they're proxies. From what I can tell, they're not targeting vandals or vote stackers or other "disruptive" users, but instead patrolling recent edits by IP's and running proxy checks on them. In at least some cases, these checks have turned out to be false positives, resulting in newbies getting bitten.

As I've said before, I strongly support the anonymity of editors, and that starts with hiding IP's. In specific, I'd like people to be able to log in reliably while using TOR or the equivalent, and for this to be standard practice, fully supported and endorsed. Without privacy, there can be no free speech, and Wikipedia currently opposes one of the most basic tools that's essential for privacy, all in the name of stopping vandalism.

The problem, of course, is that vandalism isn't stoppable this way. Requring people to login in to edit, and progressively expanding the power of accounts over time, is the right answer, striking a balance between the needs of editors and the protection of Wikipedia.

Al

Good to hear from you, Al. Your right, requiring log-in, even as pseudonyms, would greatly reduce silly patrol games, sockpuppet witch hunts and assorted drama. But lacking a whole new game engine, what else does WP have to offer?

Do you have a link to the block log for this user? I must be doing something wrong because I can't find that this user has blocked anyone, and looking up some of the IPs listed they don't appear to have ever been blocked.

This is the log file of the admin in question:
http://en.wikipedia.org/w/index.php?title=...rgent_insurgent

Sorry, but I don't see him blocking any IPs.

Anyway, as to the issue of whether privacy needs to be established, quite frankly I think that all that needs to be established is to make sure that one person is not someone else. We do that with reasonable success on WR, and its not hard to do. But as for whether people should have lots of privacy, well, if you agree with that, then you think that nobody should be banned ever no matter what, we can all be guests logging in with no identifiable marks, and so forth.

Sounds nice in theory but it creates too many problems.

And indeed Wikipedia started off with those policies, but it became unworkable, and the idea of those policies is what caused much of the rot that we see today.

Yes, I've said something similar before. Banning people and letting people edit anonymously (or even letting people edit without putting up barriers to account creation) are fundamentally incompatible.

However, I do feel it should be possible to allow for truly anonymous contributions. None of that IP address crap - just let people contribute anonymously and let the non-anonymous contributors decide whether or not to accept the contributions. Until they do so, keep the anonymous contributions out of the search engines, and delete them, permanently and completely, if they aren't accepted within a short amount of time.

Using TOR doesn't mean that you're anonymous. If you have a verified e-mail address or other way to determine who you are, why can't you use TOR?

No, using TOR certainly doesn't mean that you're anonymous. I have in the past used TOR while logged in under my real name. TOR hides your IP address, if you use it properly. The rest is up to you to hide or not hide.

My viewpoint is that for a long time there have been accepted norms in terms of privacy over the internet, and that norm is that IP addresses are known to admins of any web service, and that people use pseudonyms or else first names only, unless they personally desire to reveal more. That is the accepted norm. If Wikipedia wishes to go further than that, one way or the other, then they can try to do so, but they are going to be up against the accepted norm, and ultimately they will be forced to go along with what is the accepted norm.

Using TOR and other proxy IP logins has long been debated amongst web services. Most places don't mind, so long as they can tell you apart from others as a unique individual. Some, however, ban them, in order to prevent people having 2 or more accounts pretending that they are all the same person. It also depends on how important it is to the web service that people only have one account each.

E-mail logins are also an issue. Do you require e-mail? If you do, do you require shell (ISP) logins, or is a web based one okay? Even if requiring shell, there are still ways around it (you might have one for work, for example, or you may have multiple ones for work, multiple for home, etc). If you refuse web based ones, do you have exceptions for shared computers?

As for using real names, that is a non-issue usually, as it is not the accepted norm over the internet. However, in professional publications it is the norm. Hence this is only an issue if Wikipedia wishes to be regarded as a professional publication. Even then, there is still an argument that it is not required, as it is not the norm.

These kinds of issues are discussed equally with any internet project, not just Wikipedia, hence they are much bigger than just Wikipedia.

Most people here have already made up their mind as to where they draw their "line in the sand".

I think that ultimately IPs will be fairly useless for anything but a full scale criminal investigation. It's already really easy to get a lot of different IP addresses, between open proxies, TOR, dynamic IPs, AOL, etc. When and if the successor to IPv4 ever comes out things will get even worse, and if IPv4 stays forever it'll be because more and more people are forced to share the same IP.

As for pseudonymity being inevitable, I think you've got a strong case there. I do think some limited exceptions are sustainable - a small portion of anonymous or real name contributions. Slashdot still lets people contribute anonymously, don't they?



My point is that if it's very important at all to a web service that people only have one account each, then that web service is going to have to use some real authentication. Even then you can only go so far - you can't stop someone from having a friend sign up for a second account and giving them access to it. The online poker sites have learned this, for instance.

All the major web sites out there realize this, and for the most part don't even try stopping people from having multiple accounts.

I'm waiting for the expansion pack. :-)

Seriously, I wonder why I even bother to suggest changes in policy when, as it stands, policy is honored more in the breach than any other way. Having said that, policy sets the tone and provides the excuses. The right policies can even tie the hands of admins who would otherwise be abusive.

Consider this rash of permanent IP blocks. First, it's based on a bad idea -- blocking proxies -- that should never have been in the rules. Second, there is no due process. The admin determines guilt and immediately blocks the IP, without bothering to give them a chance to explain. This is the first notice the editor gets! While the victim here is judged guilty unless proven innocent, an appeal is possible. Unfortunately, they'd need to know how to leave a petition for the block to be reversed, which newbs are unlikely to get right. Note that there's nobody experienced whose job it is to defend the accused, to act as wiki defense lawyer. In short, it's all about biting the newbie.

Would adding due process make things more akward for the admins? You bet! And that's a good thing. Unrestrained power is exactly what makes Wikipedia suck so bad.

Al

I think Wikipedia would be better off if all admins take the attitude of "Anyone is welcome to question any of my admin actions and we can talk about it".

Yeah, I know, I'm living in a fantasy world.

Turns out this admin uses a variety of accounts. The one he did the blocks under is here. Apparently, this little anti-proxy crusade is an official project.

Al

I've learned that, sometimes you judge a situation without knowing the whole story. I've had recent problems that relates to this with a person recently and it drives me insane! Sometimes people here, on Wikipedia Review do that. Rarely. But still, sometimes they do. Not to say any names but..um...not everyone does. I won't name the people that don't except, to prevent accusations, Alienus doesn't. I just want people to think about that. This applies everywhere. I'm not trying to put down WR. It happens in all 360 degrees of this planet.

I just want to know that this won't happen everywhere I go online. It haunts me...

That's just not so.



If Wikipedia is going to be a MMORPG, let's use the technolog of MMORPG's. Let anyone create an account, but all accounts start at level 1, which allows only one edit a day, and then only of an article that allows level 1's to edit it. More controversial pages have their minimum edit level raised above 1, as needed, instead of being protected or even semi-protected. All edits, though, require you to be logged in.

Over time, as people contribute productively, raise their level. Link this to the number of edits made minus the number of times they've been reprimanded by an admin following due process. As they invest more time in an account, they get more editing power. Sure, if they get that account blocked, they can go make a new one, but they lose all they've accumulated. This way, socks are easy, but not very useful.

The one thing this fails to do is punish people by kicking them off Wikipedia forever, but that's actually against policy. Remember, the goal is supposed to be about preventing future bad behavior, not punishing for old behavior. Taking away someone's high-level account directly prevents them from misbehaving by limiting their ability to edit at all. And anyone can throw away a dirty account and come in under a new one, starting from scratch to build up their reputation without fucking up this time.

Al

Right, you should be usiing TOR while logged in. However, TOR does not provide a stable IP except during a single HTTP connection. During a virtual web session, your IP shifts, and that can mess up your ability to remain logged in, depending how the web site is designed. (This same problem affects people behind AOL-style proxies.)

Al

Right, but actually it's not important for Wikipedia. No great harm comes from socks, even "secret" ones. If your system can be harmed by socks, you're fucked anyway and need a better system.

Al

I'm not sure if you think you're disagreeing with me or not, but I agree with this. I just think there should be a level 0, for people who haven't even logged in. And I'd also point out that the MMORPG technology doesn't stop people from having multiple accounts, it just puts a cost to having multiple accounts.



I've edited Wikipedia logged in while using TOR lots of times. It works fine, even when your IP shifts. The only thing that doesn't quite work right is the new message notification for your user talk page.

The web sessions are based on cookies, not IP addresses.



In theory Wikipedia isn't harmed by socks, but in practice it is. If you're going to allow socks, you have to stop letting "level 1 users" vote on things, you have to get rid of the three revert rule and replace it with an actual system to resolve content disputes, etc. All very doable if someone comes in and fixes the system, but unless either Jimmy Wales or the WMF board comes in and does it, it isn't going to happen.

Disagree.



I disagree. Yes, people who aren't logged in are the equivalent of level 0, but level 0 has 0 editing rights. Anyone can log in at anytime, provoding only a unique name and password, without revealing their email address or IP, and that gives them level 1, which is enough to edit an unsecured (meaning: uncontroversial) article. Just one, though, because such a low level doesn't allow multiple edits in a 24 hour period. As you level up, this is less of a constraint, but it is still the case that nobody (not even an admin) can make unlimited edits.

Yes, we're not trying to stop multiple accounts. We're just trying to make each account valuable enough in terms of what it gives you and what it cost to get, so that they're not disposable.



My hands-on knowledge of TOR is limited, and in the demonstration I saw, either Privoxy or Firefox was blocking cookies (or maybe both were). If cookies were enabled, then you'd be right about the session stability, but we'd still have a problem if the proxy police are involved, since any CU would turn up a large number of IP's, all of them TOR end-points.



We can't actually stop socks anyhow, so any system that depends on them is fucked. The solution is to throw out idiocy like 3RR and voting.

If there's heavy reversion going on, the edit level should automatically escalate, locking users out. Moreover, users with any given edit level have only a finite number of edits per day. Consider the idea of edit points which are used to buy edits. The cost of an edit depends on the edit level of an article, so editing controversial ones is more expensive and only available to higher-level (and presumably more experienced and trusted) editors.

I agree, though, that the first step is to kick Jimbo out on his porno-peddling butt.

Al

Well, speaking as someone who would never, ever do such a thing, I think it's pretty obvious that if you sold your engagement ring for $50 (when was worth $800) you were making a conscious decision to end the relationship. If you think you can patch things up just by offering to pay for dinner a couple of times, you're sorely mistaken!

Anyway, you should try to only have problems that relate to hamsters and baby squirrels. Those are less insanity-inducing.


If the admin community were less corrupt, and if political/religious biases weren't so easy to promote as a result, that would be a fine idea. As it is, I doubt it would make for much improvement, though it certainly would be a more realistic approach to the problem.


I've suggested something like that before myself, as I recall! I really like that idea - I know they'll never go for it, but at some point they'll have to realize that maintenance-phase administration is very different from growth-phase administration.

Their big problem is that they're in the maintenance phase now, and it's way too early - most of them haven't even learned the basics of large-site politics, much less dealt with the problem of high-level intellects who are also malicious and yet still capable of working within the system.

It seems to me that if you only give new users one edit per 24-hour period, you've just encouraged multiple accounts, and also discouraged new users.



Unless you're doing something to draw a lot of attention to yourself you're not going to be the subject of the CU. Worst case scenario your username shows up in a sockpuppet check of some other user and the checkuser now knows you use TOR. No big deal. Editing Wikipedia using TOR is not against the rules.



At least we're in total agreement about something.

[I just posted this using TOR. And it worked.]

Actually, Alienus's idea of levels of editing is a BRILLIANT one (and that's not just an MMORPG idea, us old-schoolers recognise that's a mud's mission). Nonetheless, it can apply to virtually anything, and has real merit to being seriously discussed on Wikipedia. But let's perhaps modify it slightly.

Levels range from 1-200 for normal users, and then start again at level 1-200 for admins.

All "IP editors" start off at level 1 for each IP and account. Multiple accounts can be as many as you like, but there are different levels for what you can do.

Level 1 editors can only add or delete no more than 5 words in an edit, 1 edit per day, maximum.

A user gets to level 2 automatically after 1 week of editing and at least 10 productive edits. If an edit is reverted, then it doesn't count for experience, and if an edit is labelled as vandalism, then you lose the equivalent of 10 edits worth. Users can then go down to -100 experience points, as a level 1 user, before they get a block, 24 hours each time.

A user must be level 2 before they can revert another editor, and then only a level 1 editor. You cannot revert anyone of the same or higher level than you.

A user must be level 3 before they can talk in anyone else's user page.

Level 4 before they can talk in an article page.

Level 5 before they can vote in an AFD.

Level 6 before they can contribute to any project discussions.

And so forth. Each level can have extra benefits. But admins can promote a user up, if it is supported by other admins.

This would solve a lot of problems with Wikipedia, actually.

Maybe if you got rid of the bad admins first. Otherwise it'd just make things a lot worse.

Point by point



Does this discourage new users? Maybe, maybe not, and maybe it's just fine. Compared to being able to edit without logging in, yes, it's harder to get started. Then again, I'm not sure that this is a bad thing.

Consider that, if someone is a total noob, we don't necessarily want them doing anything more than making a single change to a non-controversial article. That's enough to get their toes wet but not enough to cause damage.

Once they have a level 1 account, it accumulates 1 edit point a day, up to 10. However, they can only spend as many points during a single edit as they earn daily, so a level 1 account could never edit a level 2 article. In this way, article edit costs act as a more graduated version of semi-protection and protection.

Likewise, you can only edit an article three times in a 24 hour period, so 3RR violation isn't simply illegal, it's impossible. Instead of edit warring using multiple socks, we move things to a dispute resolution forum where votes don't count. Fuck democracy; it doesn't work.

All this gives a one-time editor good reason to use that account again, since it'll allow as many as 10 edits that day. Moreover, this gives them a chance to build a track record that'll soon let them edit locked-down articles that are of interest to them.

The above scheme is easy to fine tune. For example, multiple edits to a single article count as one, so long as nobody else edits the same section in between your edits. Likewise, edits to the Talk page are free if you've edited the article. To encourage new users, we could preload their new account with 3 points; the key is that it's a small number.

We have plenty of options to tweak the system to fit our needs. The trick is to admit that we have a plan for new users, with hoops they have to jump through, not just an open door.



This is demonstrably not the case. The admin I posted about is blocking people who've made a single, uncontroversial edit just because they did it from an IP that was suspected of being a TOR endpoint. It is definitely against the rules, and the rules are being enforced more and more, albeit inconsistently and arbitrarily. As for CU, it's done at the drop of a hat if you're foolish enough to edit any page that people sometimes disagree on. Even accusations of puppetry unsupported by CU are enough to result in lifelong bans.

Al

The thing is that if you play a MUD (or MMORPG, or anything similar) and you have an account that's a high level, there is no way in hell that you want that account deleted. That's the worst thing that they can do to you. Being banned doesn't much matter, as you can just find another ISP. But being deleted is a major, major problem as then you have to start all over again. Sure, they discourage you from having 2 accounts at once, but having 2 accounts full stop is fine, and ultimately logging in from 2 at once is only a minor problem (its a bigger problem if you group with 2 at once).

So apply this on Wikipedia. Someone who is an established user doesn't in any way want to get banned. But, if they do enough things wrong, then it happens. But the problem is that then they don't have any opportunity to restart, to create a new character and start from scratch. But Wikipedia's own informal rules approve of it - many people do start a new character and carry on per normal. But then a bigger problem is that that banned IP affects many other innocent users.

So if instead they simply deleted the account, then it solves 2 problems. Firstly, the bad guy loses everything, but does get a chance to start over. Secondly, any innocent people using that IP are fine.

In terms of Wikipedia, well, when you first start off you shouldn't be editing too much. You should have to wait until you are trusted. Admins could then set "only this level and above" on certain articles. Anon IPs could perhaps be restricted to level 5 out of 200, or something of the like. You might have to get to level 100 first before applying for adminship. Whatever. Then it'd make it much more meaningful, and indeed encourage better editing.

The problem then of course is that then you have the people who have a lot to say on one topic, and then that's it. They come out of nowhere, only want to edit on one topic, and want to basically write the entire article, with perhaps 20 edits on one day, then another 30 or so throughout the following 2 weeks, then that's it, that's all you ever see of them. What about them?

But overall, the more that I think about it, the more I think that this is a good idea, and it would resolve a lot of Wikipedia's problems.

Specialists



This sort of specialization isn't a problem in games: If you swing a sword all day long, you get good with swords, but you don't get any better with daggers.

In the same way, if someone is only interested in editing articles about foreskins (hi, Jakew!), let them. Give them higher level for this area of Wikipedia (Project Penis?), and a regular level everywhere else.

So long as they're fair and balanced in their field of interest, that's fine. There's a place in Wikipedia for amateur urologists. And if they're biased freak (hello again, Jakew!), let them lose edit points in that area very quickly, but still be able to fix typos in unrelated articles.

In fact, if someone wants to contact Wikipedia with proof that they're professional urologists, we can identify them as such on their user page and give them appropriately high levels in Project Biology, Project Medicine, Project Penis and any other related projects.

The key here is to admit that Wikipedia wants to provide guidance and limitations. In other words, we need to explicitly reject libertarianism. Bye, Jimbo! Nice knowing youl.

The beauty of the edit point scheme is not in the specifics, but in the general approach, which can be tailored and tweaked until we get it right.

Al

Good point there, and people could be promoted to higher levels ("trained") by other users, including admins.

My apologies as this goes slightly off-topic, but I've never understand why WP is so obsessed with socks and TOR.

If any given IP account or account provides valuable contributions, then who cares if its TOR or a sock or even a banned user? Wikipedia should focus on the value of the contributions and not who or what makes them. I mean, what if Charles Manson edits WP and is a very good contributor, who cares? And if Charlie wants to use TOR to wiki-gnome? More power to him! Even in XFD debates, it is the arguments not the number of editors that should determine consensus.

Well... I'm probably going to sound like Devil's Advocate here, but I'd say it's perfectly reasonable to have a policy whereby if an IP is doing something bad, vandalizing or edit-warring or whatever, and that IP is found to be a proxy, then ban it indefinitely. If it's not a proxy, do what you would usually do, based on the offense.

What seems to be happening now is that people are using the existence of proxies to get ahead in the admin game. RC patrol requires a fast connection and fast fingers on the ol' mouse button... Not easy for everyone, so this particular admin (with the long name that he doesn't actually use) decided to go after all the proxies he could find, apparently regardless of what they'd actually done, and how long ago it was.

At the risk of sounding like a broken record, to me this is just predictable maintenance-phase admin politics. Unless you have some highly specialized knowledge, you can't get ahead by creating new articles because all the easy articles have been started already. So you have to find some other way, and going after proxies was this guy's "other way"... I'm pretty sure we've seen it before, in fact. (I just forget who!)

at one time, i highly suspect WP had more of the attitude of "who cares, as long as they are making useful contribs". this is just more evidence to me that "the project" that the Wikipedia community had was lost at some point.


i now have an urge to register a sock and just use Charles Manson quotes on AN/I and various discussion pages. They'd fit right in.

I totally have to make an Uncyclopedia Unquotable page for Charlie now...

Do we have an Uncyclopedia shortcut? Like UN or something?

Anyway, the whole "Wikipedia as an MMORPG/mud/game" idea is related to the proxies issue, and suggested as a possible solution, so its not actually off-topic at all.

But the question of whether to ban proxies or not is a tough one, and I think that individual web sites make their own decisions on it.

Wikipedia Review, for example, doesn't ban open proxies, but does require shell e-mail to register. If you require shell e-mail, and everyone's IP is displayed (to admins) when they write here, then there's no need to ban proxies, as sock puppetry is minimised. We still get it occasionally, but its pretty rare.

Can you show an example of that?



Quoth [[Wikipedia:No open proxies]]: "Open or anonymising proxies may be blocked from editing for any period at any time. While this may affect legitimate users, they are not the intended targets and may freely use proxies until those are blocked." It is not against the rules. I've done it numerous times. I've admitted on the mailing list that I've done it. Ant, the chair of the board, has even admitted to editing through TOR while logged in.

Go look for yourself, starting here.

I'm surprised nobody mentioned the Chinese, who must use Tor to circumvent government censorship.