I use an occasional sockpuppet, sometimes for fun and sometimes just to edit in peace. I've never tried to hide through proxies and have never done anything blockable with them. I used to assume that if you used a sockpuppet as provided for in the rules, my privacy and anonymity would be safe. That's no longer the case.

The checkuser statistics are astonishing. Something like 5000 checks/month. A quick look at WP:RFCU implies that 90% are run surreptitiously, undocumented at the RFCU page.

It's clear that the english Wikipedia doesn't really value editor's privacy or anonymity - I'm aware that CU data and ip/ua spreadsheets have been floating around for years among the 'in' crowd, in violation of our privacy policy. The Big brother mentality seems to be getting worse and I feel that it would behoove any wikipedian who values their privacy to look into ways to protect it. I'm particularly interested in simple (closed) proxy software that can be installed on a remote computer.

1) what are the best open proxy lists for wikipedia purposes? (PM, don't post or they'll get blocked)
2) recommendations for good proxy searching software (eg proxybag)
3) what's the best way to check if a proxy is truly anonymous (all that xff stuff)
4) what's a good simple closed proxy to use (if one has a remote computer available to set it up on)

Any public proxy you can access is going to be nuked eventually, unless its 100% only yours. If you use anything hosted a hosting company, it will eventually be blocked--hosts use IPs in usually distinct ranges that no "human users" would be on. Any editing from a web host IP is either using an open proxy, or is using a (hopefully) secured proxy to safely edit from an insecure place, like a public wifi hotspot.

The only way to permanently do something like this, if you have the resources and skill, is to have access to edit via an IP thats not an open proxy, and is not on a typical "web hosting" range. Good luck on that--its FAR harder than it sounds unless you're the IT staff at a multiple location corporation.

Proxy anonymous protection is a red herring. Eventually, something will leak out, in some way, because it HAS to unless you really know what you're doing and are covering all bases all the time. Is your idea to be untraceable on Wikipedia as a username, or just untraceable entirely, so that if in the extreme event that law enforcement subpoenaed your records you'd get off scot free? One is much harder than the other. Is this even Wikipedia specific or something else?

Keep in mind, depending on your patience for access speed, you can always daisy chain proxies, or shove TOR in front of something like that. However if that is done you could end up in a situation where one of them is insecure--you'd need to be the ultimate owner and controller of each on some level, which again brings tracing back to you directly, possibly. But in the end, most avenues to Wikipedia from proxies are going to get thinner and thinner each passing month. Simple math is against you.

I was contemplating my work computer.

Doing it on your work computer means that they know where you work. I'd rather they know what my ISP is (not really useful information as you can't get my location from that) than my workplace, personally.

I don't really know why you'd bother contributing to Wikipedia if you value your privacy at all, to be honest. It's not worth the effort.

No, no death threats or anything like that. I just really chafe at some of the people running the english wikipedia, treating the common editor's privacy like a joke. Ever been on IRC when they're spreading around CU data or whole spreadsheets full of cu/ip data crossreferenced with user names?


What, and let the bastards win?

A practice I am responsible for. I'm still unsure that it's a good idea now, but it sure seemed like a good idea at the time.


Bad idea; there are people who may try to harass your employer which might come back to haunt you. A better choice is to get a cheap dialup ISP account (AOL, Earthlink, etc.) and edit through that. Yes, it will be slow, but it's virtually impossible to geolocate those IPs and you can generally get a brand spanking new one simply by hanging up and dialing back.

A more expensive, although not much faster, option is to use any of the several EVDO (cellular wireless internet) services; those behave much like dialup and the service providers use very large nongeolocatable IP pools. It's unlikely that Wikipedia will block all of Verizon or Sprint Internet, at least for long.

The best way, of course, is to use a botnet; of course, doing so is illegal, since in order to get a botnet you have to crack other people's computers and coopt them. Some of Wikipedia's most notorious troublemakers have been botnet users.

You might also look into how your ISP deals with IP addresses. A lot of them re-assign addresses after you've broken your connection to the internet or had your computer off for an extended period.

(This probably is no help for posting from work.)

I hang out in the admins IRC channel occasionally and I have certainly never seen people passing around annotated lists of user IPs. At most, you can sometimes guess someone's IP when someone lists a vandal account and asks for a rangeblock, if you look in the CU's block log later. I also have a healthy respect for Lar and Alison and I don't believe they would condone or participate in that sort of thing. If you actually have proof, and not just rumors, contact the ombudsman commission--that's grounds for immediate removal of the tool. I have always found Mackensen to be a straight shooter, or if you want someone not at all involved in the enwiki power structure, try Hei ber.

And frankly, unless you move a page to "HAGGER", or get into an edit war with three suspiciously new accounts all taking your side, I doubt anyone would care enough to checkuser you.

No, not in there, of course. But it does happen.

Lar and Alison are not the problem; while I have problems with both of them they pale in comparison to the sort of things done by some of the other holders of the checkuser right.

If you edit from an iPhone, won't your IP keep changing depending on what network you happen to be connecting through at the time (sometimes the AT&T wireless network, sometimes a WiFi network at your current location)?

Not only an IPhone - I edit off my mobile using wi-fi - and because I travel a lot from work, you never get the same IP twice.

Hell, if you have a wi-fi enabled phone, a quick walk around any urban area will provide plenty of free hotspots for you to use.

I have seen cu data improperly exchanged in the admin-irc with my own eyes, but this was a couple of years ago. In fact, I believe someone else introduced it as evidence in on of the admin-irc rfarb cases. (Ooo ya, the arbcom/ombudsman sure addressed that to everyone's satisfaction, didn't they).

I doubt anyone's stupid enough to do that there now. They'll go onto the more private channels or private chat. The spreadsheet example I saw, again a few years ago, was on wikipedia irc, not even the admin channel. It was a compilation of wikipedia User names cross referenced with; ips, irc names, ips from uncloaked irc names, offsite account names, and with some cu data thrown in to boot. No discrimination made for privacy concerns at all. And these were ranking people who should know better, handing it out to all their buddies, far and wide.

OK, I don't even go looking for this stuff and I still stumble across it from time to time. Yes, 'No one of consequence', I've seen this stuff with my own eyes on more than one occasion. I can only imagine what's floating around nowadays between people who actually do go looking for this stuff.

Just yesterday, Slimmy was whining about one of her buddies getting CU'd. how do you think she found out about it? Hmmmm?



5,000 CU's per month, and most of them undocumented? Come on 'No one of consequence', do you really feel your privacy at wikipedia is safe? I bet it's safer here at WR, even though I have no expectations.

That's a good policy now that there's soft blocking.

Maybe the simplest answer is to find a free proxy service with a softblock on it. Then I just need to register new accounts through a borrowed aol account.

My provider has a static ip attached to the nic's mac address. In order to change ips I need to power down the modem, plug it into a different computer and then power it up. When I switch to the original computer, the old ip returns.

You can tell most Ethernet cards to use a different MAC than the one programmed into the hardware. If you release the DHCP lease, reprogram the card's "locally administered MAC", and request a new lease, you will almost certainly get a different IP. I've done that on occasion for my home address on the few occasions when my IP has been targeted for denial-of-service attacks (two or three times in the past couple of years).

How do you go about changing the MAC address?

http://www.irongeek.com/i.php?page=security/changemac

Actually, I don't feel safe here. That's why I do not use my wikipedia user name here. Daniel Brandt already has some (old) IPs of mine from IRC, and I don't want to give him any more help in case he decides to take after me. Hopefully no one will check, and I know that Brandt does not represent every WR user, but I'm not 100% confident that it will never happen.

In fact, I was surprised to see how insecure IRC is. I guess that's something I learned too late. If I change to a new nick that I have not registered, my cloak drops and somehow Daniel Brandt (and anyone else who cares) gets my IP. There was a recent blocking debate on ANI involving a user called Blue Goblin or some such, and a possible impersonator, and IDs based on their IRC-revealed IP address. So I would not be at all surprised if someone managed to put together an enemies list linking wikipedia user name, IRC nicks, and IRC IP addresses. I would be very surprised if that table included CU data. I'm afraid that I take stories of wikipedia malfeasance that emanate from WR with a grain of salt until otherwise proven to my satisfaction.

Regarding Slim, what probably happened is that "someone" (i.e. Jayjg) looked in the CU log and told her that one of her friends was checked. That's not in the same league as disclosing lists of IP addresses, although I imagine that whoever ran the check is probably pretty pissed off at Jayjg.

And if you use them as throwaway socks, aren't all your neighbors going to be pissed off when they find they can't edit Wikipedia!

This is, of course, what gets non-password-protected hots spots to go away, over time. Enjoy them while they last, folks-- they're an ever diminishing natural resource being eaten by mal-users of the net. Your neighbors probably left their doors unlocked 20 or 50 years ago, too (depending on where you live). But not anymore.

In fact, Pumpkin Muffins, since you say you have been in the #wikipedia IRC channels, Daniel Brandt probably has your IP address as well. (Unfortunately there is no link to his hostmask search on hivemind right now to check.)

Yep. If you work for someplace large they probably have your net access blocked anyway. Smaller companies with a DSL, however, probably only have one IP that shows to the outside world on the otherside of your firewall. So no matter whose computer you edit from at work, you're going to show the same single "company" IP to WP. Which means if it's blocked, so's your company.

This kind of thing even happens to the Pentagon when they edit WP, and I vaguely remember the whole US Justice Dept in one building being blocked at one point.

Aren't new open proxies being created all the time, I don't know how many, but anyone with a server can allow others to use it can't they, or something like that?

WP, so my friend says, will have to stop blocking these IPs as IPs are runninng out, they are being reallocated to innocent people frequently, so a lot more people will be unfairly blocked if these are routinely blocked.

It is rumoured that microsoft is going to have IP masking as standard in some new things they bring out, so this would be impossible to do in that case.

Yes, there are new proxies all the time, but as soon as one gets used for vandalism on wikipedia, it gets blocked from editing.

I think that a checkuser who is unable to keep the privileged log confidential cannot be trusted to keep the results confidential. There is an ombudsman and a process for checkusers to report problems. Hypothetically, if a CU fails to follow this process and instead leaks this information around to his buddies, what could happen is that someone might use this information to sully the reputation of the person who ran the checkuser. And it could be done in a way that precisely prevents him from defending himself. The 'crime' could be left to the imagination of the community, thereby applying FUD which always makes it worse, even though it was probably nothing to begin with. I don't know if that's what happened with SV's tantrum yesterday, but she sure as hell ows an explanation to the community of how she came about this privileged information.

I remember when CU was being proposed. There were serious concerns about misuse. One proposal was that people who got CU'd would get a message that only they could see, similar to the yellow banner alerting you to a new usertalk message. This would create a natural check and balance - checkusers would have to have a damn good reason to run a check if they knew they might have to answer for themselves. Another suggestion came from one of Anthere's crew; anyone caught misusing checkuser could be forever banned from foundation projects. Then, David Gerard went over to the technical mailing list, where he though he'd find a sympathetic audience, and complained about the 'tin foil hattery' of people withe privacy concerns. Ahhh... the good old days.

And now we have 5,000 CUs per month, most undocumented at RFCU.

Really what WP needs to do is add automated proxy checking for all anonymous editing and all account creation. I've been informed that the reason this is not done is because it would cause performance problems

I would not have had a problem with this, although it's insufficient. Most of my discoveries of the correlation between an editor and an IP were discovered by checkusering the IP, not the user. When you checkuser an IP you find out the name of every editor who's used it. I suppose this could notify everyone involved, but for some IPs (like the one used as the proxy exit for Singapore's national ISP) this could result in notifying a lot of people. And it's exactly in this situation where most of the people thus notified will not be under any suspicion, because results like that are going to be immediately interpreted as "ah, obviously an ISP proxy exit".

It's not clear to me what should be done in this case.

Good point. But there's another thing too ... when people start editing WP they tend write about what they know. So even if you never tell another soul your user name, there's a good chance that someone somewhere can figure it out from your contributions.

If your cover is blown and you want to start over (this time not editing about work, for example) it's probably impossible. Hell, with 5,000 CU's per month that probably covers every new account with any significant activity. It's a disgrace.



Any good and cheap high power antennas for wi-fi scavenging you can recommend?

Last comment



Certainly Slim was attacking Lar the other day, and it seemed like Lar and Alison knew what it was about but were prevented from discussing it, making it a rather unfair and one-sided assault.



Interesting idea.



Hard to know what that means in real terms, though. Do you really want to require that every sighting of Grawp or the latest template vandal be documented on RFCU before it can be checked and sleepers blocked? And there is no way to know without looking at the actual log how many "checks" it takes to run a "Check." (Look at Fumer tue for example. How many logged checks do you suppose that took?)

How are you calculating the number that are documented at RFCU - my understanding is that fulfilling a single RFCU can take dozens of actual uses of the tool - one for each username that is mentioned in the RFCU, one for each IP that comes up there if it turns out there is sockpuppetry, one for a range to check for potential collateral damage if a rangeblock is contemplated, etc.

5000 CUs a month is a ridiculous amount of usage. That's 150 a day, and I can't believe that there's that many legitimate reasons for the use of checkuser. Then again, it does seem that checkuser (which in my day was for extraordinary cases only) is being used for virtually any editor declared to be a "vandal", and solely for the purpose of fishing to see if it's one of Wikipedia's identified enemies, a determination that only affects which template to put on the permablocked user's talk page.


The most checkuser invocations I ever had to use for a single "request" (it was a private request, not on RFCU) was around 100, and that was a rare situation. I doubt it takes more than 5 or 10 to resolve most requests.

The widespread use of checkuser is a symptom of Wikipedia's dysfunctional community and nonfunctioning governance.

I just took a quick look at the RFCU page history and didn't consider that a single request there might translate into multiple cu log entries. But I also remember David Gerard commenting once that RFCU only got answered by the 'charitable' work of a couple of CUs - and that vast majority of cu requests did not go through RFCU.

Specifically, their inability to implement some simple thing like email-checked password accounts with some minimal ID check, which is how the rest of the world operates.

But we've noted that the people who make the policy decisions at WP don't really clean up the messes on a regular basis. So it's kind of like the military . If Jimbo had to identify and block 10 socks each day before he was allowed to do anything else at WMF, I'm sure he'd quickly discover good reasons to change the "anyone can edit without us initially knowing anything about you" policy. Doing it retroactively, by clumsy CU, sounds like AGF. In fact, it's just laziness up front, with cleanup penalty taken on by somebody else later. As in, dysfunctional. As you said.

You all know that Fannie Mae and Freddy Mac are holding a 5 trillion dollar bag, don't you? Has it occured to anybody that the entire US mortgage crisis, which is threatening to take the world economy down with it, happened basically because lenders started acting like Wikipedia (anybody can borrow-- we don't need to know anything about you), just as soon as they found out that they could hand off the risk and never have to worry about long term consequences. With that cleanup job being given to other people, down the line? Ring any bells?

I created RFCU to get people to stop asking me for them on my talk page. It is far easier to ignore requests when they're on some community page than when they're on your talk page. Somewhere along the way the concept of "checkuser clerks" got spawned, and that made ignoring requests even easier.

When I was a checkuser virtually all of my activity was initiated by private request, most commonly either from something that came up via OTRS, or some other manner originating from Brad or Danny. (I did a lot of "office checkusers" in my day.) The rest would come from IRC, usually from people in the vandalfighting channels, often because of what we called "backslashing", in which an editor would be spotted inserting backslashes before quotation marks in edits. Backslashing is an indication of a badly configured web proxy, and we routinely blocked these for obvious reasons; when the edit was by a logged in user checkuser is obviously required to get to the underlying IP.

Thanks. that's good stuff.

Thanks to Kelly Martin, this is a truly illuminating thread.

I think someone mentioned autochecking for proxies, that it wouldn't be viable for performance reasons. I don't see how this could be true. Such a system wouldn't have to be real-time, and even a random cross-section of automatic checking would cut down the viability of each new proxy.

But then, it would be much easier still to require real email confirmation from a solid address. Milton's analogy of the loans anyone could borrow makes me smile.

Indeed; first time you see a new IP, fire off a proxy check in the background. If and when the proxy check fails, block the IP. They might get in a few edits in the meantime, but no big deal.

This could actually be implemented with an admin bot, but of course admin bots carry with them the inherent risk of the destruction of the human race.

This will be an obviosity to 98% of you, but confusion appears sometimes at the least expected moments ... so just for the record, Brad Patrick, the former General Counsel of the Wikimedia Foundation, is not me.

Virgil Griffith of Wikiwatcher fame has compiled (he thinks) a list of 13,000 wikipiedia editors and their IP addresses at Poor Man's Checkuser.

In my case he is laughably wrong. Did he get yours right? And what privacy policy or ombudsman does he answer to?

Well, an adminbot could almost do it, but couldn't find the new ips that clevery registered accounts behind proxies. If the software dumped ips used to register accounts on, say, an hourly basis then a single bot could make it much, much more difficult to proxy more than a handful of edits per go.

I know some folks here would disagree, but I can't see how this could possibly be a bad thing on the English Wikipedia.

Thatcher131 contacted me a short time ago to offer the following information about his personal use of checkuser over the past month. Here's the information he provided:
Thatcher states that he "would be interested in comments but I am likely to reply on my wikipedia talk page, if at all. I plan to have these stats formatted there soon, too."

It would be informative, perhaps even nice, if the other checkusers would provide similar information, but I don't expect we'll be seeing such information from the likes of Raul654, David Gerard, or especially Jayjg. In fact, I rather expect that Thatcher will get yelled at on the checkuser mailing list for sharing this information, especially with the likes of me.

I have tried that many, many times. There are literally dozens of times when some editor -- who may have been editing quietly for weeks or months -- and begins opposing Slim's or Jayjg's POV on one of their pet issue articles then suddenly gets a checkuser block for sockpuppetry (real or imagined), or blocked for using Tor (not supposed to happen), or simply gets silently blocked -- usually with no block template on their page.

Alison does this as much as anyone -- she blocks Tor proxies that haven't even been used to edit, which, I believe, is also counter to policy. All checkusers abuse the tools, no question. Some are nicer about it than others, but it's all abusive.

Wait - there are people making policy decisions at Wikipedia? Can you cite an example of one (a decision, not a person)?

I think it's refreshing to see that at least one checkuser has a well-organized set of reason statements, considering past accounts (This was in the context of a discussion on WikBack, but I can't recall who said it) of the checkuser log in general being substantially full of entries where the reason field isn't filled in at all.

Here's a (perhaps) good example:

User:Dreamguy gets posted on RFCU no fewer than five times, in each case a more reasonable CU declines the case, as there is little or no evidence of abuse. But along comes Jayjg to block, without a note on the page, for "avoiding scrutiny". Yes, Jayjg can do whatever he wants.

Here's Jayjg blocking another IP after three edits -- could the edit to House demolition in the Israeli-Palestinian conflict (one of CAMERA's target articles and one Jay protects) have anything to do with it?

Believe me, a look through Jay's block log is very enlightening.

In what universe is "avoiding scrutiny" an appropriate reason for a block?

Huh. Wikipedia policy allows for this sort of nonsense? Who writes this crap?

Can checkuser read the MAC ADDRESS?

What can checkuser find out about a user. AFAIK, it's, (1)Browser(2)Operating system(3)Screen resolution(4)I.P.address.

Can checkuser have access to any more knowledge, how about the MAC address?

Folks?

According to the blurb and what I've heard, it can tell you quite a lot about the type of computer, the operating system and the browser (even sometimes whether you have one of those bars that Google and Yahoo keep offering), but not the Mac address. It will spot edits and anything that's logged, such as account creation and page moves. (I don't know about admin actions.)

Of course, it may be that a developer can get more information by looking at the raw system logs.

I don't think so. Here's a related thread.


Here's some related screenshots.

Mac address checking isn't done, I don't believe, and I can't recall off the top of my head if PHP even has a function or way to do this. I don't believe it does, since MACs aren't sent in http headers. Look at this site (safe):

http://whatsmyuseragent.com/

Thats about all that Checkuser can get--whatever you see there. If they did something like (saw this example):

$mac = `ping $ip && arp -a | grep $ip`

They could possibly get a MAC, but I think the Internet would shit their pants if Wikipedia began doing such an invasive (and possibly illegal, if not unethical) action as to scan all visitors. Because thats what it would be--a scan in principle, unless I've gone stupid. Keep in mind, also, that MAC spoofing is absurdly easy. I can tell my router to spit out a different MAC to my ISP for either the router itself (and all PCs behind) or each of my PCs if my ISP allowed it in certain ways. I can clone the PC's mac, or I can just write my own. It's not exactly hard.

One thing I'd be curious to know is if WP/WMF uses the same version of Checkuser that is available for download on the Wikimedia site.

Where there is no uniform enforcement, there is no law. Wikipedia has no uniform enforcement of any policy-- just a bunch of arbitrary actions, kangaroo courts, and warlords without accountability. Thus, it's really impossible to say it has any "policies" at all. I can point you to ideas that are written down, but they're not followed, so they don't really count.

Imagine a country where the King and the nobles do as they please, except in the rare instances where a lot of them gang up on one of them (something that has yet to happen to the King). As for the serfs, they get worked, used, and abused no matter what politics are at the king's-court level. And there you are.