What is the "correct" way to non-abusively sock on Wikipedia? Someone who wants to follow the rules and engage in productive editing, but wants to keep a very low profile. In some subject areas there are some nasty people and it is best not to get their attention.

I believe it's called an "alternative account" or something like that. I believe there are quite a few users who do this openly. If you're in good standing it should not be a problem.

There is no way to "openly" sock without the chance of getting accused by an admin (usually with an opposing POV) of abusive socking. You could somewhat insulate yourself by getting advance "permission" from Arbcom, but I have doubts about even this.

Much better is to use a closed proxy and run a real sock. This requires a good deal of discipline. Generally, for n=2 socks, editing one with IE and the other with Firefox is a good idea, with one or the other running through the proxy. If they're on two different computers (a desktop and a laptop), even better. Don't have the two socks ever edit the same articles, vote in the same AFDs, or anything else.

Finally, if you're not infected by edit-count-itis, then I would also suggest abandoning the sock every 3-6 months and starting a new one, from a new proxy.

If you don't have access to a closed proxy, then I would be very careful about socking for any reason.

See [[WP:SOCK]] where there is a discussion of "legitimate uses of alternative accounts."

This is an area where the "hidden economy" of social networking influence is highly in play. You have to have lots of influence and "Jimbo Dust" to openly sock, no matter how closely you follow what purports to be the rules.

In one of the Brandt AfD's I carefully created a second account in accordance with "policy." It's purpose was to permit me to make controversial comments without producing unnecessary interference with my account proper's ability to edit. My account proper was in good standing (still is spotless), I never edited disruptively with either account. I pointed out that SlimVirgin's accusing Brandt of "actionable liable" did not seem to comport with WP:NLT. I was polite and this was relavent and timely in an open and ongoing discussion. Ryulong immediately removed the comment and banned me. Because I could not "sock" and have access to even the modest social capital of my account proper, I was basically mowed over. That was the first and last edit ever made by that account.

But the incident's value as a learning tool far outstripped any impact I might have had in that discussion.

With only a limited set of exceptions the use of confidential alternate accounts by users in good standing who want to: avoid conflict, avoid drama, and avoid certain other editors is not allowed. Editors in good standing who wish to avoid drama can choose to either:

* engage in vandalism and get blocked, because editors who are not in good standing are allowed to restart with a new confidential account, or
* engage in socking and hope to not get caught.

I believe Giano is currently using an approved sock (confidential alternate account) to avoid drama since by now there are likely hundreds of people checking on every edit he makes.

It used to be that use of a different account, unless it was outright disruptive or used to back yourself up on articles and in AfDs etc, was allowed. But I think they've tightened up the rules a lot over the last 6 months.

Of course, if the accounts edit in different areas and don't attract attention, nobody will ever know. If you run one from home and one from work, say, it will be undetectable by checkuser though of course you may be ferreted out by experts with fine linguistic skills.

I have 3 alternate accounts, listed on my main user page. 2 are straight anti-impersonation accounts and inactive, the other is an account I have and will use from possibly insecure computers. I am aware that other people have alternate accouts for anti-impersonation purposes.

Yes, but it is not really relevant since someone could use your disclosure to stalk and then harass you on your alternate accounts.

It's a good technique, but it can have its drawback.

Apparently checkuser will know if you have both IE and Firefox installed on your computer. This will leave another bit of evidence, footprint, for their weaponry.

Best use two computers, otherwise it could well be ones stumbling block! Checkuser won't tell you these things. Sneaky!

Checkuser has no possible way to know this by any lone edit unless they physically hack your computer. HTTP header information sent over the internet simply doesn't have this information.

Doesn't almost everyone running Firefox on a Microsoft operating system have IE pre-installed as part of the operating system or via one of the many service packs and updates?

It is possible to set up a Firebox browser so that when when it is queried for browser type it returns Internet Explorer.

I am assume the only information Wikipedia checkuser's have are: IP address and what is returned by the query HTTP_USER_AGENT. I believe it should be possible to get HTTP_USER_AGENT to return false information.

Yes, FF has an extension to allow itself to look like IE, or anything else.

http://chrispederick.com/work/user-agent-switcher/

Accelerating IPv6 Adoption With Proxy Servers

WP admins have made more than enough of a notion that they think every proxy is due to be blocked. Somewhere, sometime, somehow, the admins will have to give in to the fact that in order for Wikipedia to accept IPv6 addresses that it will have to allow proxies from IPv4, and vice versa. There is no cookie-cutter justified block to all proxies because of this kind of proxy, which is perfectly valid.

IPv6 number are far greater than IPv4 numbers. It is a fact that if a server only works with IPv4 number to route to IPv6 that it will deal with around 65 thousand times more users per IPv4 number. Currently, those thousands of people will all be considered a sock or all get blocked if they use a legit proxy.

Hmmm.

Well, if I use this tool that Gomi gave me.
http://ipinfo.info/html/privacy-check.php
It tells me that I have IE7, and FirefoxMozilla4 installed on my computer, and that's correct.

I am using IE7 presently.

Firefox is not running at the moment, and I haven't booted Firefox for nearly two weeks now.

So, if ipinfo.info can find that information, then surely checkuser can do the same.

<Edit> corrected Firfox to Mozilla

You are mistaken.

The user agent string for IE7 is "Mozilla/4.0 (compatible; MSIE 7.0; ...stuff)"

"Mozilla/4.0" does not mean "Firefox 4" (the latest version of Firefox is 3, in any case). It means "Netscape 4" (yes, that netscape 4) and has been part of IE's own user agent string (with or without any version of netscape or mozilla installed) since forever.

The purpose was originally to lie to some truly ancient browser dection scripts that thought that their webpages were "best viewed by" netscape (as opposed to, say, mosaic, I guess, since IE really has said Mozilla/x.x since at least IE 2.0 [claimed to be Mozilla/1.22]). Now, it's just because it's always been that way.

Firefox's own user-agent string, incidentally, says "Mozilla/5.0 ...stuff... Firefox/3.0"

There is additional information the Wikipedia Server can obtain about your system than what ipinfo.info provides. Such things as operating system and screen resolution.

I am thinking I could run my own proxy server within my house in order to hide information about my computer and browser. My proxy server will not be able to hide my IP address, but since my ISP provides me with dynamic address this should not be a major problem.

Yeah but the thing is, what I was saying before is that IE7 _is_ "Mozilla 4" - and it would be no matter whether or not anything else was installed on the system or not



Both of those are sometimes in the user-agent string provided by some browsers, and will show up in ipinfo if they are included there. Nothing not in the user-agent string (other than IP and x-forwarded-for) are saved in checkuser.

According to Brion Vibber (Wikimedia CTO, perhaps you've heard of him?) it's also possible to get the logged out username you just used. If your browser allows Javascript, the site js could be modified to pull quite a bit of other information about you also and store it for the sysadmins.

Frankly, if it were up to the average "bright" Wikipedia admin (BRFA users, for instance) to even discover that one of the sysadmins were trying to get this information, I'd have to bet on the sysadmins.

If you want to stay secure against the leak of information other than your http headers, you'll need to disable javascript for Wikipedia and related sites completely. Even then, I'd be careful.

There's a great deal of (deliberate?) misinformation about what Checkuser can and can't do. For example, I've often seen it said here that the IP from which an account is created is visible forever to checkusers. That's not true. It may be in the raw access logs hence extractable by developers, but for ordinary checkusers it disappears after three months like anything else.

The expiry time is often misrepresented too, for WP:BEANS reasons.

O RLY?

EDIT: Guess you could read my response in a number of ways. The "three months" rule makes me sit up and take notice. You sure it's three??

I scarcely expected a checkuser to admit publicly that I'm right.

While I can't say for certain that account-creation IP logging is the mechanism, I've seen enough situations where accounts that I know have not logged-in for over 6 months have been blocked as socks. There is no way to tell if cookie-telltales are the mechanism, but I doubt it.

Something like obtaining the previous username can only be done (and done very easily) through the use of cookies. Deleting all Wikipedia cookies before changing usernames would be a obvious and a simple thing to do.

Any site that tries to use javascript to get more personal information out of your browser, be it cookies or whatever, without your permission has crossed the line.

Just because javascript used to be able to get more info than what was intended doesn't mean that info still should be exploited.

When you login, you are given an option to remember who you are. MediaWiki sets what is known as a persistent cookie in your browser. That can be used to track you, but you gave permission while you are logged in, and that permission should be revoked when you log out. When you log out, it should delete that cookie in your browser. If it leaves it, then it has crossed the line into unfriendly spyware: a tracking cookie.

Tracking cookies get set when you visit websites but you can't opt-out unless you clear cookies manually. These are usually used by ads to track which sites you visit. Spyware software usually scans and deletes many of them for you. If you find one of these being set by Wikipedia or by a site being accessed while you thought you accessed Wikipedia, then submit the cookie name to spyware advocates.

That leak was due more on part of wikimedia's proxies, how the MediaWiki software read the http_forwarded_for header, and the nature of PHP.

Not through checkuser, it's not.



Well, it's not up to "the average" admin, since one person's inability to detect such a thing does not prevent another person from being able to detect it.

I asked a checkuser just now, supposedly the limit is "none".

The previously expired changes are gone, but any edits since the change are checkuserable forever, or until one of the sysadmins changes the setting back.

Huh. When I asked, UninvitedCompany said that it's "considered confidential".

The default as shipped is 90 days; it was 30 days for a while before that since it was part of the recent changes table.

I hasten to point out that the aforementioned wasn't me, okay?

(for those that are lurking )

I don't think any has, actually. I'm certainly not going to publicly (or privately) confirm or deny anything one way or the other about anything at all to do with how the CU function operates or doesn't. Not here, not anywhere.

This "I will neither confirm nor deny" stuff is amusing, but SlimVirgin already knows we have one of you in our pocketses, he he he (evil laugh).


And a big Wikipedia Review shout out to those WP admins lurking here tonight! Don't forget to tip your waitress!

Based on the concerns that were cited as the reason that it's "confidential", it would actually be beneficial to that agenda to spread the rumor that the data is kept forever. (It also has the benefit of making it impossible for someone who hasn't seen the log to prove that someone [e.g. Privatemusings] was checked without a good reason based on the check having to have been at a time when he had not done anything to justify a check)

The cookie "enwikiUserName" is left behind even when logged out. Therefore, it is not only used as a persistent cookie while logged-in but also for a tracking cookie when logged-out even when the "remember me" option is not checked on login. It is set to expire (hence, not "none"). There is no opt-out other than to find the cookie and remove it.

Spyware advocates might want to hear about how a site lets a tracking cookie cloak as a persistent cookie.

Also, FireFox has an extension to edit cookies, which means the data from them is not reliable -- but that was the case even before the extension.

What's worse than a tracking cookie -- an insecure tracking cookie.

Good browsers like Firefox also let you set Cookies for specific (or all) domains to only last for a session. In other words, if you tell firefox to remove "all" cookies each session for all sites, when you close down firefox.exe cleanly it will attempt to scrub "all" cookies from your browser. Or, for whatever domain you set. One possible way a site could attempt to circumvent this if you use specific host exemptions would be to try to set a cookie from another domain, but that would be dirty pool and probably cause people to raise hell from a privacy standpoint.

Actually, Firefox lets you set a "don't accept cookies from 3rd party sites" option. I think IE does as well.

Probably not a bad idea to turn this on in general for security/privacy reasons.

There still is the fact that only two cookies need to be set by the website, and those are actually set by the PHP software. All the other ones are basically tracking cookies for checkusers and for logs in Wikimedia's proxies. If they were secure, I probably would have mentioned anything here about them. As it stands, anybody can change the cookies to make the logs look different. This isn't even getting into other http headers besides set-cookies, like the other example shown earlier.

You'd want to enable it if you use the SUL global login, though.

Anyone tried public webproxies?

Public Webproxies

I've never tried it, but in the past I've battled "socks" that amazingly appear from IP's orginating from China, Brazil, India etc for content dispute on Australian specific articles.

The editors have good English language skills and have an amazing detailed knowledge of Australia. Funny that, I've even PM'd a few Aussie Admin's raising the issue but they don't seem to care.

Is there any theoretical way Wikipedia could obtain your computer's MAC address?

I'd have to say no - MAC addresses aren't sent over HTTP, or at least the protocol doesn't include a facility for requesting them or obtaining them some other way. So the only way to do it would be something like a downloaded ActiveX control which would have to run locally on the client machine.

Yes, MAC addresses are not available through HTTP, but the MAC address is shared with your ISP through a lower level protocol. If you look at RIAA subpoenas, they ask your ISP for your computer's MAC address.

There is little reason to worry about your MAC address being used against you. For one thing, it is lost behind almost any routing device between you and the larger network, and for another thing, many modern NICs give you the option to change it in the hardware. Finally, I don't know about you, but there are no fewer than about 30 different devices readily available to me from which I can access the net -- you may have fewer, but certainly more than one. Use different computers for different things. Use a hardware firewall. Check your router settings. Use NAT, clear your cookies, tweak your browser ID string. Simple stuff.

WR:BEANS! David Gerard will see this list and block them all!

Newer network cards lets one change the MAC address. It is not a hardware change, as the signal is simply overrided.





Of course they won't care. Only people that care about web proxies is those Wikipedians that have touted them as a bad thing. The battles are futile.

Web proxies are not a bad thing. For one, there never is a rule that an IPv4 must stay the same for one user.

If you want to not worry about proxies and the battles you do, then consider enabling OpenID and disabling edits by IPv4.

Why you are at it, you can provide some feedback:

http://en.wikiversity.org/wiki/Ethical_Man...edia/Feedback_1
http://en.wikiversity.org/wiki/Ethical_Man...edia/Feedback_2

\