Jump to content

Wikipedia talk:Wikipedia Signpost/2020-11-01/Op-Ed

Page contents not supported in other languages.
From Wikipedia, the free encyclopedia
< Wikipedia talk:Wikipedia Signpost

This is an old revision of this page, as edited by SilkTork (talk | contribs) at 13:49, 7 November 2020 (About time). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.



Back to Op-Ed

Discuss this story

How might this work with the current problem of IP leaking the identity of logged in users who are blocked to other users on the same IP? All the best: Rich Farmbrough 19:58, 1 November 2020 (UTC).[reply]

I'm not sure this in itself would change anything at all. We'll jave to look into it. Thank you for raising the question. /Johan (WMF) (talk) 22:22, 1 November 2020 (UTC)[reply]

So where is the substantial improvement in anti-abuse tools you promised when you announced this unwanted project? Oh wait, you haven't deployed anything. MER-C 20:00, 1 November 2020 (UTC)[reply]

The most recently tool is the new version of the checkuser tool Special:Investigate, which was deployed to the last remaining wikis – including English Wikipedia – in October, although it still requires significant fixes.
But to be clear: we're also far from implementing masking, and there's more time for tool development before that happens. This update is because the Wikimedia Foundation Legal department clarified that the status quo couldn't remain, which we had previously considered a potential outcome, and we wanted to the let the communities know that as soon as possible. /Johan (WMF) (talk) 22:22, 1 November 2020 (UTC)[reply]
That is about 2% of the work you need to do to mitigate this when complete. Try harder. MER-C 13:43, 2 November 2020 (UTC)[reply]

I normally support WMF decisions, but a lack of transparency on why this must take place, and insisting "not if, but how" it will take place, is reminiscent of the so heavily opposed renaming efforts, also forced upon the community as something that must happen in some form or another. ɱ (talk) 20:13, 1 November 2020 (UTC)[reply]

@: I can assure you that there is at least one very good and concrete reason why WMF Legal is insisting that we mask IP addresses and this reason also prevents the WMF from discussing it publicly. I know that sounds like an Orwellian ultimatum, but that's the unfortunate reality of the legal situation. This is not analogous to the renaming effort, as it is a legal requirement, not something the WMF actually wants to do. Ryan Kaldari (WMF) (talk) 17:27, 4 November 2020 (UTC)[reply]
Ryan Kaldari (WMF), that is hard to believe when no one will answer the simple question "What law is it that requires that?". Legal codes are already publicly available, so it's not like you'd be revealing confidential information just by saying "1 USC Section 42 requires that." I'm not aware of any laws that make it illegal to display an IP address, but of course the lawyers may know something we don't. Why all the secrecy? They may be prohibited by professional ethics from talking about the advice they give, but the people who receive the advice are not similarly restricted. Seraphimblade Talk to me 23:43, 6 November 2020 (UTC)[reply]

"we publicly publish IPs [...] of people"

The longer I work on the project, the stranger I personally find it that we publicly publish IPs [...] of people who are trying to help make the wiki better. - this framing, which seems to have been the main motivation for initiating the entire effort before the sudden recent discovery of the legal requirements, is questionable to say the least. It casts these "people" as helpless victims whose IP address is forcibly exposed by the decision of others. But "IP editors" are not an immutable protected group. They are just contributors like everyone else, who have made a different choice after hitting the edit button - namely to have their contribution attributed to their IP address rather than an (easily created) account.

Now, I agree that an editor's IP address can be very sensitive (I have long advocated this view myself, e.g. as a main author of the German Wikipedia's checkuser guidelines, which are more restrictive than those of many other projects out of such concerns). But the reality is that many editors rationally decide that this is not the case for them personally.

Also unacknowledged in the rhetoric about this project is that contributing under IP can often even be the more privacy-preserving choice: The information that can be derived from a dynamic IP is frequently much less revealing than what can be concluded from a logged-in user's aggregate edits (I compiled a few examples in this Wikimania talk a good while ago).

Regards, HaeB (talk) 20:16, 1 November 2020 (UTC)[reply]

  • I think we should be careful not to shoot the messenger (WMF tech staff). Legal department is clearly driving this and it's probably not useful as non-legal experts to try to change their minds. In fact I see some opportunities here, especially in terms of a tool that lets non-checkusers compare two users seeing if they are editing from nearby IPs or IP ranges) without revealing privileged information, what I called an "oracle" some time back when contemplating ways to combat systematic and/or long-term abuse. ☆ Bri (talk) 20:32, 1 November 2020 (UTC)[reply]
As stated above, I'm not talking about that legal message (which seems to be that WMF is not allowed to give editors these two choices even if they wanted to), but about a quite distinct rationale which was a focus when the project was initiated by the Product department last year.
And I totally agree about the potential value of the planned improvements to the checkuser tool or the various efforts to provide automated sockpuppet detection. But these are entirely separate - they wouldn't be tied to the masking effort and could in fact have been implemented years ago.
The bottom line remains that there is an inescapable tradeoff between information integrity and (perceived) privacy benefits here. Of course, now that it turns out that the existing practice is illegal, we need to fix it. But especially at this time where fighting misinformation is on many people's minds (including the Foundation's), we should not pretend that it won't have a negative impact on that work.
Regards, HaeB (talk) 20:57, 1 November 2020 (UTC)[reply]
HaeB: You're probably aware of this, but just to be clear so people reading this don't get the wrong impression about why this is happening: whereas I personally believe there are also privacy benefits, and that this has often been lost in the conversation, and not only costs and problems that we have to solve, at the end of the day, my opinion is immaterial. We're preparing to move forward on this (not now, not this month, not next month: when we've had time to prepare and develop tools) because Wikimedia Foundation Legal department recently clarified that the status quo remaining is not an option, and not because of any other argument I could make. /Johan (WMF) (talk) 22:22, 1 November 2020 (UTC)[reply]
Yes, Johan, I think Bri and myself had already mentioned this about three times above. It is not disputed that we need to change the status quo now that we have learned that it has been illegal or at least too legally risky since 2002, or perhaps only since some more recent legal developments.
Still, in your op-ed you chose to advance that "immaterial" separate non-legal argument (that we are wronging "people who are trying to help make the wiki better" by offering them the option have their edits attributed to their IP address instead of an account). So it remains worthwhile explaining how you arrived at that view.
It is appreciated that this change is not being implemented in a rush, and that a serious effort has been made (e.g. in Claudia's report) to understand how editors currently use this IP information to deal with abuse. But unless I overlooked something in the documentation on Meta, no comparable research has been conducted about the perspectives of the objects of your concern, namely the editors who choose the IP attribution option for their edits. There is an assumption (also spelled out explicitly on the main Meta-wiki page) that they are usually not intellectually capable to really understand the anon edit warning displayed after one clicks "edit", and are therefore unable make an informed decision about this. But a serious assessment of the privacy vs. information integrity tradeoffs would involve estimating how often this is really the case, and for what reasons. This could also have pointed to alternative solutions, like making that warning more easy to understand or perhaps even more legally pertinent. As mentioned above, editing without logging into an account can actually often (although of course not always) be the more privacy-preserving choice. And anecdotally, many IP editors appear to be experienced regulars rather than naive newbies.
Regards, HaeB (talk) 23:51, 1 November 2020 (UTC)[reply]
I did, and that might have been too personal, but I should live up to it nevertheless.
(For those skimming and not having read the entire conversation above: The argument below is not why the Foundation is moving forward with this, which is based entirely on legal requirements. This is personal notes on a topic I mentioned as reasons to start a conversation, rather than making a decision.)
For context, I was almost exclusively an IP editor for my first four years of Wikimedia editing; after a little while I had an account with very few edits to its name, but it took me years to get into the habit of logging in; I'm not here to disparage our intellectual capabilities. There are people who continue being IP editors fully or at least partially aware of what this means. I would rather say that we and almost every other website has effectively taught users that whenever you post something, there's information being thrown at you need to disregard. Banner blindness is a real thing. Then, even if you read it, you need to understand what an IP address is, which many don't. Then, you need to understand the implications of this, which even fewer do. How can this be used against you? Not doing this is not having the intellectual capability: it's about not having to spend significant time and effort understanding the technical background just so you can make a small fix to a text online. It's the sensible choice, just like the decision to not read through the end-user license agreement is just a sane way of living one's life.
With that said, yes, this is largely based on assumptions (informed partly by having spent a lot of time talking to people who described making one or ten edits), and if I wanted to make an anonymous edit for some reason, broadcasting my IP would sure be efficient than using my normal non-WMF account. I also think it's a weakness that IP users are not really part of the conversations around this.
Legal did look into consider making the warning more clear, or unavoidable, as part of the their investigation, but that this was rejected as an avenue forward. /Johan (WMF) (talk) 02:52, 5 November 2020 (UTC)[reply]

 Question: "[F]or legal reasons – which they can’t explain in detail due to legal privilege, the legal professional rules that control what lawyers can say about their work – this is something we have to do @Johan (WMF): I understand that there may be reasons to keep things private, but this is a very peculiar assertion. If this is a case of legal privilege, who are the parties? Surely the WMF is the client? Mo Billings (talk) 23:58, 1 November 2020 (UTC)[reply]

I think the answer to your question is in the first paragraph of Wikipedia:Wikipedia_Signpost/2020-11-01/News and notes#Mandatory IP masking. Yes, as best I can tell, WMF's counsel has told WMF this is required. ☆ Bri (talk) 00:25, 2 November 2020 (UTC)[reply]
meta:IP_Editing:_Privacy_Enhancement_and_Abuse_Mitigation#Statement_from_the_Wikimedia_Foundation_Legal_department explains a *tiny bit* more about what Legal is thinking. The reason for the secrecy is likely that Legal's advice to the WMF on this matter would be considered work product. Having your legal department publish a brief saying "we think we might be in violation of/could be sued under Law X in Country Y" is generally considered a Bad Idea. While I'd definitely like to hear more about Legal's concerns so that we as a community can better design and evaluate mitigations, that's unfortunately how the courts work. --AntiCompositeNumber (talk) 00:34, 2 November 2020 (UTC)[reply]
@Johan (WMF) and Mo Billings: - yes, stating they couldn't explain because of legal privilege was a bit odd. It can be waived by whoever the client is (in this case the WMF itself). If they (that is, Legal) can't release it because the WMF (as an organisation) refuses to waive it that is an important clarification. That (in)action could be warranted, but the specific reason should be given. Nosebagbear (talk) 00:39, 2 November 2020 (UTC)[reply]
Thanks, AntiCompositeNumber, that link was quite helpful. Still, I would be more comfortable with this if it wasn't phrased in such terms. If the WMF is the client then putting this in terms of "legal privilege" seems like a fig leaf to hide the fact that the WMF doesn't want to talk about the reasons for this change. I would rather be told that this is being done to reduce future legal exposure (without knowing the details) than be asked to go on trust. The re-branding project and the proposed board changes have recently weakened my level of trust in the WMF. Mo Billings (talk) 03:55, 2 November 2020 (UTC)[reply]
@Johan (WMF): I would appreciate a clarification form you or WMF legal on the privilege question. Thanks. Mo Billings (talk) 17:33, 4 November 2020 (UTC)[reply]
Mo Billings, I've pointed Legal to this – I'm not the right person to handle the legal questions, I'm afraid, coming to this from the product side. /Johan (WMF) (talk) 17:51, 4 November 2020 (UTC)[reply]
What's to stop a hash of the IP being used, at a minimum? Adam Cuerden (talk)Has about 7.6% of all FPs 02:54, 2 November 2020 (UTC)[reply]
A hash would not be good enough to track an IP vandal hopping within

 Question: I also am not reassured that a magical tool will be sufficient to track long-term abuse. Will that 'wand' allow us to distinguish the following known pattern of disparate IP usage? 'Griefer451' has access to computers at home, at work and sometimes at the library. They have a 'fairly' distinct style allied with a grievous resentment towards WP, resulting in both numerous defacements at intervals together with an impression that this 'editor' is somehow familiar even though a number of IPs are used at dissimilar periods of day and also migrating over weeks. How are we ever to shut down this vandal? If we can't notice that the IPs related by vandalism are clustered? That even when (home) IPs change they are actually from the same pool? This is not theoretical, but actual long-term patterns.

Further, how are we to ever notice school kiddy vandalism? Will there be a magic flag added to the tokenized identity that says this is a middle school educational pool so we can apply the dunce cap?

The legal team say they have determined an unassailable legal stance for WP? Have they determined whether it is workable? I would challenge the WMF thusly. Have every member of the legal team spend one or two hours a day following IP edits around WP, fixing the obvious vandalisms and reverting the graffitos, for at least a month. Oh, and track back in time _all_ the edits those IPs have left lying around for months. First, the lawyers will *love* the billables. Second, WMF will gain a new respect for the amount of time that IP inadvertencies soaks up, while rueing the cost of reality-based research. I feel that legal opinions are not information sufficient to proceed, but must be reconciled with our day-to-day realities. Moreover, I feel, anyone not having spent hours and hours fixing IP vandalism is not qualified to appreciate the difficulties already existing. Don't make it impossible. Shenme (talk) 04:49, 2 November 2020 (UTC)[reply]

It also encourages vandalism. Now, if someone vandalises from the UK Parliament, they get shamed. After this? They completely get away with it. Adam Cuerden (talk)Has about 7.6% of all FPs 04:59, 2 November 2020 (UTC)[reply]
And the counter-vandalism efforts of most users without access to advanced privacy tools would be rendered useless if it is impossible to track patterns now ascribed to a single IP (static school IPs, for example) or range of IPs (the classic IP-hopping vandal within a subnet). Vandalism and "sockpuppetry" would run rampant when there are fewer users capable of identifying and reporting the source of problematic edits; the rest of us would basically be playing whac-a-mole with vandalism in articles, which in my opinion is a wholly unacceptable outcome by itself. We'll see what WMF comes up with, but anything that is a net negative for non-admin (or worse, non-CheckUser) RC patrollers is a step in the wrong direction for the project (admins and CheckUsers especially are overworked enough as is). As a non-admin RC patroller, I hold reservations about this. ComplexRational (talk) 14:08, 2 November 2020 (UTC)[reply]
I don't believe in a magical wand tool either, to be clear, though I would love one – we don't have a single tool that would drastically change the field. I'd describe the current plans as smaller changes across various areas, combined with making sure that the information isn't limited to checkusers, or admins for that matter. /Johan (WMF) (talk) 17:51, 4 November 2020 (UTC)[reply]

EU Privacy Law

I used to work in the Data Protection area in the EU, so I have a suspicion that I know why this is necessary, and why the WMF might not want to concede that IP data is personal information until they are in a position to stop displaying it. However I'm curious as to what we are going to do with the hundreds of millions of edits that are currently linked to an IP address. Leave them untouched? If you stop displaying the IP address how do you expect people to comply with the attribution part of CC-BY-SA? To me it has long seemed a bit of a nonsense that we require attribution of IP addresses, better in my view to have edits by logged in users as CC-BY-SA and in future to have some of legalese to the effect that if you choose not to use an account the SA bit of CC-BY-SA does not apply to you as you have not given a name for reusers to attribute your edits to. The recruitment of new editors is a really important point, but there is an alternative. Currently we are over dependent on the desktop view as the mobile view recruits very few readers to become editors. Making the mobile view more editor friendly for smartphone users is probanbly too big a software task for the WMF. But if we launched a tablet view an intermediate in editor friendliness between mobile and desktop, and maybe upgraded everyone on their first edit from Vector to Monobook, we might have sufficient new editors that we could afford to lose IP editing. ϢereSpielChequers 09:55, 2 November 2020 (UTC)[reply]

So, for my sins, my last job was also in EU data compliance (May 2018, fun days...), and this got discussed a bit more on meta, in obviously non-confirmed ways. Given that they didn't say we had to do this a couple of years ago, I had wondered whether one of the regulators had dropped them an unofficial message, or if one of the jurisdictions had had a case WMF Legal re-interpret the articles/recitals. Nosebagbear (talk) 16:27, 2 November 2020 (UTC)[reply]

User contributions

I ask this as an editor without much technical understanding of the "masking" process being proposed here: will editors still be able to see the user contributions of IP editors? Help:User contributions points out that "Other users' user contribution pages can also be accessed and are useful for seeing how other users have contributed. They can be used to track down vandalism, serial copyright violations, etc." I routinely use IP editors' user contributions pages to find and revert all of the vandalism a vandal has posted after stumbling across one instance of it in my watchlist. Will this still be possible with the IPs "masked"? If not, it will make spotting and quickly fixing the work of vandalism-only IP editors much more difficult for me. -Bryan Rutherford (talk) 04:26, 3 November 2020 (UTC)[reply]

My interpretation of that is that side would still be as normal - it would just be "user contributions of IPMask-12345" rather than looking like an IP address. Nosebagbear (talk) 10:12, 3 November 2020 (UTC)[reply]
I can confirm that everyone will still have access to contributions, just like today. The only real difference here is that you'll see something else than the IP as the user ID. The one other question mark is persistence for the masks (the user IDs, the "user names" so to speak). /Johan (WMF) (talk) 17:54, 4 November 2020 (UTC)[reply]

Years ago I remember an exchange over a biographical article which the Foundation had blanked due to a complaint, yet when queried about what the problematic content was, WMF counsel (I believe that was Mike Godwin) replied they not only could not tell us "for legal reasons". This led to the equivalent of a bizarre version of 20 questions between editors & the WMF counsel to figure out what the content was so it could be excluded from future versions. I also remember another exchange where another editor needed some legal advice concerning an edit, only to be told by Mike Godwin, "I don't work for you, I work for the Foundation." In other words, WMF Foundation has not only managed to antagonize the editing community, but taken the stance that for the most part we volunteers & our concerns are not important to the success of the projects. (If we are not considered part of the problem hindering that success.)

Reading once again this evasive language, that IP masking must be done, but the reasons can't be explained to us "for legal reasons" is, frankly, insulting. It's a repeat of the insult many of us felt in the FRAM incident: that the opinions of the people who are creating this treasure of information aren't important. Now, I'm sure someone from the Foundation will appear to argue that this is not the case, but those words won't work. Even if that person is the head of the WMF Legal team, because it's clear WMF Legal only cares about the Foundation, not about the volunteers who enable the Foundation to exist. We volunteers have given far more in labor & resources to the success of Wikipedia & related projects than the visible heads of the Foundation, & unless we are seriously included in matters like these, one day we will stop editing. This is an observation, not a threat. -- llywrch (talk) 19:07, 3 November 2020 (UTC)[reply]

@Llywrch: As a 16-year volunteer editor who also happens to work for the WMF, I can assure you that the WMF would absolutely not be doing this unless it was a clear legal necessity. And unfortunately, I can't explain why it is a legal necessity due to specific legal reasons. You may consider that evasive or insulting, but it is not intended to be either. Due to the laws under which the projects and the WMF operate, it unfortunately isn't always possible to have complete transparency. This is just as frustrating for the WMF as it is for the community. Ryan Kaldari (WMF) (talk) 17:51, 4 November 2020 (UTC)[reply]
Please note this was directed at WMF Legal. While many WMF employees are concerned about the relationship between the volunteer communities & the Foundation, I have yet to encounter any who work for that department. If anything, of all of the units within the foundation they are the most hostile to our needs & requests. -- llywrch (talk) 18:26, 4 November 2020 (UTC)[reply]
@Llywrch and Ryan Kaldari (WMF): I actually find Legal's action here annoyingly uncharacteristic - I have quite a lot of communication with them through OTRS, where they are both pleasant, to the point and treat agents more akin to colleagues. I also feel it's somewhat bonkers to say that WMF Legal only cares about the Foundation, given fairly strenuous efforts to aid the Community when they could have just required compliance, and still avoided risk to the WMF. However, here, they've listed a bunch of things which wouldn't be legally binding, which makes it read more like covering detail, to make it harder to pin down the specific reason - hence a viewpoint of evasion Nosebagbear (talk) 14:50, 5 November 2020 (UTC)[reply]

EU-US Privacy Shield invalidation

Those interested in details about this requirement might want to review the July ruling from the European Court of Justice finding that the EU-US Privacy Shield framework failed to protect Europeans' rights to data privacy.[1] 107.242.121.56 (talk) 21:30, 3 November 2020 (UTC)[reply]

About time

I have raised this issue a number of times. I think Wikipedia is today the only website which openly displays users' IP address, which can reveal data about them, and make them potentially vulnerable to hackers. We know that revealing such data can be highly inappropriate, which is why we allow oversighting of edits by unlogged in users. But by default the WMF is revealing information about users without adequately warning them of the consequences. It should be a priority matter to automatically hide people's IP address, and not because the WMF can get sued but because it can put people in harm's way, and nobody should be put in harm's way because of editing Wikipedia, even if they are vandals. The WMF could automatically assign a unique username to each IP address, making it clear this is an unregistered account, but identifying it so it can be monitored, and still allowing checkusers to look at the IP address if appropriate. It should do this for each new IP user, but also convert all existing IP edits into unique usernames, providing functionaries with all the data of the changed IP names. The information the legal team probably wants to conceal is detail on the ways that an IP address can be vulnerable (and thus the rationale for why they want to do this), and it is right that such information is concealed, and that we shouldn't be speculating here on those vulnerabilities. SilkTork (talk) 12:06, 6 November 2020 (UTC)[reply]

I think Wikipedia is today the only website which openly displays users' IP address... that's because WMF sites are among the few that allow unregistered editing. I don't know of any non-WMF wiki sites that allow unregistered editing; they may exist, but they are rare. So this simple solution to mitigate privacy problems may simply be to ban unregistered editing like everywhere else. Jules (Mrjulesd) 20:25, 6 November 2020 (UTC)[reply]
I'm not seeing a requirement to register, nor any particular difference between someone editing Wikipedia unlogged in and being automatically assigned "UserNo123456" rather than "IP:774637", other than giving that user safety which they would not otherwise have. Everything else is the same - their edits are automatically logged to them, and they are not having one moment's pause as the software assigns their user name in the same way that it currently assigns (and reveals) their IP. If you're seeing something in it which I can't see, I'd be interested to hear it. SilkTork (talk) 13:49, 7 November 2020 (UTC)[reply]
Retrieved from "https://en.wikipedia.org/enwiki/w/index.php?title=Wikipedia_talk:Wikipedia_Signpost/2020-11-01/Op-Ed&oldid=987504166"