Wikipedia doesn't block to punish individuals. It blocks to protect itself. There are plenty of ways around most blocks, like simply creating an account.
> Communities typically block edits from IP addresses that obscure individual users.
Surely they are aware that this is basically all IPs nowadays...?
If that's genuinely the policy then it should be almost equivalent to just requiring an account for all edits, so why not just do that?
the problem with accounts is that the editing history is public, making it impossible to keep even a pseudo-anonymous identity because everyone would know who i am based on what i edit.
didn't jimmy wales himself say that the editing and viewing history is sensitive personal data?
i don't mind wikipedia itself knowing my identity, just like i don't mind hackernews admins knowing who i am, but i'd like wikipedia to help me keep my identity hidden from the public.
I'm fairly certain that the GDPR believes an IP address is PII and imposes a bunch of fairly onerous restrictions on how network administrators are able to log and analyze them. So it doesn't seem like that ship has sailed at all. If anything it's been reinforced by actual law that it _does_ meaningfully identify someone.
It is very seldom in my experience the case that legislation tells us anything at all about what is true about technology.
[1] https://meta.wikimedia.org/wiki/Global_blocks
"Global blocks are technical actions performed to prevent an IP address or range of IP addresses from editing all Wikimedia wikis, for a fixed period of time or indefinitely. Global blocks disable account creation from the blocked IP by default, and can also prevent editing while logged in to an account."
Much easier to simply block posts/puts to certain paths from ip ranges in the ingress layer, before they ever reach the application and are authenticated.
That said, there's nothing stopping me hacking a residential router to make my (anonymous) Wikipedia edits.
As usual it's a small misbehaving minority in the world who make it difficult to Have Nice Things.
Everything sounds like that is already the case? Is it not?
> Communities typically block edits from IP addresses that obscure individual users.
Instead it's way past time they just attacked the problem directly with some flavor of more formalized cryptographic representation of time. Like just give new users a number to do prime factorization on tuned to a desired target, then sign the result. Ensure they need to do a few hours/days/whatever of crunching (could be graduated, a few hours gets you initial editing rights then you're expected to crunch a bit more over the following months to reach full user level). Scale over time with increasing processing power. Near zero cost to verify. Now even with hacked routers and so on it still always takes some time. For people who don't get banned it's a one-time cost, no problem, amortized over years/decades (Wikipedia is 21 years old now, and there are other older forums still around too). Anyone in the world can participate no money required, just a computer. But for attackers it's a constant burn. And it changes to calculations for things like soft bans too. If you've got a token representing a week's worth of compute built up over a few years and get a 48 hour ban, the incentive against ban evasion is high. It's not possible to build back up another token before the ban expires.
It's a shame there isn't some standard for this, no reason in principle a handful of authorities couldn't make chrono-tokens that any site could recognize and keep their own DB of. No permanent identity involved, no law enforcement, always the chance to start fresh, every site can choose whether to worry about other sites' bans or not (or contribute back their own or not). A token need not be tied to any account at all in fact. And no algorithms involved either, humans can take the driver's seat again because the cost equation is firmly back in moderators' favor and they have a dynamic tool to respond to abuse (they can just temporarily increase the time req during an attack surge as high as needed to quench it while not hurting long time users or even stopping new ones from signing up then lower it smoothly back down to let new people start faster as whatever caused the attack winds down).
It stinks we're into the 2020s and moderation doesn't really seem much different than the 90s.
1. Defenders use standard PCs and mobile phones. Attackers use GPUs, FPGAs and ASIC and run them in places where electricity is cheap.
For traditional hash algorithms this gives the attacker a thousandfold or so advantage. There has been some work on closing the gap in the context of crypto currencies, but I don't know how close they got.
2. It takes a phone (or even a PC) a long time to burn through $2.
3. Attackers have large botnets and don't pay for the electricity consumed by these.
Meanwhile, abusers just farm PoW solutions and make it negligible. You end up with a solution that’s even easier to farm than quick expiry captcha.
And your idea doesn’t stop you from having to implement moderation anyways. You have to do the same work.
>One is that you mainly punish honest users who have to install and run this PoW crapware just to make a small but legit edit.
I covered this. It's trivial in such a system to still have no-cost be the default, and ramp up only for certain criteria or during hot spells. Which is what I wrote. Also, an RSA cracker can run fine as javascript, no need to install anything. And legitimate users can build up over long periods. Further, how do IP bans, the existing default, line up with your "honest users" thing hmmmmm? You did at least read the title of this comment section right? You are aware that this is all in the context of something that is also a broad sledgehammer right?
>And your idea doesn’t stop you from having to implement moderation anyways.
I never suggested it did? Quite the contrary? Hello?
>You have to do the same work.
No, you don't have to the same work if attackers cannot attack as quickly and cheaply. Duh.
You mean like supporting use of pseudonymous accounts that don't require more than an email to register, just like HN? Wikipedia already does this. It's trivial to sign up with a throwaway email account. No one cares unless you try to abuse or game editing by making sockpuppets to sway debates.
They're also exploring how to mask IPs. https://meta.wikimedia.org/wiki/IP_Editing:_Privacy_Enhancem...
I think you fail to realize how slow low end devices that can use wikipedia is compared to the latest high performance processors.
I think they're already there.
> Proxy blocks are not targeted at individuals
There are italics on the original page.
There is a very real problem, even in technical circles, of wrong information being put on there.
In this example, it was always by an anonymous account.
How does the Wikimedia foundation attempt to handle this? I'm not suggesting I have ideas on what to do. But, this is a real debatable question they have to wrestle with.
- people who treat articles like their own fiefdoms and have obsessively memorized every sentence of policy and can drown an edit they don't like with subjective assertions that an edit violates a particular policy
- no-life basement neckbeards who do thousands and thousands of edits on subjects they couldn't possibly have knowledge or experience on and respond instantly to edits to "their" pages
Further, in disputes, it essentially comes down to who the rest of the community likes more. The ultimate ad hominem is that some random IP address vs an established 'wikipedian', even if the 'wikipedian' is full of shit? The wikipedian wins.
The page for AA is a great example. There's a dude who is completely unhinged and suppresses any negative information about AA, such as the problems with abuse, predation, and sexual assault. Or studies showing poor efficacy compared to science-based treatment.
I posted a HN comment as such and was more than a little surprised to come across a reply made barely a few hours later, apparently from that dude, accusing me of being someone he'd had a tiff with on wikipedia.
You look at the edit history and his behavior is clearly gatekeeping and enforcing a particular viewpoint. Yet, curiously, he's never been subject to any censure?
Look up anything even mildly controversial, e.g Gender, Marxism, Capitalism, Globalism, Election Laws, Freedom of Speech, Racism, and then compare 10 years ago to today, using archive.org or by looking at edit history. It feels like a parallel universe, as if history was totally re-written.
Add a time cost to accounts that is independent from IP or real identity. I gave a suggestion to factoring the product of primes, basically breaking crypto with far fewer bits then would ever be used in a real system to tune to time to a desired target. Another option would be to require a security key for anonymous editing of hot articles then ban the key if needed, which would essentially be a fairly anonymous proxy for money. Now attackers need to spend a key each ban. Although unlike just doing it purely for Wikipedia that might result in a market of "used, banned" keys which isn't really great. But they shouldn't do it via IP, they absolutely could do better.
Hill, B. M. and Shaw, A. (2021) ‘The Hidden Costs of Requiring Accounts: Quasi-Experimental Evidence From Peer Production’, Communication Research, 48(6), pp. 771–795. doi: 10.1177/0093650220910345.
http://www.aaronsw.com/weblog/whowriteswikipedia
It turns out the long tail of anonymous editors is actually a force to be reckoned with. Or was at the time of writing, at least!
IDGAF one way or the other, but if you're going to be banning millions of users from editing via their IP, just commit to saying "We need to be able to identify you vandals, and a user account is the easiest way".
You're either true to a mission statement, or you should stop virtue signaling beliefs you don't hold with your mission statement.
Now it's linking to the discussion page. Which is definitely very interesting and useful, but probably not the page that was intended?
