I’ll note too that even absent Heritage Foundation threats, this can be useful to spur development of the project (i.e. for people who don’t want a permanent account but don’t feel comfortable having their IP permanently, publicly attached to edits). Probably the reason it hasn’t been done in the past is it’s almost certainly going to make it easier for bad actors to fly under the radar. Before, you either had to show your IP address (which can reveal your location and will usually uniquely identify who edited something for at least a little bit; you also can’t use a VPN without special permission) or you had to register a single account (where if you created multiple, a sockpuppet investigation would often find out).
So there’s an inherent trade-off, but I think right-wing threats of stochastic terrorism really tipped the scales.
Well you say you can use a VPN, but you may often see that you’re not able to edit using a VPN IP if that IP block has been used for vandalism in the past. So then you’d have to potentially revert to a coffee shop or library which would still identify your location.
Point of clarification: I said that you can’t use a VPN, and that’s because those IPs are blocked. As noted, you need to ask for a special exception, which for most people isn’t navigable and may not even be granted without a good stated reason and/or trust built up through good edits.
Doesn’t Wiki still have the data? So a bad actor’s behavior pattern can be seen at aggregate behind the scenes?
There are only 846 administrators on the English Wikipedia. This is across 7 million articles, 118,000 active registered users, about two edits per second, about a million files just on Wikipedia (most of them are hosted on Wikipedia’s sister project, Wikimedia Commons), and over 60 million total pages (articles, talk pages, user pages, redirects, help pages, templates, etc.). So although they have this data, it’s not useful if somebody doesn’t notice and investigate it. Administrators are stretched thin with administrative functions, and that’s not even accounting for many of them participating as normal editors too (tangent: besides obvious violations of policies, administrators have no more say over Wikipedia’s content than any other editor).
Contrary to the idea that new editors sometimes get of Wikipedia as a suffocating police state run by the administrators, usually when edits get reverted it’s because regular editors notice this and revert it citing policies or guidelines without any administrator involvement (every editor has this power). If an administrator intervenes, it’s usually because a non-admin noticed and reported (what they perceive as) bad behavior to an admin, two editors are locked in a stalemate, or there’s some routine clerical issue to be resolved.
Sockpuppeting, copyright violations, etc. are often (even usually) found by regular editors who notice something amiss and decide to dig a bit deeper. Even with automated tools that will flag an edit that replaces the article with the n-word 500 times in a row, and even given that some non-admin editors have tools which let them detect some issues, there’s just only so much that 850-ish people can find on a website that massive. For example, one time a few years back, I just randomly stumbled across an editor who was changing articles about obscure historic battles between India and Pakistan to have wildly pro-Pakistan slants – where treacherous India was the aggressor, but brilliant, strong, and courageous Pakistan stood their ground and sent pathetic India home crying with shit in their diapers. The bias was oozing from the page (with poor, if any, citations to match), and I can imagine this would fly under the radar for a while on a handful of articles that collectively get maybe 30 pageviews a day.
TL;DR: Too few admins.
I might have to go lookup their implementation. I feel like a good way of addressing your concern would be a secure hash of the IP address combined with a persistent random number.
The same IP would always map to the same output and you wouldn’t be able to just pre-compute it and bypass everything.
What’s the persisted random number? Sounds like a salt, but usually each user has their own salt right? I assume we are not talking about logged in users here? Or are we?
Since the goal is to create a correlation ID that maintains privacy, you need the result to be consistent. Hashing four billion IPs might take a minute, but it’s fundamentally doable in a reasonable time.
By using some much large value that you keep secret, you’re basically padding the input to make the search space large enough that it’s not realistically able to be enumerated.
Normally each user would have their own salt so that if two users have the same password, they hash to different values. In this case, you would want two users with the same IP to map to the same value, and simply for that value to not lead to an actual IP address.
Anyone got a list of the heritage foundation leaders and big players?
It’s only fair
The Heritage Foundation is located at:
214 Massachusetts Avenue NE, Washington, D.C., U.S.
What does the heritage foundation have against Wikipedia?
They don’t like them publishing facts:
https://forward.com/news/686797/heritage-foundation-wikipedia-antisemitism/
The best counter to bias is in an openly edited project is contributing corrected information with high quality sources. So instead of spending their time doxxing wikipedia editors, how about actually contributing quality data?
Are you really saying that conservative groups should start publishing facts?
I’m guessing you don’t quite understand how these people work. Most of their policies are crap and most people are still smart enough to understand so they lie. They lie a lot. They lie about just about everything.
See Fox News, for example. Whenever fox News tells a truth, an angel gets its wings and let’s just say that angels learned to dig like worms instead.
See influencers like Ben Shapiro whom I just saw fantasising about his sister btw
See president cheeto, who would excuse himself if he ever said a truth
Truth and facts are poison to these people
Wikipedia has been doxing their own editors for decades. Heritage is just using the public data. They’re still fash but wikipedia isn’t much better.
That’s disingenuous. They’re far from the only ones that don’t like how Wikipedia works, with good reason.
How is that defensible? Are there no laws to tamp down online terrorism from bad actors like Heritage? I’d imagine they’re 100% in the wrong for making threats of any kind but I’m just a wee layman.
The issue with “Wait that’s illegal” is that it never work in practice.
If the heritage foundation decide to dox an editor tomorrow. The editor in question would have to file a lawsuit and go against an army of layers the heritage foundation can afford. Even if the editor win at the end, it will be a long and drawn out legal battle where heritage risk almost nothing.
And this is not accounting for the editor having to deal with harassment due to being dox while having to pay for a layer and fighting a legal battle.
And that is why making such terroristic threats should be criminal in the first place.
They absolutely should be. Them being so doesn’t stop the problems from happening.
It literally gives people in the US the constitutional right to due process, and that bedrock law is being massively ignored.
There needs to be actual protections for when the law is not being followed
It probably is, but again, it needs to reach a certain threshold before the authorities will get involved. Threatening to reveal the identity of an internet user isn’t particularly egregious, because the actual risk to that person from that information is likely minimal (is anyone going to actually hurt them?). If that person then starts to get actionable threats, then the authorities might get involved.
So the best recourse these users have is suing for libel or something if they make false claims about them in connection to the doxxing.
Unfortunately, there is no federally recognized right to privacy in public spaces, and the Internet is considered a “public space,” so revealing someone’s home address or identity isn’t considered a violation of any law. I’m a homeowner, and you can totally find my address if you know my name, or my name if you know my address, since it’s all public record. I think most people would assume an IP address is less intimate than that public record, hence why there are no laws against it.
I’m not happy about this, and I personally wish there were federal privacy protections here. I don’t want my address being associated with my name as public information, though there should be a legal way to get that information when needed (i.e. a journalist doing a story on crime in an area or something). This should also apply to IP addresses, connecting an IP address to an identity should require some kind of legal measure.
The internet is, by nature, problematic in terms of legal compliance because it is not wholly under the jurisdiction of any singular country.
You can go after hardware physically located within your own jurisdiction, and you can go after operators under your jurisdiction. But if you start going after folks/hardware outside of that, you’re rightfully going to be told to fuck off. (Which is why IP holders burn so much money on anti-piracy lobbying and get practically nowhere)
Its the same reason encryption bans are laughably idiotic.
No laws? Sir/ma’am, we have the 2nd amendment. I can’t think of any law higher.
Well theres the 1st admendment. The 2nd is for when the 1st is being denied…
It’s defensible because it’s public record. Wikipedia has been doxing editors by default for decades. It’s one way that they intimidate people from making edits.
I’ve never edited anything there but log in sometimes just if I’m interested in a topic and want to bookmark it. This is making me think I should just delete my account.
You should not make that decision only because of this conversation, what if they are massively misinformed?
