Wikimedia sysadmins begin using anti-spam tools to fight LTAs

[Archer]

[...] wasting time patrolling for vandalism and responding with blocks.

This probably also conditions editors to accept the block tool as a frequent necessity and as an acceptable go-to means of dealing with minor problems, when in many cases (this being a good example) blocks could be obviated altogether and need not be applied en masse or without due consideration (which they presently are). People would not look upon other editors so cheaply if Wikipedia didn't hold the door open for vandals. Wikipedia does not value common decency.

[suckadmin]

It'd be interesting to know how much activity would be effected by that but my experience says it'd be high. Most people are very lazy and will hesitate it's part of how Facebook killed off forums... its just "easier". And really if registering an account is too much trouble then editing should be too much trouble.

I would be very surprised if the volume of "good" IP editing weren't very small compared to that of registered users. I'm sure there's some data somewhere. There's no (honest) reason they couldn't simply try it for a while. Personally I'd require users to submit an essay with their registration.

I'm sure that's true. I'm inclined to say they might use the metric of look st these edits as proof of something. Facebook does the same to prove that their bullshit ai tools work.

Speaking of AI.. these days you could pass the entrance by essay test using AI which more than likely would be vetted by AI.

Maybe wikipedia would actually be more fair if it's moderation was by AI?

Again any change rests of the leadership to be interested in making changes

[suckadmin]

How's that? Not that I endorse his idea, but this doesn't seem true. People get nickle-and-dimed constantly on the internet. Amazon prime, microtransactions, various subscriptions e.g. patreon, netflix, and so on. A cheap (e.g. $2) one-time cover charge probably wouldn't bother most prospective, qualified editors, nor I imagine would ID verification. Having said that, neither would be the first thing I'd try, as I explained in my earlier replies. This might have the potential to be a very effective critique, as Wikipedia really has no honest reason not to take some preventative action, as far as I can see. It would be far less work on their part to prevent vandalism instead of wasting time patrolling for vandalism and responding with blocks.

It doesn't apply nearly as much to sites that are more geared to commerce strickly speaking .. Although you don't have to pay a dime to sign up for Amazon or Ebay but as soon as you want to buy anything you will need to produce some form of verifiable payment in most cases.

I'm equating Wikipedia to a social network more than anything else.

As far as what is or isn't more work .. it doesn't matter to the management because it doesn't cost them a dime.. they aren't paying these people to idle away the hours deleting vandalism. I'm just leaning more towards this developing more on its own than by design or rather by the failure of the architecture. It could be fixed but nobody that could change it really gives a shit or more specifically isn't being paid to do so.

[suckadmin]

To clarify the topic isn't strictly about ip edits. WP can ban registered users by their IP. It's entirely possible that a user on a large service provider using DHCP to appear to be in the same range of ip addresses of other users who are abusive.

However banning ip ranges should be reserved for the kind of abuse spammers and crawlers commit to where they increment the ip address numerous times in the same session in a relatively short period of time in a really poor attempt to mask the abuse. I mean seriously I've block so many abusive crawlers this way and when you look at the logs is quite clear what they are doing.

If you were to look at the logs over months that account using DHCP might too also appear to be incrementing their ip but it's actually normal behaviour. If you were looking at the logs on Wikipedia over the period of a year and blocked the sub range of the ip of an abusive user you very likely could be blocking the ips of non abusive users that happen to be on the same service provider.

Generally speaking when I block a sub range I verify that the ips are owned by a particular entity that is known for abuse.

[Archer]

To clarify the topic isn't strictly about ip edits. WP can ban registered users by their IP. It's entirely possible that a user on a large service provider using DHCP to appear to be in the same range of ip addresses of other users who are abusive.

However banning ip ranges should be reserved for the kind of abuse spammers and crawlers commit to where they increment the ip address numerous times in the same session in a relatively short period of time in a really poor attempt to mask the abuse. I mean seriously I've block so many abusive crawlers this way and when you look at the logs is quite clear what they are doing.

If you were to look at the logs over months that account using DHCP might too also appear to be incrementing their ip but it's actually normal behaviour. If you were looking at the logs on Wikipedia over the period of a year and blocked the sub range of the ip of an abusive user you very likely could be blocking the ips of non abusive users that happen to be on the same service provider.

Generally speaking when I block a sub range I verify that the ips are owned by a particular entity that is known for abuse.

Anyone could rent a low-end server (located some distance away) and evade all they want. Aren't we getting away from the point though? I guess there's a lot more to be said (and investigated) about blocks and how they're abused. Incidentally, WS should have a guide on ban evasion.

[suckadmin]

Anyone could rent a low-end server (located some distance away) and evade all they want. Aren't we getting away from the point though? I guess there's a lot more to be said (and investigated) about blocks and how they're abused. Incidentally, WS should have a guide on ban evasion.

Probably not because servers as such typically have static ips. So whether you were a register user or making ip edits all they would need to do is block the single static ip. You could change the ip of the server but it's more of a PITA than just using a VPN. It's cheaper if not free and more convenient to use a VPN service. But the crawlers can afford to have thousands of static ips and they are easy to detect and range block.

Of course there's a chance that a non abusive user who for whatever reason were using a VPN could get blocked because abusive users also happened to be using the same VPN.

For example I noticed alot of suspicious behavior and spamming attempts here and I blocked the ips and it turned out I blocked a legitimate user because there were using tor and the spammers were also using tor as a VPN. Basically tor relies on various users allowing traffic to be redirected through their address to mask the traffic but the number of nodes is fairly small to the point where its likely to get spammers and legitimate users accessing a resource from the same destination node.

My point is that to allowing ip edits is bad but you have to be careful when banning ip ranges.

Outside of that it's nearly impossible to create an automated system to vet users, especially known abusive users intent on continuing to be abusive.

The other part of the issue with WP is their opaqueness to the appeals process. It to some degree radicalizes some editors but by the same token there are clearly many editors as well as admins that were already out of their minds before getting involved with WP. The process can bring out the worst in people

[suckadmin]

Here the page for LTA

https://en.m.wikipedia.org/wiki/Wikiped ... term_abuse

maybe BB could better explain how anti-spam tools are being used or abused .. or is it simply that ip range blocks are being issued and rubber stamped as LTA with little to no explanation?

Part of the problem is that defining LTA is subjective and doesn't provide any metrics. Some users may unwittingly use the word lately... how many times is too many or over what period of time is too much .. etc

[Archer]

Anyone could rent a low-end server (located some distance away) and evade all they want. Aren't we getting away from the point though? I guess there's a lot more to be said (and investigated) about blocks and how they're abused. Incidentally, WS should have a guide on ban evasion.

Probably not because servers as such typically have static ips. So whether you were a register user or making ip edits all they would need to do is block the single static ip. You could change the ip of the server but it's more of a PITA than just using a VPN. It's cheaper if not free and more convenient to use a VPN service. But the crawlers can afford to have thousands of static ips and they are easy to detect and range block.

The idea is that if a user is banned, they can simply configure a proxy at a disparate location to use for editing, and Wikipedia wouldn't be able to do much about it. Assuming they aren't actually vandals, they probably stand a better chance the second time around, but if they get banned again then they can switch and rent a different machine somewhere else the next month. Wikipedia blocks known VPN IPs but probably not the average server-for-rent.

My point is that to allowing ip edits is bad but you have to be careful when banning ip ranges.

Duly noted, but I never suggested that Wikipedia should ban IP ranges.

Outside of that it's nearly impossible to create an automated system to vet users, especially known abusive users intent on continuing to be abusive.

Why not? Every crypto exchange in compliance with KYC does just that, but like I keep saying they probably wouldn't need to. Don't you think it's rather suspect that they permit IP editing in spite of the fact that it clearly invites trouble and is without substantive benefit?

Anyway there's nothing wrong with blocking users who actually are persistently troublesome. They probably represent a small minority compared to the number of editors who have good intentions. If it seems otherwise then they should stop blocking/driving away so many of the latter.

The other part of the issue with WP is their opaqueness to the appeals process. It to some degree radicalizes some editors but by the same token there are clearly many editors as well as admins that were already out of their minds before getting involved with WP. The process can bring out the worst in people

The appeal policy seems to exist for appearances only.

[suckadmin]

>Why not? Every crypto exchange in compliance with KYC does just that, but like I keep saying they probably wouldn't need to. Don't you think it's rather suspect that they permit IP editing in spite of the fact that it clearly invites trouble and is without substantive benefit?

Well yea if there was a legal requirement to use government ID.. the project wouldn't have gotten off the ground if it had required that from thd get go.

>Anyway there's nothing wrong with blocking users who actually are persistently troublesome. They probably represent a small minority compared to the number of editors who have good intentions. If it seems otherwise then they should stop blocking/driving away so many of the latter.

Absolutely not.. but they seem to create a certain level of paranoia and knee jerk reactions


>The appeal policy seems to exist for appearances only.

Same with Facebook and their oversight board.. they do occasionally reverse decisions but the large number of restrictions based on ai mistaking bowls of fruit for porn persist

So one avenue would be to somehow force WPF to care which would be through legislation. I wouldn't be too optimistic about that getting much traction although maybe if the bible thumpers in Texas decided to go after them for having adult content or something..

[ericbarbour]

maybe BB could better explain how anti-spam tools are being used or abused .. or is it simply that ip range blocks are being issued and rubber stamped as LTA with little to no explanation?

I doubt he could--because the WP insiders can't explain it either. They have fought with spamming and "serial abusers" since 2003, they have fought like maniacs over all the related policies, and they still can't agree on how to deal with it. Uncounted THOUSANDS of patrolling and anti-spam bots have been written since the first one in 2006. Most were abandoned because either they were written by incompetent coders, or they caused more assorted problems than they fixed.....

Did you know that the LTA "policy page" started out as a noticeboard, in 2003-04? Note how many infamous abusive admins are shown in there, complaining about "abuse" of various types, mostly by IP addresses. Chris Owen, Gamaliel, Heidi Wyss, Chris Sherlock, Josh Gordon etc. Search their names on this forum or Wikipediocracy to see some of their charming activities.

Part of the problem is that defining LTA is subjective and doesn't provide any metrics. Some users may unwittingly use the word lately... how many times is too many or over what period of time is too much .. etc

Since some administrators are themselves "long term abusers", you will never ever see this addressed honestly. No one keeps "metrics" since they would learn how many raging crackpots, and sockpuppets thereof, they have hanging around. They know they have a problem; and prefer to leave themselves and the rest of the world in the dark about the problem's magnitude.

Screenshot 2024-08-09 at 17-41-25 (21) Home _ X.png (388.1 KiB) Viewed 2987 times