G5'ing: How to get someone else's Wikipedia account blocked and all his articles deleted without direct account access!

[CMAwatch]

How G5'ing works.


Disclaimer [read first]: This is just a proof of concept. I am not sharing this to encourage you to actually do it. Please don't.

The purpose of this information is not for disruption, but only for demonstrating (exposing) how destructive and counterproductive their own WP:G5 deletion policy can be.

In other words:
Wikipedia is harming itself and making itself vulnerable with their absurd G5 policy. G5 shits on good faith.

CSD:G5

g10469.png (226.81 KiB) Viewed 12317 times

G5'ing somebody means fooling a CheckUser into deleting all the legitimate pages of the target user.

I have never tried it, but I presume that it works reliable regarding how aggressive CheckUsers on Wikipedia are. I presume that if they are in doubt whether someone is using a sockpuppet or not, they always assume they do use a sockpuppet.

————————

• What you need for this trick is a blocked account, ideally one that is older than than the account of the target. Also, a little technical knowledge. But do not log in first.
• To work, this trick requires you to be connected to the Internet from the same IP address as your target, or at least one with a similar network mask. It could work on public networks such as school/college/airport/library Internet access.
• Increase the likelihood of it working by downloading a browser add-on for altering (spoofing) your browser's user agent string to match the one of your target. https://add0n.com/useragent-switcher.html
• Next step: Criticize any CheckUser; preferrably Bbb23. Go to Bbb23's talk page and mildly criticise him. Any mild criticism does suffice. This pretty much guarantees that he will run a check on the network wgere the criticism comes from.
• Next step: Log in with your blocked account after submitting your criticism as IP editor. Also, see how long your mild criticism of Bbb23 (or any other CheckUser, but Bbb23 is their most addicted CheckUser) lasts on his talk page. Probably, it will be reverted within minutes because of alleged trolling. The revert is a sign of read receipt.
• If your blocked account has an edit history on similar topics of the target account, it is even more likely to work.
• Bbb23 (or any other CU) is likely going to falsely identify the target's account as a sockpuppet of yours.
• As soon as that happens, it will almost certainly get blocked. Then, Bbb23 (or other CU) will erase all pages initiated by the target editor.
• If your account is older than the target's account, you are considered a sock master.
• Your target has no chance of disputing he is not you. Even if it's true, the administrators are very unlikely to believe it. And the talk page access will probably be whacked soon.

Additional hints:

• If your account is younger than the target's account, his pages will not be deleted, but your blocked account will be associated with the target's account, turning him into a sock master. This means that you effectively claim his account age, and any account you attack using this method that is younger than the oldest account in the sock chain will probably be G5'ed (contributions deleted). The sock master account is exempt from G5. If an even older account connects to the sock chain, the former sock master account is now prone to G5.
• In order to pretend to own more devices: Log off, clear your browser cookies for all Wikimedia sites, change the user agent string to the user agent of another target device and then log back in. Your blocked account will appear with that device's user agent on the CheckUser log. Clearing the cookies is necessary because they presumably also have access to the identifying session ID stored in your browser cookies.

As already said, I do not encourage anyone to use it and I am not liable for any harm done. This is just a case study / proof of concept to expose how ridiculous and vulnerable rule G5 and their entire CheckUser infrastructure is.

Feel free to share your thoughts.

[ericbarbour]

I am not sharing this to encourage you to actually do it. Please don't.

Well.....you can say that, and it's not an unreasonable request.....but people do it routinely anyway.

That G5 business exists because insiders use it to abuse/punish their opponents. Convinced of it. G5ing otherwise legitimate and properly-sourced content is sheer bloody raving insanity. Wikipedia was built by some reasonable people and some raving crazies, so it shouldn't surprise anyone.

[CMAwatch]

That G5 business exists because insiders use it to abuse/punish their opponents. Convinced of it. G5ing otherwise legitimate and properly-sourced content is sheer bloody raving insanity. Wikipedia was built by some reasonable people and some raving crazies, so it shouldn't surprise anyone.

Absolutely! Could not agree more!

but people do it routinely anyway.

So G5'ing on public networks, etc. is already common practice, and has been done for a long time already?

[Abd]

There are some, ah, difficulties in this plan. First, how do you obtain the IP information for the user you want to target, and especially how do you obtain the user agent string? Easy to say to spoof it, but how do you get it in the first place? I know how one might. it's not necessarily reliable, and one capable of doing it probably has better things to do.

And no way will I explain that. Meanwhile, don't stuff beans up your nose.

As well, G5 will only apply to articles created after the user was blocked (or the alleged sock master was blocked). So this can't be used to attack an established user's articles. Anything that has been edited significantly by others can't be G5'd.

G5 does conflict with the old wiki way. There is a complex set of problems created by some poor structural decisions early on. G5 attempts to eliminate the problem reviewing possible bad edits by banned users, presumed to be POV pushers or maybe subtle vandals. But what would be the problem with blanking such articles and tagging them with a category that solicited careful review, the reviewer becoming responsible for making sure that the content was policy-compliant? This was called Pure Wiki Deletion and represents early wiki thinking, later rejected because IT IS NOT THE WAY WE DO THINGS. Fuck WP:IAR!

[CMAwatch]

(Sorry for my shitty quoting, but it is easier that way.)

> First, how do you obtain the IP information for the user you want to target, and especially how do you obtain the user agent string?

One has to be accessing Wikipedia from the same or a very similar network. CheckUsers also check IP masks such as

Code: Select all

123.123.123.123/19

due to dynamic IP's.

> Easy to say to spoof it, but how do you get it in the first place?

Knowing their device type, OS and presumably the lastest browser version. The brower they are using should be visible on the screen.

Because CheckUsers on Wikipedia are hyper-sensitive (probably they get their dopamine gratfication from blocking users, what else motivates them anyway?), it has a realistic chance of working.

> G5 will only apply to articles created after the user was blocked

After the block of the user's first account in the sock chain.

If one owns a blocked account that is older than the account of the target user, the target user will get G5'd. If the account is newer, the target user will get banned and added to the sock chain.

> presumed to be POV pushers or maybe subtle vandals.

But with that logic, one could as well delete everything the user created prior to the first block. G5 makes no sense whatsoever. A peer review process would make more sense.

> IT IS NOT THE WAY WE DO THINGS. Fuck WP:IAR!

WP:IAR is a trap.

[CMAwatch]

Another vulnerability of their CheckUser system:

When one gets caught by a CheckUser (whether actual sock or false positive), they usually ask one to disclose all accounts (e.g. see here).

One may be able to jeopardize an uninvolved user's acconut by claiming to be them, but having been editing from another IP range/network/device on that account.

This works especially if the edited topics are somewhat similar. One could find co-incidences to convince the CheckUser, and TADAA! An uninvolved user got victim of CheckBaiting!

And even if it is unsuccessful, that user still has a new disadvantage: Increased administrative scrutiny.

Again, this is no encouragement to actually do it, but to expose how shit their CheckUser system is.

[CMAwatch]

Another way to CheckBait is to set up a hotspot from a CheckUser-scrutinized IP, then let the target connect to your hotspot.

As soon as your target accesses Wikipedia, their account gets written into the CheckUser log among an IP address considered suspicious (e.g. because used by an account that is part of the sock chain), which means their account won't last long.

To accelerate the process, create another account (before IPblocked) and falsely admit being a sock puppet.

This is how shit their CheckUser system is.

[CMAwatch]

The G5tardedness insanity continues:

Not only is WP:G5 clearly punitive (How does removing any quality encyclopedic content prevent anything, and how does it align with Wikipedia's proclaimed goals of being the sum of all knowledge? It could not be more at odds with it.), but it could even be used to prevent a deletion.

Wikipedia:Speedy keep

According to the policy, any request made by a block evading user is invalid, except if other users have substantially added to the discussion before the evasion has been detected.

When I read this, my thoughts were:

Couldn't this be used to discourage further deletion requests by other users?
————————————————————————————

Unwritten policies

I think it is part of a trap with hidden policies. Contrary to the written WP:ADMINACCT, the unwritten WP:NOCRITICISM policy states that even mild criticism of administrative actions is sufficient to get oneself blocked indefinitely with talk page access revoked, see Aron Manning. (Although he regained talk page access a few months ago, last time I checked.)

How are users expected to take such unreasonable blocks seriously?

Morally, such unreasonable blocks deserve to be evaded. But honestly, why even bother improving an encyclopedia that is unthankful for productive editors and mocks its own proclaimed goals so badly, and even makes itself vulnerable with policies invented by deletion fetishists?

[CMAwatch]

Here is an honest logo for Wikipedia. With an honest slogan.