The Wikipedia Review: A forum for discussion and criticism of Wikipedia
Wikipedia Review Op-Ed Pages

Welcome, Guest! ( Log In | Register )

4 Pages V « < 2 3 4  
Reply to this topicStart new topic
> Abigor's Meltdown
pietkuip
post Sat 9th July 2011, 5:57am
Post #61


Junior Member
**

Group: Contributors
Posts: 81
Joined: Sun 12th Jul 2009, 9:32pm
Member No.: 12,524

WP user page - talk
check - contribs



QUOTE(Abd @ Sat 9th July 2011, 5:40am) *
it was then claimed, by Ajraddatz, who had stated that the chance of false identification was "astronomically small" -- I refrained from pointing out the weird language -- that if he wasn't the vandal, revealing the vandal's IP and username to him would be violating the privacy of the vandal.

Yes, they could have given out the IP number. And it does not make much sense to talk about probabilities: some Dutch hacker might have become sufficiently obsessed with the guy to invest lots of time and energy to make trouble for him.

But he has certainly made plenty of trouble for himself, using his acknowledged accounts.
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
Guido den Broeder
post Sat 9th July 2011, 10:40am
Post #62


Senior Member
****

Group: Regulars
Posts: 425
Joined: Thu 19th Feb 2009, 7:31pm
Member No.: 10,371



I have already explained to Abd at Meta why the IP address has to be protected.

As an example, Abigor was caught red-handed while he was creating attack accounts on a computer in a public library. The IP of the library will of course not be revealed to him.

Cheers,

Guido



But, as usual, he just adds more Walls of Text on the same issue.
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
Abd
post Sat 9th July 2011, 8:25pm
Post #63


Postmaster
*******

Group: Regulars
Posts: 1,916
Joined: Tue 18th Nov 2008, 10:52pm
From: Northampton, MA, USA
Member No.: 9,019

WP user page - talk
check - contribs



QUOTE(Guido den Broeder @ Sat 9th July 2011, 6:40am) *
I have already explained to Abd at Meta why the IP address has to be protected.

As an example, Abigor was caught red-handed while he was creating attack accounts on a computer in a public library. The IP of the library will of course not be revealed to him.

Cheers,

Guido

But, as usual, he just adds more Walls of Text on the same issue.
That's Guido. Totally ignorant, combined with great personal confidence in the errors of others. The IP of a library won't be revealed to me? I can go there and get it immediately, if I get on a computer. Trivial.

Abigor was caught red-handed as described? That's certainly not clear from the checkuser evidence revealed. What was said was that the device used was rather unusual, and that IP information plus the user agent information, nailed that there was a login of Abigor's bot account, Dirt Diver, and the creation of an account at meta with a highly offensive username, that attacked another user, ostensibly one with whom Abigor had conflict, from the same unusual device.

My guess is that the device was a mobile phone, an unusual one. The IP would be a mobile service provider, explaining the earlier comments about public access, but it would be the user agent that would nail it.

Abigor has accepted being blocked, he knows he screwed up, entirely aside from this vandal account thing. He's strongly proclaiming his innocence on the vandalism charge, but, hey, the checkuser evidence looks solid. What gives?

Well, perhaps he is lying. But there is at least one another possible scenario, and it certainly can't be ruled out. Someone got Abigor's password to the toolserver account. They used this to create a login there, which created data for checkuser identifying the device used. Had this been a public library, as Guido implies, the identification would not have been so crisp, though, depending on details, it could still be pretty strong. On the other hand, this scenario still works if it access was through a public library. Perhaps with a handheld device, creating the unique user agent.

Then they created the offensive account on meta. The goal was to nail Abigor to the wall. It worked.

Now, this is what Abigor asked for, which Guido opposed as contrary to privacy policy, in which he has a sudden interest.

Abigor had requested the checkuser information, and was told, no, contrary to privacy policy. But privacy policy does explicitly allow release of checkuser information if the user consents.

Abigor is then told that, no, what if he isn't the user? But the checkusers claimed that the identification was crystal clear, unmistakeable!

Guido (and others) are claiming that the privacy policy prohibits the release of the anonymous vandal's information, which is preposterous. Release of information like that may actually be legally required, if Abigor makes a binding request. He's suffered a major loss of reputation, through charges that he made the edit. If he was the user, releasing the information to him is clearly allowed, and, I'd claim, could be legally required.

What's totally maddening is that they are then saying, no, if he wasn't the user, releasing the private information would be prohibited. Catch-22.

You are guilty as sin, but if you aren't guilty, we aren't going to release the information on which your guilt was determined, because it would then harm the other user. The person who used access to completely trash your reputation, and this could affect career, quite possibly. Cool, eh?

I understand why Guido is opposed, it's simply because he hates Abigor, who did, after all, abuse him. What's more puzzling is apparently sensible meta users who are also arguing for keeping the checkuser information private, to the extent of getting pissed off because the questions are even being asked.
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
Abd
post Sat 9th July 2011, 8:43pm
Post #64


Postmaster
*******

Group: Regulars
Posts: 1,916
Joined: Tue 18th Nov 2008, 10:52pm
From: Northampton, MA, USA
Member No.: 9,019

WP user page - talk
check - contribs



QUOTE(pietkuip @ Sat 9th July 2011, 1:57am) *
QUOTE(Abd @ Sat 9th July 2011, 5:40am) *
it was then claimed, by Ajraddatz, who had stated that the chance of false identification was "astronomically small" -- I refrained from pointing out the weird language -- that if he wasn't the vandal, revealing the vandal's IP and username to him would be violating the privacy of the vandal.
Yes, they could have given out the IP number. And it does not make much sense to talk about probabilities: some Dutch hacker might have become sufficiently obsessed with the guy to invest lots of time and energy to make trouble for him.
Right. They claimed it was impossible, but they were assuming that a hacker would have had to imitate Abigor's IP, which could be very difficult (though not absolutely impossible). Rather, there was a much simpler exploit possible through obtaining Abigor's password to the toolserver account.

Further, Abigor used a proxy for accessing the toolserver account, he acknowledged that (which was acknowledging violating policy). This created another avenue for impersonation. A hacker would have had to have checkuser data from the toolserver, and could then have used the same anonymizing proxy, spoofing Abigor's user agent string.

Clues: Abigor says he didn't log in to the toolserver account during the period in question, that's why he's puzzled by the identification. Now, while it's possible that he *looked* at the toolserver and that an autologin was created, what if he's right?

What I'd look for is his routine access. It appears from the evidence that there was no direct link between Abigor and Dirt Diver, the bot manager on toolserver. That implies to me that Dirt Diver and the vandal were using different access than Abigor routine access. (which is confirmed by Abigor, he used a proxy for Dirt Driver, as I read his comments.) Did the vandal use a proxy? I actually think not, this was stated as being a public access, as I recall. I'm suspecting the use of a mobile phone or other mobile device, perhaps an unusual one, with a rare user agent string.

I've argued that the meta RfC should be closed, with Abigor blocked for all the offenses, and that no more fuss should be made openly about this. But Abigor should be given the data, and he can, if he wishes, investigate. I've argued that this would be fair treatment, and would create a better resolution to this than "Get Out of Here, You Dirty Vandal!" It would simply allow him to clear his name, long shot, if he's innocent, which does not have to be done on-wiki at this point. And it would, even if he's guilty, leave him with an impression that someone, at least, was interested in fair treatment. Which would be me and a checkuser, if the checkuser provides the data. Any one of them could. It doesn't have to be revealed publicly, though I've argued (slightly) for publication, if Abigor explicitly permits it.

Abigor probably thought of me as a troll, since I'd supported Thekohser and opposed his treatment of Guido. Suddenly, it seems, he seems grateful for my support. What the long-term effect of this might be, I don't know. But it won't hurt.
QUOTE
But he has certainly made plenty of trouble for himself, using his acknowledged accounts.
Yes. However, the vandal incident pushed this over the top, egged on by nl.wikipedia users who clearly are out to get him. I think that includes Guido, by the way.

I've been a prison chaplain, I've worked with people who were truly guilty of major crimes. What pisses them off more than anything is when they have been treated unfairly. Being convicted of what they actually did, they understand that, they are not angry about it. But if the prosecutor broke the law, they hate him or her and the society that allowed that. Even if they were guilty!
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
Guido den Broeder
post Sat 9th July 2011, 9:53pm
Post #65


Senior Member
****

Group: Regulars
Posts: 425
Joined: Thu 19th Feb 2009, 7:31pm
Member No.: 10,371



I'm not going to try and explain it again, Abd. If you want to be daft, so be it.
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
Abd
post Sat 9th July 2011, 11:57pm
Post #66


Postmaster
*******

Group: Regulars
Posts: 1,916
Joined: Tue 18th Nov 2008, 10:52pm
From: Northampton, MA, USA
Member No.: 9,019

WP user page - talk
check - contribs



QUOTE(Guido den Broeder @ Sat 9th July 2011, 5:53pm) *
I'm not going to try and explain it again, Abd. If you want to be daft, so be it.
You get what you give. Permission to be daft, granted.

But I'll make it clear what Guido is saying, because most people here know easily as well as I, or better. Guido is saying that if I'm editing Wikipedia through some portal to the internet, as I am editing here, the IP of that portal does not "belong to me," it may belong to someone else, therefore it should not be disclosed to me.

Specifically he cited a public library, that the IP is that of the public library, not of the user.

However, Wikipedia, to route responses back to the user, must have an address which is unique for the device the user is using. I'm not sure exactly how that is done, but it's obvious. (This is more than raw IP. My router is connected to my DSL modem, which is assigned a temporary IP address from Verizon, for my normal access. That's the IP address that Wikipedia sees, but Wikipedia also must know which computer in my local network is requesting the information. I think port numbers are used, but, as I say, I'm not certain.

I'd assume that checkusers get the full routing information that the server receives. If not, opportunities for error would be much larger.

The point is that IP information is actually shared between the server and the user. That IP may "belong" to a library, or more likely to a service provider, but it is not, in itself, private information. It only becomes private when a user uses it, because it is "individual identifying information." When we have school blocks for certain schools, it is routine to identify the IP as belonging to the school, this isn't considered private information at all, and it is a matter of public record, you can get the whole owned block from a whois server.

If I'm at a local coffee house, and use their wireless, and someone else uses that same access point, we will both have the same IP (but different port numbers). Both of us can easily get this information, but if we are both editing Wikipedia, logged in, Wikipedia will not tell us the IP, routinely, unless we edit logged-out, in which case IP is openly revealed. The argument that this is "someone else's IP" would apply there just as well.

Only the connection between the IP and a logged-in, registered user is private information. And by policy, this can be revealed with the permission of the user. The permission of the "owner" of the IP is irrelevant, there is no privacy protection like that. (This information is often revealed, casually, for example, Moulton edits from an MIT IP. So?)
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
pietkuip
post Sun 10th July 2011, 10:24am
Post #67


Junior Member
**

Group: Contributors
Posts: 81
Joined: Sun 12th Jul 2009, 9:32pm
Member No.: 12,524

WP user page - talk
check - contribs



QUOTE(Abd @ Sat 9th July 2011, 10:25pm) *
Abigor was caught red-handed as described? [...]

Abigor has accepted being blocked, he knows he screwed up, entirely aside from this vandal account thing. He's strongly proclaiming his innocence on the vandalism charge, but, hey, the checkuser evidence looks solid. What gives?

Well, perhaps he is lying.

There is solid proof that he had problems with saying the truth on severeal other occasions.
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
Abd
post Sun 10th July 2011, 5:09pm
Post #68


Postmaster
*******

Group: Regulars
Posts: 1,916
Joined: Tue 18th Nov 2008, 10:52pm
From: Northampton, MA, USA
Member No.: 9,019

WP user page - talk
check - contribs



QUOTE(pietkuip @ Sun 10th July 2011, 6:24am) *

There is solid proof that he had problems with saying the truth on severeal other occasions.
I really worry about the word "proof." Sometimes it can be shown conclusively that a statement was false. Sometimes it can be shown conclusively that the "error" was deliberate. But "proof" gets used far too often to mean something far less than that.

Abigor made evasive statements quite a number of times. I haven't noticed, so far, something that was clearly a lie. Now, I'll agree that there is strong evidence that, in some cases, Abigor "had problems with saying the truth." That's true for a lot of people, and for lots of different reasons.

He has firmly and clearly claimed that he was not the vandal, in response to a direct question from me.
QUOTE
I will promise with everything I have that I'm not the vandal user, and I want to find out what happend. Cuz how Dferg and Barras say they found the link is simply impossible since Dirt Diver only logged in by a proxy or Toolserver. So, I know I'm in trouble for socking with that account, no quistions asked... But the link with the vandal account and Dirt Diver is simply not possible... But the stewards are not going to discuss it... So I don't get any proof but I will pay the price, Dferg or Barras didn't become a CU on nl.wiki also... And the Dutch are trying to get me blocked in the first place, so sorry I don't believe any data if its been given my the Dutch CU people. Huib talk Abigor 20:32, 8 July 2011 (UTC)

He's not correct that it's impossible, even if he didn't do it. For those without a program. Dirt Diver was an account Abigor created to run a bot, GlobalEditBot, designed to create user accounts globally. (There is a legitimate use for this.) He knew that he take flak for Dirt Diver, my story, so he did not acknowledge Dirt Diver as a sock, and apparently used a proxy to conceal the connection with him. When Dirt Diver was questioned, Abigor acknowledged the account with little fuss. Dirt Diver had created accounts on nl.wiki, thus he was violating his block there. He did not have permission to run the bot. He was nailed, but there was no nefarious intention behind Dirt Diver, as far as I can see. However, users on nl.wiki saw this activity, very likely, saw the connection, and someone there may have started digging.

So then someone we'll call "the vandal" created an "attack account." It was promptly oversighted. See this checkuser report on nl.wiki.

My point is actually quite general. If a user has been found to be socking, definitively, based on allegedly clear checkuser data, if this finding is made public, the user should *always* be allowed access to the checkuser data. That does not create a *requirement* that any particular checkuser do it, only that a checkuser *may* provide it, if the user explicitly permits the disclosure, per policy.

I'm suggesting that there may be a legal requirement on the WMF if the user demands the data, because the user has been publicly defamed and therefore has a right to demand the evidence used to legitimate this, this could be a part of legal discovery, the part that can precede actually filing a suit for defamation. Given that, practically by definition, this release is relatively harmless, it would avoid a lot of fuss if it's routinely done unless there is strong reason not to release it under these conditions.
User is offlineProfile CardPM
Go to the top of the page
+Quote Post

4 Pages V « < 2 3 4
Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 

-   Lo-Fi Version Time is now: 24th 11 17, 11:17am