Hilarious security theater, My god, the dumb, it burns... Options

[Vigilant]

From here:
Security theater

"By this time, I think every arbitrator has wiped their hard drives and reinstalled their systems (or if they haven't, they should have, Jehochman is right that even top-of-the-line security software can miss things), so even a thorough forensic inspection of everyone's computer would be pointless."

Risker is so wrong on this, it's barely believable.

What has happened is that, if the leaker is a current ARBCOM member, they have buried all evidence (and even the possibility discussion) of of whomever was the real leaker.

"Oh no, I formatted my drive as Risker reccomended! No need to look here..."

One would think, that a group whose only product/project is an online database on a set of clustered servers would have true security professionals on staff before letting community volunteers have access, apparently unrestricted, to sensitive personal data.

Look at Sony, who was lax with hard security, and the extreme beatings that were administered in the press and blogs for their failure to safeguard customer data.

Shameful wikimedia foundation, just shameful.

[EricBarbour]

That's how Arbcom rolls. That's how they've always rolled, apparently. Risker is just following in the footsteps of fellow liars and bullshitters.

It goes right back to the first Arbcom, installed by The Glorious Wales Himself, specifically to "settle disputes". They ended up spending far more time backpedaling, prevaricating, wikilawyering, and covering each other's asses than they actually did "settling disputes". If you don't believe me, look at their first-ever "decision". And in those early days, they at least got to the point quickly.

Go and look at any past decision, after 2005 especially. You see talk, talk, talk. Followed by a long list of votes on what Wikipedia is/isn't, what Wikipedia editors should do, what Arbcom is supposed to do (ha ha!), and assorted drivel. Which is bizarre, by the standards of most "courts of law" or similar adjudicative organizations--they typically don't put their reason for existing to a vote, on every bloody decision.

Then, if you're lucky, at the bottom of all that crap, you might find a "decision" somewhere. (A lot of Arb decisions just died and were closed, because someone gave up. No one has done a full exploration of the results of Arbcom decisions, yet. I bet that's partly because they would be embarrassed by the resulting revelations.)

[Zoloft]

I will quote Will BeBack here without further comment:

Wikipedia Review Tarpit

There may be another "confidential" archive containing personal or derogatory information about Wikipedia editors: the Wikipedia Review Tarpit, the 300 Club, and other confidential areas. It could be a problem waiting to happen, and one which would affect many of the same people as has the ArbCom leak. Perhaps people with accounts in both places who are concerned about respecting the privacy and human dignity of others could make similar efforts there. For example, it'd be helpful if admins there make sure that there isn't excessively personal information about editors in the confidential archives. Will Beback 02:24, 5 July 2011 (UTC)

[EricBarbour]

There may be another "confidential" archive containing personal or derogatory information about Wikipedia editors: the Wikipedia Review Tarpit, the 300 Club, and other confidential areas. It could be a problem waiting to happen, and one which would affect many of the same people as has the ArbCom leak. Perhaps people with accounts in both places who are concerned about respecting the privacy and human dignity of others could make similar efforts there. For example, it'd be helpful if admins there make sure that there isn't excessively personal information about editors in the confidential archives. Will Beback 02:24, 5 July 2011 (UTC)

Yes, there is another confidential area, Mr. McWhiney.

Wouldn't you like to know what's going on in there, Mr. McWhiney.

Since when have you ever given a damn about "human dignity", Mr. McWhiney?

[Ottava]

Something in the first post got me thinking: what is to keep the leaker from, say, dropping little hints to an Arbitrator that they might not like in order to try and get the paranoid to mob attack that individual? It would seem a perfect win - 1. expose ArbCom secrets, 2. embarrass the WMF, 3. get rid of an Arb, and 4. make everyone so paranoid that they are no longer able to operate effectively.

We don't really know the motivation behind getting the information or exposing it. The only way for the Arbitrators to combat the above would be to take a position of "who cares if it was exposed" and preempt future releases by putting up some info from the major cases not yet released. That would take the thunder out of a leaker. Instead, they seem to be falling into a situation that the first paragraph could take advantage of and really hurt some people.

This post has been edited by Ottava: Fri 8th July 2011, 8:24pm

[Herschelkrustofsky]

There may be another "confidential" archive containing personal or derogatory information about Wikipedia editors: the Wikipedia Review Tarpit, the 300 Club, and other confidential areas. It could be a problem waiting to happen, and one which would affect many of the same people as has the ArbCom leak. Perhaps people with accounts in both places who are concerned about respecting the privacy and human dignity of others could make similar efforts there. For example, it'd be helpful if admins there make sure that there isn't excessively personal information about editors in the confidential archives. Will Beback 02:24, 5 July 2011 (UTC)

Yes, there is another confidential area, Mr. McWhiney.

Wouldn't you like to know what's going on in there, Mr. McWhiney.

Since when have you ever given a damn about "human dignity", Mr. McWhiney?

A more interesting question might be how Mr. McWhiney knows about the 300 Club. The simplest answer would be that he has an account here with over 300 posts. Or a buddy that does.

[SpiderAndWeb]

Is it *that* hard to pull up the server logs and check which arbitrator username/password was used to pull the mailing list archives??

[the fieryangel]

Is it *that* hard to pull up the server logs and check which arbitrator username/password was used to pull the mailing list archives??

Apparently, yes.

Unbelievable as it may seem, they ARE as incompetent as we had imagined...

[Sololol]

Something in the first post got me thinking: what is to keep the leaker from, say, dropping little hints to an Arbitrator that they might not like in order to try and get the paranoid to mob attack that individual? It would seem a perfect win - 1. expose ArbCom secrets, 2. embarrass the WMF, 3. get rid of an Arb, and 4. make everyone so paranoid that they are no longer able to operate effectively.

Good point, nothing is stopping them. They(or someone pretending to be them) may have tried/be trying to do this. I doubt Malice would bother as he doesn't seem interested in targeting a particular Arb. If he were he could easily paste together or even fabricate outrageous evidence.

Apparently, yes.

Unbelievable as it may seem, they ARE as incompetent as we had imagined...

I can only assume there were too many people accessing the archive to narrow down the candidates. Or they know whose account grabbed the archive but are keeping quiet to avoid further embarrassment. If I were the Arb who passed it to Malice I'd claim to my fellow Arbs I was hacked and ask them to keep quiet about it. If I were the other Arbs I'd engineer the leaker's resignation for other reasons to prevent more drama.

[EricBarbour]

A more interesting question might be how Mr. McWhiney knows about the 300 Club. The simplest answer would be that he has an account here with over 300 posts. Or a buddy that does.

General consensus last year was that Matt Bisanz was leaking it to them. Probably a couple of other people doing it too.

If I were the Arb who passed it to Malice I'd claim to my fellow Arbs I was hacked and ask them to keep quiet about it. If I were the other Arbs I'd engineer the leaker's resignation for other reasons to prevent more drama.

Which points directly at Iridescent, again. I suspect that's a dry well (but don't quote me)....

This post has been edited by EricBarbour: Fri 8th July 2011, 9:04pm

[Vigilant]

Something in the first post got me thinking: what is to keep the leaker from, say, dropping little hints to an Arbitrator that they might not like in order to try and get the paranoid to mob attack that individual? It would seem a perfect win - 1. expose ArbCom secrets, 2. embarrass the WMF, 3. get rid of an Arb, and 4. make everyone so paranoid that they are no longer able to operate effectively.

We don't really know the motivation behind getting the information or exposing it. The only way for the Arbitrators to combat the above would be to take a position of "who cares if it was exposed" and preempt future releases by putting up some info from the major cases not yet released. That would take the thunder out of a leaker. Instead, they seem to be falling into a situation that the first paragraph could take advantage of and really hurt some people.

Far too elaborate for reality.

Only someone with an overdeveloped sense of paranoia would come up with such a convoluted reasoning.

Am I getting through here?

Go write your dissertation.

[cyofee]

A more interesting question might be how Mr. McWhiney knows about the 300 Club. The simplest answer would be that he has an account here with over 300 posts. Or a buddy that does.

I don't have the eponymous 300 posts nor any friends here but I've known of the 300 club for quite some time. I always thought it was almost public knowledge, along with the fact that there supposedly aren't any smoking guns hidden there.

[radek]

It goes right back to the first Arbcom, installed by The Glorious Wales Himself, specifically to "settle disputes". They ended up spending far more time backpedaling, prevaricating, wikilawyering, and covering each other's asses than they actually did "settling disputes". If you don't believe me, look at their first-ever "decision". And in those early days, they at least got to the point quickly.

Heh. Now there are 3RR requests that are longer than that.

Also interesting that this was a "Alternative Medicine" case. Seven years later...

[Bielle]

I don't have the eponymous 300 posts nor any friends here but I've known of the 300 club for quite some time. I always thought it was almost public knowledge, along with the fact that there supposedly aren't any smoking guns hidden there.

You do now have 300 posts.

[gomi]

I don't have the eponymous 300 posts nor any friends here but I've known of the 300 club for quite some time. I always thought it was almost public knowledge, along with the fact that there supposedly aren't any smoking guns hidden there.

You do now have 300 posts.

Merely having made 300 posts here on the Review has not for some time been sufficient for access to certain more restricted areas of the forum. One also must be trustworthy, loyal, helpful, friendly, courteous, kind, obedient, cheerful, thrifty, brave, clean, and reverent.

[powercorrupts]

I don't have the eponymous 300 posts nor any friends here but I've known of the 300 club for quite some time. I always thought it was almost public knowledge, along with the fact that there supposedly aren't any smoking guns hidden there.

You do now have 300 posts.

Merely having made 300 posts here on the Review has not for some time been sufficient for access to certain more restricted areas of the forum. One also must be trustworthy, loyal, helpful, friendly, courteous, kind, obedient, cheerful, thrifty, brave, clean, and reverent.

I wondered why I never got an invite to this 'exclusive club' Poetlister kindly pointed out to me via email ("I see you've not been invited"). Before then I must admit I'd never heard of it. It doesn't impress me though, so

[gomi]

I wondered why I never got an invite to this 'exclusive club' Poetlister kindly pointed out to me via email ("I see you've not been invited"). Before then I must admit I'd never heard of it. It doesn't impress me though, so

Yes, Poetlister is quite keen to get a peek in there, which was one of the proximate causes for the change in policy.

[powercorrupts]

I wondered why I never got an invite to this 'exclusive club' Poetlister kindly pointed out to me via email ("I see you've not been invited"). Before then I must admit I'd never heard of it. It doesn't impress me though, so

Yes, Poetlister is quite keen to get a peek in there, which was one of the proximate causes for the change in policy.

If I knew or thought more about it I'd have asked "how did you know?"! Pretty lax of me really - I was trying to suss him with various questions but managed to miss that one. There was a couple of emails in January though for some reason I gave him/her the benefit of the doubt and chatted as anyone would. Whatever anyone says, at that point I personally see what he did as the beginnings of genuine criminal behaviour, because he used that to try and get more personally 'involved' as another person, and it briefly worked. He became a lot less guarded though and tripped over himself pretty quickly - he sent me the picture of the girl a few months after to try and get back on track. I find it just amazing that people can excuse behaviour like that.

As for his accounts, do you have any idea who the 300 club one is? (presumably the older known ones by him are blocked). Actually - what is your policy on socking here? I can understand why most people are entitled to a WR account, as much as anything so you know who they are. But someone like PL is just never going to be able to stop himself from creating socks for one reason or other (which of course is why Abd is so ignorant on the matter).

[gomi]

Actually - what is your policy on socking here? I can understand why most people are entitled to a WR account, as much as anything so you know who they are.

Further discussion of this should probably go into WRR, but we strongly discourage multiple accounts, but we have very limited resources to actively prevent them. This is why we generally do not allow account creation from "free-mail" services like AOL, Yahoo, and Gmail. Multiple accounts do tend to be passively detected by the membership. We don't use the term "sock puppet" for our members, as a rule.

[It's the blimp, Frank]

Has there ever been a serious problem with multiple accounts here, other than PoetGuy?