User:Tom (LT)/sandbox/WikiProject on open proxies interview
Hello to all! It turns out that the best way to get something to happen in the Signpost is just like everywhere else on Wikipedia: to do it. So, after missing this report for the better part of a few years, I have decided to take a stab at running some interviews over this year and see how it goes.
I have always enjoyed reading Wikiproject interviews because it exposes the atmosphere that keeps me on this website. Editors interested or a passionate in a broad or niche area contribute together, with a WikiProject often forming the nexus of this collaboration. These editors aren't always the most vocal, and they aren't always the ones running RfCs or in Arbcom, and might not be running for administratorship; instead they are often part of the thousands or tens of thousands of us editing content in the background, and I find these interviews fascinating insights into different topic areas and the motivations behind the editors in those areas.
So, for my first interview, I have selected WikiProject on open proxies. The atypical title first drew me to this project, as did the fact it hadn't been interviewed, and my interest only grew from there when I saw its unique structure (as a noticeboard). So - what is an open proxy? And why have a WikiProject about one? These and many more questions are hopefully answered below:
- What is Wikipedia:WikiProject on open proxies?
- MarioGom: A project to enforce Wikipedia:Open proxies. That is, blocking proxies on Wikipedia.
- zzuuzz: I'd describe it as part of a loose collaboration of users who aim to identify or confirm open proxies, and usually block them from editing. Requests are made by a wide range of editors, admins, and checkusers who deal with vandalism, spam, and sockpuppetry problems. At the core of the project is the task of confirming whether an IP address is an open proxy or not, so it also seeks to help unblock IP addresses which have been blocked as open proxies but are no longer open proxies. It can additionally provide other technical and diagnostic information, for example opinions about IP block lengths or collateral damage. Also, being an open proxy is not always a straightforward issue - a response might sometimes identify a public wifi, or a private server, or a commercial filtering service, which can be complicated areas in terms of both policy and potential abuse. Sometimes this information may be simply relayed to the person making the request so they or anyone else can make up their own mind.
- GN: Depends who you ask. Mario and zzuuzz hit most of what I'd say - we're a loose group of people who work together to help enforce our policy on open proxies and to provide technical knowledge about open proxies to other editors.
- SQL: The replies above cover it very well.
- Blablubbs: I concur with the above.
- ...
- It's interesting that you are a combined noticeboard and WikiProject. What do you see as the benefits (or downsides) or formatting yourselves as a a WikiProject?
- MarioGom: I am relatively new to the WikiProject, and I am unaware of the original rationale. I think working as a noticeboard is well aligned with the work we do (similar to WikiProject Spam). A WikiProject, which is somewhat informal, allows for some flexibility that is probably needed in an area where a small number of users is involved.
- zzuuzz: WP:OP was initially part of a now defunct cross-wiki project. While other 'chapters' have gradually become deprecated, the enwiki chapter has carried on in roughly the same format over the years. A rename has occasionally been mooted, but usually lacking any great alternatives or enthusiasm. I think the project label is not really a bad fit, as there is a membership of sorts - the list of users who can verify open proxies. Apart from this list, membership is highly informal. The noticeboard format is suitable for the task in hand, which is to process reports. On the downside, I would say a singular focus on reports may not be best suited for strategic or in-depth discussions.
- GN: It's been like this since before I joined, and for the primary task (handling reports) it works well enough that I haven't really seen a need to reconsider the setup. On the rare occasion that I've been around and we've needed to have bigger discussions, the talk page has worked well enough.
- SQL: It's been that way for as long as I can remember. At one point I was looking at rolling it into IPCheck, and using the resulting data to help train a Machine Learning algorithm.
- Blablubbs: Our primary function arguably is as a noticeboard, but I don't think the name really matters. The current format gets the job done well.
- ...
- What motivated you to become a member of WikiProject on open proxies?
- MarioGom: I am involved in tracking and reporting undisclosed paid editing and other types of abuse. Through this work, especially on sockpuppet investigations, I learnt that a very high proportion of abusive users (spammers, harassers, vandals) routinely use VPN or proxy services. This facilitates block evasion and obstructs the work of CheckUsers. I noticed that VPN services often got their servers blocked individually. I thought this was somewhat pointless because if a single VPN server is blocked, the user can jump in a couple of clicks to any other servers offered by that same VPN service. I started participating on WPOP to report full VPN and proxy services at once. If I see abuse from an IP that belongs to a VPN service, instead of reporting that single IP, I report every IP for that service, effectively blocking the full service.
- zzuuzz: Open proxies have always been responsible for a disproportionate amount of spam, vandalism, and other disruption, so I generally support blocking a lot of them. At the time I joined in 2007 there was a very messy approach to blocking open proxies, with large numbers of suspected proxies usually being blocked indefinitely and remaining blocked, sometimes on the weakest of evidence. I joined the project as I figured I could use my technical skills and experience to help bring some sense to the proxy-blocking process.
- GN: I joined because WPOP looked fairly understaffed and I already had a good amount of the requisite technical knowledge. I also have come across several open proxies during my work as an SPI clerk.
- SQL: I joined to help cut down on UPE.
- Blablubbs: I don't recall what exactly triggered my interest in proxies – I had my fair share of encounters with them, both through UPE-related tasks and other anti-abuse work, and at some point I became interested in verifying them myself, started asking around and learning by doing, and it all sort of went from there.
- ...
- What do you see as some of the biggest achievements of WikiProject on open proxies, and are there any contributions you are particularly proud of?
- MarioGom: Making abuse a little bit harder. I am particularly fond of some tools I created to automatically list all unblocked IPs from VPN services, which are now my primary tool to create WPOP reports. This has led to some VPN services that were often used for abuse being fully blocked. That being said, WPOP and its participants are not the only ones tackling this problem. There are several bots for automated blocking, such as User:ST47ProxyBot on English Wikipedia. There is also a bot used to list IP ranges of certain big hosting providers that are often used by VPNs and proxies (see User:AntiCompositeBot/ASNBlock), as well as very dedicated stewards who do their part on meta (User:Jon Kolbert).
- zzuuzz: It's difficult to separate the achievements of the WikiProject from other achievements made by the blocking policy, the open proxies policy, and the community in general. However, in line with the advances made elsewhere I would say the projects greatest success has been supporting the transition to dealing with open proxies fairly, proportionately, and accurately.
- GN: In my opinion, our biggest achievement is just cutting down on abuse - there are several long-term abuse cases who are known to use proxies, and blocking those makes their lives harder.
- Blablubbs: It's hard to quantify the impact we have in exact terms – I don't know how many logged-in users are on any given VPN range or proxy IP we find, and what they're actually doing on those proxies. What I do know is that while we'll never be able to block every proxy in the world, our work here at the very least forces people to spend a lot more time looking for unblocked ones, and that makes it worthwhile. In recent months, we've been able to knock out a very large number of VPN providers and webhost ranges (mostly thanks to MarioGom's ceaseless efforts) and discovered and integrated new tools and discovery methods (shoutout to the fine folks at spur!). I'm proud of that progress.
- ...
- What does an average day at WikiProject on open proxies look like? What roles and tasks do you associate with your WikiProject, and how do you go about fulfilling them?
- MarioGom: Overall, a report of comes in, a verified user confirms the report and adds additional information and an admin blocks IPs or ranges if appropriate. I am primarily involved in reports. I spend about half of my time in the project coding tools to find blockable IPs, and the other half on manual review of these results and preparing reports in a way that (hopefully) saves some time from verified users and admins.
- zzuuzz: On a typical day, reports will come in to the noticeboard listing IP addresses used by vandals, spammers, block-evaders, and other undesirables. There may be observations from various people about the evidence and other connected data. Usually a verified user will then confirm whether the IPs are open proxies or not, along with any appropriate blocks, and a passing admin will take any appropriate action.
- GN: My main role has just been working off the backlog. Someone reports an IP, I use various tools to determine whether that IP is an open proxy (or something else blockable, like a VPS), and then figure out what kind of action to take (hardblocks vs softblock, for example, or whether I need to block an IP range). Even if a proxy checker has signed off on the block, I always do spot checks before hitting the block button, just to be certain.
- SQL: Reports come in, a verified user looks it over, and makes a recommendation, and an admin acts on it. Often times, I'll add the appropriate filters to ASNBlock.
- Blablubbs: I'm usually alerted to new reports by a bot ping on IRC and tackle them once I find time – in the majority of actionable cases, the reports will be for single VPN IPs, since ST47ProxyBot does an excellent job at finding and blocking open proxies. After confirming any given individual IP, I'll go for deep dives into ranges and providers using SQL's excellent isprangefinder tool, branch out from there, and then recommend administrative action. Aside from this, I do behind the scenes work, running checks on IPs that people send to me privately and often bouncing thoughts back and forth with MarioGom; together, we also maintain a list of common VPN fingerprints that enables us to attribute IPs to specific proxy providers.
- ...
- What are WikiProject on open proxies's most pressing needs, and how can a new contributor help?
- MarioGom: We could use more help from: (1) Users with advanced networking skills willing to help in VPN and proxy discovery and verification. Discovery is about finding the IPs in the first place, and verification is about technical methods to make sure that a reported IP is a proxy. (2) Admins that can help processing reports. Or stewards who can bridge these efforts to meta. (3) The WMF could help with further automation and data. We could also use better coordination with Meta and other Wikimedia projects.
- zzuuzz: The project can always use people with the technical skills and experience to identify and confirm open proxies.
- GN: More folks with technical expertise, more people with new ideas (we have a status quo, and it works, but it's entirely possible that we're stuck doing things a particular inefficient way and we don't see a simpler way to do things), and I wouldn't mind if the WMF actually tried to help instead of making our job harder.
- SQL: More technically inclined people. Maybe a better format than the current noticeboard format.
- Blablubbs: I concur with what others have said – more technical expertise, admin help and WMF assistance would definitely be an asset. I'll also add that this project depends on people making reports; while spotting potential proxy use can be hard for people who aren't technically inclined, there are some telltale signs (an IP editor hopping from country to country, weird WHOIS outputs that point to something not being a normal residential ISP etc.), and people reporting such IPs are a huge asset to the project. I'd rather decline more checks than miss more proxies. It's easier than it looks, and I'm happy to provide advice to anyone who is interested in contributing in one way or another.
- ...
- Anything else you'd like to add?
- MarioGom: Thanks to all editors, admins and stewards who contribute to this area.
- zzuuzz: In the intro you asked what an open proxy is, and it's a good question. Put simply, an open proxy is an IP address that anyone can use to edit Wikipedia. They can be used for many things in fact, but the key purpose of using an open proxy is to obscure the real origins of an action. This might be in order to improve privacy for the end user, or to evade sanctions. I suppose many users these days might better recognise the term virtual private network (VPN service), some of which operate on the same principles and fall under the same Wikipedia policy. These networks can be used to evade geolocation restrictions or other censorship, sometimes legally and/or ethically, and sometimes not. Wikipedia has a long standing policy of blocking lots of open proxies from editing. There is no explicit prohibition against open proxies, and flags such as block exemption can enable editing from blocked addresses, however we do block an enormous number of them because they are responsible for an enormous amount of abuse.
- GN: My thanks to everyone who contributes to WPOP, but I specifically want to call out User:MarioGom and User:Blablubbs - the two of them have discovered/written several tools over the past year or so that make proxy-checking a whole lot easier.
- SQL: Seconding what GN said above. In specific, Blablubbs and MarioGom have been a huge help lately.
- Blablubbs: Thanks for all the shoutouts, and thanks to anyone who helps out with reports, checks, and food for thought. I'll specifically call out Malcolmxl5, who has been a huge help in knocking out the administrative backlog lately.
- One thing that has changed is the advent of CGNAT with several ISPs using it (commonly in mobile environments) - functionally it can be similar to an open proxy in editing pattern and yet users don't have a choice to use CGNAT if their ISP provides it. Consideration to how to address it will be required (or IPV6 for everyone!) -- Tawker (talk) 15:42, 25 June 2021 (UTC)
- ...
Thanks to everyone who answered these questions, and also to you, the reader. Please contribute some ideas for WikiProjects to review or any feedback in the comments below, or on my talk page. Tom (LT) (talk) 22:48, 29 May 2021 (UTC)
- Why are we asking volunteers for technical expertise to a strongly identified problem, when there is a foundation dedicated to spending 100 million dollars on this sort of thing? - Bri.public (talk) 17:43, 4 June 2021 (UTC)
- Bri: I'm not sure this should be material for the Signpost article about WP:WPOP (maybe it will be appropriate for the comments once published?), but the upcoming IP masking will render WP:WPOP obsolete. That is ok, but that also means that the WMF will need to assume tasks and responsibilities that are currently done by the community. My opinion is that independently of IP masking, the WMF should have a dedicated anti-abuse team. MarioGom (talk) 09:55, 6 June 2021 (UTC)
- I think it's fair to say there's still some confusion about both the proposed extent of IP masking, and the nature and quality of proposed proxy checks. It's also important to note that most proxy blocking is already done outside of this WikiProject. No automated check claims, or should claim, to be 100% effective. One proxy checking tool which is used regularly provides about 15 different pieces of information, at least some of which are usually contradictory, to help the checker make up their own mind. Even the Torblock extension, which has been used in production for over a decade and uses a list of IP addresses supplied directly from the Tor project, can't pick up all Tor proxies. Where this project has most value is in these edge cases. I've said many times that human skills and judgment are essential to proper proxy identification. Would the community want someone in employ of the WMF to decide whether an IP should be blocked or not? I'm not sure that would go down well. -- zzuuzz (talk) 11:39, 6 June 2021 (UTC)
- I think the WMF can help us significantly from a technical perspective. For example, a small amount of ASNs account for high number of VPN servers. These are mostly blocked in enwiki, but global blocks are not so comprehensive. There is also the problem of residential proxies, where long blocks are useless (and even harmful), but it is theoretically possible to build an autoblock system that minimizes collateral damage, and that system would require access to a good deal of backend data. The WMF can also provide better and more accurate data and tools to admins and CheckUsers. MarioGom (talk) 11:51, 6 June 2021 (UTC)
- I think it's fair to say there's still some confusion about both the proposed extent of IP masking, and the nature and quality of proposed proxy checks. It's also important to note that most proxy blocking is already done outside of this WikiProject. No automated check claims, or should claim, to be 100% effective. One proxy checking tool which is used regularly provides about 15 different pieces of information, at least some of which are usually contradictory, to help the checker make up their own mind. Even the Torblock extension, which has been used in production for over a decade and uses a list of IP addresses supplied directly from the Tor project, can't pick up all Tor proxies. Where this project has most value is in these edge cases. I've said many times that human skills and judgment are essential to proper proxy identification. Would the community want someone in employ of the WMF to decide whether an IP should be blocked or not? I'm not sure that would go down well. -- zzuuzz (talk) 11:39, 6 June 2021 (UTC)
- Bri: I'm not sure this should be material for the Signpost article about WP:WPOP (maybe it will be appropriate for the comments once published?), but the upcoming IP masking will render WP:WPOP obsolete. That is ok, but that also means that the WMF will need to assume tasks and responsibilities that are currently done by the community. My opinion is that independently of IP masking, the WMF should have a dedicated anti-abuse team. MarioGom (talk) 09:55, 6 June 2021 (UTC)