Wikipedia talk:WikiProject on closed proxies/Archive 1
This is an archive of past discussions on Wikipedia:WikiProject on closed proxies. Do not edit the contents of this page. If you wish to start a new discussion or revive an old one, please do so on the current talk page. |
Archive 1 |
Good idea
I agree that this is a good idea, but wouldn't requiring any user coming from a tor exit node to have an account for editng achieve the same results (to allow anonmous edits from highly restrictive places whilst discouraging vandalism)? 71.87.112.153 (talk) 23:28, 8 April 2008 (UTC)
- Yes, but Tor nodes are usually blocked due to vandalism, but these proxies are not. Atyndall93 | talk 01:37, 15 May 2008 (UTC)
Closed proxies and IP block exemption
With the activation of IP block exemption, some discussion also went on about closed proxies. In brief the following points came up:
- A major difference between closed proxies and exemption is that a user gets exemption on one specific account, but if they have a proxy login, they can then edit from any accounts they wish. (Although not necessarily create accounts.)
- Socking and abuse reduction were considered as part of exemption, but aren't visibly taken into account in the proxy WikiProject. To limit socking, we can require that proxies be soft-blocked and forward an XFF header so access can be revoked if necessary.
- WikiProject proxies would have direct involvement of a proxy owner, more than most third party open proxies. So a recommended "pre-built" proxy setup might be possible that anyone with a server could use, or lessons learned could be adopted by all closed proxies, or if particular provisions were needed then these can be discussed and agreed.
WP:IPEXEMPT and its talk page cover the various concerns over socking, and reasonable provisions to reduce the scope for abuse of these powerful tools. A brief discussion with ST47 suggests some good ideas for the closed proxies of this wikiproject:
- Allow each specific user to log into the proxy from only their specified IP range(s). Reduces risk of proxy abue via chaining, ensures some degree of sock-reduction is possible.
- Include the source IP and proxy account ID within the XFF string, to allow checkuser identification of the logged in user account, in case of sock puppet abuse. This also allows checkusers to easily find all wikipedia accounts linked to a certain proxy account.
- Soft-block closed proxies to ensure they must be operated logged in (prevents the proxy IP being all over the wiki, or the same IP being shared by many users for posting. Allows users to edit if logged in.)
- Grant closed proxy access the same way that IP block exemption for anonymous proxy usage would be granted (no need to re-invent the wheel, this is intended to keep it simple yet reduce abuse of an admin level tool).
Last, is there any benefit from agreeing some kind of common code/norms for Wiki closed proxies... ie, some common features and some common operating norms?
FT2 (Talk | email) 22:14, 11 May 2008 (UTC)
- It would be possible, I think, to use mod_rewrite to prevent people from logging in using any account not linked to their proxy username (mod_rewrite can scan and intercept information from the proxy, and is used to block certain pages, e.g. register user). Policies can be implemented to check user's applying for use of the proxy for a history of vandalism, socks and other bad information, I did consider myself requesting a softblock from the proxy, I will check up on policy on that today. I do not have knowledge on how to foward XFF headers but if information was provided it could be implemented. In regards to the proxy owner's involement in the proxy, a tutorial on how to setup the proxy in the way required by the project can be found here. A system would have to be implemented (possibly a bot) that checks for any block messages/warnings periodically on the user's talk page/logs, watches to see if they use a account not allowed by the project and possibly revoking access if bad behaviour is detected. An IP range detection could be implemented, but this would require the user to disclose private information. Again, XFF headers could be implemented if I can work out how. Proxy access would be granted on a case-by-case nature, reviewing the cases just like IP exempt. I think the main advantage of using the closed proxies over IP exempt and Tor/other proxy would be the security (we are going to implement User to Proxy and Proxy to Wikipedia SSL) and speed (there wouldn't be many other user's using the proxy, this may change), thou I have a feeling I am still forgetting something. And about your last point, currently the common code for the proxies is a Windows/Linux/Unix server using Apache, mod_proxy, mod_ssl and mod_rewrite, *(outlined at here) this could be more specific. Atyndall93 | talk 02:51, 15 May 2008 (UTC)
- I haven't tried to verify this with a sniffer like WireShark yet, but the docs on mod_proxy_http claim that X-Forwarded-For headers are included when used in a reverse proxy configuration. Presumably including this module as well as mod_proxy should do this automatically.
- It appears from the list of headers in the mod_rewrite docs that we can create rewrite rules based on cookies supplied by the client. I'm a little rusty on the exact cookies that MediaWiki sends/receives, but I think that they include the user's account name. If we asked all proxy users to have their proxy username be the same as their Wikipedia username, then we could easily force all proxy users to use their given account.
- As for the account ID being included in the XFF headers, it looks like the mod_headers module could do this. From what I've read, it looks like we can take the user's account name and insert it into the XFF headers when we make the request.
- This is all speculation, though. I'll experiment with Apache later to make sure that this works properly. Shadow1 (talk) 16:29, 15 May 2008 (UTC)
Policy suggestions
I think we need to write a policy on how to handle vandals using the proxy, how proxies must be setup etc, I am proposing the following things:
- Proxies must be softblocked with account creation disabled or this must be implemented in proxy software.
- Proxies must use SSL on their end and connect to
https://secure.wikimedia.org/wikipedia/en/https://secure.wikimedia.org/wikipedia/en/wiki/ instead of http://en.wikipedia.org/ for security. Proxies must display the newly made {{closedproxy}} template message on their IP talk page, alerting admins not to block the IP address and that is is a closed proxy.Maybe not wise.- Proxies should implement some mechanism to stop user's from logging into more than one account, to prevent vandalism, socks etc.
- Proxies need to forward XFF headers with the IP address of actual user.
I also suggest, if possible, implementing:
- A central user/password database that all proxies update from regularly, possibly a password-protected file hosted on a separate server that is accessed via cron, allowing user's to use any proxy they wish if one server stops working.
- A gateway webpage (on a different site) that contains usage statistics on each individual proxy and directs people who access that page to the proxy currently experiencing the lowest usage.
Any other suggestions are welcome, I am also open to changes/suggestions. Atyndall93 | talk 12:57, 19 May 2008 (UTC)
- Such a major change requires the attention of broader community input. Either post this to another page or make an announcement at community portal. OhanaUnitedTalk page 16:43, 19 May 2008 (UTC)
- I don't quite follow you, I want the project to have policy on their proxies, not creating an official Wikipedia policy about all closed proxies. If its only the project's policy, do we require full community consensus? Atyndall93 | talk 23:32, 19 May 2008 (UTC)
- You might also want to note that the Chinese government does seem to be keeping an eye on the project. When I first set up a proxy and created accounts for users, testing confirmed that my IP address had suddenly become blacklisted in China (presumably because someone noticed the project and banned me). Placing the {{closedproxy}} template on closed proxies' pages may only serve to help the Chinese government keep better track of which servers they need to ban. Shadow1 (talk) 19:08, 19 May 2008 (UTC)
- Yes, I see your point, I've removed it from my proxy's page, are you fine with the other suggestions? Perhaps creating WP:WikiProject on closed proxies/Policy and putting ideas there. Atyndall93 | talk 23:32, 19 May 2008 (UTC)
- I'm fine with the other ideas (not that I'm the sole authority of this project). Especially with the XFF headers, the current setup already has the ability to perform a lot of these functions. Apache does update the XFF headers automatically, but the problem is that proxies downstream might not honor XFF.
- Meaning, users might be connecting through an open proxy to connect to the closed proxy. We would then report the open proxy to Wikipedia's servers as the user's real IP, and I don't think checkusers would be particularly happy about that. We definitely need a way to restrict users to particular address ranges, and we should also be actively scanning those ranges before granting access to ensure that there are no open proxies in the range.
- On the subject of the central database: it's definitely possible to have all the proxy servers update their authentication files from a central server (it's really as easy as a simple wget-based script), but we would still need to have a central server and a secure method of updating so that the users' information is not leaked in the process. cfengine is one solution that comes to mind. Shadow1 (talk) 12:37, 20 May 2008 (UTC)
- Yes, I see your point, I've removed it from my proxy's page, are you fine with the other suggestions? Perhaps creating WP:WikiProject on closed proxies/Policy and putting ideas there. Atyndall93 | talk 23:32, 19 May 2008 (UTC)
Unified login interfering with proxy login
On server no. 2 there is a problem with logging into Wikipedia. What happens is that you login (that works successfully) but as soon as you navigate to another page on Wikipedia the user information in the top right hand corner disappears. I think unified login has interfered with the proxy's ability to save cookies or something. Is there any way to fix? Atyndall93 | talk 23:15, 6 June 2008 (UTC)
- Yea it does break it somehow. I'll have to poke at it some. Q T C 14:13, 13 March 2009 (UTC)
Ubuntu
I am having difficulty with getting fedora on my machine. I was wondering if I could set up something using ubuntu instead. I have tried asking on the ubuntu forums, but the staff had locked it, pending a discussion with other staff members. Can we have instructions for ubuntu users? Cutno (talk) 06:51, 23 July 2009 (UTC)
Retire
Anybody object if we go ahead and mark this historical? Q T C 01:31, 5 January 2010 (UTC)
- Leave it as it is for now. Some users have to go "underground" and reduce activity on this page so that their proxy IPs won't be blocked by countries that censor internet or Wikipedia. OhanaUnitedTalk page 04:00, 5 January 2010 (UTC)
- All the info here is so out of date and hasn't been touched in over a year, so it'd be a large stretch to consider this active. It may be active elsewhere, but here as a WikiProject, it's deader then roadkill. Q T C 04:11, 5 January 2010 (UTC)
Revival
This project is currently proposed for revival [1], if any of the old members are still around, feel free to speak up. Phearson (talk) 05:00, 2 January 2011 (UTC)
- Support Ryttaren (talk) 13:09, 28 March 2011 (UTC)
Restructure Proposal
Since I don't really need permission, I would like to begin by proposing my changes to the project:
1. All current pages are to be archived
The reasoning behind this is because the project is out-of-date, and most of the pages contains useless information. Since I probably will not find anyone who will support deletion, all pages will be archived for historical purposes, and provide a historical insight into the legacy of why this project is here.
- Support Phearson (talk) 05:59, 6 January 2011 (UTC)
- Support, preferably with a statement of the project's current status, so that new-comers aren't greeted with a blank page. Ryttaren (talk) 13:08, 28 March 2011 (UTC)
2. SSH
Because of the need for privacy is significant, SSH has been proven to extremely effective in this field, supports across platforms, and should be utilized to its fullest potential for this project.
- Support Phearson (talk) 05:59, 6 January 2011 (UTC)
- Comment See 4. Security Precautions below. Ryttaren (talk) 14:18, 28 March 2011 (UTC)
3. Anti-abuse measures
Before any user can use our system, they must be Autoconfirmed users of the english wikipedia, be nominated by two Administrators, and be free of Sockpuppetry charges, bans, blocks, and editing restrictions.
*Comment Perhaps some sort of nomination system, for example, two admins must nominate a user? Phearson (talk) 05:59, 6 January 2011 (UTC)
- Support Phearson (talk) 20:01, 9 January 2011 (UTC)
- Comment That really defeats most of the purpose. Q T C 22:03, 3 March 2011 (UTC)
- Can you think of any alternatives? Phearson (talk) 22:36, 3 March 2011 (UTC)
- The criteria defined in eligible stipulate 3000 edits and 6 months' account age. Note that WP account status is all we realistically can verify. It is not, for instance, technically possible in general to "actively scan ... [ip addresses] to ensure that there are no open proxies in the range".
- I think we may assume that filtered, presumptive users already have means to partake in WP (perhaps through human proxies), albeit with difficulties. If they do not, I would suggest that their (lack of) knowledge of the project might prevent their interest in Wikipedia:WOCP in the first place.
- A reasonably efficient technique of preventing proxy abuse, partly already suggested here, would be to have the proxy link every user's proxy account with its corresponding WP account, and let the proxy automatically and compulsory log on to WP with this account, as well as maintaining this state for the duration of the proxy session. Should the user abuse, his (and only his) WP account can be blocked (with the additional benefit that he may be allowed access to his talk page) as per normal.
- Ryttaren (talk) 12:57, 28 March 2011 (UTC)
- Sounds technically difficult, and their passwords would need to be revealed. Phearson (talk) 14:06, 28 March 2011 (UTC)
- It's technically feasible. Yes, the WP password would need to be revealed, or a new WP account (with appropriate block flags) created, just as the proxy account would have to be created and communicated to the user in a secure fashion. Preferably, the two accounts would use the same name and password. Ryttaren (talk) 14:25, 28 March 2011 (UTC)
- Sounds technically difficult, and their passwords would need to be revealed. Phearson (talk) 14:06, 28 March 2011 (UTC)
- How should a new user accumulate 3,000 edits? I would appreciate your comment on this question. --Damian Yerrick (talk | stalk) 21:16, 24 June 2011 (UTC)
4. Security Precautions
The nature of Wikipedia:WOCP is such that its adversaries regularly use methods, technological as well as (in-) human, which often render simple solutions non-beneficial for its presumptive users. It may be that the project, while helping bypassing a technical barrier, in some cases makes the situation worse for some users (by means of governmental retaliation).
It's my opinion that we cannot assume that users are aware of the technical limitations of simple HTTP proxies. Hence, it would be prudent to clearly state that f.x. SSL only protects specific routes (i.e. not necessarily the user's local workstation, or the initial key/account exchange channel). At least as importantly, current techniques yield no level of plausible deniabliliy against even a mildly competent adversary (f.x. using content, end-point and/or bandwidth analysis). It's well within the moral capabilities of current adversaries to regard suspicious activity as harshly as proven criminal activity. And of course, an encryption scheme is useless if the keys are extracted (by one means or another).
Ryttaren (talk) 14:18, 28 March 2011 (UTC)
Leaflet for Wikiproject on Closed Proxies at Wikimania 2014
Hi all,
My name is Adi Khajuria and I am helping out with Wikimania 2014 in London.
One of our initiatives is to create leaflets to increase the discoverability of various wikimedia projects, and showcase the breadth of activity within wikimedia. Any kind of project can have a physical paper leaflet designed - for free - as a tool to help recruit new contributors. These leaflets will be printed at Wikimania 2014, and the designs can be re-used in the future at other events and locations.
This is particularly aimed at highlighting less discoverable but successful projects, e.g:
• Active Wikiprojects: Wikiproject Medicine, WikiProject Video Games, Wikiproject Film
• Tech projects/Tools, which may be looking for either users or developers.
• Less known major projects: Wikinews, Wikidata, Wikivoyage, etc.
• Wiki Loves Parliaments, Wiki Loves Monuments, Wiki Loves ____
• Wikimedia thematic organisations, Wikiwomen’s Collaborative, The Signpost
The deadline for submissions is 1st July 2014
For more information or to sign up for one for your project, go to:
Project leaflets
Adikhajuria (talk) 17:25, 27 June 2014 (UTC)
Comment on the WikiProject X proposal
Hello there! As you may already know, most WikiProjects here on Wikipedia struggle to stay active after they've been founded. I believe there is a lot of potential for WikiProjects to facilitate collaboration across subject areas, so I have submitted a grant proposal with the Wikimedia Foundation for the "WikiProject X" project. WikiProject X will study what makes WikiProjects succeed in retaining editors and then design a prototype WikiProject system that will recruit contributors to WikiProjects and help them run effectively. Please review the proposal here and leave feedback. If you have any questions, you can ask on the proposal page or leave a message on my talk page. Thank you for your time! (Also, sorry about the posting mistake earlier. If someone already moved my message to the talk page, feel free to remove this posting.) Harej (talk) 22:47, 1 October 2014 (UTC)
WikiProject X is live!
Hello everyone!
You may have received a message from me earlier asking you to comment on my WikiProject X proposal. The good news is that WikiProject X is now live! In our first phase, we are focusing on research. At this time, we are looking for people to share their experiences with WikiProjects: good, bad, or neutral. We are also looking for WikiProjects that may be interested in trying out new tools and layouts that will make participating easier and projects easier to maintain. If you or your WikiProject are interested, check us out! Note that this is an opt-in program; no WikiProject will be required to change anything against its wishes. Please let me know if you have any questions. Thank you!
Note: To receive additional notifications about WikiProject X on this talk page, please add this page to Wikipedia:WikiProject X/Newsletter. Otherwise, this will be the last notification sent about WikiProject X.
Harej (talk) 16:56, 14 January 2015 (UTC)
This is an archive of past discussions on Wikipedia:WikiProject on closed proxies. Do not edit the contents of this page. If you wish to start a new discussion or revive an old one, please do so on the current talk page. |
Archive 1 |