Return to Video

greenstadt: What is the value of anonymous communication?

  • 2:01 - 2:04
    Rachel Greenstadt:
    pressure on or from ISPs
  • 2:04 - 2:07
    would make it difficult or impossible
    to run an exit relay
  • 2:07 - 2:12
    however the third point is the one that
    I'm gonna mostly be talking about today:
  • 2:12 - 2:15
    Tor is not very useful if you can't
    actually use it to get anywhere
  • 2:15 - 2:18
    and there is an increasing number of
    prominent sites on the internet
  • 2:18 - 2:21
    that are restricting what you
    can do through Tor
  • 2:21 - 2:24
    and in some cases Tor is outright blocked
  • 2:24 - 2:29
    and in other cases you're slowed down
    by CAPTCHAs and other ways
  • 2:29 - 2:34
    to sort of make it annoying to visit
  • 2:34 - 2:36
    so a brief overview of my talk
  • 2:36 - 2:38
    I'm gonna give a little bit of
    background on Tor
  • 2:38 - 2:42
    and discuss how it's being blocked by
    internet services today
  • 2:42 - 2:44
    then I'm gonna talk about Wikipedia
  • 2:44 - 2:48
    which is a service or a website,
    you may have heard of it
  • 2:48 - 2:51
    laughing
  • 2:51 - 2:54
    that makes it difficult to edit
    through Tor
  • 2:54 - 2:55
    and I'm gonna talk about their
    relationship
  • 2:55 - 2:57
    and then I'm gonna discuss some of the
    findings that we have
  • 2:57 - 3:03
    from our interview-study of Tor users
    and Wikipedians.
  • 3:03 - 3:05
    So here is some examples of some things
    that you might see
  • 3:05 - 3:08
    when you are browsing with Tor these days.
  • 3:08 - 3:13
    Now, it's worth pointing out that a lot of
    these are not individual sites
  • 3:13 - 3:16
    but rather content distribution networks,
    like Cloudflare and Akamai
  • 3:16 - 3:20
    or they're hosting providers like Bluehost
    or anti-spam-block-plugins
  • 3:20 - 3:26
    that sort of affects a huge, sort of swath
    of sites on the internet, not just one.
  • 3:26 - 3:27
    There are some individual sites
  • 3:27 - 3:31
    say like Yelp, that provide their
    own blocking
  • 3:31 - 3:35
    but they tend to be somewhat
    important sites
  • 3:35 - 3:37
    So before I go any further
  • 3:37 - 3:40
    I should probably disclose that I'm not
    exactly a neutral party here
  • 3:40 - 3:42
    I'm married to Roger Dingledine
  • 3:42 - 3:45
    who is one of the founders
    of the Tor project
  • 3:45 - 3:48
    This work is part of a recent experiment
    of mine, doing research related to Tor
  • 3:48 - 3:50
    while remaining happily married
  • 3:50 - 3:53
    so far so good!
  • 3:53 - 3:57
    furthermore, this work uses qualitative
    ethnographic methods
  • 3:57 - 4:01
    which is a bit of a departure from the
    machine learning work that I usually do
  • 4:01 - 4:05
    mitigating both of these factor is my
    wonderful co-author, Andrea Forte
  • 4:05 - 4:07
    who is trained in ethnographic methods
  • 4:07 - 4:10
    and conducted all of the interview that
    I'm going to talk to you about
  • 4:13 - 4:18
    So, when I was talking to Roger about this
    talk, he said
  • 4:18 - 4:20
    most people at CCC will have heard of Tor
    by now
  • 4:20 - 4:22
    I think that's probably true,
    and they'll be aware that
  • 4:22 - 4:26
    and they'll be aware that it hides something
    about you when you're browsing the Internet
  • 4:26 - 4:32
    but, they might be a bit fuzzy on some of
    the details, so: very quick recap
  • 4:32 - 4:36
    When Alice starts up Tor, her client
    starts by fetching a list of relays
  • 4:36 - 4:37
    from the directory server.
  • 4:37 - 4:44
    Then, the Tor client is gonna pick a
    three-hop path to the destination server.
  • 4:44 - 4:47
    Hop 1 is gonna know who you are
    but not where you're going.
  • 4:47 - 4:50
    Then Hop 3 knows where you're going
    but not who you are.
  • 4:50 - 4:52
    Now there is a link encrypted
    from you to hop 3,
  • 4:52 - 4:55
    and then hop 3,
    which is the exit relay,
  • 4:55 - 4:58
    actually delivers your
    request to a website.
  • 4:58 - 5:02
    Now this part is not encrypted by Tor
    and as far as the website is concerned,
  • 5:02 - 5:07
    it is actually delivering a request from
    the user at the exit relay
  • 5:07 - 5:12
    usually when Tor users receive the
    blocking screens that I've showed earlier
  • 5:12 - 5:15
    it's because the website is blocking
    the exit relay's IP address
  • 5:15 - 5:18
    so this can happen either because the site
    is deliberately blocking tor
  • 5:18 - 5:23
    by downloading the directory and blocking
    all of the Tor exit IP's
  • 5:23 - 5:25
    or because someone did something
    unpleasant
  • 5:25 - 5:27
    through that exit relay in the past
  • 5:27 - 5:30
    and it was put on a blocklist incidentally
  • 5:33 - 5:35
    So there's been some research on this
    phenomenon
  • 5:35 - 5:40
    and here's some cutting-edge research that
    hasn't actually even been presented yet
  • 5:40 - 5:44
    it's going to be published in the NDSS
    conference in February
  • 5:44 - 5:46
    by the people up here
  • 5:46 - 5:50
    and it's looking sort of quantitatively
    about how prevalent
  • 5:50 - 5:52
    this blocking problem is.
  • 5:52 - 6:00
    We found that of the top 1000 Alexa
    sites, 3.5% of them were actually blocked
  • 6:00 - 6:02
    for Tor users.
  • 6:02 - 6:07
    You can see on this list on the right:
    most of the blocking is due to
  • 6:07 - 6:11
    aggregate blockers like these hosting
    companies and CDNs
  • 6:11 - 6:14
    it's also the case that most of the sites
  • 6:14 - 6:17
    didn't actually
    block 100% of the exit nodes
  • 6:17 - 6:20
    But the bigger the exit is bandwidth wise
  • 6:20 - 6:22
    thus the higher probability to be
    exiting from it
  • 6:22 - 6:24
    the more likely it was to be blocked
  • 6:24 - 6:29
    so this graph shows of 2000 block sites
    from Ooni data
  • 6:29 - 6:32
    given the exit node and how probable
    it was
  • 6:32 - 6:34
    that that exit node would be blocked.
  • 6:36 - 6:39
    So one website that blocks Tor users
    is Wikipedia
  • 6:39 - 6:42
    Now Wikipedia doesn't actually Tor users
    from reading Wikipedia
  • 6:42 - 6:46
    which is very useful because it's a
    resource that's important
  • 6:46 - 6:49
    for lots of people to be able to reach,
    sometimes anonymously
  • 6:49 - 6:51
    but it does prevent them from editing.
  • 6:51 - 6:53
    That's true even if they're logged in.
  • 6:53 - 6:57
    So according to Wikipedia,
    Wikipedia is a free access,
  • 6:57 - 7:00
    free content Internet encyclopedia
    supported and hosted by the
  • 7:00 - 7:03
    non-profit Wikimedia Foundation
  • 7:03 - 7:06
    Those who can access this site can
    edit most of its articles
  • 7:06 - 7:08
    and Wikipedia is ranked among the ten most
    popular websites
  • 7:08 - 7:13
    and constitutes the Internet's largest and
    most popular general reference work
  • 7:13 - 7:19
    So right now, y'know, from our vantage
    point eight years...
  • 7:19 - 7:23
    since this quote in 2007
    in probably about...
  • 7:23 - 7:28
    I'm not actually sure when Wikipedia was
    founded, but some years after
  • 7:28 - 7:32
    it's hard to realize what a radical idea
    Wikipedia once was
  • 7:32 - 7:36
    this encyclopedia that can be edited by,
    well, almost anyone
  • 7:36 - 7:38
    in 2007 the New York Times said:
  • 7:38 - 7:41
    "The problem with WIkipedia is that it
    only works in practice.
  • 7:41 - 7:44
    In theory, it can never work."
  • 7:46 - 7:49
    There's some sort of miracle,
    that Wikipedia manages to be
  • 7:49 - 7:52
    the resource it is, and it's the sort of
    thing that researchers
  • 7:52 - 7:54
    and economists have tried to explain
  • 7:54 - 7:56
    and they've tried to explain it in the
    same way they explain
  • 7:56 - 7:58
    the Linux kernel
  • 8:02 - 8:05
    this thing happens and nobody quite knows
    why
  • 8:05 - 8:09
    and it makes Wikipedians today a little
    nervous about and conservative perhaps
  • 8:09 - 8:14
    about anything that could rock the boat,
    affect the quality of the encyclopedia
  • 8:15 - 8:18
    but the fact is that Wikipedia needs its
    contributors to continue to
  • 8:18 - 8:21
    update, expand and improve the resource
  • 8:21 - 8:27
    Wikipedia contributions peaked in 2007 and
    have been in a slow and steady decline
  • 8:27 - 8:33
    so this graph above shows the number of
    active registered editors
  • 8:33 - 8:37
    who've edited more than 5 edits per month
    as plotted over time
  • 8:37 - 8:41
    and you can see this peak that happens
    in 2007
  • 8:42 - 8:45
    the reasons behind this decline are
    actually an active area of research
  • 8:45 - 8:51
    in their area of concern for the
    Wikimedia foundation and so on
  • 8:51 - 8:55
    the upshot of it is that Wikipedia can't
    exactly afford to
  • 8:55 - 8:57
    just throw away good editors.
  • 8:58 - 9:00
    Aside from the general decline in
    participation
  • 9:00 - 9:04
    there's Wikipedia's sort of demographic
    imbalance
  • 9:04 - 9:06
    Wikipedia editors are 84-91% male
  • 9:06 - 9:09
    depending on how you count
  • 9:09 - 9:11
    and there is also a lot of
    under-representation
  • 9:11 - 9:13
    from global south countries
  • 9:13 - 9:16
    and there's been a little bit of research
    to show how this affects the quality
  • 9:16 - 9:18
    of the encyclopedia.
  • 9:18 - 9:20
    There's a group of researchers from the
    ?Groveland's? group at
  • 9:20 - 9:24
    the university of Minnesota
    and they were interested in this question
  • 9:24 - 9:29
    they had access to a database of movie-
    ratings and the gender of the raters
  • 9:29 - 9:32
    so they compared the length of articles
    about movies that were
  • 9:32 - 9:36
    disproportionately rated by men or women
    while controlling for the popularity
  • 9:36 - 9:38
    and the rating of the movie
  • 9:38 - 9:41
    and in this case they showed that
    male-skewing movies
  • 9:41 - 9:45
    had articles that were much longer than
    articles about female-skewing movies
  • 9:45 - 9:50
    independent of these popularity and
    rating effects.
  • 9:50 - 9:54
    Now, maybe articles about movies, it's
    kind of a trivial thing,
  • 9:54 - 10:00
    but it kind of shows you that the editor
    population affects article categories
  • 10:00 - 10:04
    that might be harder to measure
    in such a rigorous way.
  • 10:04 - 10:08
    it made us wonder how the absence of
    Tor user editors
  • 10:08 - 10:10
    affects the quality of the encyclopedia
  • 10:10 - 10:13
    and if there's a similar skew that you
    might be able to see.
  • 10:17 - 10:20
    To help understand and answer this
    question, it's worth asking
  • 10:20 - 10:23
    what a Wikipedian would
    get out of using Tor.
  • 10:23 - 10:26
    This question is actually one that has
    people kind of confused because
  • 10:26 - 10:32
    a lot of people see Tor as a tool that you
    use to hide who you are to a website
  • 10:33 - 10:35
    and basically no one at Wikipedia is at
    all interested
  • 10:35 - 10:39
    in letting Tor users Wikipedia without
    logging in at all.
  • 10:39 - 10:42
    However Tor provides some benefits to
    users, even when they're logged in
  • 10:42 - 10:45
    and thus not hiding from Wikipedia.
  • 10:45 - 10:49
    In particular it protects against certain
    surveillance by your local ISP
  • 10:49 - 10:54
    or administrative domain, and it can also
    protect against government surveillance.
  • 10:54 - 10:57
    Furthermore it prevents your IP-address
    from being stored
  • 10:57 - 11:02
    in the Wikipedia database of user IPs that
    can be accessed by administrators
  • 11:02 - 11:04
    and attackers.
  • 11:04 - 11:09
    We've all seen plenty of cases where
    attackers get access
  • 11:09 - 11:11
    to databases they're not supposed to.
  • 11:12 - 11:18
    Another property that is probably more
    easy to think about is reachability.
  • 11:18 - 11:22
    Internet connections could be censored,
    and Tor might be the only method of
  • 11:22 - 11:25
    actually accessing Wikipedia.
  • 11:25 - 11:28
    And lastly a lot of Tor users use Tor for
    all of their Internet use
  • 11:28 - 11:33
    as a mechanism to diversify the user base
    and provide cover for and solidarity with
  • 11:33 - 11:37
    users that might need Tor for a
    different purpose.
  • 11:39 - 11:45
    So participation in Internet projects and
    open source projects can be dangerous.
  • 11:45 - 11:48
    Consider the case of Bassel Khartabil
  • 11:48 - 11:50
    who's a well-known Wikipedia editor,
    open source software developer
  • 11:50 - 11:53
    and the founder of Creative Commons Syria.
  • 11:53 - 11:59
    He was jailed for three years and he's now
    disappeared, a lot of people think he's dead
  • 11:59 - 12:02
    he's very well known for having founded
    the New Palmyra project
  • 12:02 - 12:07
    which uses satellite and high-resolution
    imagery to create open 3d models
  • 12:07 - 12:08
    of ancient structures.
  • 12:08 - 12:12
    Now these structures were raided by Daesh,
    sometimes called ISIS, some time in 2015
  • 12:12 - 12:17
    and so this work that he's done is our
    best record of these structures
  • 12:17 - 12:19
    that now exist.
  • 12:21 - 12:26
    In another case, Jimmy Wales announced in
    2015 that the Wikipedian of the year could
  • 12:26 - 12:32
    not be revealed publicly, because to do so
    would actually put the person in danger.
  • 12:32 - 12:35
    So, the Wikimedia foundation is also
    aware that there are some cases
  • 12:35 - 12:39
    where editors need privacy.
  • 12:39 - 12:43
    So then, with all these risks, that
    Wikipedians face, and the benefits
  • 12:43 - 12:46
    that Tor can provide,
    why would it be blocked?
  • 12:46 - 12:49
    Well, it comes down to abuse.
  • 12:49 - 12:52
    The problem of jerks is a real problem
    on the Internet.
  • 12:52 - 12:55
    Though the research is somewhat ambiguous
    as to the degree at which it's actually
  • 12:55 - 12:57
    made worse by anonymity,
  • 12:57 - 13:02
    there's this very popular theory on the
    Internet that if you take a normal person
  • 13:02 - 13:07
    and anonymity and an audience,
    they become a total dickwad.
  • 13:07 - 13:11
    Nonetheless, managing abuse is actually
    somewhat harder
  • 13:11 - 13:14
    with anonymous participants, and there's
    certainly this perception that
  • 13:14 - 13:19
    anonymity can make people more
    susceptible to abusive behavior.
  • 13:22 - 13:25
    Fortunately the cryptographic
    research community has studied
  • 13:25 - 13:28
    how to reconcile anonymity and
    blacklisting of users
  • 13:28 - 13:31
    and has found some pretty promising
    solutions.
  • 13:31 - 13:36
    The first, which I'll discuss briefly here
    is Apu Kapadia's Nymble design.
  • 13:36 - 13:40
    There have been many variants of this,
    including Nymbler, ?Jackbenable?, Jack,
  • 13:40 - 13:42
    you get the idea.
  • 13:42 - 13:47
    Basically when Alice wants to contribute
    anonymously to a website or a project
  • 13:47 - 13:50
    she uses a pseudonym server to get
    a pseudonym.
  • 13:50 - 13:54
    Then she gives that 'nym to a
    nym-manager
  • 13:54 - 13:56
    and that nym-manager
    gives her a ticket.
  • 13:56 - 13:59
    That ticket is then used to connect to the
    site she wants to participate on,
  • 13:59 - 14:03
    so it's another way to sort of distribute
    the trust.
  • 14:03 - 14:07
    But our Alice is a jerk, so
    she vandalizes the website.
  • 14:07 - 14:11
    The website then complains to the Nymble
    manager which will then send the server
  • 14:11 - 14:14
    a token that can be used to link that user
    in the future.
  • 14:14 - 14:17
    The server then adds the user to a
    blacklist.
  • 14:19 - 14:22
    So basically the way that this works is
    that everything the user has done
  • 14:22 - 14:25
    before the complaint still remains
    anonymous forever,
  • 14:25 - 14:28
    but everything that they do in the future
    is linkable
  • 14:28 - 14:31
    and thus it remains easier to block them.
  • 14:32 - 14:37
    There has basically been no adoption of
    this kind of protocol,
  • 14:37 - 14:40
    despite a lot of iterations in the
    literature.
  • 14:40 - 14:43
    There are some reasons for this:
  • 14:43 - 14:45
    many of the variants have no
    implementation, and those that do
  • 14:45 - 14:48
    it's research code and as the author
    of some research code...
  • 14:48 - 14:51
    I can tell you that there would be
    significant work involved in
  • 14:51 - 14:53
    actually adopting these measures.
  • 14:53 - 14:56
    And there is a price to be paid. You have
    pick between either having
  • 14:56 - 15:00
    a semi-trusted third party, degraded
    notions of privacy,
  • 15:00 - 15:03
    so basically pseudonymity
    rather than anonymity,
  • 15:03 - 15:05
    or high computational overhead
  • 15:05 - 15:08
    because zero-knowledge proofs are
    still kind of expensive.
  • 15:08 - 15:12
    But it could well be done, and it's not
    like you need all of these things,
  • 15:12 - 15:13
    you only need one,
  • 15:13 - 15:18
    but ultimately it isn't being done, and I
    think this is because most sites
  • 15:18 - 15:23
    don't really care. They believe that the
    number of non-jerks might not be zero,
  • 15:23 - 15:28
    but it's approximately zero,
    and it's just not worth the bother.
  • 15:30 - 15:34
    So we're interested in measuring this
    value of anonymous participation
  • 15:34 - 15:38
    to sort of provide motivation for sites to
    actually try and solve these problems.
  • 15:38 - 15:42
    It's not a terribly easy thing to do,
    because Tor is blocked so often
  • 15:42 - 15:45
    we're actually trying to measure
    participation that doesn't happen,
  • 15:45 - 15:47
    that might happen under
    alternate circumstances.
  • 15:47 - 15:51
    To ask this question we turned to
    qualitative methods, which is
  • 15:51 - 15:53
    basically an interview study.
  • 15:53 - 15:56
    We talked to Tor users who participate in
    open collaboration, and we talked to
  • 15:56 - 15:59
    Wikipedia editors about their privacy
    concerns.
  • 16:02 - 16:04
    So we have two basic research questions:
  • 16:04 - 16:06
    first, what kind of threats do
    contributors
  • 16:06 - 16:10
    to open collaboration projects perceive,
    and second:
  • 16:10 - 16:14
    how do people who contribute to open
    collaboration projects manage the risk?
  • 16:14 - 16:17
    The goal here is to get the kind of
    in-depth and qualitative
  • 16:17 - 16:19
    understanding that will help us to ask
    the right questions
  • 16:19 - 16:23
    in a larger scale study, and ensure that
    we're solving the right problems
  • 16:23 - 16:28
    when we design systems to facilitate
    anonymous participation in online projects
  • 16:29 - 16:31
    As ?Cera McDonald? Pikelet said:
  • 16:31 - 16:36
    "They're not anecdotes, that's small
    batch artisanal data..."
  • 16:38 - 16:43
    So a little bit about our 23 participants
    in our study
  • 16:43 - 16:45
    We had 12 participants that were Tor users
  • 16:45 - 16:51
    8 males, 3 females and 1 of fluid gender.
  • 16:51 - 16:55
    The minimum age was 18, the maximum age
    was 41 and the average was 30.
  • 16:55 - 17:01
    3 people with a high school education, 4
    current and graduated undergraduates
  • 17:01 - 17:07
    and 5 people with post-graduate degrees or
    who were graduate students.
  • 17:08 - 17:13
    The location: 7 of the participants were
    from the U.S. but we also had
  • 17:13 - 17:19
    participants from Australia, Belgium,
    Canada, South Africa and Sweden.
  • 17:19 - 17:26
    For the Wikimedia participants, we had
    again 8 males and 3 females.
  • 17:26 - 17:32
    Actually I think the demographics of Tor
    and Wikimedia might not be too different.
  • 17:32 - 17:37
    The minimum age was 20 and the max was 53,
    again the average was 30.
  • 17:37 - 17:42
    One didn't report their education level,
    we had 8 people with bachelor's degrees
  • 17:42 - 17:47
    or undergraduate students, and 2 graduate
    students or people with graduate degrees.
  • 17:47 - 17:52
    Again we had 5 participants from the U.S.,
    but we also had participants from
  • 17:52 - 17:56
    Australia, France, Ghana, Israel
    and the U.K. in this case.
  • 17:56 - 18:01
    So we didn't have - a lot of people talked
    to us - we didn't have any participants
  • 18:01 - 18:06
    from places like Iran or China, though we
    did have some Iranians who were
  • 18:06 - 18:09
    living in the U.S. who talked to us.
  • 18:09 - 18:12
    So types of participation
  • 18:12 - 18:15
    Obviously we had Wikipedians,
    we sought them out
  • 18:15 - 18:18
    a number of the people that we talked
    to, especially the Tor users
  • 18:18 - 18:21
    who actually contribute to
    the Tor project in some way
  • 18:21 - 18:25
    but we asked people about their other
    participation on the Internet,
  • 18:25 - 18:28
    especially Tor users, and we found that
    there are a lot of people that participate
  • 18:28 - 18:34
    through adding web comments, participating
    on forums, using Twitter...
  • 18:34 - 18:38
    contributing open source code to projects
    on Github or Sourceforge
  • 18:38 - 18:41
    or other projects on the Internet, helping
    with the Internet archive
  • 18:41 - 18:46
    or contributing to image boards...
    to sites that do that.
  • 18:46 - 18:50
    So our interview protocol: we gave 20
    dollars in compensation,
  • 18:50 - 18:51
    gift cards or cash.
  • 18:51 - 18:58
    30% of people declined this because we
    would need to register their participation
  • 18:58 - 19:03
    if we give them compensation, and some
    people didn't want there to be
  • 19:03 - 19:04
    as much of a record.
  • 19:04 - 19:08
    We spoke to people over the phone, using
    Skype, using
  • 19:08 - 19:12
    various encrypted audio mechanisms,
    one person was interviewed face to face.
  • 19:12 - 19:15
    The interviews were again conducted by
    Andrea Forte
  • 19:15 - 19:19
    and we asked people to tell in-depth
    stories and prompted them for detail.
  • 19:20 - 19:24
    Our analysis of this is ongoing, it's
    not done,
  • 19:24 - 19:28
    we've transcribed all the interviews,
    we've coded them to identify the themes
  • 19:28 - 19:30
    and we grouped and merged some of these
    themes.
  • 19:30 - 19:34
    I'm going to talk to you about some of the
    stuff that came out of this study,
  • 19:34 - 19:37
    give some quotes and things like that.
  • 19:38 - 19:39
    Interview topics.
  • 19:39 - 19:42
    For Tor users we asked them to explain Tor
    and what it's for. We asked for some
  • 19:42 - 19:45
    current and retrospective examples of use,
  • 19:45 - 19:48
    the story of how and why they first
    started using Tor,
  • 19:48 - 19:52
    and some examples of when they use Tor
    online and when they don't use Tor online
  • 19:52 - 19:55
    and some questions about their
    participation in online projects
  • 19:55 - 19:59
    and if they participate in Wikipedia we
    asked them some of the Wikipedia questions
  • 19:59 - 20:02
    similarly with Wikipedia people who had
    used Tor.
  • 20:02 - 20:06
    And there was some considerable overlap.
  • 20:07 - 20:10
    For Wikipedians we asked how and why they
    started editing,
  • 20:10 - 20:12
    examples of privacy concerns associated
    with their editing,
  • 20:12 - 20:15
    steps they may have taken to protect their
    privacy when editing,
  • 20:15 - 20:18
    and examples of interactions with other
    editors.
  • 20:19 - 20:24
    Now, there's some real limitations with
    this work:
  • 20:24 - 20:28
    we may be missing participants with severe
    privacy concerns.
  • 20:29 - 20:33
    Anybody who participate in this would have
    talk to unknown parties
  • 20:33 - 20:37
    that they couldn't necessarily trust that
    we were not going to do
  • 20:37 - 20:40
    any nefarious things with their interview.
  • 20:40 - 20:44
    They need to speak remotely over a
    communications channel in most cases
  • 20:44 - 20:49
    we were willing to conduct some interviews
    over various encrypted channels
  • 20:49 - 20:52
    such as Jitsi or really whatever people
    wanted us to do,
  • 20:52 - 20:54
    as long as we could set it up.
  • 20:54 - 20:56
    Though we didn't mention Skype in our
    recruitment materials,
  • 20:56 - 21:00
    and this actually caused a bit of a
    kerfuffle on the Tor blog
  • 21:00 - 21:05
    when people were saying we clearly don't
    understand Tor
  • 21:05 - 21:08
    and have no familiarity with the project
    if we're even thinking of using Skype
  • 21:08 - 21:14
    I know a couple of Tor users and Tor
    developers that use Skype, so...
  • 21:14 - 21:18
    but, y'know, we were willing to
    use other things,
  • 21:18 - 21:21
    and we again didn't talk to residents of
    Iran or China,
  • 21:21 - 21:25
    which is something that a lot of people
    told us might be of interest.
  • 21:25 - 21:28
    So, what does anonymity actually mean to a
  • 21:28 - 21:32
    Wikipedian, was an interesting question.
    Because it doesn't mean the same thing
  • 21:32 - 21:37
    that it usually means to a Tor user. So,
    a lot of times when people talk about
  • 21:37 - 21:40
    anonymous edits in Wikipedia they mean
    editing without logging in.
  • 21:40 - 21:46
    And this is actually called IP editing to
    Wikipedians, because what happens when you
  • 21:46 - 21:51
    edit Wikipedia without logging in is that
    the IP address is actually published
  • 21:51 - 21:53
    as the author of that edit.
  • 21:53 - 21:57
    The other thing that people mean when
    they talk about editing anonymously is
  • 21:57 - 22:01
    editing under a synonymous account while
    not leaving clues about your identity.
  • 22:03 - 22:06
    The notion of IP editing is somewhat
    problematic.
  • 22:06 - 22:10
    This was an article from Buzzfeed about
  • 22:10 - 22:16
    the 33 most embarassing congressional
    edits to member's Wikipedia pages.
  • 22:16 - 22:21
    The congressional offices in the U.S. all
    share one IP address,
  • 22:21 - 22:24
    so you can simply search Wikipedia for
    that IP address
  • 22:24 - 22:27
    and you can find people making revisions,
  • 22:27 - 22:32
    for example to the liberty caucus
    Wikipedia site and so on.
  • 22:34 - 22:40
    So in terms of content-based anonymity,
    according to the Wikipedians we talked to,
  • 22:40 - 22:42
    most deanonymisation is done actually by
    contextual clues.
  • 22:42 - 22:46
    When people are outed as being this
    pseudonymous Wikipedia person,
  • 22:46 - 22:48
    it's usually because somebody
    looked up things.
  • 22:48 - 22:50
    There was a quote, someone said:
  • 22:50 - 22:54
    "these is small things but I usually
    wouldn't edit things relating to my school
  • 22:54 - 22:56
    or places near where I lived
    when I was logged in.
  • 22:56 - 22:59
    It's actually weirdly easy to piece
    together someone's identity
  • 22:59 - 23:01
    based on the location or things like that"
  • 23:01 - 23:04
    So Tor, it's worth pointing out the limits
    of what Tor can do
  • 23:04 - 23:08
    Tor is not gonna help with this particular
    problem
  • 23:08 - 23:09
    it will hide your IP address
  • 23:09 - 23:14
    but not necessarily this.
  • 23:16 - 23:19
    What is the Wikipedia policy on Tor?
  • 23:19 - 23:24
    Mediawiki has a TorBlock extension, which
    automatically blocks editing through Tor
  • 23:24 - 23:28
    Now, it's possible to actually get an
    exemption,
  • 23:28 - 23:32
    what is called an IP block exemption, and
    registered users in good standing
  • 23:32 - 23:34
    can ask for one.
  • 23:34 - 23:37
    The problem is, it's a little bit hard to
    establish that standing
  • 23:37 - 23:41
    it requires editing without using Tor.
  • 23:42 - 23:49
    When pointed out that this is particularly
    problematic for censored users,
  • 23:49 - 23:52
    because they can't access Wikipedia to
    edit in the first place,
  • 23:52 - 23:57
    although they do provide some closed
    proxies for Chinese users in particular,
  • 23:57 - 24:00
    there are a lot of censored users that
    aren't Chinese but...
  • 24:00 - 24:04
    you can contact them to ask to use their
    sort of secret proxies.
  • 24:04 - 24:07
    I don't know how well this actually works.
  • 24:07 - 24:12
    But we did ask our interviewees, can
    Wikipedia be edited through Tor?
  • 24:12 - 24:16
    Which is an interesting question. So,
    as a convention for the rest of the talk
  • 24:16 - 24:19
    when you see these blue boxes, they are
    gonna be quotes from Wikipedians,
  • 24:19 - 24:22
    when you see the green boxes, they're
    quotes from Tor users.
  • 24:22 - 24:27
    When we asked people, the WIkipedians
    often said: if the account exists,
  • 24:27 - 24:31
    yes, when you're doing an anonymous edit
    with Tor it's really difficult
  • 24:32 - 24:34
    they mean an IP edit there.
    And then he said:
  • 24:34 - 24:36
    I had one that came
    through the mailing list
  • 24:36 - 24:39
    in the last couple of weeks, and that
    their employer had been
  • 24:39 - 24:42
    checking up on them... we allowed that.
  • 24:42 - 24:45
    So as an administrator I have a user bot
    that allows me to get around that,
  • 24:45 - 24:49
    but as well as feeling bad about that,
    other people don't have that option.
  • 24:51 - 24:55
    From a Tor user, we actually said: but
    sometimes, like every so many exit nodes,
  • 24:55 - 24:58
    you sometimes one have works...
    so many sites block Tor,
  • 24:58 - 25:01
    try to block it, it's quite annoying as
    you're trying to do something.
  • 25:01 - 25:06
    So this person sort of... saw what... in
    the research of blocking Tor,
  • 25:06 - 25:09
    not every exit node is blocked, so if
    you're really determined to make that
  • 25:09 - 25:15
    anonymous edit, you can just keep clicking
    'New Identity' and get there.
  • 25:16 - 25:20
    And then they said: we do sometimes let
    people edit through them,
  • 25:20 - 25:23
    I know we have users in China coming
    through the Great Firewall
  • 25:23 - 25:25
    and stuff like that.
  • 25:25 - 25:29
    So then ...
    [[ audio cuts out for 4 seconds ]]
  • 25:29 - 25:36
    Tor user, y'know, well they...
    [[ audio cuts out for 16 seconds ]]
  • 25:36 - 25:55
    [[ audio cuts out for 16 seconds ]]
  • 25:55 - 26:00
    [[ 5 seconds audio cut remaining ]]
  • 26:00 - 26:01
    ...things like that.
  • 26:01 - 26:04
    So because you can change your IP address
    with the click of a button,
  • 26:04 - 26:08
    it's very difficult to prevent abuse.
  • 26:09 - 26:14
    There's this sort of notion that maybe
    it's important for vandalism,
  • 26:14 - 26:18
    but maybe that's a problem, and maybe
    there should be something that be done.
  • 26:18 - 26:21
    So then, a lot of what asked people about
    was sort of the threats
  • 26:21 - 26:24
    that they were concerned about, from a
    data privacy perspective.
  • 26:24 - 26:28
    People talked about government threats,
    businesses, organized crime,
  • 26:28 - 26:33
    private citizens, other project members,
    and project outsiders.
  • 26:33 - 26:38
    When we group the threats, we found sort
    of five or so big threats
  • 26:38 - 26:42
    that lots of people talked about, we had
    twelve different instances of
  • 26:42 - 26:45
    people talking about surveillance concerns
    or general concerns about
  • 26:45 - 26:48
    the loss of privacy.
  • 26:48 - 26:51
    Ten people talked specifically about the
    loss of employment
  • 26:51 - 26:56
    or economic opportunity that might happen,
    9 people talked about bullying,
  • 26:56 - 27:00
    harassment, intimidation, stalking,
    this sort of thing.
  • 27:00 - 27:04
    Another 9 people talked about personal
    safety, or the safety of their loved ones.
  • 27:04 - 27:10
    6 people that we talked to, talked about
    reputation loss.
  • 27:10 - 27:13
    I'll get into these in more detail.
  • 27:13 - 27:15
    Surveillance.
  • 27:15 - 27:18
    Y'know, in my country there is basically
    unknown surveillance going on
  • 27:18 - 27:21
    and I don't know what providers to use,
    and at some point I decided to
  • 27:21 - 27:23
    use Tor for everything.
  • 27:23 - 27:26
    It's worth pointing out given the list of
    countries I gave that
  • 27:26 - 27:31
    this isn't necessarily the list and...
    I think you wouldn't get this list of
  • 27:31 - 27:36
    kinda quotes maybe before the Snowden
    revelations about generalized surveillance
  • 27:36 - 27:38
    across the world.
  • 27:38 - 27:41
    A lot of people talked about how their
    online activities were
  • 27:41 - 27:45
    being accessed or logged without their
    consent, and especially among
  • 27:45 - 27:48
    Tor users there was this
    notion of wanting to be
  • 27:48 - 27:51
    public by effort, but private by default.
  • 27:51 - 27:57
    And when you talk to Wikipedians, they
    talked about their edit histories and how
  • 27:57 - 28:01
    the edit histories themselves might be
    somewhat sensitive.
  • 28:04 - 28:07
    In terms of loss of employment...
  • 28:07 - 28:13
    many many employers now look at your
    online footprint before they hire you.
  • 28:13 - 28:17
    According to Monster, one of the big
    employment websites,
  • 28:17 - 28:21
    77% of employers google perspective
    employees.
  • 28:22 - 28:27
    From a Tor user, we had someone talk about
    "I am transgender, I am queer, my boss
  • 28:27 - 28:30
    would rant for hours about this kind of
    person, that kind of person, the other
  • 28:30 - 28:34
    kind of person, all of which I happen to
    be... and I decided if I was going to do
  • 28:34 - 28:38
    anything online at all, I better look into
    options for protecting myself, because
  • 28:38 - 28:40
    I didn't want to get fired."
  • 28:40 - 28:45
    In Wikipedia, someone said: "A friend of
    mine was also involved in this discussion
  • 28:45 - 28:48
    and he actually got it worse than I did.
    He's in a position now where
  • 28:48 - 28:52
    anyone who googles him finds allegations
    that he is this awful monster, and
  • 28:52 - 28:55
    he's terrified of having to look for work
    now because you google him,
  • 28:55 - 28:57
    and that's what you find.
  • 28:57 - 29:02
    So these things can have a real impact
    on people. So...
  • 29:02 - 29:06
    and then there is harassment. So this is
    a quote from a Wikipedian who said:
  • 29:06 - 29:10
    "I would say that the fear of harassment
    of real, of stalking and things like that
  • 29:10 - 29:14
    is quite substantial, at least among
    administrators I know,
  • 29:14 - 29:15
    especially women."
  • 29:15 - 29:19
    From a Tor user there was someone who
    talked about "this is a map
  • 29:19 - 29:22
    of active hate groups in the
    United States"
  • 29:22 - 29:26
    and how they had experienced problems
    with these hate groups in the past
  • 29:26 - 29:30
    and they wanted to see who was active in
    their area, and they would
  • 29:30 - 29:33
    go to the websites of these hate groups
    and sort of for obvious reasons
  • 29:33 - 29:38
    they didn't want their home IP address
    to appear in the logs of these
  • 29:38 - 29:40
    hate group websites.
  • 29:43 - 29:47
    Safety of loved ones,
    also personal safety.
  • 29:47 - 29:51
    A lot of people talked about, y'know,
    real, concrete, not just threats but
  • 29:51 - 29:55
    things that had happened to them or to
    people that they knew.
  • 29:55 - 29:59
    In Tor there is this story: they bursted
    his door down and
  • 29:59 - 30:02
    they beat the ever living crap out of him.
    He was hospitalized
  • 30:02 - 30:06
    for two and a half weeks, and they told
    him: "if you and your family wanna live,
  • 30:06 - 30:08
    you're gonna have to stop causing trouble"
  • 30:08 - 30:10
    and they said that to him in farsee.
  • 30:10 - 30:13
    I have a family so after I visited him
    in the hospital, I started...
  • 30:13 - 30:16
    well at first I started shaking, and I
    went into a cold sweat
  • 30:16 - 30:20
    and then I realized I have to start taking
    my human rights activities
  • 30:20 - 30:22
    into other identities through
    the Tor network.
  • 30:23 - 30:25
    And on the Wikipedia side:
  • 30:25 - 30:28
    "I pulled back from some of that Wikipedia
    work when I could no longer hide
  • 30:28 - 30:32
    in quite the same way. For a long time I
    lived on my own, so it's just my own
  • 30:32 - 30:36
    personal risk I was taking with things,
    now my wife lives here as well
  • 30:36 - 30:38
    and I can't take that same risk."
  • 30:41 - 30:46
    Lastly, people were concerned about
    reputation loss.
  • 30:46 - 30:52
    In Wikipedia there has been known to be
    edit wars that escalate into vendettas
  • 30:52 - 30:56
    here's a sort of example of an edit war
    where y'know some user says:
  • 30:56 - 31:04
    "I hate big bitch Alison," who is then
    blocked indefinitely by Alison.
  • 31:04 - 31:07
    People are worried about this sort of
    thing escalating and then somebody
  • 31:07 - 31:12
    doing something off of the Internet to
    call them names, or mess with their
  • 31:12 - 31:16
    reputation... and that would have a
    negative effect on their life.
  • 31:16 - 31:22
    In Tor there is a couple interesting cases
    that sort of concerns guilt by association
  • 31:22 - 31:25
    So there is someone who participates on
    image boards,
  • 31:25 - 31:27
    on 8chan or infinite chan,
  • 31:27 - 31:31
    and I don't know if you guys are that
    aware of this... it's sort of the place
  • 31:31 - 31:34
    which was kind of started by people that
    were blocked by 4chan,
  • 31:34 - 31:37
    so it's the people that 4chan think are
    kind of sketchy
  • 31:37 - 31:40
    laughter
  • 31:40 - 31:43
    and this person said: "Look, I stand
    behind the material and the content that
  • 31:43 - 31:46
    I have created, but some people
    on this site,
  • 31:46 - 31:49
    I wouldn't wanna be associated with them."
  • 31:49 - 31:54
    So, there is another person who talked
    about "look I've created some online
  • 31:54 - 31:59
    resources about various pharmaceuticals,
    but I don't wanna be very associated
  • 31:59 - 32:04
    with the community that posts stuff about
    stuff like that.
  • 32:05 - 32:07
    So some other threats.
  • 32:08 - 32:11
    Some people talked about diminished
    project quality.
  • 32:11 - 32:16
    In particular a lot of the Wikipedians
    that we talked to
  • 32:16 - 32:18
    were somewhat prominent in the
    Wikipedia project,
  • 32:18 - 32:22
    and in some respects had kind of achieved
    some degree of like
  • 32:22 - 32:26
    rock star status as editors, if such
    things can be.
  • 32:26 - 32:30
    They found it very difficult to edit
    anymore because they'd edit a page
  • 32:30 - 32:34
    and that page hadn't received a lot of
    attention but people would see that
  • 32:34 - 32:38
    they had edited it and there would be
    sort of hordes of people that would
  • 32:38 - 32:40
    descend on that page, and mess with it.
  • 32:40 - 32:44
    And they found that they couldn't do that
    without actually sort of harming the pages
  • 32:44 - 32:46
    that they were trying to edit.
  • 32:46 - 32:51
    Similarly, there were some Tor users who
    were talked about, y'know,
  • 32:51 - 32:55
    not wanting to sort of... take credit for
    their work because they were worried
  • 32:55 - 32:59
    they wouldn't have the credentials to be
    taken seriously in various ways,
  • 32:59 - 33:00
    or things like that.
  • 33:00 - 33:04
    Only two people in our project actually
    talked about worrying about
  • 33:04 - 33:12
    legal sort of sanctions, government
    sanctions for their participation.
  • 33:12 - 33:16
    There were a lot of people that talked
    about computer security concerns
  • 33:16 - 33:20
    which is not so much a privacy concern,
    though it's very related, and I'm
  • 33:20 - 33:24
    going to talk about that because this
    group might be interested.
  • 33:24 - 33:28
    On the Tor side, people liked to see
    authentication properties
  • 33:28 - 33:32
    of .onion services. The idea that when
    you go to a .onion website,
  • 33:32 - 33:37
    the address is self-authenticating, you
    know where you're going.
  • 33:37 - 33:41
    But a lot of people who use Tor talked
    about the general data hygiene idea
  • 33:41 - 33:46
    that there's sort of less data about them
    in unknown websites,
  • 33:46 - 33:49
    in unknown databases of companies
    because they don't leave as many
  • 33:49 - 33:55
    online footprints, and then you see all
    these high profile break-ins that happen
  • 33:55 - 33:59
    and these databases get stolen, if you're
    using Tor, maybe you're less likely
  • 33:59 - 34:00
    to be in those databases.
  • 34:00 - 34:03
    That was the idea there.
  • 34:03 - 34:06
    From Wikipedia a lot of people were
    concerned about
  • 34:06 - 34:08
    their Wikipedia credentials.
  • 34:08 - 34:13
    They talked about not logging in on
    public terminals and things like that,
  • 34:13 - 34:18
    in particular being concerned about the
    security of administrative credentials
  • 34:18 - 34:23
    that have privileges to, for example, look
    up the IP address of users who had edited
  • 34:23 - 34:26
    and things like that, which could
    be abused.
  • 34:27 - 34:30
    So some concrete things that the people
    were afraid of,
  • 34:30 - 34:32
    not a complete list:
  • 34:32 - 34:35
    having their head photoshopped onto porn,
    something that happens
  • 34:35 - 34:37
    sometimes to editors...
  • 34:37 - 34:41
    being beaten up, actually a couple of Tor
    people mentioned this;
  • 34:41 - 34:43
    being swatted;
    receiving pipe bombs;
  • 34:43 - 34:47
    having fake information about them
    published online.
  • 34:47 - 34:52
    Though there were people that said, look,
    I don't really see a threat.
  • 34:52 - 34:56
    And some participants said they don't
    perceive threats when they're contributing
  • 34:56 - 35:01
    but in a lot of cases they pointed out
    that they enjoyed certain privileges
  • 35:01 - 35:04
    related to perhaps their gender, their
    nationality, or the fact that
  • 35:04 - 35:06
    their interests were fairly mainstream.
  • 35:06 - 35:09
    So here's a quote:
    "yeah I'm not that worried about it,
  • 35:09 - 35:12
    mainly because there's pretty good support
    for some of these viewpoints,
  • 35:12 - 35:15
    kind of a mainstream discourse, and it's
    not so radical, I don't think anyone's
  • 35:15 - 35:17
    going to be knocking down on my door.
  • 35:17 - 35:20
    But I've been in contact with activists
    who have been engaged with
  • 35:20 - 35:23
    higher risk activities, and I do wonder
    about, I do have concerns
  • 35:23 - 35:27
    about their welfare, and the desire they
    have to have the tools to
  • 35:27 - 35:32
    be able to pursue their activities without
    facing consequences."
  • 35:32 - 35:38
    So in contrast to the jerk theme, there
    are a lot of people who run Tor
  • 35:38 - 35:43
    out of a sense of altruism, to provide
    cover and solidarity.
  • 35:44 - 35:47
    Someone said, I appreciate the need for
    protecting vulnerable people
  • 35:47 - 35:51
    around the world, so I run several relays,
    some of them are exit relays,
  • 35:51 - 35:54
    some of them are middle relays, and I
    run them around the world".
  • 35:54 - 35:58
    And someone else said:
    "While you use it, you help
  • 35:58 - 36:02
    diversify the network for those who may be
    subject to traffic monitoring, and you can
  • 36:02 - 36:06
    look up any information you like, whether
    or not it's sensitive, and you'll get it,
  • 36:06 - 36:09
    and if you live in a place where it may
    not be the greatest in legal standing
  • 36:09 - 36:13
    to look it up, you're able to find out
    information."
  • 36:14 - 36:20
    So mitigating strategies, how did people
    deal with this when they wanted to
  • 36:20 - 36:26
    participate in sites but they couldn't do
    it through anonymous means, well,
  • 36:26 - 36:30
    some people modified their participation,
    and I'll talk about some of
  • 36:30 - 36:36
    the chilling effects that we saw, and also
    attempts to get anonymity in various ways
  • 36:37 - 36:40
    So, lost editors.
  • 36:40 - 36:43
    Several Tor users that we talked to,
    actually mentioned that
  • 36:43 - 36:48
    they had edited Wikipedia and they no
    longer edited it, or they edited it
  • 36:48 - 36:50
    less because of the difficulty of editing
    through Tor.
  • 36:50 - 36:53
    There was someone who said:
    "Basically I used to edit Wikipedia
  • 36:53 - 36:57
    prior to doing a lot of Tor, so yeah now
    it's mostly reading... I used to
  • 36:57 - 37:02
    do a lot of editing for license design
    and for like some open source licenses,
  • 37:02 - 37:07
    occasionally random forms and stuff that I
    knew about, sometimes grammar.
  • 37:10 - 37:13
    And people talked to us in particular
    about the chilling effects
  • 37:13 - 37:18
    of state surveillance, and in particular
    the Snowden revelations.
  • 37:18 - 37:22
    In March of 2015 Wikimedia foundation
    announced that it was
  • 37:22 - 37:26
    suing the National Security Agency.
  • 37:26 - 37:29
    We asked people about that, and
    the Wikipedians, some of them said
  • 37:29 - 37:33
    "People aren't willing to engage with us
    when they know their government is
  • 37:33 - 37:37
    watching their every move." And they
    said that in particular they can show
  • 37:37 - 37:40
    that editing dropped off significantly on
    certain articles
  • 37:40 - 37:43
    after the Upstream program was revealed.
  • 37:43 - 37:48
    Here's a quote from one of our Tor users
    in the study that substantiates this.
  • 37:48 - 37:51
    "For the Edward Snowden page, I've pulled
    myself away from adding
  • 37:51 - 37:54
    sensitive contributions, like different
    references, because I thought
  • 37:54 - 37:59
    that made be traced back to me
    in some way. But not refraining from
  • 37:59 - 38:00
    useful content I guess."
  • 38:00 - 38:05
    Though, of course, adding references is
    one of the things that contributes to
  • 38:05 - 38:10
    the quality of articles and so on, and in
    particular they said, articles about
  • 38:10 - 38:16
    national security things, about terrorism
    and so on, people didn't edit as much
  • 38:16 - 38:22
    about these things anymore because they
    were worried about ending up on a list.
  • 38:22 - 38:27
    The other major topic that was chilled was
    articles about women's health.
  • 38:27 - 38:32
    So, here's a picture of a vacuum
    aspiration abortion from the
  • 38:32 - 38:39
    Wikipedia abortion article and a couple
    of people told us about how, "look, any
  • 38:39 - 38:45
    site that has to do with women or women's
    issues is more contentiously edited,
  • 38:45 - 38:49
    is more likely of inflaming people,
    getting into edit wars, than other sites."
  • 38:50 - 38:54
    There were a lot of trolls on the Internet
    and there's a quote on the Internet:
  • 38:54 - 38:57
    "Trolls have called their bosses and been
    like 'Do you know that your employee
  • 38:57 - 39:00
    was editing the clitoris article last
    week?'"
  • 39:00 - 39:02
    They will do stuff like that.
  • 39:02 - 39:07
    So this means that, y'know, in particular
    someone talked about "I was a medical
  • 39:07 - 39:11
    student, I had my obstetrics text book
    open, I was looking at the abortion
  • 39:11 - 39:14
    article, I was thinking about making some
    changes, but then I just
  • 39:14 - 39:20
    pulled myself back and said, y'know,
    I don't need that in my life."
  • 39:20 - 39:26
    This is another area where privacy
    concerns push back, cause people
  • 39:26 - 39:30
    to not necessarily do things...
  • 39:30 - 39:37
    And then there's this idea of a threshold
    of participation, that the more involved
  • 39:37 - 39:41
    you are, the more active you are in a
    project, the more likely you're actually
  • 39:41 - 39:44
    gonna encounter real problems.
  • 39:44 - 39:48
    People involved in curating content,
    deleting things, promoting things,
  • 39:48 - 39:52
    arbitrating disputes, etc., they're going
    to make enemies.
  • 39:52 - 39:54
    Some of these enemies are going to make
    nasty threats,
  • 39:54 - 39:57
    and some of them are gonna act on them.
  • 39:57 - 40:00
    Here is another quote of somebody:
    "As long as I have that pseudonym ...
  • 40:00 - 40:05
    "As long as I have that pseudonym ...
    [[ see slide ]]
  • 40:05 - 40:11
    [[ see slide ]]
    ... that turns up when you do that."
  • 40:11 - 40:15
    People mention in particular, from the
    Wikipedia side, that there were two sites:
  • 40:15 - 40:21
    Wikipediocracy and The Wikipedia Review,
    where people have critiques of Wikipedia
  • 40:21 - 40:28
    and that people on these sites had done
    threats and doxing of various people
  • 40:28 - 40:30
    on the arbitration committee.
  • 40:30 - 40:33
    Someone talked about "they found my
    parents' home address, they found
  • 40:33 - 40:36
    one of my old phone numbers, they wrote a
    blog post about all of these
  • 40:36 - 40:39
    horrible things I've done, and here's my
    contact information,
  • 40:39 - 40:45
    and for a good time call... and when it's
    on the Internet it doesn't die.
  • 40:45 - 40:52
    People that get to a certain level of
    doing things, like handling abuse,
  • 40:52 - 40:54
    had problems.
  • 40:54 - 40:58
    So since I didn't have any privacy, I felt
    limited in what I could do, I could still
  • 40:58 - 41:00
    write articles but blocking people
    was something
  • 41:00 - 41:03
    I tried to avoid, since I didn't wanna
    get angry phone calls.
  • 41:03 - 41:06
    So someone else also talked about
    activities that they used to do,
  • 41:06 - 41:08
    but then after receiving threats and
    things...
  • 41:08 - 41:12
    I used to check for use of the N-word, the
    ruder of the two F-words, one or two other
  • 41:12 - 41:17
    things that were indicative of problems in
    user space, and I deleted lots and lots of
  • 41:17 - 41:20
    attack pages which were fairly hot in
    dealing with them when they would
  • 41:20 - 41:24
    turn up in article space, and when people
    create a user account in somebody
  • 41:24 - 41:27
    else's name and say a bunch of things
    about that person they won't agree with,
  • 41:27 - 41:31
    I used to deal with that, but then, y'know
    they're not willing to
  • 41:31 - 41:34
    deal with that anymore.
  • 41:35 - 41:38
    Privacy measures that people took.
  • 41:38 - 41:43
    Obviously in some cases people use Tor, we
    talked to Tor users where that's possible
  • 41:43 - 41:46
    People also talk about avoiding posting
    linking information and details
  • 41:46 - 41:54
    about who they are, not editing things
    about y'know, their local things,
  • 41:54 - 41:58
    things only they would know, etc.
  • 41:58 - 42:03
    People talked about using Proxies or VPNs,
    some people talked about HideMyAss,
  • 42:03 - 42:08
    editing from a public computer using
    multiple accounts in some cases, and
  • 42:08 - 42:19
    using privacy browser plug ins and
    safeguards like NoScript and Ghostery
  • 42:19 - 42:24
    We asked people, both Tor users and
    not Tor users if they had used Tor,
  • 42:24 - 42:27
    what they thought of Tor, and there was
    this person who said: "I tried using Tor,
  • 42:27 - 42:31
    I did, when I was younger, and everything
    was so slow and terrible, I was just like
  • 42:31 - 42:33
    'so not worh it'."
  • 42:33 - 42:38
    And in fact a couple years ago, Tor was in
    fact pretty slow - it's gotten better!
  • 42:38 - 42:41
    But the Tor users still talked about
    bit about latencies, but
  • 42:41 - 42:46
    a lot of them talked about these issues of
    CAPTCHAs, unusable website features,
  • 42:46 - 42:48
    the fact that it used to be slow...
  • 42:48 - 42:52
    and Wikipedians on Tor talked about it
    being slow or too much trouble,
  • 42:52 - 42:56
    just the need to download the software and
    connect to it every time... and people,
  • 42:56 - 42:59
    some people found it unnecessary.
  • 42:59 - 43:05
    There was some other interesting things
    that came up.
  • 43:05 - 43:06
    Some people talked about how
  • 43:06 - 43:09
    they used information ?revelation?
    as a defense mechanism.
  • 43:09 - 43:15
    This idea that, okay, I'm gonna give you
    some information about me, so you can't
  • 43:15 - 43:19
    really dox me because that's my address
    right there, or whatever.
  • 43:19 - 43:24
    But people talked also about the limits of
    long term participation. A lot of people
  • 43:24 - 43:29
    that talked to us had started editing or
    participating in online projects
  • 43:29 - 43:33
    as a relatively young teenager,
    and a lot of people
  • 43:33 - 43:37
    start with things like fixing typos,
    before they later become a member
  • 43:37 - 43:41
    of the arbitration committee, or something
    like that.
  • 43:41 - 43:44
    It's hard to have this long term
    perspective when you're first creating
  • 43:44 - 43:49
    your login name and you identity
    and so on.
  • 43:49 - 44:07
    "Until it happens to you ...
    [[ see slide ]]
  • 44:07 - 44:11
    [[ see slide ]]
    ... some serious thought."
  • 44:12 - 44:17
    As most good, ethnographic studies do, and
    as this one was intended to do,
  • 44:17 - 44:21
    it sort of raises more questions
    than answers.
  • 44:21 - 44:23
    That was our goal.
  • 44:23 - 44:28
    We're hoping... we learned that Tor users
    and Wikipedians share some
  • 44:28 - 44:32
    privacy concerns, but they do have some
    different perspectives.
  • 44:32 - 44:36
    And we did learn that some value of
    participation is being lost when people
  • 44:36 - 44:39
    can't participate in a private way.
  • 44:39 - 44:44
    We'd like to use this work to do some
    follow-up studies, and also perhaps
  • 44:44 - 44:48
    build a larger survey study so we can
    learn more, see things that are more
  • 44:48 - 44:53
    quantitative about this work.
  • 44:53 - 44:57
    If you find this topic interesting, a
    short plug for
  • 44:57 - 44:59
    the privacy enhancing technology symposium
  • 44:59 - 45:03
    which will be in July in Darmstadt.
  • 45:03 - 45:06
    We're not presenting this particular
    work here, but there is a lot of
  • 45:06 - 45:15
    work on Tor, anonymity, privacy, so on
    from the research community.
  • 45:15 - 45:19
    And I'd like to thank my co-authors,
    Andrea Forte and Nazanin Andalibi,
  • 45:19 - 45:25
    our interview participants, the WIkimedia
    foundation, the Tor project,
  • 45:25 - 45:29
    the National Science Foundation that
    funded Andrea's and my participation
  • 45:29 - 45:34
    in this project, and all the people whose
    images I've used in my slides...
  • 45:34 - 45:37
    so... Thanks!
    Any questions? Oh and by the way
  • 45:37 - 45:43
    I'll be here for the whole conference, so
    you can find me afterwards if...
  • 45:43 - 45:52
    applause
  • 45:52 - 45:57
    Herald Angel: Thanks a lot, Rachel
    Greenstadt. And so, we hopefully have
  • 45:57 - 46:01
    a few questions from you in the audience,
    you can line behind the microphones
  • 46:01 - 46:06
    we have 4 of them here in the audience
    and also in the back there are 2,
  • 46:06 - 46:12
    and we also have the Signal Angel present
    but he didn't get any questions yet,
  • 46:12 - 46:15
    but maybe some comments or something?
  • 46:15 - 46:17
    Some feedback from the crowd on the
    Internet?
  • 46:17 - 46:19
    Rachel Greenstadt: but there is somebody
    with a... [inaudible]
  • 46:19 - 46:23
    Herald Angel: then let me immediately go
    to the questions in the audience.
  • 46:23 - 46:26
    Herald Angel: We have microphone 2, please
  • 46:26 - 46:33
    HA: And, one second, can you please be
    quiet if you go outside? Because that's
  • 46:33 - 46:34
    really rude.
  • 46:34 - 46:39
    Question: did you find out if Wikipedia
    for example treats classical VPN or
  • 46:39 - 46:41
    proxies differently from Tor?
  • 46:41 - 46:44
    Rachel Greendstadt: If what?
    Question: if they treat them differently
  • 46:44 - 46:49
    from Tor, so do they have the same policy
    in place for blocking, let's say,
  • 46:49 - 46:54
    private VPN which can also be used to
    change your IP with the click of a button,
  • 46:54 - 46:59
    if you want to bully someone but it might
    offer less privacy than Tor, but if you
  • 46:59 - 47:02
    really only want to bully someone,
    that might be enough.
  • 47:02 - 47:06
    Rachel Greenstadt: I think it depends,
    is the answer.
  • 47:06 - 47:12
    The extensions that they have, they do
    block a lot of things from IPs so I think
  • 47:12 - 47:16
    it depends on if there's been abuse
    through that thing before,
  • 47:16 - 47:20
    they try and block open proxies, I think
    some people said certain VPNs you can
  • 47:20 - 47:23
    still edit through, and some you couldn't,
    it really depended.
  • 47:23 - 47:28
    Herald Angel: Thanks, microphone 1 please.
  • 47:28 - 47:32
    Question: Wikipedia is by no means an
    isolated case, right?
  • 47:32 - 47:35
    RA: No, no
    Question: And there's more and more
  • 47:35 - 47:40
    capability of blocking Tor exit nodes and
    whatnot, so where's the project going?
  • 47:40 - 47:44
    I mean, the Great Firewall for example
    could very well block all its users from
  • 47:44 - 47:47
    accessing Tor, right?
    RA: It actually does.
  • 47:47 - 47:52
    So it blocks people from accessing Tor and
    it blocks people from accessing Wikipedia,
  • 47:52 - 47:56
    in terms of the Tor project there are
    mechanisms through using
  • 47:56 - 48:02
    pluggable transports and bridge addresses,
    they can actually help people still
  • 48:02 - 48:06
    access Tor, and then they'll be able to
    read Wikipedia, but then again
  • 48:06 - 48:08
    they won't be able to edit for these
    reasons.
  • 48:08 - 48:13
    HA: So, again, we have 15 minutes of break
    after this, so you can get out after this
  • 48:13 - 48:16
    and change the room, and please be
    quiet if you really have to
  • 48:16 - 48:20
    leave the room already or if you come in
    the room already. Thank you.
  • 48:20 - 48:22
    Now to the Signal Angel, please.
  • 48:22 - 48:28
    Signal Angel: There is one question from
    the Internet, from ?Whyness?, he or she
  • 48:28 - 48:32
    is asking if there's actual a recorded
    instance of someone attempting to
  • 48:32 - 48:36
    put a pipe bomb in the post
    because of Wikipedia edits.
  • 48:36 - 48:43
    RA: I certainly don't have such
    information. This was just
  • 48:43 - 48:47
    people telling us things that they were
    concerned about, or things that
  • 48:47 - 48:51
    there had been threats that they'd
    experienced.
  • 48:51 - 48:54
    Nobody that I know of specifically
    mentioned that they experienced
  • 48:54 - 48:55
    a pipe bomb.
  • 48:55 - 49:01
    Signal Angel: And another question from
    ?a_monk?: if blocked Tor traffic
  • 49:01 - 49:06
    is a problem, why does the Tor project
    publish the exit IP list, making it
  • 49:06 - 49:08
    easy to block?
  • 49:08 - 49:16
    RA: That would be a question for the Tor
    people, my understanding of it is that
  • 49:16 - 49:20
    the Tor project does try and be a good
    Internet citizen and they don't want to
  • 49:20 - 49:27
    encourage the kind of, sort of, arms race
    that would happen with sort of...
  • 49:27 - 49:30
    people trying to like find all the exits,
    and block them versus making it
  • 49:30 - 49:34
    just look, here it is, this is what's
    going on, and... it's also very helpful
  • 49:34 - 49:38
    when you're running an exit node, to be
    able to say, look, this thing is
  • 49:38 - 49:43
    an exit node and that's what was going on
    when this thing happened
  • 49:43 - 49:49
    through my computer. So I think, y'know,
    there's the ability of the exit relay
  • 49:49 - 49:54
    operators to be able to say what they're
    doing is also an important concern.
  • 49:54 - 49:59
    Herald Angel: so there's standing someone
    at microphone 5.
  • 49:59 - 50:04
    Question: You mentioned zero-knowledge
    proofs in the beginning, is there any more
  • 50:04 - 50:05
    research on this?
  • 50:05 - 50:13
    RA: Uhm, yeah, so... If you look at the
    research on Nymble
  • 50:13 - 50:16
    by Apu Kapadia, there's also some people
  • 50:16 - 50:19
    in Nick Hopper's group at the university
    of Minnesota, there's also
  • 50:19 - 50:24
    Ryan Henry in Indiana University
    that's done a lot of work on this
  • 50:24 - 50:28
    in Ian Goldberg's group at Waterloo,
    those are the people that I would
  • 50:28 - 50:32
    look up in terms of anonymous blacklisting
    schemes, and I'm sure I'm forgetting
  • 50:32 - 50:36
    some of them right now, so hopefully
    they'll forgive me, but those are
  • 50:36 - 50:37
    good places to start.
  • 50:37 - 50:42
    Herald Angel: we have the next question at
    microphone 1.
  • 50:42 - 50:49
    Question: Do you know if Wikipedia ever
    thought about hashing IP addresses,
  • 50:49 - 50:56
    so that the contributions are still unique
    but the users are anonymized?
  • 50:58 - 51:02
    RA: Nobody at WIkipedia talked to us about
    that, so I do not know if they thought
  • 51:02 - 51:04
    about that or not.
  • 51:04 - 51:11
    Herald Angel: and the last comment or
    question at the Signal Angel microphone.
  • 51:11 - 51:15
    Signal Angel: Thanks, not really a
    question, more a comment...
  • 51:15 - 51:22
    "I just wanted to relate, indeed Wikipedia
    blocking Tor is pretty concerned
  • 51:22 - 51:29
    also for Tor users because for instance,
    the French Wikipedia articles about Tor
  • 51:29 - 51:35
    have very, very poor quality and lot of
    people end up asking us questions about
  • 51:35 - 51:40
    Tor and are missing from because of that,
    and I cannot fix it because I am not
  • 51:40 - 51:44
    willing to edit Wikipedia without Tor. And
    that is also a pretty big issue I think."
  • 51:44 - 51:49
    RA: Yeah, so it would be interesting from
    my perspective, using this to then look at
  • 51:49 - 51:53
    the articles, the types of articles about
    Tor, about anonymous participation,
  • 51:53 - 51:58
    where we would suggest... we'd like to do
    a bigger study, learn what articles about
  • 51:58 - 52:03
    that anonymous users would edit if they
    were going to edit Wikipedia, and then
  • 52:03 - 52:07
    we could do an analysis like they did
    about the movie sites to figure out
  • 52:07 - 52:12
    if these articles are in some way shorter
    or of lower quality than other articles
  • 52:12 - 52:14
    because they're missing that perspective.
  • 52:14 - 52:21
    Herald Angel: Thank you Rachel, thank you
    for the questions, and warm applause again
  • 52:21 - 52:22
    for Rachel GreenStadt.
  • 52:22 - 52:24
    applause
  • 52:24 - 52:25
    RA: Thanks
  • 52:26 - 52:30
    tune playing
  • 52:30 - 52:37
    subtitles created by c3subtitles.de
    Join, and help us!
Title:
greenstadt: What is the value of anonymous communication?
Description:

more » « less
Video Language:
English
Duration:
52:37

English subtitles

Revisions Compare revisions