0:02:01.480,0:02:03.700
Rachel Greenstadt:[br]pressure on or from ISPs

0:02:03.700,0:02:06.950
would make it difficult or impossible[br]to run an exit relay

0:02:06.950,0:02:11.500
however the third point is the one that[br]I'm gonna mostly be talking about today:

0:02:11.500,0:02:15.300
Tor is not very useful if you can't[br]actually use it to get anywhere

0:02:15.300,0:02:18.200
and there is an increasing number of[br]prominent sites on the internet

0:02:18.200,0:02:20.750
that are restricting what you[br]can do through Tor

0:02:20.750,0:02:24.220
and in some cases Tor is outright blocked

0:02:24.220,0:02:29.310
and in other cases you're slowed down[br]by CAPTCHAs and other ways

0:02:29.310,0:02:33.799
to sort of make it annoying to visit

0:02:33.799,0:02:35.660
so a brief overview of my talk

0:02:35.660,0:02:37.970
I'm gonna give a little bit of[br]background on Tor

0:02:37.970,0:02:41.940
and discuss how it's being blocked by[br]internet services today

0:02:41.940,0:02:43.700
then I'm gonna talk about Wikipedia

0:02:43.700,0:02:47.500
which is a service or a website,[br]you may have heard of it

0:02:47.500,0:02:51.019
<i>laughing</i>

0:02:51.019,0:02:53.530
that makes it difficult to edit[br]through Tor

0:02:53.530,0:02:54.980
and I'm gonna talk about their[br]relationship

0:02:54.980,0:02:57.260
and then I'm gonna discuss some of the[br]findings that we have

0:02:57.260,0:03:02.640
from our interview-study of Tor users[br]and Wikipedians.

0:03:02.640,0:03:05.390
So here is some examples of some things[br]that you might see

0:03:05.390,0:03:07.510
when you are browsing with Tor these days.

0:03:07.510,0:03:12.620
Now, it's worth pointing out that a lot of[br]these are not individual sites

0:03:12.620,0:03:16.480
but rather content distribution networks,[br]like Cloudflare and Akamai

0:03:16.480,0:03:20.170
or they're hosting providers like Bluehost[br]or anti-spam-block-plugins

0:03:20.170,0:03:25.530
that sort of affects a huge, sort of swath[br]of sites on the internet, not just one.

0:03:25.530,0:03:27.220
There are some individual sites

0:03:27.220,0:03:31.340
say like Yelp, that provide their[br]own blocking

0:03:31.340,0:03:35.090
but they tend to be somewhat[br]important sites

0:03:35.090,0:03:37.040
So before I go any further

0:03:37.040,0:03:40.500
I should probably disclose that I'm not[br]exactly a neutral party here

0:03:40.500,0:03:41.980
I'm married to Roger Dingledine

0:03:41.980,0:03:44.630
who is one of the founders[br]of the Tor project

0:03:44.630,0:03:48.470
This work is part of a recent experiment[br]of mine, doing research related to Tor

0:03:48.470,0:03:50.400
while remaining happily married

0:03:50.400,0:03:52.660
so far so good!

0:03:52.660,0:03:56.819
furthermore, this work uses qualitative[br]ethnographic methods

0:03:56.819,0:04:01.430
which is a bit of a departure from the[br]machine learning work that I usually do

0:04:01.430,0:04:04.900
mitigating both of these factor is my[br]wonderful co-author, Andrea Forte

0:04:04.900,0:04:06.919
who is trained in ethnographic methods

0:04:06.919,0:04:09.500
and conducted all of the interview that[br]I'm going to talk to you about

0:04:13.360,0:04:17.789
So, when I was talking to Roger about this[br]talk, he said

0:04:17.789,0:04:20.430
most people at CCC will have heard of Tor[br]by now

0:04:20.430,0:04:22.180
I think that's probably true,[br]and they'll be aware that

0:04:22.180,0:04:25.909
and they'll be aware that it hides something[br]about you when you're browsing the Internet

0:04:25.909,0:04:32.280
but, they might be a bit fuzzy on some of[br]the details, so: very quick recap

0:04:32.280,0:04:35.680
When Alice starts up Tor, her client[br]starts by fetching a list of relays

0:04:35.680,0:04:36.680
from the directory server.

0:04:36.680,0:04:43.680
Then, the Tor client is gonna pick a[br]three-hop path to the destination server.

0:04:43.680,0:04:46.840
Hop 1 is gonna know who you are[br]but not where you're going.

0:04:46.840,0:04:49.969
Then Hop 3 knows where you're going[br]but not who you are.

0:04:49.969,0:04:52.280
Now there is a link encrypted[br]from you to hop 3,

0:04:52.280,0:04:55.210
and then hop 3,[br]which is the exit relay,

0:04:55.210,0:04:57.969
actually delivers your[br]request to a website.

0:04:57.969,0:05:02.280
Now this part is not encrypted by Tor[br]and as far as the website is concerned,

0:05:02.280,0:05:07.440
it is actually delivering a request from[br]the user at the exit relay

0:05:07.440,0:05:11.500
usually when Tor users receive the[br]blocking screens that I've showed earlier

0:05:11.500,0:05:14.810
it's because the website is blocking[br]the exit relay's IP address

0:05:14.810,0:05:18.190
so this can happen either because the site[br]is deliberately blocking tor

0:05:18.190,0:05:22.620
by downloading the directory and blocking[br]all of the Tor exit IP's

0:05:22.620,0:05:24.680
or because someone did something[br]unpleasant

0:05:24.680,0:05:26.919
through that exit relay in the past

0:05:26.919,0:05:30.230
and it was put on a blocklist incidentally

0:05:32.510,0:05:34.930
So there's been some research on this[br]phenomenon

0:05:34.930,0:05:39.560
and here's some cutting-edge research that[br]hasn't actually even been presented yet

0:05:39.560,0:05:43.500
it's going to be published in the NDSS[br]conference in February

0:05:43.500,0:05:46.310
by the people up here

0:05:46.310,0:05:50.430
and it's looking sort of quantitatively[br]about how prevalent

0:05:50.430,0:05:51.930
this blocking problem is.

0:05:51.930,0:06:00.230
We found that of the top 1000 Alexa[br]sites, 3.5% of them were actually blocked

0:06:00.230,0:06:02.460
for Tor users.

0:06:02.460,0:06:06.990
You can see on this list on the right:[br]most of the blocking is due to

0:06:06.990,0:06:11.330
aggregate blockers like these hosting[br]companies and CDNs

0:06:11.330,0:06:13.700
it's also the case that most of the sites

0:06:13.700,0:06:16.810
didn't actually[br]block 100% of the exit nodes

0:06:16.810,0:06:19.520
But the bigger the exit is bandwidth wise

0:06:19.520,0:06:21.520
thus the higher probability to be[br]exiting from it

0:06:21.520,0:06:23.520
the more likely it was to be blocked

0:06:23.520,0:06:28.969
so this graph shows of 2000 block sites[br]from Ooni data

0:06:28.969,0:06:31.520
given the exit node and how probable[br]it was

0:06:31.520,0:06:34.189
that that exit node would be blocked.

0:06:35.519,0:06:39.440
So one website that blocks Tor users[br]is Wikipedia

0:06:39.440,0:06:42.399
Now Wikipedia doesn't actually Tor users[br]from reading Wikipedia

0:06:42.399,0:06:45.599
which is very useful because it's a[br]resource that's important

0:06:45.599,0:06:48.770
for lots of people to be able to reach,[br]sometimes anonymously

0:06:48.770,0:06:51.140
but it does prevent them from editing.

0:06:51.140,0:06:53.390
That's true even if they're logged in.

0:06:53.390,0:06:57.190
So according to Wikipedia,[br]Wikipedia is a free access,

0:06:57.190,0:07:00.020
free content Internet encyclopedia[br]supported and hosted by the

0:07:00.020,0:07:02.789
non-profit Wikimedia Foundation

0:07:02.789,0:07:05.839
Those who can access this site can[br]edit most of its articles

0:07:05.839,0:07:08.399
and Wikipedia is ranked among the ten most[br]popular websites

0:07:08.399,0:07:12.809
and constitutes the Internet's largest and[br]most popular general reference work

0:07:12.809,0:07:18.559
So right now, y'know, from our vantage[br]point eight years...

0:07:18.799,0:07:22.820
since this quote in 2007[br]in probably about...

0:07:22.820,0:07:28.010
I'm not actually sure when Wikipedia was[br]founded, but some years after

0:07:28.010,0:07:31.959
it's hard to realize what a radical idea[br]Wikipedia once was

0:07:31.959,0:07:35.950
this encyclopedia that can be edited by,[br]well, almost anyone

0:07:35.950,0:07:37.839
in 2007 the New York Times said:

0:07:37.839,0:07:40.830
"The problem with WIkipedia is that it[br]only works in practice.

0:07:40.830,0:07:43.839
In theory, it can never work."

0:07:46.039,0:07:49.149
There's some sort of miracle,[br]that Wikipedia manages to be

0:07:49.149,0:07:51.820
the resource it is, and it's the sort of[br]thing that researchers

0:07:51.820,0:07:54.190
and economists have tried to explain

0:07:54.190,0:07:56.209
and they've tried to explain it in the[br]same way they explain

0:07:56.209,0:07:58.240
the Linux kernel

0:08:01.780,0:08:04.950
this thing happens and nobody quite knows[br]why

0:08:04.950,0:08:09.310
and it makes Wikipedians today a little[br]nervous about and conservative perhaps

0:08:09.310,0:08:13.890
about anything that could rock the boat,[br]affect the quality of the encyclopedia

0:08:14.680,0:08:18.310
but the fact is that Wikipedia needs its[br]contributors to continue to

0:08:18.310,0:08:20.700
update, expand and improve the resource

0:08:20.700,0:08:26.640
Wikipedia contributions peaked in 2007 and[br]have been in a slow and steady decline

0:08:26.640,0:08:32.929
so this graph above shows the number of[br]active registered editors

0:08:32.929,0:08:37.159
who've edited more than 5 edits per month[br]as plotted over time

0:08:37.159,0:08:40.949
and you can see this peak that happens[br]in 2007

0:08:42.399,0:08:45.190
the reasons behind this decline are[br]actually an active area of research

0:08:45.190,0:08:51.250
in their area of concern for the[br]Wikimedia foundation and so on

0:08:51.250,0:08:54.880
the upshot of it is that Wikipedia can't[br]exactly afford to

0:08:54.880,0:08:56.820
just throw away good editors.

0:08:57.690,0:09:00.200
Aside from the general decline in[br]participation

0:09:00.200,0:09:04.160
there's Wikipedia's sort of demographic[br]imbalance

0:09:04.160,0:09:06.430
Wikipedia editors are 84-91% male

0:09:06.430,0:09:08.510
depending on how you count

0:09:08.510,0:09:10.510
and there is also a lot of[br]under-representation

0:09:10.510,0:09:12.709
from global south countries

0:09:12.709,0:09:16.019
and there's been a little bit of research[br]to show how this affects the quality

0:09:16.019,0:09:17.649
of the encyclopedia.

0:09:17.649,0:09:19.840
There's a group of researchers from the[br]?Groveland's? group at

0:09:19.840,0:09:24.479
the university of Minnesota[br]and they were interested in this question

0:09:24.479,0:09:28.589
they had access to a database of movie-[br]ratings and the gender of the raters

0:09:28.589,0:09:31.899
so they compared the length of articles[br]about movies that were

0:09:31.899,0:09:36.070
disproportionately rated by men or women[br]while controlling for the popularity

0:09:36.070,0:09:37.720
and the rating of the movie

0:09:37.720,0:09:40.899
and in this case they showed that[br]male-skewing movies

0:09:40.899,0:09:45.420
had articles that were much longer than[br]articles about female-skewing movies

0:09:45.420,0:09:49.779
independent of these popularity and[br]rating effects.

0:09:49.779,0:09:53.760
Now, maybe articles about movies, it's[br]kind of a trivial thing,

0:09:53.760,0:09:59.959
but it kind of shows you that the editor[br]population affects article categories

0:09:59.959,0:10:04.180
that might be harder to measure[br]in such a rigorous way.

0:10:04.180,0:10:07.740
it made us wonder how the absence of[br]Tor user editors

0:10:07.740,0:10:09.579
affects the quality of the encyclopedia

0:10:09.579,0:10:13.160
and if there's a similar skew that you[br]might be able to see.

0:10:16.650,0:10:19.610
To help understand and answer this[br]question, it's worth asking

0:10:19.610,0:10:22.760
what a Wikipedian would[br]get out of using Tor.

0:10:22.760,0:10:26.060
This question is actually one that has[br]people kind of confused because

0:10:26.060,0:10:31.659
a lot of people see Tor as a tool that you[br]use to hide who you are to a website

0:10:32.809,0:10:35.170
and basically no one at Wikipedia is at[br]all interested

0:10:35.170,0:10:38.660
in letting Tor users Wikipedia without[br]logging in at all.

0:10:38.660,0:10:42.440
However Tor provides some benefits to[br]users, even when they're logged in

0:10:42.440,0:10:45.210
and thus not hiding from Wikipedia.

0:10:45.210,0:10:48.840
In particular it protects against certain[br]surveillance by your local ISP

0:10:48.840,0:10:54.100
or administrative domain, and it can also[br]protect against government surveillance.

0:10:54.100,0:10:56.830
Furthermore it prevents your IP-address[br]from being stored

0:10:56.830,0:11:02.220
in the Wikipedia database of user IPs that[br]can be accessed by administrators

0:11:02.220,0:11:04.470
and attackers.

0:11:04.470,0:11:08.570
We've all seen plenty of cases where[br]attackers get access

0:11:08.570,0:11:11.130
to databases they're not supposed to.

0:11:12.250,0:11:18.240
Another property that is probably more[br]easy to think about is reachability.

0:11:18.240,0:11:22.130
Internet connections could be censored,[br]and Tor might be the only method of

0:11:22.130,0:11:24.560
actually accessing Wikipedia.

0:11:24.560,0:11:28.250
And lastly a lot of Tor users use Tor for[br]all of their Internet use

0:11:28.250,0:11:32.730
as a mechanism to diversify the user base[br]and provide cover for and solidarity with

0:11:32.730,0:11:36.880
users that might need Tor for a[br]different purpose.

0:11:38.630,0:11:44.900
So participation in Internet projects and[br]open source projects can be dangerous.

0:11:44.900,0:11:47.530
Consider the case of Bassel Khartabil

0:11:47.530,0:11:50.130
who's a well-known Wikipedia editor,[br]open source software developer

0:11:50.130,0:11:53.260
and the founder of Creative Commons Syria.

0:11:53.260,0:11:58.620
He was jailed for three years and he's now[br]disappeared, a lot of people think he's dead

0:11:58.620,0:12:02.230
he's very well known for having founded[br]the New Palmyra project

0:12:02.230,0:12:06.560
which uses satellite and high-resolution[br]imagery to create open 3d models

0:12:06.560,0:12:07.820
of ancient structures.

0:12:07.820,0:12:12.320
Now these structures were raided by Daesh,[br]sometimes called ISIS, some time in 2015

0:12:12.320,0:12:17.050
and so this work that he's done is our[br]best record of these structures

0:12:17.050,0:12:18.720
that now exist.

0:12:20.750,0:12:26.360
In another case, Jimmy Wales announced in[br]2015 that the Wikipedian of the year could

0:12:26.360,0:12:31.540
not be revealed publicly, because to do so[br]would actually put the person in danger.

0:12:31.540,0:12:34.890
So, the Wikimedia foundation is also[br]aware that there are some cases

0:12:34.890,0:12:38.620
where editors need privacy.

0:12:39.180,0:12:43.400
So then, with all these risks, that[br]Wikipedians face, and the benefits

0:12:43.400,0:12:45.840
that Tor can provide,[br]why would it be blocked?

0:12:45.840,0:12:48.570
Well, it comes down to abuse.

0:12:48.570,0:12:51.750
The problem of jerks is a real problem[br]on the Internet.

0:12:51.750,0:12:55.440
Though the research is somewhat ambiguous[br]as to the degree at which it's actually

0:12:55.440,0:12:56.660
made worse by anonymity,

0:12:56.660,0:13:02.230
there's this very popular theory on the[br]Internet that if you take a normal person

0:13:02.230,0:13:07.110
and anonymity and an audience,[br]they become a total dickwad.

0:13:07.210,0:13:11.110
Nonetheless, managing abuse is actually[br]somewhat harder

0:13:11.110,0:13:14.250
with anonymous participants, and there's[br]certainly this perception that

0:13:14.250,0:13:19.000
anonymity can make people more[br]susceptible to abusive behavior.

0:13:22.130,0:13:25.040
Fortunately the cryptographic[br]research community has studied

0:13:25.040,0:13:27.600
how to reconcile anonymity and[br]blacklisting of users

0:13:27.600,0:13:30.880
and has found some pretty promising[br]solutions.

0:13:30.880,0:13:35.670
The first, which I'll discuss briefly here[br]is Apu Kapadia's Nymble design.

0:13:35.670,0:13:40.040
There have been many variants of this,[br]including Nymbler, ?Jackbenable?, Jack,

0:13:40.040,0:13:42.120
you get the idea.

0:13:42.120,0:13:46.840
Basically when Alice wants to contribute[br]anonymously to a website or a project

0:13:46.840,0:13:49.970
she uses a pseudonym server to get[br]a pseudonym.

0:13:49.970,0:13:53.550
Then she gives that 'nym to a[br]nym-manager

0:13:53.550,0:13:55.779
and that nym-manager[br]gives her a ticket.

0:13:55.779,0:13:59.450
That ticket is then used to connect to the[br]site she wants to participate on,

0:13:59.450,0:14:03.069
so it's another way to sort of distribute[br]the trust.

0:14:03.339,0:14:07.340
But our Alice is a jerk, so[br]she vandalizes the website.

0:14:07.430,0:14:10.760
The website then complains to the Nymble[br]manager which will then send the server

0:14:10.760,0:14:14.089
a token that can be used to link that user[br]in the future.

0:14:14.089,0:14:16.980
The server then adds the user to a[br]blacklist.

0:14:18.740,0:14:21.720
So basically the way that this works is[br]that everything the user has done

0:14:21.720,0:14:24.820
before the complaint still remains[br]anonymous forever,

0:14:24.820,0:14:28.170
but everything that they do in the future[br]is linkable

0:14:28.170,0:14:31.290
and thus it remains easier to block them.

0:14:32.200,0:14:37.090
There has basically been no adoption of[br]this kind of protocol,

0:14:37.090,0:14:40.160
despite a lot of iterations in the[br]literature.

0:14:40.320,0:14:42.560
There are some reasons for this:

0:14:42.560,0:14:45.380
many of the variants have no[br]implementation, and those that do

0:14:45.380,0:14:48.050
it's research code and as the author[br]of some research code...

0:14:48.050,0:14:50.949
I can tell you that there would be[br]significant work involved in

0:14:50.949,0:14:53.140
actually adopting these measures.

0:14:53.140,0:14:56.380
And there is a price to be paid. You have[br]pick between either having

0:14:56.380,0:15:00.480
a semi-trusted third party, degraded[br]notions of privacy,

0:15:00.480,0:15:02.950
so basically pseudonymity[br]rather than anonymity,

0:15:02.950,0:15:05.240
or high computational overhead

0:15:05.240,0:15:08.160
because zero-knowledge proofs are[br]still kind of expensive.

0:15:08.160,0:15:11.960
But it could well be done, and it's not[br]like you need all of these things,

0:15:11.960,0:15:13.360
you only need one,

0:15:13.360,0:15:17.870
but ultimately it isn't being done, and I[br]think this is because most sites

0:15:17.870,0:15:23.060
don't really care. They believe that the[br]number of non-jerks might not be zero,

0:15:23.060,0:15:28.350
but it's approximately zero,[br]and it's just not worth the bother.

0:15:29.600,0:15:33.680
So we're interested in measuring this[br]value of anonymous participation

0:15:33.680,0:15:37.740
to sort of provide motivation for sites to[br]actually try and solve these problems.

0:15:37.990,0:15:42.120
It's not a terribly easy thing to do,[br]because Tor is blocked so often

0:15:42.120,0:15:45.050
we're actually trying to measure[br]participation that doesn't happen,

0:15:45.050,0:15:47.490
that might happen under[br]alternate circumstances.

0:15:47.490,0:15:51.300
To ask this question we turned to[br]qualitative methods, which is

0:15:51.300,0:15:53.020
basically an interview study.

0:15:53.020,0:15:56.429
We talked to Tor users who participate in[br]open collaboration, and we talked to

0:15:56.429,0:15:58.990
Wikipedia editors about their privacy[br]concerns.

0:16:01.510,0:16:03.649
So we have two basic research questions:

0:16:03.649,0:16:05.839
first, what kind of threats do[br]contributors

0:16:05.839,0:16:09.899
to open collaboration projects perceive,[br]and second:

0:16:09.899,0:16:13.850
how do people who contribute to open[br]collaboration projects manage the risk?

0:16:13.850,0:16:16.990
The goal here is to get the kind of[br]in-depth and qualitative

0:16:16.990,0:16:19.490
understanding that will help us to ask[br]the right questions

0:16:19.490,0:16:23.000
in a larger scale study, and ensure that[br]we're solving the right problems

0:16:23.000,0:16:28.069
when we design systems to facilitate[br]anonymous participation in online projects

0:16:29.219,0:16:30.970
As ?Cera McDonald? Pikelet said:

0:16:30.970,0:16:36.470
"They're not anecdotes, that's small[br]batch artisanal data..."

0:16:38.320,0:16:42.730
So a little bit about our 23 participants[br]in our study

0:16:42.730,0:16:45.339
We had 12 participants that were Tor users

0:16:45.339,0:16:50.640
8 males, 3 females and 1 of fluid gender.

0:16:50.640,0:16:55.410
The minimum age was 18, the maximum age[br]was 41 and the average was 30.

0:16:55.410,0:17:01.020
3 people with a high school education, 4[br]current and graduated undergraduates

0:17:01.020,0:17:07.048
and 5 people with post-graduate degrees or[br]who were graduate students.

0:17:08.398,0:17:13.279
The location: 7 of the participants were[br]from the U.S. but we also had

0:17:13.279,0:17:18.699
participants from Australia, Belgium,[br]Canada, South Africa and Sweden.

0:17:18.959,0:17:26.169
For the Wikimedia participants, we had[br]again 8 males and 3 females.

0:17:26.169,0:17:31.649
Actually I think the demographics of Tor[br]and Wikimedia might not be too different.

0:17:31.649,0:17:37.159
The minimum age was 20 and the max was 53,[br]again the average was 30.

0:17:37.159,0:17:42.360
One didn't report their education level,[br]we had 8 people with bachelor's degrees

0:17:42.360,0:17:47.330
or undergraduate students, and 2 graduate[br]students or people with graduate degrees.

0:17:47.330,0:17:51.620
Again we had 5 participants from the U.S.,[br]but we also had participants from

0:17:51.620,0:17:56.309
Australia, France, Ghana, Israel[br]and the U.K. in this case.

0:17:56.309,0:18:00.740
So we didn't have - a lot of people talked[br]to us - we didn't have any participants

0:18:00.740,0:18:05.559
from places like Iran or China, though we[br]did have some Iranians who were

0:18:05.559,0:18:08.520
living in the U.S. who talked to us.

0:18:08.520,0:18:12.230
So types of participation

0:18:12.230,0:18:15.489
Obviously we had Wikipedians,[br]we sought them out

0:18:15.489,0:18:18.440
a number of the people that we talked[br]to, especially the Tor users

0:18:18.440,0:18:21.310
who actually contribute to[br]the Tor project in some way

0:18:21.310,0:18:24.559
but we asked people about their other[br]participation on the Internet,

0:18:24.559,0:18:28.300
especially Tor users, and we found that[br]there are a lot of people that participate

0:18:28.300,0:18:34.000
through adding web comments, participating[br]on forums, using Twitter...

0:18:34.000,0:18:37.740
contributing open source code to projects[br]on Github or Sourceforge

0:18:37.740,0:18:40.850
or other projects on the Internet, helping[br]with the Internet archive

0:18:40.850,0:18:46.100
or contributing to image boards...[br]to sites that do that.

0:18:46.100,0:18:50.120
So our interview protocol: we gave 20[br]dollars in compensation,

0:18:50.120,0:18:51.480
gift cards or cash.

0:18:51.480,0:18:58.200
30% of people declined this because we[br]would need to register their participation

0:18:58.200,0:19:02.809
if we give them compensation, and some[br]people didn't want there to be

0:19:02.809,0:19:03.980
as much of a record.

0:19:03.980,0:19:07.509
We spoke to people over the phone, using[br]Skype, using

0:19:07.509,0:19:11.809
various encrypted audio mechanisms,[br]one person was interviewed face to face.

0:19:11.809,0:19:14.669
The interviews were again conducted by[br]Andrea Forte

0:19:14.669,0:19:19.260
and we asked people to tell in-depth[br]stories and prompted them for detail.

0:19:19.690,0:19:23.630
Our analysis of this is ongoing, it's[br]not done,

0:19:24.310,0:19:28.319
we've transcribed all the interviews,[br]we've coded them to identify the themes

0:19:28.319,0:19:30.480
and we grouped and merged some of these[br]themes.

0:19:30.480,0:19:34.009
I'm going to talk to you about some of the[br]stuff that came out of this study,

0:19:34.009,0:19:37.009
give some quotes and things like that.

0:19:37.579,0:19:38.520
Interview topics.

0:19:38.520,0:19:42.299
For Tor users we asked them to explain Tor[br]and what it's for. We asked for some

0:19:42.299,0:19:44.879
current and retrospective examples of use,

0:19:44.879,0:19:48.169
the story of how and why they first[br]started using Tor,

0:19:48.169,0:19:52.139
and some examples of when they use Tor[br]online and when they don't use Tor online

0:19:52.139,0:19:55.489
and some questions about their[br]participation in online projects

0:19:55.489,0:19:59.480
and if they participate in Wikipedia we[br]asked them some of the Wikipedia questions

0:19:59.480,0:20:02.249
similarly with Wikipedia people who had[br]used Tor.

0:20:02.249,0:20:05.560
And there was some considerable overlap.

0:20:06.590,0:20:09.640
For Wikipedians we asked how and why they[br]started editing,

0:20:09.640,0:20:12.289
examples of privacy concerns associated[br]with their editing,

0:20:12.289,0:20:15.169
steps they may have taken to protect their[br]privacy when editing,

0:20:15.169,0:20:18.450
and examples of interactions with other[br]editors.

0:20:18.820,0:20:24.170
Now, there's some real limitations with[br]this work:

0:20:24.450,0:20:28.210
we may be missing participants with severe[br]privacy concerns.

0:20:28.940,0:20:32.519
Anybody who participate in this would have[br]talk to unknown parties

0:20:32.519,0:20:36.700
that they couldn't necessarily trust that[br]we were not going to do

0:20:36.700,0:20:40.199
any nefarious things with their interview.

0:20:40.279,0:20:43.769
They need to speak remotely over a[br]communications channel in most cases

0:20:43.769,0:20:48.909
we were willing to conduct some interviews[br]over various encrypted channels

0:20:48.909,0:20:51.950
such as Jitsi or really whatever people[br]wanted us to do,

0:20:51.950,0:20:53.519
as long as we could set it up.

0:20:53.519,0:20:56.500
Though we didn't mention Skype in our[br]recruitment materials,

0:20:56.500,0:20:59.899
and this actually caused a bit of a[br]kerfuffle on the Tor blog

0:20:59.899,0:21:04.700
when people were saying we clearly don't[br]understand Tor

0:21:04.700,0:21:08.399
and have no familiarity with the project[br]if we're even thinking of using Skype

0:21:08.399,0:21:14.099
I know a couple of Tor users and Tor[br]developers that use Skype, so...

0:21:14.179,0:21:17.809
but, y'know, we were willing to[br]use other things,

0:21:17.809,0:21:20.700
and we again didn't talk to residents of[br]Iran or China,

0:21:20.700,0:21:25.319
which is something that a lot of people[br]told us might be of interest.

0:21:25.319,0:21:28.459
So, what does anonymity actually mean to a

0:21:28.459,0:21:32.040
Wikipedian, was an interesting question.[br]Because it doesn't mean the same thing

0:21:32.040,0:21:36.999
that it usually means to a Tor user. So,[br]a lot of times when people talk about

0:21:36.999,0:21:40.440
anonymous edits in Wikipedia they mean[br]editing without logging in.

0:21:40.440,0:21:45.649
And this is actually called IP editing to[br]Wikipedians, because what happens when you

0:21:45.649,0:21:50.820
edit Wikipedia without logging in is that[br]the IP address is actually published

0:21:50.820,0:21:53.409
as the author of that edit.

0:21:53.409,0:21:57.450
The other thing that people mean when[br]they talk about editing anonymously is

0:21:57.450,0:22:01.399
editing under a synonymous account while[br]not leaving clues about your identity.

0:22:03.300,0:22:06.250
The notion of IP editing is somewhat[br]problematic.

0:22:06.500,0:22:10.289
This was an article from Buzzfeed about

0:22:10.289,0:22:15.879
the 33 most embarassing congressional[br]edits to member's Wikipedia pages.

0:22:15.879,0:22:20.960
The congressional offices in the U.S. all[br]share one IP address,

0:22:20.960,0:22:24.200
so you can simply search Wikipedia for[br]that IP address

0:22:24.200,0:22:26.980
and you can find people making revisions,

0:22:26.980,0:22:32.379
for example to the liberty caucus[br]Wikipedia site and so on.

0:22:34.259,0:22:39.659
So in terms of content-based anonymity,[br]according to the Wikipedians we talked to,

0:22:39.659,0:22:42.490
most deanonymisation is done actually by[br]contextual clues.

0:22:42.490,0:22:45.779
When people are outed as being this[br]pseudonymous Wikipedia person,

0:22:45.779,0:22:48.229
it's usually because somebody[br]looked up things.

0:22:48.229,0:22:49.960
There was a quote, someone said:

0:22:49.960,0:22:53.590
"these is small things but I usually[br]wouldn't edit things relating to my school

0:22:53.590,0:22:55.909
or places near where I lived[br]when I was logged in.

0:22:55.909,0:22:58.720
It's actually weirdly easy to piece[br]together someone's identity

0:22:58.720,0:23:01.220
based on the location or things like that"

0:23:01.220,0:23:04.279
So Tor, it's worth pointing out the limits[br]of what Tor can do

0:23:04.279,0:23:07.920
Tor is not gonna help with this particular[br]problem

0:23:07.920,0:23:09.320
it will hide your IP address

0:23:09.320,0:23:13.850
but not necessarily this.

0:23:16.310,0:23:19.070
What is the Wikipedia policy on Tor?

0:23:19.070,0:23:23.590
Mediawiki has a TorBlock extension, which[br]automatically blocks editing through Tor

0:23:23.590,0:23:27.570
Now, it's possible to actually get an[br]exemption,

0:23:27.570,0:23:31.970
what is called an IP block exemption, and[br]registered users in good standing

0:23:31.970,0:23:33.559
can ask for one.

0:23:33.559,0:23:36.789
The problem is, it's a little bit hard to[br]establish that standing

0:23:36.789,0:23:41.249
it requires editing without using Tor.

0:23:41.739,0:23:49.159
When pointed out that this is particularly[br]problematic for censored users,

0:23:49.159,0:23:52.279
because they can't access Wikipedia to[br]edit in the first place,

0:23:52.279,0:23:56.720
although they do provide some closed[br]proxies for Chinese users in particular,

0:23:56.720,0:24:00.309
there are a lot of censored users that[br]aren't Chinese but...

0:24:00.309,0:24:04.499
you can contact them to ask to use their[br]sort of secret proxies.

0:24:04.499,0:24:06.909
I don't know how well this actually works.

0:24:06.909,0:24:11.700
But we did ask our interviewees, can[br]Wikipedia be edited through Tor?

0:24:11.700,0:24:15.649
Which is an interesting question. So,[br]as a convention for the rest of the talk

0:24:15.649,0:24:19.109
when you see these blue boxes, they are[br]gonna be quotes from Wikipedians,

0:24:19.109,0:24:22.009
when you see the green boxes, they're[br]quotes from Tor users.

0:24:22.009,0:24:27.400
When we asked people, the WIkipedians[br]often said: if the account exists,

0:24:27.400,0:24:31.019
yes, when you're doing an anonymous edit[br]with Tor it's really difficult

0:24:31.969,0:24:34.450
they mean an IP edit there.[br]And then he said:

0:24:34.450,0:24:36.469
I had one that came[br]through the mailing list

0:24:36.469,0:24:39.289
in the last couple of weeks, and that[br]their employer had been

0:24:39.289,0:24:41.700
checking up on them... we allowed that.

0:24:41.700,0:24:45.349
So as an administrator I have a user bot[br]that allows me to get around that,

0:24:45.349,0:24:49.459
but as well as feeling bad about that,[br]other people don't have that option.

0:24:50.759,0:24:55.440
From a Tor user, we actually said: but[br]sometimes, like every so many exit nodes,

0:24:55.440,0:24:57.999
you sometimes one have works...[br]so many sites block Tor,

0:24:57.999,0:25:01.259
try to block it, it's quite annoying as[br]you're trying to do something.

0:25:01.259,0:25:05.969
So this person sort of... saw what... in[br]the research of blocking Tor,

0:25:05.969,0:25:09.419
not every exit node is blocked, so if[br]you're really determined to make that

0:25:09.419,0:25:15.389
anonymous edit, you can just keep clicking[br]'New Identity' and get there.

0:25:16.359,0:25:20.130
And then they said: we do sometimes let[br]people edit through them,

0:25:20.130,0:25:23.139
I know we have users in China coming[br]through the Great Firewall

0:25:23.139,0:25:25.139
and stuff like that.

0:25:25.249,0:25:29.179
So then ...[br][[ audio cuts out for 4 seconds ]]

0:25:29.179,0:25:35.820
Tor user, y'know, well they...[br][[ audio cuts out for 16 seconds ]]

0:25:35.820,0:25:55.070
[[ audio cuts out for 16 seconds ]]

0:25:55.070,0:25:59.670
[[ 5 seconds audio cut remaining ]]

0:25:59.670,0:26:01.099
...things like that.

0:26:01.099,0:26:04.340
So because you can change your IP address[br]with the click of a button,

0:26:04.340,0:26:07.910
it's very difficult to prevent abuse.

0:26:09.110,0:26:14.189
There's this sort of notion that maybe[br]it's important for vandalism,

0:26:14.189,0:26:17.789
but maybe that's a problem, and maybe[br]there should be something that be done.

0:26:17.789,0:26:20.799
So then, a lot of what asked people about[br]was sort of the threats

0:26:20.799,0:26:23.779
that they were concerned about, from a[br]data privacy perspective.

0:26:23.779,0:26:27.899
People talked about government threats,[br]businesses, organized crime,

0:26:27.899,0:26:32.579
private citizens, other project members,[br]and project outsiders.

0:26:32.759,0:26:38.179
When we group the threats, we found sort[br]of five or so big threats

0:26:38.179,0:26:41.940
that lots of people talked about, we had[br]twelve different instances of

0:26:41.940,0:26:45.389
people talking about surveillance concerns[br]or general concerns about

0:26:45.389,0:26:47.739
the loss of privacy.

0:26:47.739,0:26:50.969
Ten people talked specifically about the[br]loss of employment

0:26:50.969,0:26:55.979
or economic opportunity that might happen,[br]9 people talked about bullying,

0:26:55.979,0:26:59.700
harassment, intimidation, stalking,[br]this sort of thing.

0:26:59.760,0:27:04.429
Another 9 people talked about personal[br]safety, or the safety of their loved ones.

0:27:04.429,0:27:10.100
6 people that we talked to, talked about[br]reputation loss.

0:27:10.100,0:27:12.909
I'll get into these in more detail.

0:27:13.309,0:27:14.679
Surveillance.

0:27:14.679,0:27:18.090
Y'know, in my country there is basically[br]unknown surveillance going on

0:27:18.090,0:27:21.369
and I don't know what providers to use,[br]and at some point I decided to

0:27:21.369,0:27:22.619
use Tor for everything.

0:27:22.619,0:27:25.919
It's worth pointing out given the list of[br]countries I gave that

0:27:25.919,0:27:30.850
this isn't necessarily the list and...[br]I think you wouldn't get this list of

0:27:30.850,0:27:36.320
kinda quotes maybe before the Snowden[br]revelations about generalized surveillance

0:27:36.320,0:27:38.029
across the world.

0:27:38.029,0:27:41.160
A lot of people talked about how their[br]online activities were

0:27:41.160,0:27:45.140
being accessed or logged without their[br]consent, and especially among

0:27:45.140,0:27:47.669
Tor users there was this[br]notion of wanting to be

0:27:47.669,0:27:51.189
public by effort, but private by default.

0:27:51.319,0:27:57.049
And when you talk to Wikipedians, they[br]talked about their edit histories and how

0:27:57.049,0:28:01.299
the edit histories themselves might be[br]somewhat sensitive.

0:28:03.809,0:28:06.799
In terms of loss of employment...

0:28:06.799,0:28:13.049
many many employers now look at your[br]online footprint before they hire you.

0:28:13.049,0:28:16.719
According to Monster, one of the big[br]employment websites,

0:28:16.719,0:28:20.730
77% of employers google perspective[br]employees.

0:28:22.180,0:28:26.810
From a Tor user, we had someone talk about[br]"I am transgender, I am queer, my boss

0:28:26.810,0:28:30.369
would rant for hours about this kind of[br]person, that kind of person, the other

0:28:30.369,0:28:34.179
kind of person, all of which I happen to[br]be... and I decided if I was going to do

0:28:34.179,0:28:37.829
anything online at all, I better look into[br]options for protecting myself, because

0:28:37.829,0:28:40.179
I didn't want to get fired."

0:28:40.179,0:28:44.529
In Wikipedia, someone said: "A friend of[br]mine was also involved in this discussion

0:28:44.529,0:28:47.910
and he actually got it worse than I did.[br]He's in a position now where

0:28:47.910,0:28:52.110
anyone who googles him finds allegations[br]that he is this awful monster, and

0:28:52.110,0:28:55.369
he's terrified of having to look for work[br]now because you google him,

0:28:55.369,0:28:57.379
and that's what you find.

0:28:57.379,0:29:01.750
So these things can have a real impact[br]on people. So...

0:29:01.790,0:29:05.989
and then there is harassment. So this is[br]a quote from a Wikipedian who said:

0:29:05.989,0:29:10.239
"I would say that the fear of harassment[br]of real, of stalking and things like that

0:29:10.239,0:29:13.539
is quite substantial, at least among[br]administrators I know,

0:29:13.539,0:29:15.309
especially women."

0:29:15.309,0:29:18.519
From a Tor user there was someone who[br]talked about "this is a map

0:29:18.519,0:29:21.989
of active hate groups in the[br]United States"

0:29:21.989,0:29:25.609
and how they had experienced problems[br]with these hate groups in the past

0:29:25.609,0:29:29.519
and they wanted to see who was active in[br]their area, and they would

0:29:29.519,0:29:33.320
go to the websites of these hate groups[br]and sort of for obvious reasons

0:29:33.320,0:29:37.549
they didn't want their home IP address[br]to appear in the logs of these

0:29:37.549,0:29:40.179
hate group websites.

0:29:42.889,0:29:46.759
Safety of loved ones,[br]also personal safety.

0:29:47.179,0:29:51.499
A lot of people talked about, y'know,[br]real, concrete, not just threats but

0:29:51.499,0:29:54.779
things that had happened to them or to[br]people that they knew.

0:29:54.779,0:29:59.129
In Tor there is this story: they bursted[br]his door down and

0:29:59.129,0:30:02.149
they beat the ever living crap out of him.[br]He was hospitalized

0:30:02.149,0:30:05.850
for two and a half weeks, and they told[br]him: "if you and your family wanna live,

0:30:05.850,0:30:07.840
you're gonna have to stop causing trouble"

0:30:07.840,0:30:09.570
and they said that to him in farsee.

0:30:09.570,0:30:12.750
I have a family so after I visited him[br]in the hospital, I started...

0:30:12.750,0:30:15.909
well at first I started shaking, and I[br]went into a cold sweat

0:30:15.909,0:30:20.019
and then I realized I have to start taking[br]my human rights activities

0:30:20.019,0:30:22.459
into other identities through[br]the Tor network.

0:30:22.869,0:30:24.659
And on the Wikipedia side:

0:30:24.659,0:30:28.229
"I pulled back from some of that Wikipedia[br]work when I could no longer hide

0:30:28.229,0:30:32.179
in quite the same way. For a long time I[br]lived on my own, so it's just my own

0:30:32.179,0:30:36.049
personal risk I was taking with things,[br]now my wife lives here as well

0:30:36.049,0:30:37.699
and I can't take that same risk."

0:30:41.329,0:30:45.619
Lastly, people were concerned about[br]reputation loss.

0:30:45.619,0:30:52.179
In Wikipedia there has been known to be[br]edit wars that escalate into vendettas

0:30:52.179,0:30:55.879
here's a sort of example of an edit war[br]where y'know some user says:

0:30:55.879,0:31:03.779
"I hate big bitch Alison," who is then[br]blocked indefinitely by Alison.

0:31:03.779,0:31:07.220
People are worried about this sort of[br]thing escalating and then somebody

0:31:07.220,0:31:12.179
doing something off of the Internet to[br]call them names, or mess with their

0:31:12.179,0:31:15.599
reputation... and that would have a[br]negative effect on their life.

0:31:15.599,0:31:21.919
In Tor there is a couple interesting cases[br]that sort of concerns guilt by association

0:31:21.919,0:31:24.529
So there is someone who participates on[br]image boards,

0:31:24.529,0:31:27.059
on 8chan or infinite chan,

0:31:27.059,0:31:31.380
and I don't know if you guys are that[br]aware of this... it's sort of the place

0:31:31.380,0:31:34.310
which was kind of started by people that[br]were blocked by 4chan,

0:31:34.310,0:31:36.830
so it's the people that 4chan think are[br]kind of sketchy

0:31:36.830,0:31:39.740
<i>laughter</i>

0:31:39.740,0:31:43.499
and this person said: "Look, I stand[br]behind the material and the content that

0:31:43.499,0:31:45.789
I have created, but some people[br]on this site,

0:31:45.789,0:31:48.999
I wouldn't wanna be associated with them."

0:31:48.999,0:31:53.549
So, there is another person who talked[br]about "look I've created some online

0:31:53.549,0:31:59.249
resources about various pharmaceuticals,[br]but I don't wanna be very associated

0:31:59.249,0:32:04.009
with the community that posts stuff about[br]stuff like that.

0:32:05.499,0:32:07.119
So some other threats.

0:32:07.919,0:32:10.929
Some people talked about diminished[br]project quality.

0:32:10.929,0:32:15.619
In particular a lot of the Wikipedians[br]that we talked to

0:32:15.619,0:32:18.149
were somewhat prominent in the[br]Wikipedia project,

0:32:18.149,0:32:21.979
and in some respects had kind of achieved[br]some degree of like

0:32:21.979,0:32:25.909
rock star status as editors, if such[br]things can be.

0:32:26.379,0:32:30.459
They found it very difficult to edit[br]anymore because they'd edit a page

0:32:30.459,0:32:34.059
and that page hadn't received a lot of[br]attention but people would see that

0:32:34.059,0:32:37.510
they had edited it and there would be[br]sort of hordes of people that would

0:32:37.510,0:32:40.479
descend on that page, and mess with it.

0:32:40.489,0:32:44.420
And they found that they couldn't do that[br]without actually sort of harming the pages

0:32:44.420,0:32:46.239
that they were trying to edit.

0:32:46.239,0:32:50.599
Similarly, there were some Tor users who[br]were talked about, y'know,

0:32:50.599,0:32:54.690
not wanting to sort of... take credit for[br]their work because they were worried

0:32:54.690,0:32:58.769
they wouldn't have the credentials to be[br]taken seriously in various ways,

0:32:58.769,0:33:00.029
or things like that.

0:33:00.029,0:33:03.940
Only two people in our project actually[br]talked about worrying about

0:33:03.940,0:33:12.320
legal sort of sanctions, government[br]sanctions for their participation.

0:33:12.320,0:33:16.320
There were a lot of people that talked[br]about computer security concerns

0:33:16.320,0:33:19.769
which is not so much a privacy concern,[br]though it's very related, and I'm

0:33:19.769,0:33:24.460
going to talk about that because this[br]group might be interested.

0:33:24.460,0:33:27.749
On the Tor side, people liked to see[br]authentication properties

0:33:27.749,0:33:32.440
of .onion services. The idea that when[br]you go to a .onion website,

0:33:32.440,0:33:37.440
the address is self-authenticating, you[br]know where you're going.

0:33:37.440,0:33:41.289
But a lot of people who use Tor talked[br]about the general data hygiene idea

0:33:41.289,0:33:45.879
that there's sort of less data about them[br]in unknown websites,

0:33:45.879,0:33:49.159
in unknown databases of companies[br]because they don't leave as many

0:33:49.159,0:33:55.010
online footprints, and then you see all[br]these high profile break-ins that happen

0:33:55.010,0:33:58.639
and these databases get stolen, if you're[br]using Tor, maybe you're less likely

0:33:58.639,0:34:00.209
to be in those databases.

0:34:00.209,0:34:02.599
That was the idea there.

0:34:02.599,0:34:05.969
From Wikipedia a lot of people were[br]concerned about

0:34:05.969,0:34:08.020
their Wikipedia credentials.

0:34:08.020,0:34:12.879
They talked about not logging in on[br]public terminals and things like that,

0:34:12.879,0:34:17.590
in particular being concerned about the[br]security of administrative credentials

0:34:17.590,0:34:22.679
that have privileges to, for example, look[br]up the IP address of users who had edited

0:34:22.679,0:34:25.989
and things like that, which could[br]be abused.

0:34:27.309,0:34:30.410
So some concrete things that the people[br]were afraid of,

0:34:30.410,0:34:31.999
not a complete list:

0:34:31.999,0:34:35.069
having their head photoshopped onto porn,[br]something that happens

0:34:35.069,0:34:37.260
sometimes to editors...

0:34:37.260,0:34:40.729
being beaten up, actually a couple of Tor[br]people mentioned this;

0:34:40.729,0:34:43.260
being swatted;[br]receiving pipe bombs;

0:34:43.260,0:34:47.080
having fake information about them[br]published online.

0:34:47.320,0:34:52.180
Though there were people that said, look,[br]I don't really see a threat.

0:34:52.180,0:34:56.469
And some participants said they don't[br]perceive threats when they're contributing

0:34:56.469,0:35:00.800
but in a lot of cases they pointed out[br]that they enjoyed certain privileges

0:35:00.800,0:35:04.020
related to perhaps their gender, their[br]nationality, or the fact that

0:35:04.020,0:35:05.970
their interests were fairly mainstream.

0:35:05.970,0:35:08.700
So here's a quote:[br]"yeah I'm not that worried about it,

0:35:08.700,0:35:11.960
mainly because there's pretty good support[br]for some of these viewpoints,

0:35:11.960,0:35:15.450
kind of a mainstream discourse, and it's[br]not so radical, I don't think anyone's

0:35:15.450,0:35:17.300
going to be knocking down on my door.

0:35:17.300,0:35:20.390
But I've been in contact with activists[br]who have been engaged with

0:35:20.390,0:35:23.440
higher risk activities, and I do wonder[br]about, I do have concerns

0:35:23.440,0:35:27.470
about their welfare, and the desire they[br]have to have the tools to

0:35:27.470,0:35:31.930
be able to pursue their activities without[br]facing consequences."

0:35:31.930,0:35:38.500
So in contrast to the jerk theme, there[br]are a lot of people who run Tor

0:35:38.500,0:35:43.330
out of a sense of altruism, to provide[br]cover and solidarity.

0:35:43.920,0:35:47.460
Someone said, I appreciate the need for[br]protecting vulnerable people

0:35:47.460,0:35:51.390
around the world, so I run several relays,[br]some of them are exit relays,

0:35:51.390,0:35:54.470
some of them are middle relays, and I[br]run them around the world".

0:35:54.470,0:35:57.820
And someone else said:[br]"While you use it, you help

0:35:57.820,0:36:01.950
diversify the network for those who may be[br]subject to traffic monitoring, and you can

0:36:01.950,0:36:05.820
look up any information you like, whether[br]or not it's sensitive, and you'll get it,

0:36:05.820,0:36:09.370
and if you live in a place where it may[br]not be the greatest in legal standing

0:36:09.370,0:36:13.289
to look it up, you're able to find out[br]information."

0:36:14.459,0:36:19.839
So mitigating strategies, how did people[br]deal with this when they wanted to

0:36:19.839,0:36:26.319
participate in sites but they couldn't do[br]it through anonymous means, well,

0:36:26.319,0:36:29.520
some people modified their participation,[br]and I'll talk about some of

0:36:29.520,0:36:35.940
the chilling effects that we saw, and also[br]attempts to get anonymity in various ways

0:36:37.440,0:36:40.079
So, lost editors.

0:36:40.389,0:36:43.210
Several Tor users that we talked to,[br]actually mentioned that

0:36:43.210,0:36:47.700
they had edited Wikipedia and they no[br]longer edited it, or they edited it

0:36:47.700,0:36:50.230
less because of the difficulty of editing[br]through Tor.

0:36:50.230,0:36:53.380
There was someone who said:[br]"Basically I used to edit Wikipedia

0:36:53.380,0:36:57.470
prior to doing a lot of Tor, so yeah now[br]it's mostly reading... I used to

0:36:57.470,0:37:01.730
do a lot of editing for license design[br]and for like some open source licenses,

0:37:01.730,0:37:06.840
occasionally random forms and stuff that I[br]knew about, sometimes grammar.

0:37:09.780,0:37:13.289
And people talked to us in particular[br]about the chilling effects

0:37:13.289,0:37:17.910
of state surveillance, and in particular[br]the Snowden revelations.

0:37:17.910,0:37:22.179
In March of 2015 Wikimedia foundation[br]announced that it was

0:37:22.179,0:37:25.720
suing the National Security Agency.

0:37:25.720,0:37:29.409
We asked people about that, and[br]the Wikipedians, some of them said

0:37:29.409,0:37:32.929
"People aren't willing to engage with us[br]when they know their government is

0:37:32.929,0:37:36.960
watching their every move." And they[br]said that in particular they can show

0:37:36.960,0:37:39.960
that editing dropped off significantly on[br]certain articles

0:37:39.960,0:37:42.680
after the Upstream program was revealed.

0:37:42.680,0:37:48.329
Here's a quote from one of our Tor users[br]in the study that substantiates this.

0:37:48.329,0:37:51.330
"For the Edward Snowden page, I've pulled[br]myself away from adding

0:37:51.330,0:37:54.429
sensitive contributions, like different[br]references, because I thought

0:37:54.429,0:37:59.100
that made be traced back to me[br]in some way. But not refraining from

0:37:59.100,0:38:00.400
useful content I guess."

0:38:00.400,0:38:04.779
Though, of course, adding references is[br]one of the things that contributes to

0:38:04.779,0:38:09.819
the quality of articles and so on, and in[br]particular they said, articles about

0:38:09.819,0:38:16.089
national security things, about terrorism[br]and so on, people didn't edit as much

0:38:16.089,0:38:21.510
about these things anymore because they[br]were worried about ending up on a list.

0:38:21.510,0:38:27.349
The other major topic that was chilled was[br]articles about women's health.

0:38:27.349,0:38:31.890
So, here's a picture of a vacuum[br]aspiration abortion from the

0:38:31.890,0:38:39.049
Wikipedia abortion article and a couple[br]of people told us about how, "look, any

0:38:39.049,0:38:44.609
site that has to do with women or women's[br]issues is more contentiously edited,

0:38:44.609,0:38:49.280
is more likely of inflaming people,[br]getting into edit wars, than other sites."

0:38:50.100,0:38:53.769
There were a lot of trolls on the Internet[br]and there's a quote on the Internet:

0:38:53.769,0:38:57.359
"Trolls have called their bosses and been[br]like 'Do you know that your employee

0:38:57.359,0:38:59.510
was editing the clitoris article last[br]week?'"

0:38:59.510,0:39:01.829
They will do stuff like that.

0:39:01.829,0:39:07.000
So this means that, y'know, in particular[br]someone talked about "I was a medical

0:39:07.000,0:39:10.890
student, I had my obstetrics text book[br]open, I was looking at the abortion

0:39:10.890,0:39:14.029
article, I was thinking about making some[br]changes, but then I just

0:39:14.029,0:39:20.460
pulled myself back and said, y'know,[br]I don't need that in my life."

0:39:20.460,0:39:26.490
This is another area where privacy[br]concerns push back, cause people

0:39:26.490,0:39:29.839
to not necessarily do things...

0:39:29.839,0:39:36.539
And then there's this idea of a threshold[br]of participation, that the more involved

0:39:36.539,0:39:40.529
you are, the more active you are in a[br]project, the more likely you're actually

0:39:40.529,0:39:43.569
gonna encounter real problems.

0:39:43.569,0:39:48.069
People involved in curating content,[br]deleting things, promoting things,

0:39:48.069,0:39:51.619
arbitrating disputes, etc., they're going[br]to make enemies.

0:39:51.619,0:39:54.200
Some of these enemies are going to make[br]nasty threats,

0:39:54.200,0:39:56.550
and some of them are gonna act on them.

0:39:56.550,0:40:00.000
Here is another quote of somebody:[br]"As long as I have that pseudonym ...

0:40:00.000,0:40:05.330
"As long as I have that pseudonym ...[br][[ see slide ]]

0:40:05.330,0:40:10.549
[[ see slide ]][br]... that turns up when you do that."

0:40:10.549,0:40:14.720
People mention in particular, from the[br]Wikipedia side, that there were two sites:

0:40:14.720,0:40:21.150
Wikipediocracy and The Wikipedia Review,[br]where people have critiques of Wikipedia

0:40:21.150,0:40:27.860
and that people on these sites had done[br]threats and doxing of various people

0:40:27.860,0:40:29.910
on the arbitration committee.

0:40:29.910,0:40:33.160
Someone talked about "they found my[br]parents' home address, they found

0:40:33.160,0:40:36.439
one of my old phone numbers, they wrote a[br]blog post about all of these

0:40:36.439,0:40:39.330
horrible things I've done, and here's my[br]contact information,

0:40:39.330,0:40:44.869
and for a good time call... and when it's[br]on the Internet it doesn't die.

0:40:45.099,0:40:51.729
People that get to a certain level of[br]doing things, like handling abuse,

0:40:51.729,0:40:53.629
had problems.

0:40:53.629,0:40:57.630
So since I didn't have any privacy, I felt[br]limited in what I could do, I could still

0:40:57.630,0:41:00.219
write articles but blocking people[br]was something

0:41:00.219,0:41:03.209
I tried to avoid, since I didn't wanna[br]get angry phone calls.

0:41:03.209,0:41:06.269
So someone else also talked about[br]activities that they used to do,

0:41:06.269,0:41:08.429
but then after receiving threats and[br]things...

0:41:08.429,0:41:12.440
I used to check for use of the N-word, the[br]ruder of the two F-words, one or two other

0:41:12.440,0:41:16.969
things that were indicative of problems in[br]user space, and I deleted lots and lots of

0:41:16.969,0:41:20.260
attack pages which were fairly hot in[br]dealing with them when they would

0:41:20.260,0:41:23.779
turn up in article space, and when people[br]create a user account in somebody

0:41:23.779,0:41:27.380
else's name and say a bunch of things[br]about that person they won't agree with,

0:41:27.380,0:41:30.520
I used to deal with that, but then, y'know[br]they're not willing to

0:41:30.520,0:41:33.560
deal with that anymore.

0:41:35.120,0:41:37.729
Privacy measures that people took.

0:41:37.959,0:41:42.730
Obviously in some cases people use Tor, we[br]talked to Tor users where that's possible

0:41:42.730,0:41:46.460
People also talk about avoiding posting[br]linking information and details

0:41:46.460,0:41:53.710
about who they are, not editing things[br]about y'know, their local things,

0:41:53.710,0:41:57.710
things only they would know, etc.

0:41:57.710,0:42:02.750
People talked about using Proxies or VPNs,[br]some people talked about HideMyAss,

0:42:02.750,0:42:08.470
editing from a public computer using[br]multiple accounts in some cases, and

0:42:08.470,0:42:18.590
using privacy browser plug ins and[br]safeguards like NoScript and Ghostery

0:42:18.590,0:42:23.540
We asked people, both Tor users and[br]not Tor users if they had used Tor,

0:42:23.540,0:42:27.359
what they thought of Tor, and there was[br]this person who said: "I tried using Tor,

0:42:27.359,0:42:31.249
I did, when I was younger, and everything[br]was so slow and terrible, I was just like

0:42:31.249,0:42:32.850
'so not worh it'."

0:42:32.850,0:42:38.470
And in fact a couple years ago, Tor was in[br]fact pretty slow - it's gotten better!

0:42:38.470,0:42:41.349
But the Tor users still talked about[br]bit about latencies, but

0:42:41.349,0:42:45.630
a lot of them talked about these issues of[br]CAPTCHAs, unusable website features,

0:42:45.630,0:42:47.940
the fact that it used to be slow...

0:42:47.940,0:42:51.920
and Wikipedians on Tor talked about it[br]being slow or too much trouble,

0:42:51.920,0:42:56.069
just the need to download the software and[br]connect to it every time... and people,

0:42:56.069,0:42:58.680
some people found it unnecessary.

0:42:58.680,0:43:04.569
There was some other interesting things[br]that came up.

0:43:04.569,0:43:06.250
Some people talked about how

0:43:06.250,0:43:09.440
they used information ?revelation?[br]as a defense mechanism.

0:43:09.440,0:43:14.559
This idea that, okay, I'm gonna give you[br]some information about me, so you can't

0:43:14.559,0:43:18.920
really dox me because that's my address[br]right there, or whatever.

0:43:18.920,0:43:23.740
But people talked also about the limits of[br]long term participation. A lot of people

0:43:23.740,0:43:28.670
that talked to us had started editing or[br]participating in online projects

0:43:28.670,0:43:32.680
as a relatively young teenager,[br]and a lot of people

0:43:32.680,0:43:37.450
start with things like fixing typos,[br]before they later become a member

0:43:37.450,0:43:40.630
of the arbitration committee, or something[br]like that.

0:43:40.630,0:43:44.460
It's hard to have this long term[br]perspective when you're first creating

0:43:44.460,0:43:48.650
your login name and you identity[br]and so on.

0:43:48.650,0:44:06.559
"Until it happens to you ...[br][[ see slide ]]

0:44:06.559,0:44:10.769
[[ see slide ]][br]... some serious thought."

0:44:11.849,0:44:17.400
As most good, ethnographic studies do, and[br]as this one was intended to do,

0:44:17.400,0:44:21.420
it sort of raises more questions[br]than answers.

0:44:21.420,0:44:23.190
That was our goal.

0:44:23.190,0:44:27.970
We're hoping... we learned that Tor users[br]and Wikipedians share some

0:44:27.970,0:44:32.480
privacy concerns, but they do have some[br]different perspectives.

0:44:32.480,0:44:36.019
And we did learn that some value of[br]participation is being lost when people

0:44:36.019,0:44:38.779
can't participate in a private way.

0:44:38.869,0:44:44.180
We'd like to use this work to do some[br]follow-up studies, and also perhaps

0:44:44.180,0:44:48.470
build a larger survey study so we can[br]learn more, see things that are more

0:44:48.470,0:44:53.400
quantitative about this work.

0:44:53.400,0:44:56.869
If you find this topic interesting, a[br]short plug for

0:44:56.869,0:44:59.250
the privacy enhancing technology symposium

0:44:59.250,0:45:02.779
which will be in July in Darmstadt.

0:45:02.779,0:45:06.369
We're not presenting this particular[br]work here, but there is a lot of

0:45:06.369,0:45:14.760
work on Tor, anonymity, privacy, so on[br]from the research community.

0:45:14.760,0:45:19.480
And I'd like to thank my co-authors,[br]Andrea Forte and Nazanin Andalibi,

0:45:19.480,0:45:25.400
our interview participants, the WIkimedia[br]foundation, the Tor project,

0:45:25.400,0:45:29.039
the National Science Foundation that[br]funded Andrea's and my participation

0:45:29.039,0:45:33.869
in this project, and all the people whose[br]images I've used in my slides...

0:45:33.869,0:45:36.900
so... Thanks![br]Any questions? Oh and by the way

0:45:36.900,0:45:42.949
I'll be here for the whole conference, so[br]you can find me afterwards if...

0:45:42.949,0:45:51.549
<i>applause</i>

0:45:51.549,0:45:56.510
Herald Angel: Thanks a lot, Rachel[br]Greenstadt. And so, we hopefully have

0:45:56.510,0:46:01.400
a few questions from you in the audience,[br]you can line behind the microphones

0:46:01.400,0:46:05.940
we have 4 of them here in the audience[br]and also in the back there are 2,

0:46:05.940,0:46:11.650
and we also have the Signal Angel present[br]but he didn't get any questions yet,

0:46:11.650,0:46:14.790
but maybe some comments or something?

0:46:14.790,0:46:16.819
Some feedback from the crowd on the[br]Internet?

0:46:16.819,0:46:18.660
Rachel Greenstadt: but there is somebody[br]with a... [inaudible]

0:46:18.660,0:46:23.369
Herald Angel: then let me immediately go[br]to the questions in the audience.

0:46:23.369,0:46:26.210
Herald Angel: We have microphone 2, please

0:46:26.210,0:46:32.900
HA: And, one second, can you please be[br]quiet if you go outside? Because that's

0:46:32.900,0:46:34.319
really rude.

0:46:34.319,0:46:39.139
Question: did you find out if Wikipedia[br]for example treats classical VPN or

0:46:39.139,0:46:40.769
proxies differently from Tor?

0:46:40.769,0:46:44.029
Rachel Greendstadt: If what?[br]Question: if they treat them differently

0:46:44.029,0:46:48.730
from Tor, so do they have the same policy[br]in place for blocking, let's say,

0:46:48.730,0:46:54.370
private VPN which can also be used to[br]change your IP with the click of a button,

0:46:54.370,0:46:59.239
if you want to bully someone but it might[br]offer less privacy than Tor, but if you

0:46:59.239,0:47:01.869
really only want to bully someone,[br]that might be enough.

0:47:01.869,0:47:06.240
Rachel Greenstadt: I think it depends,[br]is the answer.

0:47:06.240,0:47:12.349
The extensions that they have, they do[br]block a lot of things from IPs so I think

0:47:12.349,0:47:15.700
it depends on if there's been abuse[br]through that thing before,

0:47:15.700,0:47:20.480
they try and block open proxies, I think[br]some people said certain VPNs you can

0:47:20.480,0:47:23.400
still edit through, and some you couldn't,[br]it really depended.

0:47:23.400,0:47:28.010
Herald Angel: Thanks, microphone 1 please.

0:47:28.010,0:47:31.520
Question: Wikipedia is by no means an[br]isolated case, right?

0:47:31.520,0:47:34.569
RA: No, no[br]Question: And there's more and more

0:47:34.569,0:47:39.510
capability of blocking Tor exit nodes and[br]whatnot, so where's the project going?

0:47:39.510,0:47:43.529
I mean, the Great Firewall for example[br]could very well block all its users from

0:47:43.529,0:47:46.559
accessing Tor, right?[br]RA: It actually does.

0:47:46.559,0:47:52.279
So it blocks people from accessing Tor and[br]it blocks people from accessing Wikipedia,

0:47:52.279,0:47:56.140
in terms of the Tor project there are[br]mechanisms through using

0:47:56.140,0:48:01.960
pluggable transports and bridge addresses,[br]they can actually help people still

0:48:01.960,0:48:05.920
access Tor, and then they'll be able to[br]read Wikipedia, but then again

0:48:05.920,0:48:08.049
they won't be able to edit for these[br]reasons.

0:48:08.049,0:48:13.340
HA: So, again, we have 15 minutes of break[br]after this, so you can get out after this

0:48:13.340,0:48:16.359
and change the room, and please be[br]quiet if you really have to

0:48:16.359,0:48:20.439
leave the room already or if you come in[br]the room already. Thank you.

0:48:20.439,0:48:22.430
Now to the Signal Angel, please.

0:48:22.430,0:48:27.579
Signal Angel: There is one question from[br]the Internet, from ?Whyness?, he or she

0:48:27.579,0:48:31.829
is asking if there's actual a recorded[br]instance of someone attempting to

0:48:31.829,0:48:36.059
put a pipe bomb in the post[br]because of Wikipedia edits.

0:48:36.059,0:48:42.519
RA: I certainly don't have such[br]information. This was just

0:48:42.519,0:48:46.799
people telling us things that they were[br]concerned about, or things that

0:48:46.799,0:48:51.000
there had been threats that they'd[br]experienced.

0:48:51.000,0:48:54.369
Nobody that I know of specifically[br]mentioned that they experienced

0:48:54.369,0:48:55.369
a pipe bomb.

0:48:55.369,0:49:01.470
Signal Angel: And another question from[br]?a_monk?: if blocked Tor traffic

0:49:01.470,0:49:05.839
is a problem, why does the Tor project[br]publish the exit IP list, making it

0:49:05.839,0:49:08.329
easy to block?

0:49:08.329,0:49:16.000
RA: That would be a question for the Tor[br]people, my understanding of it is that

0:49:16.000,0:49:20.339
the Tor project does try and be a good[br]Internet citizen and they don't want to

0:49:20.339,0:49:26.650
encourage the kind of, sort of, arms race[br]that would happen with sort of...

0:49:26.650,0:49:30.349
people trying to like find all the exits,[br]and block them versus making it

0:49:30.349,0:49:34.479
just look, here it is, this is what's[br]going on, and... it's also very helpful

0:49:34.479,0:49:37.970
when you're running an exit node, to be[br]able to say, look, this thing is

0:49:37.970,0:49:42.819
an exit node and that's what was going on[br]when this thing happened

0:49:42.819,0:49:49.369
through my computer. So I think, y'know,[br]there's the ability of the exit relay

0:49:49.369,0:49:54.069
operators to be able to say what they're[br]doing is also an important concern.

0:49:54.069,0:49:59.119
Herald Angel: so there's standing someone[br]at microphone 5.

0:49:59.119,0:50:03.680
Question: You mentioned zero-knowledge[br]proofs in the beginning, is there any more

0:50:03.680,0:50:05.269
research on this?

0:50:05.269,0:50:13.269
RA: Uhm, yeah, so... If you look at the[br]research on Nymble

0:50:13.269,0:50:15.639
by Apu Kapadia, there's also some people

0:50:15.639,0:50:19.089
in Nick Hopper's group at the university[br]of Minnesota, there's also

0:50:19.089,0:50:24.169
Ryan Henry in Indiana University[br]that's done a lot of work on this

0:50:24.169,0:50:27.680
in Ian Goldberg's group at Waterloo,[br]those are the people that I would

0:50:27.680,0:50:32.359
look up in terms of anonymous blacklisting[br]schemes, and I'm sure I'm forgetting

0:50:32.359,0:50:35.700
some of them right now, so hopefully[br]they'll forgive me, but those are

0:50:35.700,0:50:37.430
good places to start.

0:50:37.430,0:50:41.799
Herald Angel: we have the next question at[br]microphone 1.

0:50:41.799,0:50:49.039
Question: Do you know if Wikipedia ever[br]thought about hashing IP addresses,

0:50:49.039,0:50:55.960
so that the contributions are still unique[br]but the users are anonymized?

0:50:57.610,0:51:02.029
RA: Nobody at WIkipedia talked to us about[br]that, so I do not know if they thought

0:51:02.029,0:51:04.089
about that or not.

0:51:04.089,0:51:10.559
Herald Angel: and the last comment or[br]question at the Signal Angel microphone.

0:51:10.559,0:51:14.859
Signal Angel: Thanks, not really a[br]question, more a comment...

0:51:14.859,0:51:22.359
"I just wanted to relate, indeed Wikipedia[br]blocking Tor is pretty concerned

0:51:22.359,0:51:28.750
also for Tor users because for instance,[br]the French Wikipedia articles about Tor

0:51:28.750,0:51:34.650
have very, very poor quality and lot of[br]people end up asking us questions about

0:51:34.650,0:51:39.930
Tor and are missing from because of that,[br]and I cannot fix it because I am not

0:51:39.930,0:51:44.500
willing to edit Wikipedia without Tor. And[br]that is also a pretty big issue I think."

0:51:44.500,0:51:49.109
RA: Yeah, so it would be interesting from[br]my perspective, using this to then look at

0:51:49.109,0:51:53.230
the articles, the types of articles about[br]Tor, about anonymous participation,

0:51:53.230,0:51:58.059
where we would suggest... we'd like to do[br]a bigger study, learn what articles about

0:51:58.059,0:52:03.130
that anonymous users would edit if they[br]were going to edit Wikipedia, and then

0:52:03.130,0:52:07.309
we could do an analysis like they did[br]about the movie sites to figure out

0:52:07.309,0:52:11.739
if these articles are in some way shorter[br]or of lower quality than other articles

0:52:11.739,0:52:13.970
because they're missing that perspective.

0:52:13.970,0:52:20.569
Herald Angel: Thank you Rachel, thank you[br]for the questions, and warm applause again

0:52:20.569,0:52:21.789
for Rachel GreenStadt.

0:52:21.959,0:52:23.700
<i>applause</i>

0:52:23.780,0:52:24.709
RA: Thanks

0:52:25.989,0:52:29.831
<i>tune playing</i>

0:52:29.831,0:52:37.000
subtitles created by c3subtitles.de[br]Join, and help us!