Rachel Greenstadt:
pressure on or from ISPs
would make it difficult or impossible
to run an exit relay
however the third point is the one that
I'm gonna mostly be talking about today:
Tor is not very useful if you can't
actually use it to get anywhere
and there is an increasing number of
prominent sites on the internet
that are restricting what you
can do through Tor
and in some cases Tor is outright blocked
and in other cases you're slowed down
by CAPTCHAs and other ways
to sort of make it annoying to visit
so a brief overview of my talk
I'm gonna give a little bit of
background on Tor
and discuss how it's being blocked by
internet services today
then I'm gonna talk about Wikipedia
which is a service or a website,
you may have heard of it
laughing
that makes it difficult to edit
through Tor
and I'm gonna talk about their
relationship
and then I'm gonna discuss some of the
findings that we have
from our interview-study of Tor users
and Wikipedians.
So here is some examples of some things
that you might see
when you are browsing with Tor these days.
Now, it's worth pointing out that a lot of
these are not individual sites
but rather content distribution networks,
like Cloudflare and Akamai
or they're hosting providers like Bluehost
or anti-spam-block-plugins
that sort of affects a huge, sort of swath
of sites on the internet, not just one.
There are some individual sites
say like Yelp, that provide their
own blocking
but they tend to be somewhat
important sites
So before I go any further
I should probably disclose that I'm not
exactly a neutral party here
I'm married to Roger Dingledine
who is one of the founders
of the Tor project
This work is part of a recent experiment
of mine, doing research related to Tor
while remaining happily married
so far so good!
furthermore, this work uses qualitative
ethnographic methods
which is a bit of a departure from the
machine learning work that I usually do
mitigating both of these factor is my
wonderful co-author, Andrea Forte
who is trained in ethnographic methods
and conducted all of the interview that
I'm going to talk to you about
So, when I was talking to Roger about this
talk, he said
most people at CCC will have heard of Tor
by now
I think that's probably true,
and they'll be aware that
and they'll be aware that it hides something
about you when you're browsing the Internet
but, they might be a bit fuzzy on some of
the details, so: very quick recap
When Alice starts up Tor, her client
starts by fetching a list of relays
from the directory server.
Then, the Tor client is gonna pick a
three-hop path to the destination server.
Hop 1 is gonna know who you are
but not where you're going.
Then Hop 3 knows where you're going
but not who you are.
Now there is a link encrypted
from you to hop 3,
and then hop 3,
which is the exit relay,
actually delivers your
request to a website.
Now this part is not encrypted by Tor
and as far as the website is concerned,
it is actually delivering a request from
the user at the exit relay
usually when Tor users receive the
blocking screens that I've showed earlier
it's because the website is blocking
the exit relay's IP address
so this can happen either because the site
is deliberately blocking tor
by downloading the directory and blocking
all of the Tor exit IP's
or because someone did something
unpleasant
through that exit relay in the past
and it was put on a blocklist incidentally
So there's been some research on this
phenomenon
and here's some cutting-edge research that
hasn't actually even been presented yet
it's going to be published in the NDSS
conference in February
by the people up here
and it's looking sort of quantitatively
about how prevalent
this blocking problem is.
We found that of the top 1000 Alexa
sites, 3.5% of them were actually blocked
for Tor users.
You can see on this list on the right:
most of the blocking is due to
aggregate blockers like these hosting
companies and CDNs
it's also the case that most of the sites
didn't actually
block 100% of the exit nodes
But the bigger the exit is bandwidth wise
thus the higher probability to be
exiting from it
the more likely it was to be blocked
so this graph shows of 2000 block sites
from Ooni data
given the exit node and how probable
it was
that that exit node would be blocked.
So one website that blocks Tor users
is Wikipedia
Now Wikipedia doesn't actually Tor users
from reading Wikipedia
which is very useful because it's a
resource that's important
for lots of people to be able to reach,
sometimes anonymously
but it does prevent them from editing.
That's true even if they're logged in.
So according to Wikipedia,
Wikipedia is a free access,
free content Internet encyclopedia
supported and hosted by the
non-profit Wikimedia Foundation
Those who can access this site can
edit most of its articles
and Wikipedia is ranked among the ten most
popular websites
and constitutes the Internet's largest and
most popular general reference work
So right now, y'know, from our vantage
point eight years...
since this quote in 2007
in probably about...
I'm not actually sure when Wikipedia was
founded, but some years after
it's hard to realize what a radical idea
Wikipedia once was
this encyclopedia that can be edited by,
well, almost anyone
in 2007 the New York Times said:
"The problem with WIkipedia is that it
only works in practice.
In theory, it can never work."
There's some sort of miracle,
that Wikipedia manages to be
the resource it is, and it's the sort of
thing that researchers
and economists have tried to explain
and they've tried to explain it in the
same way they explain
the Linux kernel
this thing happens and nobody quite knows
why
and it makes Wikipedians today a little
nervous about and conservative perhaps
about anything that could rock the boat,
affect the quality of the encyclopedia
but the fact is that Wikipedia needs its
contributors to continue to
update, expand and improve the resource
Wikipedia contributions peaked in 2007 and
have been in a slow and steady decline
so this graph above shows the number of
active registered editors
who've edited more than 5 edits per month
as plotted over time
and you can see this peak that happens
in 2007
the reasons behind this decline are
actually an active area of research
in their area of concern for the
Wikimedia foundation and so on
the upshot of it is that Wikipedia can't
exactly afford to
just throw away good editors.
Aside from the general decline in
participation
there's Wikipedia's sort of demographic
imbalance
Wikipedia editors are 84-91% male
depending on how you count
and there is also a lot of
under-representation
from global south countries
and there's been a little bit of research
to show how this affects the quality
of the encyclopedia.
There's a group of researchers from the
?Groveland's? group at
the university of Minnesota
and they were interested in this question
they had access to a database of movie-
ratings and the gender of the raters
so they compared the length of articles
about movies that were
disproportionately rated by men or women
while controlling for the popularity
and the rating of the movie
and in this case they showed that
male-skewing movies
had articles that were much longer than
articles about female-skewing movies
independent of these popularity and
rating effects.
Now, maybe articles about movies, it's
kind of a trivial thing,
but it kind of shows you that the editor
population affects article categories
that might be harder to measure
in such a rigorous way.
it made us wonder how the absence of
Tor user editors
affects the quality of the encyclopedia
and if there's a similar skew that you
might be able to see.
To help understand and answer this
question, it's worth asking
what a Wikipedian would
get out of using Tor.
This question is actually one that has
people kind of confused because
a lot of people see Tor as a tool that you
use to hide who you are to a website
and basically no one at Wikipedia is at
all interested
in letting Tor users Wikipedia without
logging in at all.
However Tor provides some benefits to
users, even when they're logged in
and thus not hiding from Wikipedia.
In particular it protects against certain
surveillance by your local ISP
or administrative domain, and it can also
protect against government surveillance.
Furthermore it prevents your IP-address
from being stored
in the Wikipedia database of user IPs that
can be accessed by administrators
and attackers.
We've all seen plenty of cases where
attackers get access
to databases they're not supposed to.
Another property that is probably more
easy to think about is reachability.
Internet connections could be censored,
and Tor might be the only method of
actually accessing Wikipedia.
And lastly a lot of Tor users use Tor for
all of their Internet use
as a mechanism to diversify the user base
and provide cover for and solidarity with
users that might need Tor for a
different purpose.
So participation in Internet projects and
open source projects can be dangerous.
Consider the case of Bassel Khartabil
who's a well-known Wikipedia editor,
open source software developer
and the founder of Creative Commons Syria.
He was jailed for three years and he's now
disappeared, a lot of people think he's dead
he's very well known for having founded
the New Palmyra project
which uses satellite and high-resolution
imagery to create open 3d models
of ancient structures.
Now these structures were raided by Daesh,
sometimes called ISIS, some time in 2015
and so this work that he's done is our
best record of these structures
that now exist.
In another case, Jimmy Wales announced in
2015 that the Wikipedian of the year could
not be revealed publicly, because to do so
would actually put the person in danger.
So, the Wikimedia foundation is also
aware that there are some cases
where editors need privacy.
So then, with all these risks, that
Wikipedians face, and the benefits
that Tor can provide,
why would it be blocked?
Well, it comes down to abuse.
The problem of jerks is a real problem
on the Internet.
Though the research is somewhat ambiguous
as to the degree at which it's actually
made worse by anonymity,
there's this very popular theory on the
Internet that if you take a normal person
and anonymity and an audience,
they become a total dickwad.
Nonetheless, managing abuse is actually
somewhat harder
with anonymous participants, and there's
certainly this perception that
anonymity can make people more
susceptible to abusive behavior.
Fortunately the cryptographic
research community has studied
how to reconcile anonymity and
blacklisting of users
and has found some pretty promising
solutions.
The first, which I'll discuss briefly here
is Apu Kapadia's Nymble design.
There have been many variants of this,
including Nymbler, ?Jackbenable?, Jack,
you get the idea.
Basically when Alice wants to contribute
anonymously to a website or a project
she uses a pseudonym server to get
a pseudonym.
Then she gives that 'nym to a
nym-manager
and that nym-manager
gives her a ticket.
That ticket is then used to connect to the
site she wants to participate on,
so it's another way to sort of distribute
the trust.
But our Alice is a jerk, so
she vandalizes the website.
The website then complains to the Nymble
manager which will then send the server
a token that can be used to link that user
in the future.
The server then adds the user to a
blacklist.
So basically the way that this works is
that everything the user has done
before the complaint still remains
anonymous forever,
but everything that they do in the future
is linkable
and thus it remains easier to block them.
There has basically been no adoption of
this kind of protocol,
despite a lot of iterations in the
literature.
There are some reasons for this:
many of the variants have no
implementation, and those that do
it's research code and as the author
of some research code...
I can tell you that there would be
significant work involved in
actually adopting these measures.
And there is a price to be paid. You have
pick between either having
a semi-trusted third party, degraded
notions of privacy,
so basically pseudonymity
rather than anonymity,
or high computational overhead
because zero-knowledge proofs are
still kind of expensive.
But it could well be done, and it's not
like you need all of these things,
you only need one,
but ultimately it isn't being done, and I
think this is because most sites
don't really care. They believe that the
number of non-jerks might not be zero,
but it's approximately zero,
and it's just not worth the bother.
So we're interested in measuring this
value of anonymous participation
to sort of provide motivation for sites to
actually try and solve these problems.
It's not a terribly easy thing to do,
because Tor is blocked so often
we're actually trying to measure
participation that doesn't happen,
that might happen under
alternate circumstances.
To ask this question we turned to
qualitative methods, which is
basically an interview study.
We talked to Tor users who participate in
open collaboration, and we talked to
Wikipedia editors about their privacy
concerns.
So we have two basic research questions:
first, what kind of threats do
contributors
to open collaboration projects perceive,
and second:
how do people who contribute to open
collaboration projects manage the risk?
The goal here is to get the kind of
in-depth and qualitative
understanding that will help us to ask
the right questions
in a larger scale study, and ensure that
we're solving the right problems
when we design systems to facilitate
anonymous participation in online projects
As ?Cera McDonald? Pikelet said:
"They're not anecdotes, that's small
batch artisanal data..."
So a little bit about our 23 participants
in our study
We had 12 participants that were Tor users
8 males, 3 females and 1 of fluid gender.
The minimum age was 18, the maximum age
was 41 and the average was 30.
3 people with a high school education, 4
current and graduated undergraduates
and 5 people with post-graduate degrees or
who were graduate students.
The location: 7 of the participants were
from the U.S. but we also had
participants from Australia, Belgium,
Canada, South Africa and Sweden.
For the Wikimedia participants, we had
again 8 males and 3 females.
Actually I think the demographics of Tor
and Wikimedia might not be too different.
The minimum age was 20 and the max was 53,
again the average was 30.
One didn't report their education level,
we had 8 people with bachelor's degrees
or undergraduate students, and 2 graduate
students or people with graduate degrees.
Again we had 5 participants from the U.S.,
but we also had participants from
Australia, France, Ghana, Israel
and the U.K. in this case.
So we didn't have - a lot of people talked
to us - we didn't have any participants
from places like Iran or China, though we
did have some Iranians who were
living in the U.S. who talked to us.
So types of participation
Obviously we had Wikipedians,
we sought them out
a number of the people that we talked
to, especially the Tor users
who actually contribute to
the Tor project in some way
but we asked people about their other
participation on the Internet,
especially Tor users, and we found that
there are a lot of people that participate
through adding web comments, participating
on forums, using Twitter...
contributing open source code to projects
on Github or Sourceforge
or other projects on the Internet, helping
with the Internet archive
or contributing to image boards...
to sites that do that.
So our interview protocol: we gave 20
dollars in compensation,
gift cards or cash.
30% of people declined this because we
would need to register their participation
if we give them compensation, and some
people didn't want there to be
as much of a record.
We spoke to people over the phone, using
Skype, using
various encrypted audio mechanisms,
one person was interviewed face to face.
The interviews were again conducted by
Andrea Forte
and we asked people to tell in-depth
stories and prompted them for detail.
Our analysis of this is ongoing, it's
not done,
we've transcribed all the interviews,
we've coded them to identify the themes
and we grouped and merged some of these
themes.
I'm going to talk to you about some of the
stuff that came out of this study,
give some quotes and things like that.
Interview topics.
For Tor users we asked them to explain Tor
and what it's for. We asked for some
current and retrospective examples of use,
the story of how and why they first
started using Tor,
and some examples of when they use Tor
online and when they don't use Tor online
and some questions about their
participation in online projects
and if they participate in Wikipedia we
asked them some of the Wikipedia questions
similarly with Wikipedia people who had
used Tor.
And there was some considerable overlap.
For Wikipedians we asked how and why they
started editing,
examples of privacy concerns associated
with their editing,
steps they may have taken to protect their
privacy when editing,
and examples of interactions with other
editors.
Now, there's some real limitations with
this work:
we may be missing participants with severe
privacy concerns.
Anybody who participate in this would have
talk to unknown parties
that they couldn't necessarily trust that
we were not going to do
any nefarious things with their interview.
They need to speak remotely over a
communications channel in most cases
we were willing to conduct some interviews
over various encrypted channels
such as Jitsi or really whatever people
wanted us to do,
as long as we could set it up.
Though we didn't mention Skype in our
recruitment materials,
and this actually caused a bit of a
kerfuffle on the Tor blog
when people were saying we clearly don't
understand Tor
and have no familiarity with the project
if we're even thinking of using Skype
I know a couple of Tor users and Tor
developers that use Skype, so...
but, y'know, we were willing to
use other things,
and we again didn't talk to residents of
Iran or China,
which is something that a lot of people
told us might be of interest.
So, what does anonymity actually mean to a
Wikipedian, was an interesting question.
Because it doesn't mean the same thing
that it usually means to a Tor user. So,
a lot of times when people talk about
anonymous edits in Wikipedia they mean
editing without logging in.
And this is actually called IP editing to
Wikipedians, because what happens when you
edit Wikipedia without logging in is that
the IP address is actually published
as the author of that edit.
The other thing that people mean when
they talk about editing anonymously is
editing under a synonymous account while
not leaving clues about your identity.
The notion of IP editing is somewhat
problematic.
This was an article from Buzzfeed about
the 33 most embarassing congressional
edits to member's Wikipedia pages.
The congressional offices in the U.S. all
share one IP address,
so you can simply search Wikipedia for
that IP address
and you can find people making revisions,
for example to the liberty caucus
Wikipedia site and so on.
So in terms of content-based anonymity,
according to the Wikipedians we talked to,
most deanonymisation is done actually by
contextual clues.
When people are outed as being this
pseudonymous Wikipedia person,
it's usually because somebody
looked up things.
There was a quote, someone said:
"these is small things but I usually
wouldn't edit things relating to my school
or places near where I lived
when I was logged in.
It's actually weirdly easy to piece
together someone's identity
based on the location or things like that"
So Tor, it's worth pointing out the limits
of what Tor can do
Tor is not gonna help with this particular
problem
it will hide your IP address
but not necessarily this.
What is the Wikipedia policy on Tor?
Mediawiki has a TorBlock extension, which
automatically blocks editing through Tor
Now, it's possible to actually get an
exemption,
what is called an IP block exemption, and
registered users in good standing
can ask for one.
The problem is, it's a little bit hard to
establish that standing
it requires editing without using Tor.
When pointed out that this is particularly
problematic for censored users,
because they can't access Wikipedia to
edit in the first place,
although they do provide some closed
proxies for Chinese users in particular,
there are a lot of censored users that
aren't Chinese but...
you can contact them to ask to use their
sort of secret proxies.
I don't know how well this actually works.
But we did ask our interviewees, can
Wikipedia be edited through Tor?
Which is an interesting question. So,
as a convention for the rest of the talk
when you see these blue boxes, they are
gonna be quotes from Wikipedians,
when you see the green boxes, they're
quotes from Tor users.
When we asked people, the WIkipedians
often said: if the account exists,
yes, when you're doing an anonymous edit
with Tor it's really difficult
they mean an IP edit there.
And then he said:
I had one that came
through the mailing list
in the last couple of weeks, and that
their employer had been
checking up on them... we allowed that.
So as an administrator I have a user bot
that allows me to get around that,
but as well as feeling bad about that,
other people don't have that option.
From a Tor user, we actually said: but
sometimes, like every so many exit nodes,
you sometimes one have works...
so many sites block Tor,
try to block it, it's quite annoying as
you're trying to do something.
So this person sort of... saw what... in
the research of blocking Tor,
not every exit node is blocked, so if
you're really determined to make that
anonymous edit, you can just keep clicking
'New Identity' and get there.
And then they said: we do sometimes let
people edit through them,
I know we have users in China coming
through the Great Firewall
and stuff like that.
So then ...
[[ audio cuts out for 4 seconds ]]
Tor user, y'know, well they...
[[ audio cuts out for 16 seconds ]]
[[ audio cuts out for 16 seconds ]]
[[ 5 seconds audio cut remaining ]]
...things like that.
So because you can change your IP address
with the click of a button,
it's very difficult to prevent abuse.
There's this sort of notion that maybe
it's important for vandalism,
but maybe that's a problem, and maybe
there should be something that be done.
So then, a lot of what asked people about
was sort of the threats
that they were concerned about, from a
data privacy perspective.
People talked about government threats,
businesses, organized crime,
private citizens, other project members,
and project outsiders.
When we group the threats, we found sort
of five or so big threats
that lots of people talked about, we had
twelve different instances of
people talking about surveillance concerns
or general concerns about
the loss of privacy.
Ten people talked specifically about the
loss of employment
or economic opportunity that might happen,
9 people talked about bullying,
harassment, intimidation, stalking,
this sort of thing.
Another 9 people talked about personal
safety, or the safety of their loved ones.
6 people that we talked to, talked about
reputation loss.
I'll get into these in more detail.
Surveillance.
Y'know, in my country there is basically
unknown surveillance going on
and I don't know what providers to use,
and at some point I decided to
use Tor for everything.
It's worth pointing out given the list of
countries I gave that
this isn't necessarily the list and...
I think you wouldn't get this list of
kinda quotes maybe before the Snowden
revelations about generalized surveillance
across the world.
A lot of people talked about how their
online activities were
being accessed or logged without their
consent, and especially among
Tor users there was this
notion of wanting to be
public by effort, but private by default.
And when you talk to Wikipedians, they
talked about their edit histories and how
the edit histories themselves might be
somewhat sensitive.
In terms of loss of employment...
many many employers now look at your
online footprint before they hire you.
According to Monster, one of the big
employment websites,
77% of employers google perspective
employees.
From a Tor user, we had someone talk about
"I am transgender, I am queer, my boss
would rant for hours about this kind of
person, that kind of person, the other
kind of person, all of which I happen to
be... and I decided if I was going to do
anything online at all, I better look into
options for protecting myself, because
I didn't want to get fired."
In Wikipedia, someone said: "A friend of
mine was also involved in this discussion
and he actually got it worse than I did.
He's in a position now where
anyone who googles him finds allegations
that he is this awful monster, and
he's terrified of having to look for work
now because you google him,
and that's what you find.
So these things can have a real impact
on people. So...
and then there is harassment. So this is
a quote from a Wikipedian who said:
"I would say that the fear of harassment
of real, of stalking and things like that
is quite substantial, at least among
administrators I know,
especially women."
From a Tor user there was someone who
talked about "this is a map
of active hate groups in the
United States"
and how they had experienced problems
with these hate groups in the past
and they wanted to see who was active in
their area, and they would
go to the websites of these hate groups
and sort of for obvious reasons
they didn't want their home IP address
to appear in the logs of these
hate group websites.
Safety of loved ones,
also personal safety.
A lot of people talked about, y'know,
real, concrete, not just threats but
things that had happened to them or to
people that they knew.
In Tor there is this story: they bursted
his door down and
they beat the ever living crap out of him.
He was hospitalized
for two and a half weeks, and they told
him: "if you and your family wanna live,
you're gonna have to stop causing trouble"
and they said that to him in farsee.
I have a family so after I visited him
in the hospital, I started...
well at first I started shaking, and I
went into a cold sweat
and then I realized I have to start taking
my human rights activities
into other identities through
the Tor network.
And on the Wikipedia side:
"I pulled back from some of that Wikipedia
work when I could no longer hide
in quite the same way. For a long time I
lived on my own, so it's just my own
personal risk I was taking with things,
now my wife lives here as well
and I can't take that same risk."
Lastly, people were concerned about
reputation loss.
In Wikipedia there has been known to be
edit wars that escalate into vendettas
here's a sort of example of an edit war
where y'know some user says:
"I hate big bitch Alison," who is then
blocked indefinitely by Alison.
People are worried about this sort of
thing escalating and then somebody
doing something off of the Internet to
call them names, or mess with their
reputation... and that would have a
negative effect on their life.
In Tor there is a couple interesting cases
that sort of concerns guilt by association
So there is someone who participates on
image boards,
on 8chan or infinite chan,
and I don't know if you guys are that
aware of this... it's sort of the place
which was kind of started by people that
were blocked by 4chan,
so it's the people that 4chan think are
kind of sketchy
laughter
and this person said: "Look, I stand
behind the material and the content that
I have created, but some people
on this site,
I wouldn't wanna be associated with them."
So, there is another person who talked
about "look I've created some online
resources about various pharmaceuticals,
but I don't wanna be very associated
with the community that posts stuff about
stuff like that.
So some other threats.
Some people talked about diminished
project quality.
In particular a lot of the Wikipedians
that we talked to
were somewhat prominent in the
Wikipedia project,
and in some respects had kind of achieved
some degree of like
rock star status as editors, if such
things can be.
They found it very difficult to edit
anymore because they'd edit a page
and that page hadn't received a lot of
attention but people would see that
they had edited it and there would be
sort of hordes of people that would
descend on that page, and mess with it.
And they found that they couldn't do that
without actually sort of harming the pages
that they were trying to edit.
Similarly, there were some Tor users who
were talked about, y'know,
not wanting to sort of... take credit for
their work because they were worried
they wouldn't have the credentials to be
taken seriously in various ways,
or things like that.
Only two people in our project actually
talked about worrying about
legal sort of sanctions, government
sanctions for their participation.
There were a lot of people that talked
about computer security concerns
which is not so much a privacy concern,
though it's very related, and I'm
going to talk about that because this
group might be interested.
On the Tor side, people liked to see
authentication properties
of .onion services. The idea that when
you go to a .onion website,
the address is self-authenticating, you
know where you're going.
But a lot of people who use Tor talked
about the general data hygiene idea
that there's sort of less data about them
in unknown websites,
in unknown databases of companies
because they don't leave as many
online footprints, and then you see all
these high profile break-ins that happen
and these databases get stolen, if you're
using Tor, maybe you're less likely
to be in those databases.
That was the idea there.
From Wikipedia a lot of people were
concerned about
their Wikipedia credentials.
They talked about not logging in on
public terminals and things like that,
in particular being concerned about the
security of administrative credentials
that have privileges to, for example, look
up the IP address of users who had edited
and things like that, which could
be abused.
So some concrete things that the people
were afraid of,
not a complete list:
having their head photoshopped onto porn,
something that happens
sometimes to editors...
being beaten up, actually a couple of Tor
people mentioned this;
being swatted;
receiving pipe bombs;
having fake information about them
published online.
Though there were people that said, look,
I don't really see a threat.
And some participants said they don't
perceive threats when they're contributing
but in a lot of cases they pointed out
that they enjoyed certain privileges
related to perhaps their gender, their
nationality, or the fact that
their interests were fairly mainstream.
So here's a quote:
"yeah I'm not that worried about it,
mainly because there's pretty good support
for some of these viewpoints,
kind of a mainstream discourse, and it's
not so radical, I don't think anyone's
going to be knocking down on my door.
But I've been in contact with activists
who have been engaged with
higher risk activities, and I do wonder
about, I do have concerns
about their welfare, and the desire they
have to have the tools to
be able to pursue their activities without
facing consequences."
So in contrast to the jerk theme, there
are a lot of people who run Tor
out of a sense of altruism, to provide
cover and solidarity.
Someone said, I appreciate the need for
protecting vulnerable people
around the world, so I run several relays,
some of them are exit relays,
some of them are middle relays, and I
run them around the world".
And someone else said:
"While you use it, you help
diversify the network for those who may be
subject to traffic monitoring, and you can
look up any information you like, whether
or not it's sensitive, and you'll get it,
and if you live in a place where it may
not be the greatest in legal standing
to look it up, you're able to find out
information."
So mitigating strategies, how did people
deal with this when they wanted to
participate in sites but they couldn't do
it through anonymous means, well,
some people modified their participation,
and I'll talk about some of
the chilling effects that we saw, and also
attempts to get anonymity in various ways
So, lost editors.
Several Tor users that we talked to,
actually mentioned that
they had edited Wikipedia and they no
longer edited it, or they edited it
less because of the difficulty of editing
through Tor.
There was someone who said:
"Basically I used to edit Wikipedia
prior to doing a lot of Tor, so yeah now
it's mostly reading... I used to
do a lot of editing for license design
and for like some open source licenses,
occasionally random forms and stuff that I
knew about, sometimes grammar.
And people talked to us in particular
about the chilling effects
of state surveillance, and in particular
the Snowden revelations.
In March of 2015 Wikimedia foundation
announced that it was
suing the National Security Agency.
We asked people about that, and
the Wikipedians, some of them said
"People aren't willing to engage with us
when they know their government is
watching their every move." And they
said that in particular they can show
that editing dropped off significantly on
certain articles
after the Upstream program was revealed.
Here's a quote from one of our Tor users
in the study that substantiates this.
"For the Edward Snowden page, I've pulled
myself away from adding
sensitive contributions, like different
references, because I thought
that made be traced back to me
in some way. But not refraining from
useful content I guess."
Though, of course, adding references is
one of the things that contributes to
the quality of articles and so on, and in
particular they said, articles about
national security things, about terrorism
and so on, people didn't edit as much
about these things anymore because they
were worried about ending up on a list.
The other major topic that was chilled was
articles about women's health.
So, here's a picture of a vacuum
aspiration abortion from the
Wikipedia abortion article and a couple
of people told us about how, "look, any
site that has to do with women or women's
issues is more contentiously edited,
is more likely of inflaming people,
getting into edit wars, than other sites."
There were a lot of trolls on the Internet
and there's a quote on the Internet:
"Trolls have called their bosses and been
like 'Do you know that your employee
was editing the clitoris article last
week?'"
They will do stuff like that.
So this means that, y'know, in particular
someone talked about "I was a medical
student, I had my obstetrics text book
open, I was looking at the abortion
article, I was thinking about making some
changes, but then I just
pulled myself back and said, y'know,
I don't need that in my life."
This is another area where privacy
concerns push back, cause people
to not necessarily do things...
And then there's this idea of a threshold
of participation, that the more involved
you are, the more active you are in a
project, the more likely you're actually
gonna encounter real problems.
People involved in curating content,
deleting things, promoting things,
arbitrating disputes, etc., they're going
to make enemies.
Some of these enemies are going to make
nasty threats,
and some of them are gonna act on them.
Here is another quote of somebody:
"As long as I have that pseudonym ...
"As long as I have that pseudonym ...
[[ see slide ]]
[[ see slide ]]
... that turns up when you do that."
People mention in particular, from the
Wikipedia side, that there were two sites:
Wikipediocracy and The Wikipedia Review,
where people have critiques of Wikipedia
and that people on these sites had done
threats and doxing of various people
on the arbitration committee.
Someone talked about "they found my
parents' home address, they found
one of my old phone numbers, they wrote a
blog post about all of these
horrible things I've done, and here's my
contact information,
and for a good time call... and when it's
on the Internet it doesn't die.
People that get to a certain level of
doing things, like handling abuse,
had problems.
So since I didn't have any privacy, I felt
limited in what I could do, I could still
write articles but blocking people
was something
I tried to avoid, since I didn't wanna
get angry phone calls.
So someone else also talked about
activities that they used to do,
but then after receiving threats and
things...
I used to check for use of the N-word, the
ruder of the two F-words, one or two other
things that were indicative of problems in
user space, and I deleted lots and lots of
attack pages which were fairly hot in
dealing with them when they would
turn up in article space, and when people
create a user account in somebody
else's name and say a bunch of things
about that person they won't agree with,
I used to deal with that, but then, y'know
they're not willing to
deal with that anymore.
Privacy measures that people took.
Obviously in some cases people use Tor, we
talked to Tor users where that's possible
People also talk about avoiding posting
linking information and details
about who they are, not editing things
about y'know, their local things,
things only they would know, etc.
People talked about using Proxies or VPNs,
some people talked about HideMyAss,
editing from a public computer using
multiple accounts in some cases, and
using privacy browser plug ins and
safeguards like NoScript and Ghostery
We asked people, both Tor users and
not Tor users if they had used Tor,
what they thought of Tor, and there was
this person who said: "I tried using Tor,
I did, when I was younger, and everything
was so slow and terrible, I was just like
'so not worh it'."
And in fact a couple years ago, Tor was in
fact pretty slow - it's gotten better!
But the Tor users still talked about
bit about latencies, but
a lot of them talked about these issues of
CAPTCHAs, unusable website features,
the fact that it used to be slow...
and Wikipedians on Tor talked about it
being slow or too much trouble,
just the need to download the software and
connect to it every time... and people,
some people found it unnecessary.
There was some other interesting things
that came up.
Some people talked about how
they used information ?revelation?
as a defense mechanism.
This idea that, okay, I'm gonna give you
some information about me, so you can't
really dox me because that's my address
right there, or whatever.
But people talked also about the limits of
long term participation. A lot of people
that talked to us had started editing or
participating in online projects
as a relatively young teenager,
and a lot of people
start with things like fixing typos,
before they later become a member
of the arbitration committee, or something
like that.
It's hard to have this long term
perspective when you're first creating
your login name and you identity
and so on.
"Until it happens to you ...
[[ see slide ]]
[[ see slide ]]
... some serious thought."
As most good, ethnographic studies do, and
as this one was intended to do,
it sort of raises more questions
than answers.
That was our goal.
We're hoping... we learned that Tor users
and Wikipedians share some
privacy concerns, but they do have some
different perspectives.
And we did learn that some value of
participation is being lost when people
can't participate in a private way.
We'd like to use this work to do some
follow-up studies, and also perhaps
build a larger survey study so we can
learn more, see things that are more
quantitative about this work.
If you find this topic interesting, a
short plug for
the privacy enhancing technology symposium
which will be in July in Darmstadt.
We're not presenting this particular
work here, but there is a lot of
work on Tor, anonymity, privacy, so on
from the research community.
And I'd like to thank my co-authors,
Andrea Forte and Nazanin Andalibi,
our interview participants, the WIkimedia
foundation, the Tor project,
the National Science Foundation that
funded Andrea's and my participation
in this project, and all the people whose
images I've used in my slides...
so... Thanks!
Any questions? Oh and by the way
I'll be here for the whole conference, so
you can find me afterwards if...
applause
Herald Angel: Thanks a lot, Rachel
Greenstadt. And so, we hopefully have
a few questions from you in the audience,
you can line behind the microphones
we have 4 of them here in the audience
and also in the back there are 2,
and we also have the Signal Angel present
but he didn't get any questions yet,
but maybe some comments or something?
Some feedback from the crowd on the
Internet?
Rachel Greenstadt: but there is somebody
with a... [inaudible]
Herald Angel: then let me immediately go
to the questions in the audience.
Herald Angel: We have microphone 2, please
HA: And, one second, can you please be
quiet if you go outside? Because that's
really rude.
Question: did you find out if Wikipedia
for example treats classical VPN or
proxies differently from Tor?
Rachel Greendstadt: If what?
Question: if they treat them differently
from Tor, so do they have the same policy
in place for blocking, let's say,
private VPN which can also be used to
change your IP with the click of a button,
if you want to bully someone but it might
offer less privacy than Tor, but if you
really only want to bully someone,
that might be enough.
Rachel Greenstadt: I think it depends,
is the answer.
The extensions that they have, they do
block a lot of things from IPs so I think
it depends on if there's been abuse
through that thing before,
they try and block open proxies, I think
some people said certain VPNs you can
still edit through, and some you couldn't,
it really depended.
Herald Angel: Thanks, microphone 1 please.
Question: Wikipedia is by no means an
isolated case, right?
RA: No, no
Question: And there's more and more
capability of blocking Tor exit nodes and
whatnot, so where's the project going?
I mean, the Great Firewall for example
could very well block all its users from
accessing Tor, right?
RA: It actually does.
So it blocks people from accessing Tor and
it blocks people from accessing Wikipedia,
in terms of the Tor project there are
mechanisms through using
pluggable transports and bridge addresses,
they can actually help people still
access Tor, and then they'll be able to
read Wikipedia, but then again
they won't be able to edit for these
reasons.
HA: So, again, we have 15 minutes of break
after this, so you can get out after this
and change the room, and please be
quiet if you really have to
leave the room already or if you come in
the room already. Thank you.
Now to the Signal Angel, please.
Signal Angel: There is one question from
the Internet, from ?Whyness?, he or she
is asking if there's actual a recorded
instance of someone attempting to
put a pipe bomb in the post
because of Wikipedia edits.
RA: I certainly don't have such
information. This was just
people telling us things that they were
concerned about, or things that
there had been threats that they'd
experienced.
Nobody that I know of specifically
mentioned that they experienced
a pipe bomb.
Signal Angel: And another question from
?a_monk?: if blocked Tor traffic
is a problem, why does the Tor project
publish the exit IP list, making it
easy to block?
RA: That would be a question for the Tor
people, my understanding of it is that
the Tor project does try and be a good
Internet citizen and they don't want to
encourage the kind of, sort of, arms race
that would happen with sort of...
people trying to like find all the exits,
and block them versus making it
just look, here it is, this is what's
going on, and... it's also very helpful
when you're running an exit node, to be
able to say, look, this thing is
an exit node and that's what was going on
when this thing happened
through my computer. So I think, y'know,
there's the ability of the exit relay
operators to be able to say what they're
doing is also an important concern.
Herald Angel: so there's standing someone
at microphone 5.
Question: You mentioned zero-knowledge
proofs in the beginning, is there any more
research on this?
RA: Uhm, yeah, so... If you look at the
research on Nymble
by Apu Kapadia, there's also some people
in Nick Hopper's group at the university
of Minnesota, there's also
Ryan Henry in Indiana University
that's done a lot of work on this
in Ian Goldberg's group at Waterloo,
those are the people that I would
look up in terms of anonymous blacklisting
schemes, and I'm sure I'm forgetting
some of them right now, so hopefully
they'll forgive me, but those are
good places to start.
Herald Angel: we have the next question at
microphone 1.
Question: Do you know if Wikipedia ever
thought about hashing IP addresses,
so that the contributions are still unique
but the users are anonymized?
RA: Nobody at WIkipedia talked to us about
that, so I do not know if they thought
about that or not.
Herald Angel: and the last comment or
question at the Signal Angel microphone.
Signal Angel: Thanks, not really a
question, more a comment...
"I just wanted to relate, indeed Wikipedia
blocking Tor is pretty concerned
also for Tor users because for instance,
the French Wikipedia articles about Tor
have very, very poor quality and lot of
people end up asking us questions about
Tor and are missing from because of that,
and I cannot fix it because I am not
willing to edit Wikipedia without Tor. And
that is also a pretty big issue I think."
RA: Yeah, so it would be interesting from
my perspective, using this to then look at
the articles, the types of articles about
Tor, about anonymous participation,
where we would suggest... we'd like to do
a bigger study, learn what articles about
that anonymous users would edit if they
were going to edit Wikipedia, and then
we could do an analysis like they did
about the movie sites to figure out
if these articles are in some way shorter
or of lower quality than other articles
because they're missing that perspective.
Herald Angel: Thank you Rachel, thank you
for the questions, and warm applause again
for Rachel GreenStadt.
applause
RA: Thanks
tune playing
subtitles created by c3subtitles.de
Join, and help us!