-
Rachel Greenstadt:
pressure on or from ISPs
-
would make it difficult or impossible
to run an exit relay
-
however the third point is the one that
I'm gonna mostly be talking about today:
-
Tor is not very useful if you can't
actually use it to get anywhere
-
and there is an increasing number of
prominent sites on the internet
-
that are restricting what you
can do through Tor
-
and in some cases Tor is outright blocked
-
and in other cases you're slowed down
by CAPTCHAs and other ways
-
to sort of make it annoying to visit
-
so a brief overview of my talk
-
I'm gonna give a little bit of
background on Tor
-
and discuss how it's being blocked by
internet services today
-
then I'm gonna talk about Wikipedia
-
which is a service or a website,
you may have heard of it
-
laughing
-
that makes it difficult to edit
through Tor
-
and I'm gonna talk about their
relationship
-
and then I'm gonna discuss some of the
findings that we have
-
from our interview-study of Tor users
and Wikipedians.
-
So here is some examples of some things
that you might see
-
when you are browsing with Tor these days.
-
Now, it's worth pointing out that a lot of
these are not individual sites
-
but rather content distribution networks,
like Cloudflare and Akamai
-
or they're hosting providers like Bluehost
or anti-spam-block-plugins
-
that sort of affects a huge, sort of swath
of sites on the internet, not just one.
-
There are some individual sites
-
say like Yelp, that provide their
own blocking
-
but they tend to be somewhat
important sites
-
So before I go any further
-
I should probably disclose that I'm not
exactly a neutral party here
-
I'm married to Roger Dingledine
-
who is one of the founders
of the Tor project
-
This work is part of a recent experiment
of mine, doing research related to Tor
-
while remaining happily married
-
so far so good!
-
furthermore, this work uses qualitative
ethnographic methods
-
which is a bit of a departure from the
machine learning work that I usually do
-
mitigating both of these factor is my
wonderful co-author, Andrea Forte
-
who is trained in ethnographic methods
-
and conducted all of the interview that
I'm going to talk to you about
-
So, when I was talking to Roger about this
talk, he said
-
most people at CCC will have heard of Tor
by now
-
I think that's probably true,
and they'll be aware that
-
and they'll be aware that it hides something
about you when you're browsing the Internet
-
but, they might be a bit fuzzy on some of
the details, so: very quick recap
-
When Alice starts up Tor, her client
starts by fetching a list of relays
-
from the directory server.
-
Then, the Tor client is gonna pick a
three-hop path to the destination server.
-
Hop 1 is gonna know who you are
but not where you're going.
-
Then Hop 3 knows where you're going
but not who you are.
-
Now there is a link encrypted
from you to hop 3,
-
and then hop 3,
which is the exit relay,
-
actually delivers your
request to a website.
-
Now this part is not encrypted by Tor
and as far as the website is concerned,
-
it is actually delivering a request from
the user at the exit relay
-
usually when Tor users receive the
blocking screens that I've showed earlier
-
it's because the website is blocking
the exit relay's IP address
-
so this can happen either because the site
is deliberately blocking tor
-
by downloading the directory and blocking
all of the Tor exit IP's
-
or because someone did something
unpleasant
-
through that exit relay in the past
-
and it was put on a blocklist incidentally
-
So there's been some research on this
phenomenon
-
and here's some cutting-edge research that
hasn't actually even been presented yet
-
it's going to be published in the NDSS
conference in February
-
by the people up here
-
and it's looking sort of quantitatively
about how prevalent
-
this blocking problem is.
-
We found that of the top 1000 Alexa
sites, 3.5% of them were actually blocked
-
for Tor users.
-
You can see on this list on the right:
most of the blocking is due to
-
aggregate blockers like these hosting
companies and CDNs
-
it's also the case that most of the sites
-
didn't actually
block 100% of the exit nodes
-
But the bigger the exit is bandwidth wise
-
thus the higher probability to be
exiting from it
-
the more likely it was to be blocked
-
so this graph shows of 2000 block sites
from Ooni data
-
given the exit node and how probable
it was
-
that that exit node would be blocked.
-
So one website that blocks Tor users
is Wikipedia
-
Now Wikipedia doesn't actually Tor users
from reading Wikipedia
-
which is very useful because it's a
resource that's important
-
for lots of people to be able to reach,
sometimes anonymously
-
but it does prevent them from editing.
-
That's true even if they're logged in.
-
So according to Wikipedia,
Wikipedia is a free access,
-
free content Internet encyclopedia
supported and hosted by the
-
non-profit Wikimedia Foundation
-
Those who can access this site can
edit most of its articles
-
and Wikipedia is ranked among the ten most
popular websites
-
and constitutes the Internet's largest and
most popular general reference work
-
So right now, y'know, from our vantage
point eight years...
-
since this quote in 2007
in probably about...
-
I'm not actually sure when Wikipedia was
founded, but some years after
-
it's hard to realize what a radical idea
Wikipedia once was
-
this encyclopedia that can be edited by,
well, almost anyone
-
in 2007 the New York Times said:
-
"The problem with WIkipedia is that it
only works in practice.
-
In theory, it can never work."
-
There's some sort of miracle,
that Wikipedia manages to be
-
the resource it is, and it's the sort of
thing that researchers
-
and economists have tried to explain
-
and they've tried to explain it in the
same way they explain
-
the Linux kernel
-
this thing happens and nobody quite knows
why
-
and it makes Wikipedians today a little
nervous about and conservative perhaps
-
about anything that could rock the boat,
affect the quality of the encyclopedia
-
but the fact is that Wikipedia needs its
contributors to continue to
-
update, expand and improve the resource
-
Wikipedia contributions peaked in 2007 and
have been in a slow and steady decline
-
so this graph above shows the number of
active registered editors
-
who've edited more than 5 edits per month
as plotted over time
-
and you can see this peak that happens
in 2007
-
the reasons behind this decline are
actually an active area of research
-
in their area of concern for the
Wikimedia foundation and so on
-
the upshot of it is that Wikipedia can't
exactly afford to
-
just throw away good editors.
-
Aside from the general decline in
participation
-
there's Wikipedia's sort of demographic
imbalance
-
Wikipedia editors are 84-91% male
-
depending on how you count
-
and there is also a lot of
under-representation
-
from global south countries
-
and there's been a little bit of research
to show how this affects the quality
-
of the encyclopedia.
-
There's a group of researchers from the
?Groveland's? group at
-
the university of Minnesota
and they were interested in this question
-
they had access to a database of movie-
ratings and the gender of the raters
-
so they compared the length of articles
about movies that were
-
disproportionately rated by men or women
while controlling for the popularity
-
and the rating of the movie
-
and in this case they showed that
male-skewing movies
-
had articles that were much longer than
articles about female-skewing movies
-
independent of these popularity and
rating effects.
-
Now, maybe articles about movies, it's
kind of a trivial thing,
-
but it kind of shows you that the editor
population affects article categories
-
that might be harder to measure
in such a rigorous way.
-
it made us wonder how the absence of
Tor user editors
-
affects the quality of the encyclopedia
-
and if there's a similar skew that you
might be able to see.
-
To help understand and answer this
question, it's worth asking
-
what a Wikipedian would
get out of using Tor.
-
This question is actually one that has
people kind of confused because
-
a lot of people see Tor as a tool that you
use to hide who you are to a website
-
and basically no one at Wikipedia is at
all interested
-
in letting Tor users Wikipedia without
logging in at all.
-
However Tor provides some benefits to
users, even when they're logged in
-
and thus not hiding from Wikipedia.
-
In particular it protects against certain
surveillance by your local ISP
-
or administrative domain, and it can also
protect against government surveillance.
-
Furthermore it prevents your IP-address
from being stored
-
in the Wikipedia database of user IPs that
can be accessed by administrators
-
and attackers.
-
We've all seen plenty of cases where
attackers get access
-
to databases they're not supposed to.
-
Another property that is probably more
easy to think about is reachability.
-
Internet connections could be censored,
and Tor might be the only method of
-
actually accessing Wikipedia.
-
And lastly a lot of Tor users use Tor for
all of their Internet use
-
as a mechanism to diversify the user base
and provide cover for and solidarity with
-
users that might need Tor for a
different purpose.
-
So participation in Internet projects and
open source projects can be dangerous.
-
Consider the case of Bassel Khartabil
-
who's a well-known Wikipedia editor,
open source software developer
-
and the founder of Creative Commons Syria.
-
He was jailed for three years and he's now
disappeared, a lot of people think he's dead
-
he's very well known for having founded
the New Palmyra project
-
which uses satellite and high-resolution
imagery to create open 3d models
-
of ancient structures.
-
Now these structures were raided by Daesh,
sometimes called ISIS, some time in 2015
-
and so this work that he's done is our
best record of these structures
-
that now exist.
-
In another case, Jimmy Wales announced in
2015 that the Wikipedian of the year could
-
not be revealed publicly, because to do so
would actually put the person in danger.
-
So, the Wikimedia foundation is also
aware that there are some cases
-
where editors need privacy.
-
So then, with all these risks, that
Wikipedians face, and the benefits
-
that Tor can provide,
why would it be blocked?
-
Well, it comes down to abuse.
-
The problem of jerks is a real problem
on the Internet.
-
Though the research is somewhat ambiguous
as to the degree at which it's actually
-
made worse by anonymity,
-
there's this very popular theory on the
Internet that if you take a normal person
-
and anonymity and an audience,
they become a total dickwad.
-
Nonetheless, managing abuse is actually
somewhat harder
-
with anonymous participants, and there's
certainly this perception that
-
anonymity can make people more
susceptible to abusive behavior.
-
Fortunately the cryptographic
research community has studied
-
how to reconcile anonymity and
blacklisting of users
-
and has found some pretty promising
solutions.
-
The first, which I'll discuss briefly here
is Apu Kapadia's Nymble design.
-
There have been many variants of this,
including Nymbler, ?Jackbenable?, Jack,
-
you get the idea.
-
Basically when Alice wants to contribute
anonymously to a website or a project
-
she uses a pseudonym server to get
a pseudonym.
-
Then she gives that 'nym to a
nym-manager
-
and that nym-manager
gives her a ticket.
-
That ticket is then used to connect to the
site she wants to participate on,
-
so it's another way to sort of distribute
the trust.
-
But our Alice is a jerk, so
she vandalizes the website.
-
The website then complains to the Nymble
manager which will then send the server
-
a token that can be used to link that user
in the future.
-
The server then adds the user to a
blacklist.
-
So basically the way that this works is
that everything the user has done
-
before the complaint still remains
anonymous forever,
-
but everything that they do in the future
is linkable
-
and thus it remains easier to block them.
-
There has basically been no adoption of
this kind of protocol,
-
despite a lot of iterations in the
literature.
-
There are some reasons for this:
-
many of the variants have no
implementation, and those that do
-
it's research code and as the author
of some research code...
-
I can tell you that there would be
significant work involved in
-
actually adopting these measures.
-
And there is a price to be paid. You have
pick between either having
-
a semi-trusted third party, degraded
notions of privacy,
-
so basically pseudonymity
rather than anonymity,
-
or high computational overhead
-
because zero-knowledge proofs are
still kind of expensive.
-
But it could well be done, and it's not
like you need all of these things,
-
you only need one,
-
but ultimately it isn't being done, and I
think this is because most sites
-
don't really care. They believe that the
number of non-jerks might not be zero,
-
but it's approximately zero,
and it's just not worth the bother.
-
So we're interested in measuring this
value of anonymous participation
-
to sort of provide motivation for sites to
actually try and solve these problems.
-
It's not a terribly easy thing to do,
because Tor is blocked so often
-
we're actually trying to measure
participation that doesn't happen,
-
that might happen under
alternate circumstances.
-
To ask this question we turned to
qualitative methods, which is
-
basically an interview study.
-
We talked to Tor users who participate in
open collaboration, and we talked to
-
Wikipedia editors about their privacy
concerns.
-
So we have two basic research questions:
-
first, what kind of threats do
contributors
-
to open collaboration projects perceive,
and second:
-
how do people who contribute to open
collaboration projects manage the risk?
-
The goal here is to get the kind of
in-depth and qualitative
-
understanding that will help us to ask
the right questions
-
in a larger scale study, and ensure that
we're solving the right problems
-
when we design systems to facilitate
anonymous participation in online projects
-
As ?Cera McDonald? Pikelet said:
-
"They're not anecdotes, that's small
batch artisanal data..."
-
So a little bit about our 23 participants
in our study
-
We had 12 participants that were Tor users
-
8 males, 3 females and 1 of fluid gender.
-
The minimum age was 18, the maximum age
was 41 and the average was 30.
-
3 people with a high school education, 4
current and graduated undergraduates
-
and 5 people with post-graduate degrees or
who were graduate students.
-
The location: 7 of the participants were
from the U.S. but we also had
-
participants from Australia, Belgium,
Canada, South Africa and Sweden.
-
For the Wikimedia participants, we had
again 8 males and 3 females.
-
Actually I think the demographics of Tor
and Wikimedia might not be too different.
-
The minimum age was 20 and the max was 53,
again the average was 30.
-
One didn't report their education level,
we had 8 people with bachelor's degrees
-
or undergraduate students, and 2 graduate
students or people with graduate degrees.
-
Again we had 5 participants from the U.S.,
but we also had participants from
-
Australia, France, Ghana, Israel
and the U.K. in this case.
-
So we didn't have - a lot of people talked
to us - we didn't have any participants
-
from places like Iran or China, though we
did have some Iranians who were
-
living in the U.S. who talked to us.
-
So types of participation
-
Obviously we had Wikipedians,
we sought them out
-
a number of the people that we talked
to, especially the Tor users
-
who actually contribute to
the Tor project in some way
-
but we asked people about their other
participation on the Internet,
-
especially Tor users, and we found that
there are a lot of people that participate
-
through adding web comments, participating
on forums, using Twitter...
-
contributing open source code to projects
on Github or Sourceforge
-
or other projects on the Internet, helping
with the Internet archive
-
or contributing to image boards...
to sites that do that.
-
So our interview protocol: we gave 20
dollars in compensation,
-
gift cards or cash.
-
30% of people declined this because we
would need to register their participation
-
if we give them compensation, and some
people didn't want there to be
-
as much of a record.
-
We spoke to people over the phone, using
Skype, using
-
various encrypted audio mechanisms,
one person was interviewed face to face.
-
The interviews were again conducted by
Andrea Forte
-
and we asked people to tell in-depth
stories and prompted them for detail.
-
Our analysis of this is ongoing, it's
not done,
-
we've transcribed all the interviews,
we've coded them to identify the themes
-
and we grouped and merged some of these
themes.
-
I'm going to talk to you about some of the
stuff that came out of this study,
-
give some quotes and things like that.
-
Interview topics.
-
For Tor users we asked them to explain Tor
and what it's for. We asked for some
-
current and retrospective examples of use,
-
the story of how and why they first
started using Tor,
-
and some examples of when they use Tor
online and when they don't use Tor online
-
and some questions about their
participation in online projects
-
and if they participate in Wikipedia we
asked them some of the Wikipedia questions
-
similarly with Wikipedia people who had
used Tor.
-
And there was some considerable overlap.
-
For Wikipedians we asked how and why they
started editing,
-
examples of privacy concerns associated
with their editing,
-
steps they may have taken to protect their
privacy when editing,
-
and examples of interactions with other
editors.
-
Now, there's some real limitations with
this work:
-
we may be missing participants with severe
privacy concerns.
-
Anybody who participate in this would have
talk to unknown parties
-
that they couldn't necessarily trust that
we were not going to do
-
any nefarious things with their interview.
-
They need to speak remotely over a
communications channel in most cases
-
we were willing to conduct some interviews
over various encrypted channels
-
such as Jitsi or really whatever people
wanted us to do,
-
as long as we could set it up.
-
Though we didn't mention Skype in our
recruitment materials,
-
and this actually caused a bit of a
kerfuffle on the Tor blog
-
when people were saying we clearly don't
understand Tor
-
and have no familiarity with the project
if we're even thinking of using Skype
-
I know a couple of Tor users and Tor
developers that use Skype, so...
-
but, y'know, we were willing to
use other things,
-
and we again didn't talk to residents of
Iran or China,
-
which is something that a lot of people
told us might be of interest.
-
So, what does anonymity actually mean to a
-
Wikipedian, was an interesting question.
Because it doesn't mean the same thing
-
that it usually means to a Tor user. So,
a lot of times when people talk about
-
anonymous edits in Wikipedia they mean
editing without logging in.
-
And this is actually called IP editing to
Wikipedians, because what happens when you
-
edit Wikipedia without logging in is that
the IP address is actually published
-
as the author of that edit.
-
The other thing that people mean when
they talk about editing anonymously is
-
editing under a synonymous account while
not leaving clues about your identity.
-
The notion of IP editing is somewhat
problematic.
-
This was an article from Buzzfeed about
-
the 33 most embarassing congressional
edits to member's Wikipedia pages.
-
The congressional offices in the U.S. all
share one IP address,
-
so you can simply search Wikipedia for
that IP address
-
and you can find people making revisions,
-
for example to the liberty caucus
Wikipedia site and so on.
-
So in terms of content-based anonymity,
according to the Wikipedians we talked to,
-
most deanonymisation is done actually by
contextual clues.
-
When people are outed as being this
pseudonymous Wikipedia person,
-
it's usually because somebody
looked up things.
-
There was a quote, someone said:
-
"these is small things but I usually
wouldn't edit things relating to my school
-
or places near where I lived
when I was logged in.
-
It's actually weirdly easy to piece
together someone's identity
-
based on the location or things like that"
-
So Tor, it's worth pointing out the limits
of what Tor can do
-
Tor is not gonna help with this particular
problem
-
it will hide your IP address
-
but not necessarily this.
-
What is the Wikipedia policy on Tor?
-
Mediawiki has a TorBlock extension, which
automatically blocks editing through Tor
-
Now, it's possible to actually get an
exemption,
-
what is called an IP block exemption, and
registered users in good standing
-
can ask for one.
-
The problem is, it's a little bit hard to
establish that standing
-
it requires editing without using Tor.
-
When pointed out that this is particularly
problematic for censored users,
-
because they can't access Wikipedia to
edit in the first place,
-
although they do provide some closed
proxies for Chinese users in particular,
-
there are a lot of censored users that
aren't Chinese but...
-
you can contact them to ask to use their
sort of secret proxies.
-
I don't know how well this actually works.
-
But we did ask our interviewees, can
Wikipedia be edited through Tor?
-
Which is an interesting question. So,
as a convention for the rest of the talk
-
when you see these blue boxes, they are
gonna be quotes from Wikipedians,
-
when you see the green boxes, they're
quotes from Tor users.
-
When we asked people, the WIkipedians
often said: if the account exists,
-
yes, when you're doing an anonymous edit
with Tor it's really difficult
-
they mean an IP edit there.
And then he said:
-
I had one that came
through the mailing list
-
in the last couple of weeks, and that
their employer had been
-
checking up on them... we allowed that.
-
So as an administrator I have a user bot
that allows me to get around that,
-
but as well as feeling bad about that,
other people don't have that option.
-
From a Tor user, we actually said: but
sometimes, like every so many exit nodes,
-
you sometimes one have works...
so many sites block Tor,
-
try to block it, it's quite annoying as
you're trying to do something.
-
So this person sort of... saw what... in
the research of blocking Tor,
-
not every exit node is blocked, so if
you're really determined to make that
-
anonymous edit, you can just keep clicking
'New Identity' and get there.
-
And then they said: we do sometimes let
people edit through them,
-
I know we have users in China coming
through the Great Firewall
-
and stuff like that.
-
So then ...
[[ audio cuts out for 4 seconds ]]
-
Tor user, y'know, well they...
[[ audio cuts out for 16 seconds ]]
-
[[ audio cuts out for 16 seconds ]]
-
[[ 5 seconds audio cut remaining ]]
-
...things like that.
-
So because you can change your IP address
with the click of a button,
-
it's very difficult to prevent abuse.
-
There's this sort of notion that maybe
it's important for vandalism,
-
but maybe that's a problem, and maybe
there should be something that be done.
-
So then, a lot of what asked people about
was sort of the threats
-
that they were concerned about, from a
data privacy perspective.
-
People talked about government threats,
businesses, organized crime,
-
private citizens, other project members,
and project outsiders.
-
When we group the threats, we found sort
of five or so big threats
-
that lots of people talked about, we had
twelve different instances of
-
people talking about surveillance concerns
or general concerns about
-
the loss of privacy.
-
Ten people talked specifically about the
loss of employment
-
or economic opportunity that might happen,
9 people talked about bullying,
-
harassment, intimidation, stalking,
this sort of thing.
-
Another 9 people talked about personal
safety, or the safety of their loved ones.
-
6 people that we talked to, talked about
reputation loss.
-
I'll get into these in more detail.
-
Surveillance.
-
Y'know, in my country there is basically
unknown surveillance going on
-
and I don't know what providers to use,
and at some point I decided to
-
use Tor for everything.
-
It's worth pointing out given the list of
countries I gave that
-
this isn't necessarily the list and...
I think you wouldn't get this list of
-
kinda quotes maybe before the Snowden
revelations about generalized surveillance
-
across the world.
-
A lot of people talked about how their
online activities were
-
being accessed or logged without their
consent, and especially among
-
Tor users there was this
notion of wanting to be
-
public by effort, but private by default.
-
And when you talk to Wikipedians, they
talked about their edit histories and how
-
the edit histories themselves might be
somewhat sensitive.
-
In terms of loss of employment...
-
many many employers now look at your
online footprint before they hire you.
-
According to Monster, one of the big
employment websites,
-
77% of employers google perspective
employees.
-
From a Tor user, we had someone talk about
"I am transgender, I am queer, my boss
-
would rant for hours about this kind of
person, that kind of person, the other
-
kind of person, all of which I happen to
be... and I decided if I was going to do
-
anything online at all, I better look into
options for protecting myself, because
-
I didn't want to get fired."
-
In Wikipedia, someone said: "A friend of
mine was also involved in this discussion
-
and he actually got it worse than I did.
He's in a position now where
-
anyone who googles him finds allegations
that he is this awful monster, and
-
he's terrified of having to look for work
now because you google him,
-
and that's what you find.
-
So these things can have a real impact
on people. So...
-
and then there is harassment. So this is
a quote from a Wikipedian who said:
-
"I would say that the fear of harassment
of real, of stalking and things like that
-
is quite substantial, at least among
administrators I know,
-
especially women."
-
From a Tor user there was someone who
talked about "this is a map
-
of active hate groups in the
United States"
-
and how they had experienced problems
with these hate groups in the past
-
and they wanted to see who was active in
their area, and they would
-
go to the websites of these hate groups
and sort of for obvious reasons
-
they didn't want their home IP address
to appear in the logs of these
-
hate group websites.
-
Safety of loved ones,
also personal safety.
-
A lot of people talked about, y'know,
real, concrete, not just threats but
-
things that had happened to them or to
people that they knew.
-
In Tor there is this story: they bursted
his door down and
-
they beat the ever living crap out of him.
He was hospitalized
-
for two and a half weeks, and they told
him: "if you and your family wanna live,
-
you're gonna have to stop causing trouble"
-
and they said that to him in farsee.
-
I have a family so after I visited him
in the hospital, I started...
-
well at first I started shaking, and I
went into a cold sweat
-
and then I realized I have to start taking
my human rights activities
-
into other identities through
the Tor network.
-
And on the Wikipedia side:
-
"I pulled back from some of that Wikipedia
work when I could no longer hide
-
in quite the same way. For a long time I
lived on my own, so it's just my own
-
personal risk I was taking with things,
now my wife lives here as well
-
and I can't take that same risk."
-
Lastly, people were concerned about
reputation loss.
-
In Wikipedia there has been known to be
edit wars that escalate into vendettas
-
here's a sort of example of an edit war
where y'know some user says:
-
"I hate big bitch Alison," who is then
blocked indefinitely by Alison.
-
People are worried about this sort of
thing escalating and then somebody
-
doing something off of the Internet to
call them names, or mess with their
-
reputation... and that would have a
negative effect on their life.
-
In Tor there is a couple interesting cases
that sort of concerns guilt by association
-
So there is someone who participates on
image boards,
-
on 8chan or infinite chan,
-
and I don't know if you guys are that
aware of this... it's sort of the place
-
which was kind of started by people that
were blocked by 4chan,
-
so it's the people that 4chan think are
kind of sketchy
-
laughter
-
and this person said: "Look, I stand
behind the material and the content that
-
I have created, but some people
on this site,
-
I wouldn't wanna be associated with them."
-
So, there is another person who talked
about "look I've created some online
-
resources about various pharmaceuticals,
but I don't wanna be very associated
-
with the community that posts stuff about
stuff like that.
-
So some other threats.
-
Some people talked about diminished
project quality.
-
In particular a lot of the Wikipedians
that we talked to
-
were somewhat prominent in the
Wikipedia project,
-
and in some respects had kind of achieved
some degree of like
-
rock star status as editors, if such
things can be.
-
They found it very difficult to edit
anymore because they'd edit a page
-
and that page hadn't received a lot of
attention but people would see that
-
they had edited it and there would be
sort of hordes of people that would
-
descend on that page, and mess with it.
-
And they found that they couldn't do that
without actually sort of harming the pages
-
that they were trying to edit.
-
Similarly, there were some Tor users who
were talked about, y'know,
-
not wanting to sort of... take credit for
their work because they were worried
-
they wouldn't have the credentials to be
taken seriously in various ways,
-
or things like that.
-
Only two people in our project actually
talked about worrying about
-
legal sort of sanctions, government
sanctions for their participation.
-
There were a lot of people that talked
about computer security concerns
-
which is not so much a privacy concern,
though it's very related, and I'm
-
going to talk about that because this
group might be interested.
-
On the Tor side, people liked to see
authentication properties
-
of .onion services. The idea that when
you go to a .onion website,
-
the address is self-authenticating, you
know where you're going.
-
But a lot of people who use Tor talked
about the general data hygiene idea
-
that there's sort of less data about them
in unknown websites,
-
in unknown databases of companies
because they don't leave as many
-
online footprints, and then you see all
these high profile break-ins that happen
-
and these databases get stolen, if you're
using Tor, maybe you're less likely
-
to be in those databases.
-
That was the idea there.
-
From Wikipedia a lot of people were
concerned about
-
their Wikipedia credentials.
-
They talked about not logging in on
public terminals and things like that,
-
in particular being concerned about the
security of administrative credentials
-
that have privileges to, for example, look
up the IP address of users who had edited
-
and things like that, which could
be abused.
-
So some concrete things that the people
were afraid of,
-
not a complete list:
-
having their head photoshopped onto porn,
something that happens
-
sometimes to editors...
-
being beaten up, actually a couple of Tor
people mentioned this;
-
being swatted;
receiving pipe bombs;
-
having fake information about them
published online.
-
Though there were people that said, look,
I don't really see a threat.
-
And some participants said they don't
perceive threats when they're contributing
-
but in a lot of cases they pointed out
that they enjoyed certain privileges
-
related to perhaps their gender, their
nationality, or the fact that
-
their interests were fairly mainstream.
-
So here's a quote:
"yeah I'm not that worried about it,
-
mainly because there's pretty good support
for some of these viewpoints,
-
kind of a mainstream discourse, and it's
not so radical, I don't think anyone's
-
going to be knocking down on my door.
-
But I've been in contact with activists
who have been engaged with
-
higher risk activities, and I do wonder
about, I do have concerns
-
about their welfare, and the desire they
have to have the tools to
-
be able to pursue their activities without
facing consequences."
-
So in contrast to the jerk theme, there
are a lot of people who run Tor
-
out of a sense of altruism, to provide
cover and solidarity.
-
Someone said, I appreciate the need for
protecting vulnerable people
-
around the world, so I run several relays,
some of them are exit relays,
-
some of them are middle relays, and I
run them around the world".
-
And someone else said:
"While you use it, you help
-
diversify the network for those who may be
subject to traffic monitoring, and you can
-
look up any information you like, whether
or not it's sensitive, and you'll get it,
-
and if you live in a place where it may
not be the greatest in legal standing
-
to look it up, you're able to find out
information."
-
So mitigating strategies, how did people
deal with this when they wanted to
-
participate in sites but they couldn't do
it through anonymous means, well,
-
some people modified their participation,
and I'll talk about some of
-
the chilling effects that we saw, and also
attempts to get anonymity in various ways
-
So, lost editors.
-
Several Tor users that we talked to,
actually mentioned that
-
they had edited Wikipedia and they no
longer edited it, or they edited it
-
less because of the difficulty of editing
through Tor.
-
There was someone who said:
"Basically I used to edit Wikipedia
-
prior to doing a lot of Tor, so yeah now
it's mostly reading... I used to
-
do a lot of editing for license design
and for like some open source licenses,
-
occasionally random forms and stuff that I
knew about, sometimes grammar.
-
And people talked to us in particular
about the chilling effects
-
of state surveillance, and in particular
the Snowden revelations.
-
In March of 2015 Wikimedia foundation
announced that it was
-
suing the National Security Agency.
-
We asked people about that, and
the Wikipedians, some of them said
-
"People aren't willing to engage with us
when they know their government is
-
watching their every move." And they
said that in particular they can show
-
that editing dropped off significantly on
certain articles
-
after the Upstream program was revealed.
-
Here's a quote from one of our Tor users
in the study that substantiates this.
-
"For the Edward Snowden page, I've pulled
myself away from adding
-
sensitive contributions, like different
references, because I thought
-
that made be traced back to me
in some way. But not refraining from
-
useful content I guess."
-
Though, of course, adding references is
one of the things that contributes to
-
the quality of articles and so on, and in
particular they said, articles about
-
national security things, about terrorism
and so on, people didn't edit as much
-
about these things anymore because they
were worried about ending up on a list.
-
The other major topic that was chilled was
articles about women's health.
-
So, here's a picture of a vacuum
aspiration abortion from the
-
Wikipedia abortion article and a couple
of people told us about how, "look, any
-
site that has to do with women or women's
issues is more contentiously edited,
-
is more likely of inflaming people,
getting into edit wars, than other sites."
-
There were a lot of trolls on the Internet
and there's a quote on the Internet:
-
"Trolls have called their bosses and been
like 'Do you know that your employee
-
was editing the clitoris article last
week?'"
-
They will do stuff like that.
-
So this means that, y'know, in particular
someone talked about "I was a medical
-
student, I had my obstetrics text book
open, I was looking at the abortion
-
article, I was thinking about making some
changes, but then I just
-
pulled myself back and said, y'know,
I don't need that in my life."
-
This is another area where privacy
concerns push back, cause people
-
to not necessarily do things...
-
And then there's this idea of a threshold
of participation, that the more involved
-
you are, the more active you are in a
project, the more likely you're actually
-
gonna encounter real problems.
-
People involved in curating content,
deleting things, promoting things,
-
arbitrating disputes, etc., they're going
to make enemies.
-
Some of these enemies are going to make
nasty threats,
-
and some of them are gonna act on them.
-
Here is another quote of somebody:
"As long as I have that pseudonym ...
-
"As long as I have that pseudonym ...
[[ see slide ]]
-
[[ see slide ]]
... that turns up when you do that."
-
People mention in particular, from the
Wikipedia side, that there were two sites:
-
Wikipediocracy and The Wikipedia Review,
where people have critiques of Wikipedia
-
and that people on these sites had done
threats and doxing of various people
-
on the arbitration committee.
-
Someone talked about "they found my
parents' home address, they found
-
one of my old phone numbers, they wrote a
blog post about all of these
-
horrible things I've done, and here's my
contact information,
-
and for a good time call... and when it's
on the Internet it doesn't die.
-
People that get to a certain level of
doing things, like handling abuse,
-
had problems.
-
So since I didn't have any privacy, I felt
limited in what I could do, I could still
-
write articles but blocking people
was something
-
I tried to avoid, since I didn't wanna
get angry phone calls.
-
So someone else also talked about
activities that they used to do,
-
but then after receiving threats and
things...
-
I used to check for use of the N-word, the
ruder of the two F-words, one or two other
-
things that were indicative of problems in
user space, and I deleted lots and lots of
-
attack pages which were fairly hot in
dealing with them when they would
-
turn up in article space, and when people
create a user account in somebody
-
else's name and say a bunch of things
about that person they won't agree with,
-
I used to deal with that, but then, y'know
they're not willing to
-
deal with that anymore.
-
Privacy measures that people took.
-
Obviously in some cases people use Tor, we
talked to Tor users where that's possible
-
People also talk about avoiding posting
linking information and details
-
about who they are, not editing things
about y'know, their local things,
-
things only they would know, etc.
-
People talked about using Proxies or VPNs,
some people talked about HideMyAss,
-
editing from a public computer using
multiple accounts in some cases, and
-
using privacy browser plug ins and
safeguards like NoScript and Ghostery
-
We asked people, both Tor users and
not Tor users if they had used Tor,
-
what they thought of Tor, and there was
this person who said: "I tried using Tor,
-
I did, when I was younger, and everything
was so slow and terrible, I was just like
-
'so not worh it'."
-
And in fact a couple years ago, Tor was in
fact pretty slow - it's gotten better!
-
But the Tor users still talked about
bit about latencies, but
-
a lot of them talked about these issues of
CAPTCHAs, unusable website features,
-
the fact that it used to be slow...
-
and Wikipedians on Tor talked about it
being slow or too much trouble,
-
just the need to download the software and
connect to it every time... and people,
-
some people found it unnecessary.
-
There was some other interesting things
that came up.
-
Some people talked about how
-
they used information ?revelation?
as a defense mechanism.
-
This idea that, okay, I'm gonna give you
some information about me, so you can't
-
really dox me because that's my address
right there, or whatever.
-
But people talked also about the limits of
long term participation. A lot of people
-
that talked to us had started editing or
participating in online projects
-
as a relatively young teenager,
and a lot of people
-
start with things like fixing typos,
before they later become a member
-
of the arbitration committee, or something
like that.
-
It's hard to have this long term
perspective when you're first creating
-
your login name and you identity
and so on.
-
"Until it happens to you ...
[[ see slide ]]
-
[[ see slide ]]
... some serious thought."
-
As most good, ethnographic studies do, and
as this one was intended to do,
-
it sort of raises more questions
than answers.
-
That was our goal.
-
We're hoping... we learned that Tor users
and Wikipedians share some
-
privacy concerns, but they do have some
different perspectives.
-
And we did learn that some value of
participation is being lost when people
-
can't participate in a private way.
-
We'd like to use this work to do some
follow-up studies, and also perhaps
-
build a larger survey study so we can
learn more, see things that are more
-
quantitative about this work.
-
If you find this topic interesting, a
short plug for
-
the privacy enhancing technology symposium
-
which will be in July in Darmstadt.
-
We're not presenting this particular
work here, but there is a lot of
-
work on Tor, anonymity, privacy, so on
from the research community.
-
And I'd like to thank my co-authors,
Andrea Forte and Nazanin Andalibi,
-
our interview participants, the WIkimedia
foundation, the Tor project,
-
the National Science Foundation that
funded Andrea's and my participation
-
in this project, and all the people whose
images I've used in my slides...
-
so... Thanks!
Any questions? Oh and by the way
-
I'll be here for the whole conference, so
you can find me afterwards if...
-
applause
-
Herald Angel: Thanks a lot, Rachel
Greenstadt. And so, we hopefully have
-
a few questions from you in the audience,
you can line behind the microphones
-
we have 4 of them here in the audience
and also in the back there are 2,
-
and we also have the Signal Angel present
but he didn't get any questions yet,
-
but maybe some comments or something?
-
Some feedback from the crowd on the
Internet?
-
Rachel Greenstadt: but there is somebody
with a... [inaudible]
-
Herald Angel: then let me immediately go
to the questions in the audience.
-
Herald Angel: We have microphone 2, please
-
HA: And, one second, can you please be
quiet if you go outside? Because that's
-
really rude.
-
Question: did you find out if Wikipedia
for example treats classical VPN or
-
proxies differently from Tor?
-
Rachel Greendstadt: If what?
Question: if they treat them differently
-
from Tor, so do they have the same policy
in place for blocking, let's say,
-
private VPN which can also be used to
change your IP with the click of a button,
-
if you want to bully someone but it might
offer less privacy than Tor, but if you
-
really only want to bully someone,
that might be enough.
-
Rachel Greenstadt: I think it depends,
is the answer.
-
The extensions that they have, they do
block a lot of things from IPs so I think
-
it depends on if there's been abuse
through that thing before,
-
they try and block open proxies, I think
some people said certain VPNs you can
-
still edit through, and some you couldn't,
it really depended.
-
Herald Angel: Thanks, microphone 1 please.
-
Question: Wikipedia is by no means an
isolated case, right?
-
RA: No, no
Question: And there's more and more
-
capability of blocking Tor exit nodes and
whatnot, so where's the project going?
-
I mean, the Great Firewall for example
could very well block all its users from
-
accessing Tor, right?
RA: It actually does.
-
So it blocks people from accessing Tor and
it blocks people from accessing Wikipedia,
-
in terms of the Tor project there are
mechanisms through using
-
pluggable transports and bridge addresses,
they can actually help people still
-
access Tor, and then they'll be able to
read Wikipedia, but then again
-
they won't be able to edit for these
reasons.
-
HA: So, again, we have 15 minutes of break
after this, so you can get out after this
-
and change the room, and please be
quiet if you really have to
-
leave the room already or if you come in
the room already. Thank you.
-
Now to the Signal Angel, please.
-
Signal Angel: There is one question from
the Internet, from ?Whyness?, he or she
-
is asking if there's actual a recorded
instance of someone attempting to
-
put a pipe bomb in the post
because of Wikipedia edits.
-
RA: I certainly don't have such
information. This was just
-
people telling us things that they were
concerned about, or things that
-
there had been threats that they'd
experienced.
-
Nobody that I know of specifically
mentioned that they experienced
-
a pipe bomb.
-
Signal Angel: And another question from
?a_monk?: if blocked Tor traffic
-
is a problem, why does the Tor project
publish the exit IP list, making it
-
easy to block?
-
RA: That would be a question for the Tor
people, my understanding of it is that
-
the Tor project does try and be a good
Internet citizen and they don't want to
-
encourage the kind of, sort of, arms race
that would happen with sort of...
-
people trying to like find all the exits,
and block them versus making it
-
just look, here it is, this is what's
going on, and... it's also very helpful
-
when you're running an exit node, to be
able to say, look, this thing is
-
an exit node and that's what was going on
when this thing happened
-
through my computer. So I think, y'know,
there's the ability of the exit relay
-
operators to be able to say what they're
doing is also an important concern.
-
Herald Angel: so there's standing someone
at microphone 5.
-
Question: You mentioned zero-knowledge
proofs in the beginning, is there any more
-
research on this?
-
RA: Uhm, yeah, so... If you look at the
research on Nymble
-
by Apu Kapadia, there's also some people
-
in Nick Hopper's group at the university
of Minnesota, there's also
-
Ryan Henry in Indiana University
that's done a lot of work on this
-
in Ian Goldberg's group at Waterloo,
those are the people that I would
-
look up in terms of anonymous blacklisting
schemes, and I'm sure I'm forgetting
-
some of them right now, so hopefully
they'll forgive me, but those are
-
good places to start.
-
Herald Angel: we have the next question at
microphone 1.
-
Question: Do you know if Wikipedia ever
thought about hashing IP addresses,
-
so that the contributions are still unique
but the users are anonymized?
-
RA: Nobody at WIkipedia talked to us about
that, so I do not know if they thought
-
about that or not.
-
Herald Angel: and the last comment or
question at the Signal Angel microphone.
-
Signal Angel: Thanks, not really a
question, more a comment...
-
"I just wanted to relate, indeed Wikipedia
blocking Tor is pretty concerned
-
also for Tor users because for instance,
the French Wikipedia articles about Tor
-
have very, very poor quality and lot of
people end up asking us questions about
-
Tor and are missing from because of that,
and I cannot fix it because I am not
-
willing to edit Wikipedia without Tor. And
that is also a pretty big issue I think."
-
RA: Yeah, so it would be interesting from
my perspective, using this to then look at
-
the articles, the types of articles about
Tor, about anonymous participation,
-
where we would suggest... we'd like to do
a bigger study, learn what articles about
-
that anonymous users would edit if they
were going to edit Wikipedia, and then
-
we could do an analysis like they did
about the movie sites to figure out
-
if these articles are in some way shorter
or of lower quality than other articles
-
because they're missing that perspective.
-
Herald Angel: Thank you Rachel, thank you
for the questions, and warm applause again
-
for Rachel GreenStadt.
-
applause
-
RA: Thanks
-
tune playing
-
subtitles created by c3subtitles.de
Join, and help us!
