Talk:No open proxies/Archives/2014

This is a b.s. policy that totally goes against the spirit of wiki. For example, pages are only blocked from anonymous users under the most stringent of conditions, and even then they are usually only blocked for at most a year.

Open proxies are, for most people, the only way to circumvent government censorship as they do not have the resources to make their own proxies. I strongly urge all of you to abandon this ridiculous policy and only block ip addresses and proxy addresses when absolutely necessary and only on a time limited basis. 68.104.139.226 05:31, 27 April 2014 (UTC)

If you want to circumvent government censorship the best way is not to contribute "anonymously" with an IP. The IP gives an entry to you even if you use an open proxy. Instead you should use an open proxy to *register* an account, make some minor edits from there that your goernment doesn't care about, then change to another proxy and logon there with your new account to mae any edits or visiting the politically-sensitive topics.

Make sure you are logged on in Wikimedia with your anonymizing account. Your IP will be hidden as well as the fact that you are logged on via a proxy, you'll look like any other regular user and this policy won't ham you.

The policy is there against spammers and abusers (and if they think they can abuse by registering an account, their abuse will still noted and detected by admins with CheckUser privilege (which have a string privacy statement, their role is just to confirm the identity of abusers only to correlate it with other edits made under various identities.

User accounts are there for your own protection, they are good for privacy (and you are completely free of the content you associate to it, you are not required to give your real name publicly, the account is just your pseudonym. Servers may still know this is you, but this info will not be made public (at least if you don't abuse the wikis in an harmful way). verdy_p (talk) 06:55, 28 April 2014 (UTC)

If the IP-proxy is hard-blocked (i.e., you can't edit even when logged in), then you can request an IP block exemption if you have a registered account. --Glaisher [talk] 08:36, 28 April 2014 (UTC)

I should have added this too. This is useful if you want to edit Wikimedia sites via the TOR network (connections come from a large set of randomized TOR exit nodes; independant of the TOR entry node you use to connect. If really your fear your governement, don't use a normal browser, but the special version of Firefox modified for TOR that filters out all privacy parameters notably those that may identify you: these parameters won't be detectable before they reach the TOR input node fro, your internet access when establishing the connection with the TOR network. It also ensures that it will really connect your browser to TOR and not to a filtering proxy giving you false security keys : this avoids "man-in-the-middle" attacks between you, and the output router of your local ISP to the Internet backbone.

Note that edits via TOR will be extremely slow, don't expect high performance, so you'll use it for limited interactions with Wikimedia that may be critical politically or your personal security (for example to post a photo to Wikimedia Commons of a political event forbidden by the local authorites, or if you have to send support data or documents for LGBT events or want a public return on these subjects).

Also Wikimedia should not forbid you to read any content even if you connect from an open proxy, unless that open proxy was blocked for everything due to attemps to use it to perform read-only DoS attacks against Wikiemdia servers (what is enforced here is not really specific to proxies but concerns any IP whose trafic of incoming requests is far above reasonnable quotas per connected "user" or IP; if you are blocked for this reason on that open proxy, select another one; or close your TOR session and reopen it so that your trafic will use another exit node; this is not a strict rule, such technical blocks may occur depending on the situation and performance of servers as experimented by the majority of users to protect their use of the sites; in some emergency situations, everyone could experience a temporayr blocking; but open proxies are much more likely to experience them).

Finally: never reuse the specific account you have used to connect to TOR via the secured browser, in order to connect directly with a normal IP. This account must remain secure and dissociated from your normal account.

Not all people use proxy to circumvent government censorship. Also, not all blocked sites are "related to politics".

Many foreigner believe that Chinese people use proxy only to bypass government censorship and find some information that is banned by the government. That is wrong. No one knows exactly how they make the black list, and many "unrelated sites" are banned for no reason. Some IP segments or service hosts are fully banned just because they contains one "harmful website".

I am fully confident that, even if the government knows what page I'm viewing, I will not be in any trouble. Open proxies are for people like me. And those who really want to hide from the government will definitely never use any open proxy.

Blocking open proxies will blocks users who do not care about politics, while still allowing those attackers make their own way.

For most people in China, trying to connect Wikipedia directly (without proxy, VPN, etc.)will only be transfer to a fake IP like 159.106.121.75, 37.61.54.158, 59.24.3.173 .

Actually these are real shared proxies, hosted by the Chinese ISPs themselves. Quite similar to proxies also used by Mobile ISPs around the world (most users of mobile internet connections do not have their own local IPv4 adress over GSM and CDMA networks, and are only granted a private IPv4 address such as 192.168.1.300 on their phones, tablets and mobile-access USB keys: some of them may still have an IPv6 address but this is very uncommon in Europe and America, and these internet connections only support a few protocols, including often only HTTP, HTTPS, IMAP, POP3, and DNS; all this passes through a "transparent" proxy; however for HTTPS this is more complex and it passes though a VPN created temporarily with a short life time).

However these shared IP used by proxies are not really "open proxies" because these IPS-run proxies are correctly tagging the proxyng status and are relaying some minimal identification information about their proxies subscriber. These shared IP are only associated to a user for some minutes and from specific ports (this is similar to internet connectin sharing in private home routers, except that these routers are run by the mobile ISP and are hosting many more users that operate independantly and don't know each other: however, unlike China, there's no active filtering of connections, but the proxied DNS is often "infected", notably on "non-wokring" domain names which are randomly redirected to a web page showing search results and advertizing; hosted on a search engine operated by the ISP; these ISPs are not always asking the permission for these redirections and frequently they fail on identifying domains that are perfectly active, but only a bit longer than usual to reply: these Mobile ISPS have created a NON-NEUTRAL Internet without clear permission from users, and users cannot always opt out from these redirections; in addition, these proxies are also keeping logs about domains interesting users, and about visited proxied URLs, to perform profiling for advertizing purpose; frequently these search results are also trying to convince users to visit a commercial portal sponsored by the ISP or by its paying advertizers; instead of the expected website users wanted to visit: This is really bad, and this deceptive practice on mobile accesses is parasitic, even if ISPs are promoting this as a service such as "internet assistant"; these redirects may also be legitimately be used to block sites that are really illegal or dangerous or hosting badwares; or performing attacks to users hosts or to other domains; but users cannot really opt out this "service" and the ISP could block and redirect a whole domain name instead of just a few dangerous pages in that domain, that could be detected by security software running on the visitor's host. In extreme cases, these redirects have been used against competitors of the ISP itself; or because the ISP had stability problems on a peering link from their backbone to other ISPs or to the global backbone, instead of investing on upgrading these links to support more trafic).

In summary, proxies are very common on the web, but we are concerned only by procxies that are totaly anonymizing and that do not operate any active monitoring of complains about their proxied users. We shoudl allow all proxies that are proving at least an identifier of their subscriber (i.e. some numeric user id that allows the proxy admin to perform actions against their few abusive users.) For that, the proxy MUST have a contact address and MUST accept reports of abuse and take ction in a reasonable time (this ation could be clocking these users when they are using the procy to connect to some domain they have abused, blocking emails sent, or blocking the user completely on all sites except a ISP support site; or downgrading severely the bandwidth used or the number of requests, or offering them only a read-only access via a webcache, or banning the user from their network and cancelling their subscription). If the proxy runner acts responsibly, it will investigate about complains and will act promptly to limit abuses and theuir users may then remain anonymous for us.

However, we should not block users that have successfully been connected with a Wikimedia user name and password and that are using HTTPS to secure their visits and edits, if we have no reason to think that the Wikimedia account has been compromized/stolen, even if they are logging on Wikimedia via any anonymizing proxies (including Tor exit nodes), unless these proxies are used directly to perform attacks on the secure Wikimedia logon pages.

So to support users in China, we should instruct them to use Tor to logon with a Wikimedia user account over a secure HTTPS connection. As long as these users are logged on, and using HTTPS; and using their Wikimedia account accoring to policies, they can edit safely (and it's still easier for us to block users with their identified user names.

But the problem is to create these Wikimedia accounts securely so that China cannot determine who owns or controls that Wikimedia account and track it back to an identifiable user. For that, we could have a network of trustable users (or local organizations) creating accounts for other people in private external contacts with these private users or local organizations. And this will work only if users are educated to not reveal too muc hdetails about themselves when using their Wikimedia account (one good way to avoid this leakage of information is to teach these users to limit their interaction with Wikimedia; notably in talk pages; unless these interactions are dangerous for them).

In summary this requires using "sockpuppets" responsibly and in a very limited way for a few edits and interaction, but using another non-anonymous user account for all the rest which is legal in China.

Users must also take special care about the kind of language they use (notably about their most common typographic errors, or typical expressions used, or about mixing too many topics of interest with their secured account). They should use grammatical correctors (but should be careful about mobile phones with autocorrections "learning" to repreduce their own errors: they should cleanup their local dictionnary regularly). They must also be careful about the use of very rare Chinese characters (in case of problems, they could rewrite words more or less phonetically and let other people outsde China make the substitutions/corrections).

They should learn to work in teams with a few contacts outside China. And they must be extremey careful about the content of their uploade photos if they contain geolocalization to their home or work, or for all their trips or if they show faces of real people, even those that they don't know, such as other students in an university, or a local policeman or merchant). For some politically sensible topics, it's best to work in teams and get help from other users located in other countries or from travelers not living locally in China, or living in other regions of China and with some freedom of movement in the country. They could work on texts in China but communicate their work to another trusted user of their choice that will insert these works online and will help protect their right and that are able to keep the secret about the identity of contacts they are helping.

But for most contents in Wikimedia, it is safe to edit directly in China, with a regular user account and without any advanced anomyzation through open proxies (they must shut up their other sensible activities or interests on their dissociated user account and should avoid syncing these topics of interest in a traceable history of time; they may speak lightly about the work performed by the other user account, as if this was not themselves but another person; ideally theu should use a different terminal or PC to avoid errors and revelations for their secondary secured online identity). verdy_p (talk) 03:47, 5 October 2014 (UTC)