793:
squeamish about the 'I violated your sister so that I could report to you about her vulnerabilities' logic, but, I don't believe the user had intentions except to advance understanding and to engage with the complex issues of the site. It sucks that the test disrupted things. It's worth asking if it's possible to make similar findings without such disruption. But maybe down the road it will prevent a much more serious attack from someone who has less benign motivations. The reality is that the smartest people in the coding community have bigger questions than whether something is NPOV. They want to push the boundaries of open systems, understand our relationship to technology, and ultimately make the whole thing stronger. I'm not suggesting we accept that blindly or give anyone who puts Cialis adds on the mainpage a free pass. But part of this work might make
Knowledge better, and the involvement of technically sophisticated users definitely will.
1841:, and not only does Knowledge need to benefit from the proposed experiment but it should be done with sensitivity to the community's feelings. Even better would have been to somehow include the volunteers affected by this experiment; a lot of important work gets done maintaining & improving Knowledge without any acknowledgment, let alone a sign of appreciation; getting their involvement in some manner would have made for a better situation all around. On a related note, doing something for the spam-fighters involved in this -- even just a number of written thank-you notes -- should have been one of the conditions A.W.'s advisor set for this experiment, & I would expect something far more expressive of not only A.W.'s but his university's thanks for participating in this. --
1732:
future can effectively experiment in as near a real-world scenario as possible but without exposing our readers to the experiment. I can appreciate why the experiment involved real users because it was desirable to measure the click-thru and potential income to be made. However, I'm not sure it was necessary; surely it would have been enough to simply know that the spam would display? Our vulnerability to spam would need to be closed without knowing about potential profit. On that basis I'm not sure why real users needed to be exposed and wonder why the experiment couldn't have stopped at a test wiki with follow-up reporting and collaboration with those who could plug the weakness. --
354:; the wikimedia-tech mailing list for any research relating in whole or in part to technical matters; and your faculty advisor and/or University's research ethics committee for any research that involves responses by humans, whether directly or as an indirect effect of the experiment. Please note that your recent research measured human responses to technical processes; you should be prepared to provide evidence that those aspects have been reviewed in advance of conducting any similar research.
181:, one of the affected articles), Chester Wisniewski, a senior security advisor at the company, described the vandalism, noting that the advertised site had an unusual appearance: "Unlike the usual spam for penis pills and cheap Canadian drugs that uses a couple of 'medical professionals' to promote the site, this campaign uses a photo of a satisfied couple" (he included a screenshot, too). Wisniewski's observations were quoted in news reports about the attacks that appeared on
575:
117:
107:
1498:
have spent time in black hat spammer forums --the spam world has its own little multinational ecosystem of players with various economic niches. Other volunteers have developed various tools and scripts for spotting, tracking and cleaning up spam. If nothing else, we're aware of many of our own vulnerabilities. For obvious reasons, we don't post everything we know online since we know some spammers read and disseminate stuff posted at
33:
127:
87:
137:
97:
90:
974:
draw unwanted media attention on him, his faculty and his school. No faculty adviser or future employer takes risks on people that'll embarrass them. Even if he covered his tracks better in the future, he'd still have to present his data and methods to his faculty -- they would not appreciate his having risking
2017:
This is simply exploitation. A.W. surreptitiously creates a situation where a whole load of volunteers spend their time dealing with his disruption, so that he can get academic brownie points. What is disturbing is the way ArbCom seem OK about this. On a transactional level A.W. gains both a data set
1672:
security of any major political figure, such as a head of state, without the knowledge of that government: at best, one might be let off with a warning, but more likely fined & imprisoned; at worst, the researcher would be killed. And in some countries, in a most horrible & painful manner. --
1671:
grounds for concluding one is acting in bad faith; testing
Knowledge's defenses in this manner & without warning anyone will only result in a vicious response, which will include targeting your reputation & the future of your career. I think a fair analogy to your actions would be testing the
1192:
Anyone who thinks that it's a "vulnerability" that
Knowledge can be edited freely should be banned forever, no matter how many college degrees they have. This is like someone stealing all the change from the charity jar to demonstrate how "weak" the honor system is. I see nothing but a fundamental
775:
As ArbCom mention, universities have ethics committees to make decisions on whether this kind of research is acceptable. Either, this researcher didn't get his research reviewed by the ethics committee or the ethics committee at his university is incompetent (he makes good arguments for why the users
457:
The experiments allowed us to obtain data that convincingly demonstrates (1) that
Knowledge is vulnerable to major spam attacks, which can be highly profitable to the perpetrators, and (2) that current protection mechanisms are insufficient. Having shown this, it was our intention to collaborate with
2064:
from my usual policy.) IMO if he's deliberately inflicted the need to revert X instances of vandalism on the community, or a sucked up a given number of editor-hours, then he needs to pay that back by fixing an equivalent amount himself. NB that IMO this is his debt, and he needs to pay it himself
1629:
Following this post, I will also contact ArbCom regarding what information I should share, with whom, and when. Pending that, I will in due time return to (1) engage those who have contacted me, (2) actively participate in discussions about what transpired, and (3) discuss how I plan to cooperate to
1497:
Conversely, A.W.'s research might have been more useful to him, his advisors and his university had he bothered to find out what these
Knowledge volunteers already know about spam. Collectively, we've spent 1000s of hours studying spammer patterns -- their motivations, their methods, etc. Some of us
1468:
I don't care if he has angel wings and a halo. Like the high school student who was caught shoplifting and told the judge he "was doing a research paper on shoplifting." The judge, the public defender and the prosecutor all had a big smile on their faces at hearing the explanation. In this case it
978:
reputations. They know any trail-masking scheme might fail and plenty of smart computer science experts also volunteer here. Too, major research universities have layers upon layers of oversight and disciplinary processes dealing with research integrity -- they'd not want the aggravation of tangling
973:
As for repeating his actions, he'd have to be an idiot. He just gets "one bite at the apple" on this one. If he gets caught again, ArbCom and the
Signpost might not be so gracious again in dealing with him discreetly. Even if they were, the community outcry would be so much greater as to inevitably
912:
Overlooking the actions of an admitted spammer who disruptively abused multiple accounts on the unspoken promise of some nebulous benefit to the project is no better than "indulging in a momentary feel-good flash of retribution". I would like to see a definable example of some good that can come out
1855:
Many editors who think they're helping build an encyclopedia will be unhappy to learn that they're being used like lab rats for a study which has more to do with open wiki anthropology than encyclopedia building. This said, if editors are told a study is being done, some might be happy to volunteer
856:
What's best for
Knowledge and Wikimedia? We indulge in a momentary feel-good flash of retribution and embarrassment for the researcher and his university? Or we find ways going forward to harness the outputs of a talented guy at one of the world's top computer science departments -- someone who has
512:
Our decision to engage in active measurement involved many considerations. Primarily, more passive strategies were believed to be inappropriate. For example, a proxy-based redirection of existing spam was considered. But, the nature of existing spam events is such that statistics would not speak to
1767:
I would say anything like that, which gobbles up volunteer time and good faith, would need to be done through wide consensus. This kind of thing can quickly become a very slippery slope. There may now be a need for both arbcom and WmF to let editors know if they're aware of anything else like this
1517:
Step One in academic research is to find out what's already been learned, then build on it rather than repeat it. Perhaps A.W.'s been communicating with others and I'm just not aware of it. Otherwise, he's wasted not just our time and resources but his own and that of his sponsors. The editors who
1428:
There should not be a coverup by
Knowledge or Signpost of misconduct by some graduate student who engaged in unethical conduct. Name the name, the institution, and the department. Let the chips fall where they may. It will be a lesson to him and his peers. ("I only hid in the washroom at the store
1277:
in the
Signpost Newsroom: Basically because of Google. There is indeed little point in trying to prevent the readers of this article from finding out (it would be easy even without the diffs), but that still left the question whether one wanted the article to turn up in a search for his full name.
2041:
with what happened--the terms of his unblocking were very specific and wouldn't permit a similar experiment. So it ultimately comes down to what is better for the community: making an example of someone who has made their academic quest understanding how to keep vandalism out of open systems or
1994:
I'm sorry that the "researcher" has such a limited view of harm to participants. Sure, he apparently didn't take money from people, but where do we go to get our time and energy back? It's like saying that a noisy, all-night party next door "didn't harm the neighborhood", because all it did was
1882:
To be fair, the usual way to progress this sort of issue in the wider world would be to complain directly to the university concerned, noting any breach of normal research practice and any damage being done to the institutional reputation of the university and the supervisors concerned. There are
1731:
I read this report feeling very angry about this experiment but, having read the other side of the argument, I am now more ambivalent. I'm pleased to see that some good should come out of it. Perhaps, as well as collaborating with AW, lots of thought should also be gone into about how someone in
884:
Obviously, his contributions could be valuable, but the Q&A with him posted in this article isn't very reassuring. The apology doesn't seem very sincere; it has the distinct flavor of "you should be thanking me" rather than "I promise to collaborate better next time." That's not to say I'm
528:
Objective data could not be obtained without these experiments and their non-consenting participants. Attempting to have participants “opt in” or “de-briefing” them after their participation presents both technical and practical difficulties. Opt-in procedures would bias user behavior. Given the
485:
Internal to the experiment, protections were taken to ensure no harm to participants (e.g., Knowledge users). Our external links took users to an online business under our control, a pharmacy. The payment functionality of this pharmacy was disabled, and therefore could only measure an “intent to
1331:
BanyanTree, I redacted the name in your comment. I see that logic, but if the signpost editors found it important to keep his name out of the article, you should establish consensus before correcting that problem yourself. (Note, if I'm missing something, and these comments aren't indexed by
1296:
I think redaction because of Google was a good idea and I support it 100%. I think this person has made a mistake but has also generated some powerful tools for
Knowledge in the past. Let's just move on and put him to work in useful areas. We need his future contributions more than he needs our
1111:
Resolute, the best predictor of what he can do for us in the future is what he's done for us in the past before this incident; see the comments by Ocaasi and phoebe above about the sophisticated tools he's developed for Knowledge (with support from his school) and his presentations to Wikimania
792:
Everything about this user's program, STiki (which really is excellent), his involvement with the global Knowledge community, and his straightforward follow-up to questions indicates that this was legitimate research from a serious researcher at a serious university. There's certainly something
449:
An economic study of spamming behaviors on Knowledge was conducted. That is, for a link addition (or group thereof), how many (1) see the link, (2) click the link (click-through), and (3) continue to make a purchase on the destination site (conversion). The net-profit of these sales can then be
1578:
I am not a developer, but perhaps we could put a limit on autoconfirmed-and-below's use of the write API, perhaps to only, say, 20 times per minute (one every three seconds) per IP or per user, rather than allowing just one of these users to post the same link to 172 articles in the space of 3
1621:
This is "A.W.", the researcher who led the aforementioned experiments. It is obvious this topic is the source of some controversy and for very good reasons. Since the publication of the Signpost article, I have been asked many questions; via (1) discussion pages, (2) my own talk page, and (3)
1712:
This whole silly and unprofessional exercise was akin to a child shoplifting and when caught explaining that "He was doing a research project on shoplifting," or someone trying to carry a gun onto a plane to "expose shortcomings in airport security." If such actions are taken without advance
1625:
I believe it to be in the best interest of all parties to not immediately address these queries. For the protection of WM/WP/WMF, the minutiae of my experiments should not be put into the public domain until the developers have protections ready. I'll note I have already provided my code to
536:
Some users have speculated that these experiments were the result of a mis-configuration of my anti-vandalism tool, STiki. I would like to clarify that this is not the case. STiki remains a safe tool, which is still under active development, and working hard to locate acts of vandalism on
758:
Agreed. This idiot should be treated like any other spammer: His account permanently blocked and his institution reported for the abuse of both our website and their resources. And, as noted, "W." might want to look into an ethics course in his next semester, as he is obviously lacking.
1489:
About 5 to 10 volunteers spend a lot of time dealing with spam problems here and on other Wikimedia projects. I may be wrong but I don't think A.W. communicated with any of us. It would have been helpful to us to have some input into A.W.'s research. We do not have the resources of an
640:
1358:
110:
1318:
ashamed of it on his behalf? Also, assuming that he wants to be known for his work (which is a general tendency among academics), bumping a page discussing his research up the Google ranking would appear to be a favor, since he currently is not a very prominent "A W". -
242:, a vandalism detection tool released earlier this year which relies on a "spatio-temporal analysis" of revision metadata and machine learning techniques. It has received praise by several of its users and was the topic of W.'s presentations at several conferences (
1809:
Speaking only for myself, and not the Committee as a whole, if we had an inkling of it beforehand, the Foundation would have been notified immediately (as things went, we worked with members of the WMF in an attempt to contain and determine the source of the issue)
1218:
jurisdiction then were at least the two faculty advisers who were “aware of motivations in these experiments” briefed in detail on what you were planning to do before you did it, and did they approve of the actions themselves (rather than merely the motivations)?
1794:
Yes and moreover, given it's WmF's privately owned website and they can do as they please with it, volunteers should be told if and when their time is being spent towards any ends other than those which are straightforwardly and unabashedly encyclopedia building.
529:“pipeline” nature of experiments, ex-post facto “de-briefing” is difficult, and may have forced us to sacrifice user anonymity. Additionally, our pharmacy collected a minimal amount of data about visitors – a level consistent with what most major websites measure.
257:
W.'s edits during the following days do not show a reaction to Versageek's note. On July 20, another heavy spam attack occured, inserting a message on top of many articles that read "Congratulations! Knowledge's one-billionth user. Click to collect your prize!".
298:
I have blocked this account (amongst others) for the recent issues with regards to recent tests done on Knowledge's articles. Please contact the Arbitration Committee via email at your earliest timeframe, to discuss this. SirFozzie (talk) 16:37, 21 July 2010
2037:? It's probably served hundreds of hours already. Academic brownie points is a low blow, even if his research also serves his education, we can benefit from it. Many a hacker has ultimately improved the systems they infiltrate. I don't think ArbCom is
1429:
and then climbed out the bathroom window with a bundle of cash because I was doing research on vulnerabilities of small retail establishments") Yeah, right. More accurately, someone had a gigantic ego and wanted to show off with the caper he could pull.
130:
776:
clicking on the spam needed to believe it was genuine, but he doesn't address the obvious question of why he didn't get permission from either the WMF or the community before doing anything). Either way, it's a problem that needs to be fixed. --
100:
140:
1521:
This has to be embarrassing for his school's computer science department. As annoyed as I am, at some level I feel sorry for this guy; I'm sure he has talent and promise and I hope for his sake this doesn't damage his career too much.
1534:
I should point out that there's no central place he could have talked to all of us together. That said, I'm not aware he made any effort whatsoever to speak with any of us - truly disappointing. I'd encourage him to remedy that soon.
1713:
agreement from an authority at the target (the Arb Com or some such body at Knowledge) then there should be no more leniency than if it were more tomfoolery by Grawp. Shame on "W" and his ethics committee, if he even consulted them.
1961:
too easily. And how many weeks ("due time"??) should I wait for him to respond to the message I left on his talk-page? I'm not asking him for technical advice on how to spam Knowledge; I want figure out what motivates this guy.
1469:
was a demonstration of immaturity, unprofessional conduct and bad judgment. If getting the appropriate response to this stunt hampers his career, so be it. Otherwise we only encourage others to abuse the trust of the community.
1998:
I like to believe that I'm a reasonable person: I think that for every editor-hour we spent responding to and cleaning up his "harmless" vandalism, this "researcher" owes the community an equivalent number of hours patrolling
410:
232:
Currently, I work on the Quantitative Trust Management (QTM) project under the advisement of , , and . My recent research has been on spam mitigation techniques, the prevention of vandalism on Knowledge, and spatio-temporal
477:
articles permits many users to see the link -- even under the assumption it will be reverted seconds later. Vulnerabilities in Knowledge make it trivial for users to obtain the privileges necessary to carry out such an
468:
To an end-user, we desired our experiments to appear consistent with what a truly malicious entity (i.e., a spammer) might attempt. In this manner, the click through and conversion rates we measured would be unbiased.
156:
Two heavy spam attacks on the English Knowledge last month have been traced back to a researcher at a U.S. university, in an affair that is likely to add to existing debates about the ethics of Knowledge research.
1025:
So what might "assume good faith" mean in this case? When I get in deep trouble, I become guarded in my remarks, too. I'm embarrassed. I'm running scared. I'm reluctant to go on the record until I know what to
838:
I normally take a hard line towards spam and vandalism. I am unimpressed with this incident (see my longer comments in a separate section below). Nevertheless, I think Ocassi's comments above are right on the
1409:
be endorsed by the institution's human ethics committee. This requirement, and that such endorsement is necessary but not sufficient before conducting the research, should be made clear to the instigators.
1238:
be endorsed by the institution's human ethics committee. This requirement, and that such endorsement is necessary but not sufficient before conducting the research, should be made clear to the instigators.
1836:
The requirement to ask for permission to do an experiment like this is separate from whether the WMF or the ArbCom should have given permission. I have no problem with them approving experiments like this
357:
his project , the Wikimedia Foundation, or an inter-project group charged with cross-site research be developed may establish global requirements for research which may supersede the requirements in (2)
409:, condition 3. refers to the possibility that the English Knowledge might develop a community process to oversee research, and to the Research Committee that the Wikimedia Foundation intends to form (see
1518:
involuntarily wasted their time on A.W.'s research probably don't appreciate it anymore than his school's faculty would enjoy one of us periodically knocking over their desks in the name of science.
431:), W. had requested to be granted this new right back then, but his application had been put on hold by the Foundation's Deputy Director Erik Möller, suggesting it should be handled by the community.
1598:
Note, it doesn't make sense to just rate limit the api, since bot users can also use the normal interface used by humans. Approved bots (with bot flag) don't have rate limits applied to them AFAIK.
1112:
and/or WikiSymposium (not sure which or if it was both). I think he's a safe bet not to cause problems again (see my comments above) and likely to continue doing good stuff for us going forward. --
1782:
Agreed, and I would challenge any assertion that ArbCom has the authority to allow anything like this. I would say only the WMF or the community itself is capable of approving such experiments.
341:
The Arbitration Committee has reviewed your block and the information you have submitted privately, and is prepared to unblock you conditionally. The conditions of your unblock are as follows:
425:
705:
That's a rather astounding display of unethical behaviour. Regardless of how good the tool is, I'd like to see some kind of permban enacted. This was unconscionable, and plain bizarre.
948:
Lt. Powers, I'm not sure how truly remorsefully he is either but I'm more interested in what he can do for us going forward than whether he's a nice guy Iwant dating a relative.
73:
1919:
Your actions were unethical and unprofessional. It is clear that you "just don't get it" that you violated both the expectations of Knowledge and of the academic community.
344:
You provide a copy of the code you used for your "research" to Danese Cooper, Chief Technical Officer and to any other developer or member of her staff whom she identifies.
169:) inserting the message "Want to be inches larger?" in large letters on top of many different articles, linking to an online shop. In a blog post for computer security firm
67:
1528:
1462:
619:
1355:
1546:
809:
This story was the first I've heard of this project, but A.W. is in fact a real researcher who I have met in person. See the STiki papers from this year's WikiSym. --
766:
753:
624:
614:
2074:
1819:
1777:
1758:
802:
2051:
1896:
1804:
1789:
1750:
An interesting question is if A.W. HAD asked first, would arbcom or the foundation permitted the experiment as it was undertaken on Knowledge and to what extent? --
1592:
1392:
655:
629:
1865:
1850:
1699:
1681:
1630:
create a more secure WP/WM. Until that time, please do not interpret my lack of communication as an act of bad faith. Thank you. -- A.W. 19:55, 17 August 2010 (UTC)
1341:
700:
1971:
1741:
1722:
1607:
1928:
1478:
1438:
1326:
1172:
368:
You must identify all accounts that are under your control by linking them to your main account. The accounts used in your July 2010 research will remain blocked.
2091:
1423:
1082:
920:
889:
120:
1287:
821:
725:
1856:
their good faith time to it while others will at least be able to stay away from making edits which don't match their own goals for how they spend their time.
1366:
1323:
863:
599:
2012:
1118:
2027:
1567:
1303:
1252:
785:
1883:
some lists of webpages covering Penn's ethics instructions above by A.B., but there are various other contacts one could pursue a grievance with, including
1667:
Although Gwen explained the matter quite succinctly & clearly, let me explain our concerns from another direction. Spamming Knowledge for any reason is
685:
609:
592:
1654:
1484:
1314:
I don't understand this reasoning at all. A. W. obviously doesn't think he did anything wrong. If he is content with the quality of his work, why is
544:
Finally, we apologize to the Knowledge community for any disruption caused, and reinforce that our intentions were for the betterment of the community.
267:
1320:
1274:
586:
52:
41:
2018:
and some cred, then trades the dataset with ArbCom, in order to cash in on more cred with little more than a slap on the wrist. This is not good!
1645:
Spamming the project was highly untowards, A.W., a wanton tinkering with the time and good faith of volunteer editors. Please don't do it again.
1444:
1228:
1202:
1357:
Note that Google's current cached version has BanyanTree's unredacted comment with A.W.'s full name; hopefully that will clear in a day or two:
1379:
than receiving a request to courtesy blank this whole page when it otherwise consists of feedback. Also to clarify in response to Banyantree,
214:
Checkuser results suggest that one of your linkspam related software tests may inadvertently be pointing to the English Knowledge rather than
1494:
university behind us and it might have been useful to point his research towards those particular challenges we've found especially vexing.
734:. Any sort of researcher in good conscience should have at the very least contacted somebody from Wikimedia before starting any experiments.
188:
1267:
2171:
2065:
in the coin that he used to create this debt. Making someone else more efficient is not the same thing as cleaning up the mess yourself.
1163:. I don't believe he gets it, but it may still be hoped that rational self-interest will lead him to behave responsibly notwithstanding. ~
676:
Has the university been contacted with ethics concerns? Has anyone verified that the supervisors have in fact supported this "research"? -
521:
pages. Further, a large quantity of such redirection events (somewhat disruptive) would have been required to obtain meaningful statistics.
191:
1383:
is not "ashamed of it on his behalf"; instead, and contrary to some people's views, we're not trying to be vindictive or punish people.
2107:
1573:
1051:
For all we know, he may not even have had a chance to talk to his faculty. Or they may be telling him what to say and what not to say.
1626:
developers -- and asked ArbCom to put me in contact with a developer so I can cooperate with them beyond the terms of my unblocking.
270:. Some suspected a PC virus infection ("My sister was searching on wikipedia and the following text came up in big red letters: ..."
247:
243:
660:
185:
361:
Any bots you develop for use on this project, whether for research or other purposes, must be reviewed by the Bot Approvals Group (
1450:
21:
2146:
667:
644:
200:
280:
2141:
2136:
421:
263:
325:
205:
2131:
2095:
166:
746:
305:
174:
383:
289:
691:
ArbCom told me that they are not aware whether the university or any of the advisors have been informed. Regards,
1989:
1503:
259:
1263:
Why redact the name of the guy who did this? It's easy enough to figure out from the links provided to diffs.
719:
500:
was not aware of these experiments. and were aware of my motivations in these experiments, and support them.
486:
purchase.” Further, the IP addresses of our visitors were not stored (our goal was to measure their quantity).
2126:
1579:
minutes (average of 57.3 posts per minute or one post every 1.05 seconds)? Clearly, we don't want to limit
574:
46:
32:
17:
1613:
318:
349:
You review any future research proposals with the following groups: the wikiresearch-L mailing list <
1499:
1215:
1208:
730:
I can't believe that ArbCom unbanned him! They just endorsed disruptive editing and completely ignored
716:
224:
2060:
That's nice, of course, but I'm feeling rather eye-for-an-eye over this, not eye-for-a-tooth. (It is
450:
compared to the cost of making the link additions, and an economic argument made about such behaviors.
2087:
1453:
and that this project intends to determine the scope and type of vandalism that occurs on wikipedia.
561:
1541:
1511:
2042:
taking full advantage of his abilities with the caveat that he not ignore Knowledge's guidelines.
1957:
I'm with Edison on this one; based on what I know of the situation, it looks like Andrew got off
985:
284:
266:
appear to have been troubled by the message, judging from the questions about it in web fora and
209:
the following on the talk page of an established user, under the heading "Misdirected Testing?":
2070:
2008:
681:
492:
3. Was one of your advisors (, , or ) aware of these actions, and if yes, did he approve them?
2023:
2000:
1388:
744:
2152:
2117:
1634:
227:'s Department of Computer and Information Science. On his university home page, he states:
160:
271:
8:
1967:
1861:
1815:
1800:
1773:
1756:
1737:
1695:
1650:
1537:
1168:
989:
178:
1892:
1786:
1588:
1458:
917:
763:
713:
2066:
2004:
1884:
1846:
1677:
1603:
1583:
bots in this manner, but it would cut down significantly on vandalbots and spambots.
1258:
677:
651:
309:
1211:
308:
of one of the accounts blocked by SirFozzie show a rapid succession of edits to the
2082:
2047:
2019:
1924:
1718:
1474:
1434:
1384:
1337:
987:
816:
798:
736:
434:
991:
203:
with the rationale "abusing multiple accounts for spamming - checkuser block" and
2034:
1687:
1418:
1247:
781:
731:
315:
The ArbCom later confirmed to the Signpost that W. had carried out both attacks.
239:
350:
2103:
1963:
1857:
1811:
1796:
1769:
1751:
1733:
1691:
1646:
1561:
1507:
1283:
1224:
1198:
1164:
696:
277:
197:
885:
suggesting retribution, but I'm not yet convinced he won't just do it again.
2165:
1888:
1783:
1584:
1454:
1264:
914:
886:
760:
708:
362:
1686:
A stark way of putting it, llywrch, but that's the pith. Yet another way is
1153:
1076:
The ball's in his court -- let's see what happens after the dust settles. --
424:
about the introduction of the "Researcher" user rights group last June (see
396:"I agree to these conditions, and offer a sincere apology to the community.
1842:
1673:
1599:
165:
The first attack occurred on July 14, with several autoconfirmed accounts (
1159:
993:
365:) in advance of use, unless otherwise approved by the WMF technical staff.
2043:
1920:
1714:
1470:
1430:
1333:
997:
810:
794:
458:
WP/WM/WMF on solutions to prevent truly malicious attacks of this nature.
464:
2. Why did you choose these particular forms of vandalism for your test?
439:
W. agreed to answer several questions about the affair to the Signpost:
1553:
I've seen it too. I don't know if I had reverted the additions though.
1524:
1491:
1411:
1362:
1299:
1240:
1114:
1078:
859:
857:
already made valuable contributions before this boneheaded incident? --
777:
1449:
It may be useful to note that the author of the study was a member of
2099:
1556:
1279:
1220:
1214:
approved this, then I say we should let it go. If it is exempt from
1194:
692:
251:
182:
150:
68:
Large scale vandalism revealed to be "study" by university researcher
560:, “Spamalytics: An Empirical Analysis of Spam Marketing Conversion”
979:
with them. (His school has labyrinth of web pages on the topic; a
1405:
University research that involves large-scale social provocation
1234:
University research that involves large-scale social provocation
995:
170:
1375:
I endorse that action - I think this is preferrable to us at
293:
the following comment on the talk page of W.'s main account:
351:
https://lists.wikimedia.org/mailman/listinfo/wiki-research-l
262:
of one of the autoconfirmed accounts used for the attack.)
312:
with the edit summary "an exploration into rate-limiting".
1193:
lack of clue, along with demonstrated malicious behavior.
506:
4. Any other comments you would like to make on the issue?
913:
of this that justifies letting W off the hook so easily.
223:
The account belongs to A. W., a doctoral student at the
215:
2092:
Knowledge:Knowledge Signpost/2011-09-26/Recent research
443:
1. What were your motives for carrying out these edits?
218:. Please check your settings & adjust accordingly.
665:If your comment has not appeared here, you can try
387:to the unblock offer ten minutes later, stating:
2163:
2033:Have you tried using his anti-vandalism program
175:Knowledge hacked - Footballers need help in bed?
1887:; or one could go directly to his supervisors.
238:W. is known to Wikipedians as the developer of
1637:comment added by A.W. 19:55, August 17, 2010
148:
329:the following statement on W.'s talk page:
1485:Re-inventing the wheel -- hubris or folly?
2115:Make sure we cover what matters to you –
2090:together with four other resarchers, cf.
1995:temporarily disrupt everyone's sleep.
1451:Knowledge:WikiProject Vandalism studies
1445:Knowledge:WikiProject Vandalism studies
668:
14:
2164:
51:
389:
334:
2172:Knowledge Signpost archives 2010-08
1151:The perpetrator's remarks are more
323:On August 11, ArbCom member Risker
27:
1574:Perhaps slow down use of write API
573:
283:a number of accounts for "Abusing
201:blocked a number of other accounts
53:
31:
28:
2183:
650:These comments are automatically
2096:m:Research:Newsletter/2011-09-26
1332:Google, please change it back).
135:
125:
115:
105:
95:
85:
2108:03:57, 29 September 2011 (UTC)
661:add the page to your watchlist
550:
13:
1:
1972:17:39, 1 September 2010 (UTC)
1690:, which is indeed blockable.
636:
18:Knowledge:Knowledge Signpost
7:
2075:23:47, 25 August 2010 (UTC)
2052:19:15, 24 August 2010 (UTC)
2028:09:33, 24 August 2010 (UTC)
2013:23:07, 23 August 2010 (UTC)
1929:22:36, 22 August 2010 (UTC)
1897:08:44, 21 August 2010 (UTC)
1866:20:47, 19 August 2010 (UTC)
1851:18:42, 19 August 2010 (UTC)
1820:15:44, 19 August 2010 (UTC)
1805:14:06, 19 August 2010 (UTC)
1790:13:48, 19 August 2010 (UTC)
1778:11:35, 19 August 2010 (UTC)
1759:10:30, 19 August 2010 (UTC)
1742:10:11, 19 August 2010 (UTC)
1723:02:59, 19 August 2010 (UTC)
1700:19:33, 18 August 2010 (UTC)
1682:15:56, 18 August 2010 (UTC)
1655:20:57, 17 August 2010 (UTC)
1608:00:11, 18 August 2010 (UTC)
1593:16:35, 17 August 2010 (UTC)
1568:00:24, 18 August 2010 (UTC)
1547:18:11, 17 August 2010 (UTC)
1529:14:08, 17 August 2010 (UTC)
1479:22:33, 22 August 2010 (UTC)
1463:13:46, 17 August 2010 (UTC)
1439:22:26, 22 August 2010 (UTC)
1424:07:50, 22 August 2010 (UTC)
1393:04:29, 18 August 2010 (UTC)
1367:12:16, 18 August 2010 (UTC)
1342:04:15, 18 August 2010 (UTC)
1327:03:04, 18 August 2010 (UTC)
1304:15:24, 17 August 2010 (UTC)
1288:14:04, 17 August 2010 (UTC)
1268:13:12, 17 August 2010 (UTC)
1253:07:53, 22 August 2010 (UTC)
1229:05:10, 20 August 2010 (UTC)
1203:19:11, 17 August 2010 (UTC)
1173:18:08, 17 August 2010 (UTC)
1119:17:35, 17 August 2010 (UTC)
1083:17:28, 17 August 2010 (UTC)
921:16:46, 17 August 2010 (UTC)
890:16:08, 17 August 2010 (UTC)
864:15:32, 17 August 2010 (UTC)
822:15:28, 17 August 2010 (UTC)
803:13:15, 17 August 2010 (UTC)
786:12:43, 17 August 2010 (UTC)
767:13:37, 17 August 2010 (UTC)
754:12:38, 17 August 2010 (UTC)
726:10:38, 17 August 2010 (UTC)
701:09:08, 17 August 2010 (UTC)
686:08:52, 17 August 2010 (UTC)
10:
2188:
1212:institutional review board
1209:University of Pennsylvania
405:As clarified by ArbCom to
225:University of Pennsylvania
2086:A.W. has now published a
264:Many readers of Knowledge
2088:related conference paper
268:on Knowledge's help desk
1990:No harm to participants
1839:on a case-by-case basis
196:Following the attacks,
658:. To follow comments,
578:
517:strategy that targets
276:On the following day,
36:
2001:Special:RecentChanges
1622:privately via email.
1618:Knowledge community,
577:
35:
654:from this article's
319:Resolving the affair
1614:Researcher Response
1512:Talk:Spam blacklist
1354:indexed by Google:
620:Features and admins
513:the economics of a
179:2010 FIFA World Cup
2118:leave a suggestion
1502:, its very active
645:Discuss this story
625:Arbitration report
615:WikiProject report
579:
473:link placement on
177:", a reference to
42:← Back to Contents
37:
1639:
999:
820:
751:
723:
669:purging the cache
630:Technology report
403:
402:
379:
378:
285:multiple accounts
47:View Latest Issue
2179:
2155:
2120:
1754:
1638:
1631:
1564:
1559:
1545:
1527:
1500:WikiProject Spam
1421:
1416:
1365:
1302:
1250:
1245:
1117:
1081:
984:
862:
814:
752:
743:
739:
724:
711:
672:
670:
664:
643:
597:
589:
582:
563:
554:
422:RfC announcement
420:According to an
390:
386:
335:
328:
292:
208:
153:
139:
138:
129:
128:
119:
118:
109:
108:
99:
98:
89:
88:
59:
57:
55:
2187:
2186:
2182:
2181:
2180:
2178:
2177:
2176:
2162:
2161:
2160:
2159:
2158:
2157:
2156:
2151:
2149:
2144:
2139:
2134:
2129:
2122:
2116:
2112:
2111:
2085:
1992:
1752:
1632:
1616:
1576:
1562:
1557:
1536:
1523:
1487:
1447:
1419:
1412:
1361:
1350:These comments
1298:
1297:retribution. --
1261:
1248:
1241:
1113:
1077:
858:
749:
742:
737:
706:
674:
666:
659:
648:
647:
641:+ Add a comment
639:
635:
634:
633:
590:
585:
583:
580:
566:
555:
551:
437:
382:
324:
321:
288:
204:
189:Spamfighter.com
163:
154:
147:
146:
145:
136:
126:
116:
106:
96:
86:
80:
77:
66:
62:
60:
50:
49:
44:
38:
26:
25:
24:
12:
11:
5:
2185:
2175:
2174:
2150:
2145:
2140:
2135:
2130:
2125:
2124:
2123:
2114:
2113:
2110:
2084:
2081:
2080:
2079:
2078:
2077:
2055:
2054:
1991:
1988:
1987:
1986:
1985:
1984:
1983:
1982:
1981:
1980:
1979:
1978:
1977:
1976:
1975:
1974:
1942:
1941:
1940:
1939:
1938:
1937:
1936:
1935:
1934:
1933:
1932:
1931:
1906:
1905:
1904:
1903:
1902:
1901:
1900:
1899:
1873:
1872:
1871:
1870:
1869:
1868:
1831:
1830:
1829:
1828:
1827:
1826:
1825:
1824:
1823:
1822:
1762:
1761:
1747:
1746:
1745:
1744:
1726:
1725:
1709:
1708:
1707:
1706:
1705:
1704:
1703:
1702:
1660:
1659:
1658:
1657:
1615:
1612:
1611:
1610:
1575:
1572:
1571:
1570:
1550:
1549:
1486:
1483:
1482:
1481:
1446:
1443:
1442:
1441:
1426:
1402:
1401:
1400:
1399:
1398:
1397:
1396:
1395:
1373:
1372:
1371:
1370:
1369:
1309:
1308:
1307:
1306:
1291:
1290:
1260:
1257:
1256:
1255:
1190:
1189:
1188:
1187:
1186:
1185:
1184:
1183:
1182:
1181:
1180:
1179:
1178:
1177:
1176:
1175:
1134:
1133:
1132:
1131:
1130:
1129:
1128:
1127:
1126:
1125:
1124:
1123:
1122:
1121:
1096:
1095:
1094:
1093:
1092:
1091:
1090:
1089:
1088:
1087:
1086:
1085:
1063:
1062:
1061:
1060:
1059:
1058:
1057:
1056:
1055:
1054:
1053:
1052:
1038:
1037:
1036:
1035:
1034:
1033:
1032:
1031:
1030:
1029:
1028:
1027:
1012:
1011:
1010:
1009:
1008:
1007:
1006:
1005:
1004:
1003:
1002:
1001:
960:
959:
958:
957:
956:
955:
954:
953:
952:
951:
950:
949:
934:
932:
931:
930:
929:
928:
927:
926:
925:
924:
923:
901:
900:
899:
898:
897:
896:
895:
894:
893:
892:
873:
872:
871:
870:
869:
868:
867:
866:
847:
846:
845:
844:
843:
842:
841:
840:
829:
828:
827:
826:
825:
824:
790:
789:
788:
773:
772:
771:
770:
769:
747:
649:
646:
638:
637:
632:
627:
622:
617:
612:
607:
602:
600:News and notes
596:
587:16 August 2010
584:
572:
571:
570:
569:
565:
564:
548:
547:
546:
540:
539:
532:
531:
524:
523:
508:
507:
503:
502:
496:
495:
489:
488:
481:
480:
465:
461:
460:
453:
452:
445:
444:
436:
433:
401:
400:
397:
394:
377:
376:
373:
370:
369:
366:
359:
355:
347:
339:
332:
320:
317:
302:
301:
236:
235:
221:
220:
162:
159:
144:
143:
133:
123:
113:
103:
93:
82:
81:
78:
72:
71:
70:
69:
64:
63:
61:
58:
54:16 August 2010
45:
40:
39:
30:
29:
15:
9:
6:
4:
3:
2:
2184:
2173:
2170:
2169:
2167:
2154:
2148:
2143:
2138:
2133:
2128:
2119:
2109:
2105:
2101:
2097:
2093:
2089:
2076:
2072:
2068:
2063:
2059:
2058:
2057:
2056:
2053:
2049:
2045:
2040:
2036:
2032:
2031:
2030:
2029:
2025:
2021:
2015:
2014:
2010:
2006:
2002:
1996:
1973:
1969:
1965:
1960:
1956:
1955:
1954:
1953:
1952:
1951:
1950:
1949:
1948:
1947:
1946:
1945:
1944:
1943:
1930:
1926:
1922:
1918:
1917:
1916:
1915:
1914:
1913:
1912:
1911:
1910:
1909:
1908:
1907:
1898:
1894:
1890:
1886:
1881:
1880:
1879:
1878:
1877:
1876:
1875:
1874:
1867:
1863:
1859:
1854:
1853:
1852:
1848:
1844:
1840:
1835:
1834:
1833:
1832:
1821:
1817:
1813:
1808:
1807:
1806:
1802:
1798:
1793:
1792:
1791:
1788:
1785:
1781:
1780:
1779:
1775:
1771:
1766:
1765:
1764:
1763:
1760:
1757:
1755:
1749:
1748:
1743:
1739:
1735:
1730:
1729:
1728:
1727:
1724:
1720:
1716:
1711:
1710:
1701:
1697:
1693:
1689:
1685:
1684:
1683:
1679:
1675:
1670:
1666:
1665:
1664:
1663:
1662:
1661:
1656:
1652:
1648:
1644:
1643:
1642:
1641:
1640:
1636:
1627:
1623:
1619:
1609:
1605:
1601:
1597:
1596:
1595:
1594:
1590:
1586:
1582:
1569:
1566:
1565:
1560:
1552:
1551:
1548:
1543:
1539:
1533:
1532:
1531:
1530:
1526:
1519:
1515:
1513:
1509:
1505:
1501:
1495:
1493:
1480:
1476:
1472:
1467:
1466:
1465:
1464:
1460:
1456:
1452:
1440:
1436:
1432:
1427:
1425:
1422:
1417:
1415:
1408:
1404:
1403:
1394:
1390:
1386:
1382:
1378:
1374:
1368:
1364:
1359:
1356:
1353:
1349:
1348:
1347:
1346:
1345:
1344:
1343:
1339:
1335:
1330:
1329:
1328:
1325:
1322:
1317:
1313:
1312:
1311:
1310:
1305:
1301:
1295:
1294:
1293:
1292:
1289:
1285:
1281:
1276:
1272:
1271:
1270:
1269:
1266:
1254:
1251:
1246:
1244:
1237:
1233:
1232:
1231:
1230:
1226:
1222:
1217:
1213:
1210:
1205:
1204:
1200:
1196:
1174:
1170:
1166:
1162:
1161:
1156:
1155:
1150:
1149:
1148:
1147:
1146:
1145:
1144:
1143:
1142:
1141:
1140:
1139:
1138:
1137:
1136:
1135:
1120:
1116:
1110:
1109:
1108:
1107:
1106:
1105:
1104:
1103:
1102:
1101:
1100:
1099:
1098:
1097:
1084:
1080:
1075:
1074:
1073:
1072:
1071:
1070:
1069:
1068:
1067:
1066:
1065:
1064:
1050:
1049:
1048:
1047:
1046:
1045:
1044:
1043:
1042:
1041:
1040:
1039:
1024:
1023:
1022:
1021:
1020:
1019:
1018:
1017:
1016:
1015:
1014:
1013:
998:
996:
994:
992:
990:
988:
986:
982:
977:
972:
971:
970:
969:
968:
967:
966:
965:
964:
963:
962:
961:
947:
946:
945:
944:
943:
942:
941:
940:
939:
938:
937:
936:
935:
922:
919:
916:
911:
910:
909:
908:
907:
906:
905:
904:
903:
902:
891:
888:
883:
882:
881:
880:
879:
878:
877:
876:
875:
874:
865:
861:
855:
854:
853:
852:
851:
850:
849:
848:
837:
836:
835:
834:
833:
832:
831:
830:
823:
818:
812:
808:
807:
806:
805:
804:
800:
796:
791:
787:
783:
779:
774:
768:
765:
762:
757:
756:
755:
750:
745:
741:
740:
733:
729:
728:
727:
721:
718:
715:
710:
704:
703:
702:
698:
694:
690:
689:
688:
687:
683:
679:
671:
662:
657:
653:
642:
631:
628:
626:
623:
621:
618:
616:
613:
611:
608:
606:
603:
601:
598:
594:
588:
581:In this issue
576:
568:
562:
559:
553:
549:
545:
542:
541:
538:
534:
533:
530:
526:
525:
522:
518:
514:
510:
509:
505:
504:
501:
498:
497:
494:
491:
490:
487:
483:
482:
479:
474:
470:
466:
463:
462:
459:
455:
454:
451:
447:
446:
442:
441:
440:
432:
430:
428:
423:
418:
416:
414:
408:
398:
395:
392:
391:
388:
385:
374:
372:
367:
364:
360:
356:
352:
348:
346:
343:
342:
340:
337:
336:
333:
330:
327:
316:
313:
311:
307:
306:contributions
300:
296:
295:
294:
291:
286:
282:
279:
274:
272:
269:
265:
261:
255:
253:
249:
245:
241:
234:
230:
229:
228:
226:
219:
217:
212:
211:
210:
207:
202:
199:
194:
192:
190:
186:
184:
183:Softpedia.com
180:
176:
172:
168:
161:The incidents
158:
152:
142:
134:
132:
124:
122:
114:
112:
104:
102:
94:
92:
84:
83:
75:
56:
48:
43:
34:
23:
19:
2067:WhatamIdoing
2061:
2038:
2016:
2005:WhatamIdoing
1997:
1993:
1958:
1838:
1668:
1628:
1624:
1620:
1617:
1580:
1577:
1554:
1520:
1516:
1496:
1488:
1448:
1413:
1406:
1381:The Signpost
1380:
1377:The Signpost
1376:
1351:
1316:The Signpost
1315:
1262:
1242:
1235:
1206:
1191:
1158:
1152:
980:
975:
933:
735:
678:David Gerard
675:
605:Spam attacks
604:
593:all comments
567:
557:
552:
543:
535:
527:
520:
516:
511:
499:
493:
484:
476:
472:
467:
456:
448:
438:
426:
419:
412:
411:last week's
407:The Signpost
406:
404:
380:
371:
345:
331:
322:
314:
303:
297:
275:
256:
237:
231:
222:
213:
195:
164:
155:
151:Tilman Bayer
65:Spam attacks
2153:Suggestions
2098:. Regards,
2020:Harrypotter
1669:prima facie
1633:—Preceding
1563:the highway
1385:Ncmvocalist
738:bahamut0013
652:transcluded
610:In the news
233:reputation.
1768:going on.
1492:Ivy League
1273:As I said
817:talk to me
537:Knowledge.
79:Share this
74:Contribute
22:2010-08-16
2147:Subscribe
1964:Stepheng3
1858:Gwen Gale
1812:SirFozzie
1797:Gwen Gale
1770:Gwen Gale
1734:bodnotbod
1692:Gwen Gale
1647:Gwen Gale
1508:Meta-wiki
1504:talk page
1278:Regards,
1259:Redaction
1165:Ningauble
656:talk page
435:Interview
278:SirFozzie
252:Wikimania
216:test wiki
198:Versageek
2166:Category
2142:Newsroom
2137:Archives
2083:Epilogue
2035:WP:STiki
1889:Hchc2009
1688:WP:Point
1635:unsigned
1585:Bk314159
1581:approved
1455:Remember
1154:apologia
983:sample:
732:WP:POINT
709:Huntster
429:coverage
427:Signpost
415:coverage
413:Signpost
121:LinkedIn
101:Facebook
20: |
1843:llywrch
1674:llywrch
1600:Bawolff
1275:earlier
1207:If the
1160:apology
556:Kanich
519:popular
515:blatant
478:attack.
475:popular
471:Blatant
384:reacted
310:Sandbox
287:" and
281:blocked
260:Example
248:Wikisym
244:Eurosec
187:and on
167:example
111:Twitter
2044:Ocaasi
1921:Edison
1715:Edison
1542:enwiki
1514:page.
1471:Edison
1431:Edison
1420:(talk)
1334:Ocaasi
1321:Banyan
1265:Powers
1249:(talk)
887:Powers
839:money.
811:phoebe
795:Ocaasi
558:et al.
363:WP:BAG
358:above.
326:posted
206:posted
171:Sophos
131:Reddit
91:E-mail
2132:About
1544::~$
1525:A. B.
1363:A. B.
1300:A. B.
1157:than
1115:A. B.
1079:A. B.
981:small
976:their
860:A. B.
778:Tango
748:deeds
353:: -->
299:(UTC)
240:STiki
16:<
2127:Home
2104:talk
2100:HaeB
2071:talk
2048:talk
2039:okay
2024:talk
2009:talk
1968:talk
1925:talk
1893:talk
1885:here
1862:talk
1847:talk
1816:talk
1801:talk
1787:lute
1784:Reso
1774:talk
1738:talk
1719:talk
1696:talk
1678:talk
1651:talk
1604:talk
1589:talk
1558:I-20
1538:mike
1506:and
1475:talk
1459:talk
1435:talk
1414:Tony
1407:must
1389:talk
1338:talk
1324:Tree
1284:talk
1280:HaeB
1243:Tony
1236:must
1225:talk
1221:Bwrs
1199:talk
1195:Gigs
1169:talk
1026:say.
918:lute
915:Reso
799:talk
782:talk
764:lute
761:Reso
697:talk
693:HaeB
682:talk
417:).
304:The
290:left
273:).
141:Digg
2062:far
2003:.
1959:way
1535:–
1510:'s
1352:are
1216:IRB
381:W.
254:).
149:By
76:—
2168::
2106:)
2073:)
2050:)
2026:)
2011:)
1970:)
1962:--
1927:)
1895:)
1864:)
1849:)
1818:)
1803:)
1776:)
1740:)
1721:)
1698:)
1680:)
1653:)
1606:)
1591:)
1522:--
1477:)
1461:)
1437:)
1391:)
1360:--
1340:)
1286:)
1227:)
1201:)
1171:)
813:/
801:)
784:)
707:—
699:)
684:)
399:”
393:“
375:”
338:“
250:,
246:,
193:.
173:("
2121:.
2102:(
2094:/
2069:(
2046:(
2022:(
2007:(
1966:(
1923:(
1891:(
1860:(
1845:(
1814:(
1799:(
1772:(
1753:œ
1736:(
1717:(
1694:(
1676:(
1649:(
1602:(
1587:(
1555:—
1540:@
1473:(
1457:(
1433:(
1387:(
1336:(
1282:(
1223:(
1197:(
1167:(
1000:)
819:)
815:(
797:(
780:(
722:)
720:c
717:@
714:t
712:(
695:(
680:(
673:.
663:.
595:)
591:(
258:(
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.