 Pressure on or from ISPs would make it difficult or impossible to run an exit relay. However, the third point is the one that I'm going to mostly be talking about today. Tor is not very useful if you can't actually use it to get anywhere. And there's an increasing number of prominent sites on the internet that are restricting what you can do through Tor. And in some cases, Tor is outright blocked, and in other cases, you're sort of slowed down by captures and other other ways to sort of make it annoying to visit. So a brief overview of my talk. I'm going to give a little bit of background on Tor and discuss sort of how it's being blocked by internet services today. Then I'm going to talk about Wikipedia, which is a service that, or a website, you may have heard of it, that makes it difficult to add it through Tor. And I'm going to talk about their relationship, and then I'm going to discuss some of the findings that we had from our interview study of Tor users and Wikipedians. So here's some examples of some things that you might see when you're browsing with Tor these days. Now, it's worth pointing out that a lot of these are not individual sites, but rather content distribution networks like Cloudflare and Akamai. Or they're hosting providers like Bluehost or anti-spam plug-ins that sort of affect a huge sort of swath of sites on the internet, not just one. Though there are some individual sites, say like Yelp, that kind of provide their own blocking, but they tend to be somewhat important sites. So before I go any further, I should probably disclose that I'm not exactly a neutral party here. I'm married to Roger Dingeldine, who's one of the founders of the Tor project. This work is part of a recent experiment of mine doing research related to Tor while remaining happily married. So far, so good. Furthermore, this work uses qualitative ethnographic methods, which is a bit of a departure from the machine learning work that I usually do. Mitigating both of these factors is my wonderful co-author, Andrea Forte, who's trained in ethnographic methods and conducted all of the interviews that I'm going to talk to you about. So when I was talking to Roger about this talk, he said most people at CCC will have heard of Tor by now. I think that's probably true, and they'll be aware that it hides something about your internet when you're browsing the internet. But they might be a bit fuzzy on some of the details, so very quick recap. When Alice starts up Tor, her client starts by fetching a list of relays from the directory server. Then the Tor client is going to pick a three-hop path to the destination server. Hop1 is going to know who you are, but not where you're going, and then Hop3 knows where you're going, but not who you are. Now, there's a link encrypted from you to Hop3, and then Hop3, which is the exit relay, actually delivers your request to the website. Now, this part is not encrypted by Tor, and as far as the website is concerned, it's actually delivering a request from the exit relay. Usually, when Tor users receive the blocking screens that I showed earlier, it's because the website is blocking the exit relay's IP address. So this can happen either because the site is deliberately blocking Tor by downloading the directory and blocking all of the Tor exit IPs, or because someone did something unpleasant through that exit relay in the past, and it was put on a blacklist incidentally. So there's been some research on this phenomenon, and here's some gutting-edge research that hasn't actually even been presented yet. It's going to be published in the NDSS conference in February by the people up here, and it's looking quantitatively about how prevalent this blocking problem is. And they found that the top, of the top 1,000 Alexa sites, 3.5% of them were actually blocked for Tor users. And you can see on this list on the right that most of the blocking is due to aggregate blockers like these hosting companies and CDNs. It's also the case that most of the sites didn't actually block 100% of the exit nodes, but the bigger the exit is bandwidth-wise, and thus the higher probability of exiting from it, the more likely it was to be blocked. So this graph shows sort of 2,000 block sites from Unidata sort of given the exit node and how probable it was that that exit node would be blocked. So one website that blocks Tor users is Wikipedia. Now Wikipedia doesn't actually block Tor users from reading Wikipedia, which is very useful because it's a resource that's important for lots of people to be able to reach sometimes anonymously, but it does prevent them from editing. That's true even if they're logged in. So according to Wikipedia, Wikipedia is a free access, free content, Internet Encyclopedia, supported and hosted by the non-profit Wikipedia Foundation. Those who can access this site can edit most of its articles, and Wikipedia is ranked among the 10 most popular websites and constitutes the Internet's largest and most popular general reference work. So right now, you know, from our vantage point, 8 years since this quote in 2007, and probably about, I'm not actually sure when Wikipedia was founded, but you know, some years after. It's hard to realize what a radical idea Wikipedia once was, this encyclopedia that can be edited by, well, almost anyone. In 2007, The New York Times said, the problem with Wikipedia is that it only works in practice. In theory, it can never work. So there's sort of some sort of miracle that Wikipedia manages to be the resource it is, and it's the sort of thing that researchers and economists have tried to explain, and they've tried to explain it in the same way they tried to explain the Linux kernel, that, you know, this thing happens and nobody quite knows why. And it makes Wikipedians today a little nervous about, and conservative, perhaps, about anything that could rock the boat, affect the quality of the encyclopedia. But the fact is that Wikipedia needs its contributors to continue to update, expand, and improve the resource. And Wikipedia contributions peaked in 2007, and have been in a slow and steady decline. So this graph above shows the number of active recent re-registered editors who edit more than five edits per month as plotted over time, and you can see this sort of peak that happens in 2007. And the reasons behind this decline are actually an active area of research, and another area of concern for the Wikimedia Foundation and so on. But the upshot of it is that basically Wikipedia can't exactly afford to just throw away good editors. Aside from the general decline in participation, there's Wikipedia's sort of demographic imbalance. So Wikipedia editors are 84 to 91 percent male, depending on how you count. And there's also a lot of under-representation from global South countries. And there's been a little bit of research to show sort of how this affects the quality of the encyclopedia. So there's a group of researchers from the group lens group at the University of Minnesota, and they were interested in this question. They had access to a database of movie ratings in the gender of the raiders. So they compared the length of articles about movies that were disproportionately rated by men or women while controlling for the popularity and the rating of the movie. And in this case, they showed that male skewing movies had articles that were much longer than sort of articles about female skewing movies independent of these popularity and rating effects. Now, maybe articles about movies, it's kind of a trivial thing, but it kind of shows you that the editor population sort of affects article categories that might be harder to measure in such a rigorous way. And it made us wonder how the absence of tour user editors affects the quality of the encyclopedia and if there's a similar skew that you might be able to see. So to help understand and answer this question, it's worth asking what a Wikipedia would get out of using Tor. This question is actually one that has some people kind of confused because a lot of people see Tor as a tool that you use to hide who you are to a website. And basically, no one at Wikipedia is at all interested in letting tour users edit Wikipedia without logging in at all. However, Tor provides some benefits to users even when they're logged in and thus not hiding from Wikipedia. In particular, it protects against surveillance by your local ISP or administrative domain and it can also protect against government surveillance. Furthermore, it prevents your IP address from being stored in the Wikipedia database of user IPs that can be accessed by administrators and attackers. We've all seen plenty of cases where attackers get access to databases they're not supposed to. Another property that's sort of probably more easy to think about is reachability. So internet connections could be censored and Tor might be the only method of actually accessing Wikipedia. And lastly, a lot of tour users use Tor for all of their internet use as a mechanism to diversify the user base and provide cover for and solidarity with users that might need Tor for a different purpose. So participation in internet projects and open source projects can be dangerous. So consider the case of Bezel Kartabil, who's a well-known Wikipedia editor, open source software developer and the founder of Creative Commons, Syria. He was jailed for three years and he's now disappeared. A lot of people think he's dead. He's very well-known for having founded the new Palmyra project, which uses satellite and high-resolution imagery to create open 3D models of ancient structures. Now, these structures were raised by Daesh sometimes called ISIS in 2015, and so this work that he's done is our sort of best records of these structures that now exist. In another case, Jimmy Wales announced in 2015 that the Wikipian of the year could not be revealed publicly because to do so would actually put the person in danger. So the Wikimedia Foundation is also aware that there are some cases where editors need privacy. So then, with all these risks that Wikipedians face and the benefits that Tor can provide, why would it be blocked? Well, it comes down to abuse. The problem of jerks is a real problem on the internet. Though the research is somewhat ambiguous as to the degree to which it's actually made worse by anonymity. There's sort of this very popular theory on the internet that if you take a normal person anonymity in an audience, they become a total dickwad. Nonetheless, managing abuse is actually somewhat harder with anonymous participants, and there's certainly this perception that anonymity can make people more susceptible to abusive behavior. Fortunately, the cryptographic research community has studied how to reconcile anonymity and blacklisting abusers, and has found some pretty promising solutions. The first, which I'll discuss briefly here, is Akup Kapadia's Nimble design. And there have been many variants of this, including Nimbler, Jack B. Nimble, Jack, you get the idea. Basically, when Alice wants to contribute anonymously to a website or a project, she uses a pseudonym server to get a pseudonym. And then she gives that NIM to a NIM manager and that NIM manager gives her a ticket, and that ticket is then used to connect to the site she wants to participate on. So it's another way to sort of distribute the trust. But our Alice is a jerk, so she vandalizes the website. The website then complains to the NIMO manager, which will then send the server a token that can be used to link that user in the future. The server then adds the user to a blacklist. So basically, the way that this works is that everything the user has done before the complaint still remains anonymous forever. But everything that they do in the future is linkable, and thus it remains easier to block them. So there's basically been no adoption of this kind of protocol, despite a lot of iterations in the literature. There's some reasons for this. Many of the variants have no implementation, and for those that do its research code, and as the author of some research code, I can tell you that there would be significant work involved in actually adopting these measures. And there's a price to be paid. You have to pick between either having a semi-trusted third party, degraded notions of privacy, so basically pseudonymity rather than anonymity, or high computational overhead, because zero-knowledge proofs are still kind of expensive. But it could well be done, and it's not like you need all of these things, you only need one. But ultimately it isn't being done, and I think this is because most sites don't really care. They believe that the number of non-jerks might not be zero, but it's approximately zero, and it's just not worth the bother. So we're interested in measuring this value of anonymous participation to sort of provide motivation for sites to actually try and solve these problems. It's not a terribly easy thing to do because Taurus blocks so often that we're actually trying to measure participation that doesn't happen, that might happen under alternate circumstances. So to ask this question, we turned to qualitative methods, which is basically an interview study, and we talked to Tor users who participate in open collaboration, and we talked to Wikipedia editors about their privacy concerns. So we have two basic research questions. First, what kind of threats do contributors to open collaboration projects perceive? And second, how do people who contribute to open collaboration projects manage their risk? The goal here is to get the kind of in-depth and qualitative understanding that will help us to ask the right questions in a larger-scale study and ensure that we're solving the right problems when we design systems to facilitate anonymous participation in online projects. As Sarah McDonald-Piklet said, they're not anecdotes, that's small batch artisanal data. So a little bit about our 23 participants in our study. So we had 12 participants that were Tor users, eight males, three females, and one of fluid gender. The minimum age was 18, the maximum age was 41, and the average was 30. Three people with a high school education, four current and graduated undergraduates, and five people with postgraduate degrees or who were graduate students. The location, seven of our participants were from the U.S., but we also had participants from Australia, Belgium, Canada, South Africa, and Sweden. For the Wikimedia participants, we had, again, eight males and three females. Actually, I think the demographics of Tor and Wikimedia might not be too different. The minimum age was 20, the max was 53, again, the average was 30. One didn't report their education level, we had eight people with bachelor's degrees or undergraduate students, and two graduate students or people with graduate degrees. Again, we had five participants from the U.S., but we also had participants from Australia, France, Ghana, Israel, and the U.K., in this case. A lot of people talked to us. We didn't actually have any participants from places like Iran or China that we did have some Iranians who were living in the U.S. who talked to us. Types of participation. Obviously, we had Wikipedians, we sought them out, and a number of the people that we talked to, especially the Tor users, actually contribute to the Tor project in some way, but we asked people about their other participation in the Internet, especially Tor users, and we found that there are a lot of people that participate through adding web comments, participating on forums, using Twitter, contributing open-source code to projects on GitHub or Sourceforge or other projects on the Internet, helping with the Internet archive, or contributing image boards to sites that do that. Our interview protocol, we gave $20 in compensation, gift cards or cash, 30% of people declined this because we would need to sort of register their participation if we give them compensation, and some people didn't want there to be as much of a record. We spoke to people over the phone using Skype, using various encrypted audio mechanisms, one person was interviewed face to face. The interviews, again, were all conducted by Andrew Forte, and we asked people to tell in-depth stories and prompted them for detail. So our analysis of this is ongoing. It's not done. We've transcribed all the interviews, we've coded them to identify themes, and we've grouped and merged some of these themes. I'm going to talk to you about some of the stuff that came out of this study, give some quotes and things like that. Interview topics. For Tor users, we asked them to explain Tor and what it's for. We asked for some current and retrospective examples of use, the story of how and why they first started using Tor, and some examples of when they use Tor and when they don't use Tor online, and some questions about their participation in online projects. And if they participated in Wikipedia, we asked them some of the Wikipedia questions, similarly with Wikipedia people who had used Tor. And there was some considerable overlap. So for Wikipedians, we asked how and why they started editing, examples of privacy concerns associated with their editing, steps they may have taken to protect their privacy when editing, and examples of interactions with other editors. Now, there are some real limitations with this work. We may be missing participants with severe privacy concerns. Anybody who participated in this would have to talk to unknown parties that they couldn't necessarily trust that we were not going to do nefarious things with their interview. They need to speak remotely over a communications channel in most cases. We did, we were willing to conduct some interviews over various encrypted channels such as Jitsie or really whatever people wanted us to as long as we could set it up. Though we did mention Skype in our recruitment materials, and this actually caused a bit of a kerfuffle on the Tor blog when people were, you know, saying we clearly don't understand Tor and have no familiarity with the project if we're even thinking of using Skype. And I know a couple of Tor users and Tor developers that use Skype, so. But, you know, we were willing to use other things. And we, again, didn't talk to residents of Iran or China, which is something that a lot of people told us might be of interest. So what is, what does anonymity actually mean to a Wikipedian? It was an interesting question because it doesn't mean the same thing that it usually means to a Tor user. So a lot of times when people talk about anonymous edits in Wikipedia, they mean editing without logging in. And this is actually called IP editing to Wikipedians because what happens when you edit Wikipedia without logging in is that your, the IP address is actually published as the, you know, author of that edit. The other thing that people mean when they talk about editing anonymously is editing under a pseudonymous account while not leaving clues about your identity. So the notion of IP editing is somewhat problematic. This was an article from Buzzfeed about the 33 most embarrassing congressional edits to members Wikipedia pages. So the congressional offices in the U.S. all share one IP address. So you can simply search Wikipedia for that IP address and you can find people making revisions, for example, to the Liberty Caucus Wikipedia site and so on. So in terms of content based anonymity, according to the Wikipedians we talked to, most de-anonymization is done actually by contextual clues. When people are outed as being this pseudonymous Wikipedia person, it's usually because somebody looked up things and there was a quote that someone said there are small things but I usually wouldn't edit things related to my school or places near where I lived when I was logged in. It's actually weirdly easy to piece together someone's identity based on the location or things like that. So Tor, it's worth pointing out sort of the limits of what Tor can do. Tor is not going to help with this particular problem. It will hide your IP address but not necessarily this. So what is the Wikipedia policy on Tor? So MediaWiki has a Tor block extension which automatically blocks editing through Tor. Now it's possible to actually get an exemption, what's called an IP block exemption, and registered users in good standing can ask for one. The problem is it's a little bit hard to establish standing. It requires editing without using Tor. When pointed out that this is particularly problematic for censored users, there are, because they can't access Wikipedia to edit in the first place, they do provide some closed proxies for Chinese users in particular. There are a lot of censored users that aren't Chinese but you can contact them to ask to use their sort of secret proxies. I don't know how well this actually works. But we did ask our interviewees, can Wikipedia be edited through Tor? Which is an interesting question. So as a convention for the rest of the talk, when you see these blue boxes, they're going to be quotes from Wikipedians. When you see the green boxes, they're quotes from Tor users. So when we asked people, the Wikipedians often said, okay, if the account exists, yes. So when you're trying to do an anonymous edit with Tor, it's really difficult. They mean an IP edit there. And then they said, and I had one that came through the mailing list in the last couple of weeks and that their employer had been checking up on them, we allowed that. So as an administrator, I have a user bot that allows me to get around that but as well as feeling bad about doing that, but other people don't have that option. From a Tor user, we actually said, but sometimes, like every so many exit nodes, you sometimes when it works, so many sites block Tor, try to block it, it's quite annoying as you were trying to do something. So this person sort of saw what, you know, in the research about blocking Tor, not every exit node is blocked. So if you're really, you know, determined to make that anonymous edit, you can just kind of keep clicking your, you know, new identity and get there. And then they said, we do sometimes let people edit through them. I know we have users in China coming through the Great Firewall and stuff like that. So then for user, you know, well, they like that. And so because you can change your IP address with the click of a button, it's very difficult to prevent abuse. So there's sort of this sort of notion that maybe it's important for vandalism, but maybe that's a problem, and maybe there should be something that be done. So then a lot of what we asked people about was sort of the threats that they were concerned about from a privacy perspective. So people talked about government threats, businesses, organized crime, private citizens, other project members, and project outsiders. When we grouped the threats, we found sort of five or so big threats that lots of people talked about. We had 12 different instances of people talking about sort of surveillance concerns or general concerns about the loss of privacy. About 10 people talked about specifically about the loss of employment or economic opportunity that might happen. Nine people talked about bullying, harassment, intimidation, stalking, this sort of thing. About another nine people talked about personal safety or the safety of their loved ones. And six people that we talked about, talked about reputation loss, and I'll get into these in more detail. So surveillance. You know in my country there's basically unknown surveillance going on, and I don't know what providers to use, and at some time I decided to use Tor for everything. It's worth pointing out, given the list of countries I gave, that this isn't necessarily the list, and I think you wouldn't get these kind of quotes maybe before the Snowden revolutions about sort of generalized surveillance across the world. And a lot of people talked about how their online activities were being accessed or logged without their consent. And especially among Tor users, there was this notion of wanting to be public by effort, but private by default. And when you talk to Wikipedia, they talked about their edit histories and how the edit histories themselves might be somewhat sensitive. In terms of loss of employment, so many, many employers now look at your online footprint before they hire you. So according to Monster, one of the big employment websites, 77% of employers Google perspective employees. So from a Tor user we had someone talk about, I am transgender, I am queer, my boss would rant for hours about this kind of person, that kind of person, the other kind of person, all of which I happened to be, and I decided if I was going to do anything online at all, I'd better look into options for protecting myself because I didn't want to get fired. In Wikipedia, someone said, a friend of mine was also involved in this discussion and he actually got it worse than I did. He's in a position now where anyone who Googles him finds allegations that he's this awful monster, and he's terrified of having to look for work now because you Google him and that's what you find. So these things can have a real impact on people. So, and then there's harassment. So this is a quote from Wikipedia who said, I would say that the fear of harassment of real, of stalking and things like that is quite substantial, at least among administrators I know, especially women. And from a Tor user there was someone who talked about this is a map of active hate groups in the United States and how they had experienced problems with these hate groups in the past and they wanted to see who was active in their area and then so they would go to the websites of these hate groups and sort of for obvious reasons they didn't want their IP address to appear in the logs of these hate group websites. Safety of loved ones, also personal safety. So a lot of people talked about real, concrete, not just threats but things that had happened to them or to people that they knew. In Tor, there is this story, they bursted his door down and they beat the ever living crap out of him. He was hospitalized for two and a half weeks and they told him, if you and your family want to live you're going to have to stop causing trouble and they said that to him in Farsi. I have a family so after I visited him in the hospital I started, well at first I started shaking and I went into a cold sweat and then I realized I have to, I have to start taking my human rights activities into other identities through the Tor network. And on the Wikipedia side I pulled back from some of that Wikipedia work when I could no longer hide in quite the same way. For a long time I lived on my own so it's just my own personal risk I was taking with things. Now my wife lives here as well and I can't take that same risk. Lastly people were concerned about reputation loss. In Wikipedia there's been known to be sort of edit wars that sort of escalate into into vendettas. Here's a example of an edit war where some user says I hate big bitch Allison who's then blocked indefinitely by Allison. So people are worried about this sort of thing escalating and then somebody doing something off of the internet to mess, to call them names or mess with their reputation and thus would have a negative effect on their life. And Tor there is an interesting, a couple interesting cases of sort of concerns about guilt by association. So there was someone who participates on image boards on an 8-chan or infinite-chan and I don't know if you guys are that aware of this it's sort of the place where which was kind of started by people that were blocked by 4-chan so it's the people that 4-chan think are kind of sketchy. And this person said look I stand behind the material and the content that I've created but some people on the site I wouldn't want to be associated with them. So there's another person who talked about look I've I've created some online resources about various pharmaceuticals but I don't want to be very associated with the community that post things about stuff like that. So some other threats. Some people talked about diminished project quality so in particular a lot of the Wikipheans that we talked about or talked to were somewhat prominent in the Wikipedia project and in some respects had kind of achieved some degree of like rock star status as editors if such things can be and they would you know they found it very difficult to edit anymore because they added a page and that page hadn't received a lot of attention but people would see that they had edited it and there would be sort of hordes of people that would descend on that page and mess with it and they found that they couldn't do that without actually sort of harming the pages they were trying to edit. Similarly there were some tour users who were talked about you know not wanting to sort of take credit for their work because they were worried that they wouldn't have the credentials to be taken seriously in various ways or things like that. Only two people in our project actually talked about worrying about legal sort of sanctions government sanctions for their participation but there and there were a lot of people that talked about sort of computer security concerns which is not so much a privacy concern though it's very related and I'm going to talk to that too about that because this group might be interested. On the tour side people liked the authentication properties of Don Onion services the idea that when you go to a Don Onion website the address is sort of self-authenticating you know where you're going but a lot of people who use tour talked about the general data hygiene idea that there's sort of less data about them in unknown websites in unknown databases of companies because they don't leave as many online footprints and then you see all these high profile sort of break-ins that happen and these databases get stolen if you're using tour maybe you're less likely to be in those databases so that was the idea there. From Wikipedia a lot of people were very concerned about their Wikipedia credentials. They talked about not logging in on public terminals and things like that and in particular being concerned about sort of the security of administrative credentials that had privileges to for example look up the IP address of users who had edited and things like that which could be abused. So some concrete things that people were afraid of not a complete list having their head photoshopped onto porn something that happens sometimes to editors being beaten up actually a couple of tour people mentioned this being swatted receiving pipe bombs having fake information about them public published online. Though there were people that said look I don't really see a threat and some participants said that they don't perceive threats when they're contributing but in a lot of cases they pointed out that they enjoyed certain privileges related to perhaps their gender their nationality or the fact that their interests were a fairly mainstream. So here's a quote yeah I'm not that worried about it mainly because there's pretty good support for some of these viewpoints kind of a mainstream discourse and it's not so radical I don't think anyone's going to be knocking down on my door but I've been in contact with activists who have been engaged with higher risk activities and I do wonder about I have concerns about their welfare and the desire they have to have the tools to be able to pursue their activities without facing consequences. So in contrast to sort of the jerk theme there are a lot of people who run tour out of sort of a sense of altruism to provide cover and solidarity. So someone said I appreciate the need for protecting vulnerable people around the world so I run several relays some of them are exit relays some of them are middle relays and I run them around the world and someone else said while you use it you help diversify the network for those who may be subject to traffic monitoring and you can look up any information you like whether or not it's sensitive and you'll get it and if you live in a place where it may not be the greatest in legal standing to look it up you're able to find out information. So mitigating strategies so how did people deal with this when they wanted to participate in in sites but they couldn't do it through anonymous means well some people modified their participation and I'll talk about some of the chilling effects that we saw and also attempts of attempts to get anonymity in various ways so lost editors so several tour users that we talked to actually mentioned that they had it edited Wikipedia and they no longer edited it or they edited less because of the difficulty of editing through tour so there was someone who said basically I used to edit Wikipedia prior to doing a lot of tour so yeah now it's mostly reading I used to do a lot of editing for license design and for like some open source licenses occasionally random forms and stuff that I knew about sometimes grammar so and people people talk to us in particular about the sort of chilling effects of state surveillance and in particular the stone and revelations so in march of 2015 wikipedia actually with wikimedia foundation announced that it was suing the national security agency and we asked people about that and wikipedia and some of them said people aren't willing to engage with us when they know their government is watching their every move and they said that in particular they can show that editing dropped off significantly on certain articles after the upstream program was revealed here's a quote from one of our tour users in the study that sort of substantiates this for the Edward Snowden page I've pulled myself away from adding sensitive contributions like different references because I thought the name may be traced back to me in some way but not we're not refraining from asking adding useful content I guess though of course adding references is one of the things that contributes to the quality of articles and so on and in particularly they said edit articles about national security things about terrorism and so on people didn't edit about this didn't edit as much about these things anymore because they were worried about ending up on a list the other major topic that was chilled was articles about women's health so here's a picture of a vacuum aspiration abortion from the wikipedia abortion article and a couple people told us about how look any site that has to do with women or women's issues is more contentiously edited it's more likely of inflaming people getting into edit wars than sort of other sites and there are a lot of trolls on the internet and there's a quote trolls have called their bosses and been like do you know that your employee was editing the clitoris article last week they will do stuff like that so this means that you know in particular someone talked about I had you know I was a medical student I had my obstetrics textbook open I was looking at the abortion article I was thinking about making some changes but then I I just pulled myself back and said I you know I don't need that in my life right so this is another area where privacy concerns concerns about you know pushback cause people to not necessarily do things and then there's this this idea of sort of a threshold of participation that the sort of the more involved you are the more active you are in a project the more likely you're going to actually encounter real problems so people involved in curating content deleting things promoting things arbitrating disputes etc they're going to make enemies and some of these enemies are going to make nasty threats and some of them are going to act on them and so here's another quote of somebody as long as I have that pseudonym reasonably separated from my real name I feel fairly fairly comfortable with dealing with these sort of things dealing with death threats etc that turns up when you do that people mentioned in particular from the Wikipedia side that there were two sites Wikipediaocracy and the Wikipedia review where people were sort of critiques of Wikipedia and that people on these sites had sort of done sort of threats and doxing of various admins and people on the arbitration committee and someone talked about they found my parents home address they found one of my old phone numbers they wrote a blog post about all these horrible things I've done and here's my contact information and for a good time call and when it's on the internet it doesn't die so you know people that they get to a certain level of doing things like handling abuse had problems so since I didn't have any privacy I felt limited in what I could do I could still write articles but blocking people and stuff like that was something I had tried to avoid since I didn't want to get angry phone calls so someone also talks about activities that they used to do but then after receiving threats and things I used to check for the use of the n-word the router of the two f-words one or two other things that were indicative of significant problems in user space and I deleted lots and lots of attack pages which were fairly hot and dealing with them when they would turn up in article space and when people create a user account in somebody else's name and then say a bunch of things about that person that they wouldn't agree with I used to deal with that but then you know they're not willing to deal with that anymore so privacy measures that people took obviously in some cases people use Tor we talked to Tor users where that was possible people also talk about avoiding posting linking information and details about who they are not editing things about you know their local things things that only they would know etc people talked about using private processes or VPNs some people talked about hide my ass editing from a public computer using multiple accounts in some cases and using you know privacy browser plugins or safeguards like no script and ghostry we asked people both Tor users and not Tor users if they if they had used Tor what they thought of Tor and there was this person who said I tried using Tor I did when I was younger and everything was so slow and terrible I was just like so not worth it and in fact a couple of years ago Tor was in fact pretty slow it's gotten better but the Tor users still talked a little bit about lances but a lot of them talked about these issues of captures unusable website features the fact that it used to be slow and Wikipedia ends on Tor talked about it being slow or too much trouble just the need to download and the software and connect to it every time and people found some people found it unnecessary there were some other interesting things that came up some people talked about how they used information revelation as a defense mechanism this idea that okay I'm going to give you some information about me so you can't really dox me because that's my address right there or whatever um and people but people talked also about the limits of long-term participation a lot of people that talked to us had started editing or participating in online projects as sort of a relatively young teenager and a lot of people start with things like you know fixing typos before they later become a member of the arbitration committee or something like that so it's hard to have this long-term perspective when you're first creating your right your you know your login name your identity and so on until it happens to you it doesn't occur to you that well why would anyone be googling me why would they want my address and by the time you realize that all it takes is some kid being bored someday it's a little late to hide it so I'd like there to be I don't even know how there could be because people don't really read things on the internet but I wish we had a way to warn people no you should really give this some serious thought so as most good you know small ethnographic studies do and as this one was intended to do it sort of raises more questions than answers and that was our goal um we're hoping we learned that tour users and wikipedia share some privacy concerns but they do have some different perspectives and we do learn that some value participation is being lost when people can't participate in a private way we'd like to use this work to do some follow-up studies and also perhaps build a larger survey study so we can learn more say things that are more quantitative about this work if you find these this topic interesting a short plug for the privacy enhancing technology symposium which will be in july and domstadt something to look up we're not presenting this particular work here but there's a lot of work on tour and anonymity privacy so on from the research community and I'd like to thank my co-authors Andrea Forte and Nazinina Adelibi our interview participants the wiki media foundation the tour project the NS the national science foundation that funded Andrea and my participation in this project and all the people whose images I used in my slides so thanks any questions and by the way I'll be here for the whole conference so if you can find me afterwards if thanks a lot Rachel Greenstead and so we hopefully have a few questions from you in the audience you can line behind the microphones we have four of them here in the audience and also in the back there too and we also have the signal angel present but he didn't get any questions yet but maybe some comments or something some feedback from the crowd on the internet and then we immediately go to the questions in the audience so we have microphone two please and can you one second can you please be quiet if you go outside because that's really rude did you find out if the media for example treats classical VPN or proxies differently from Tor if what if if they treat them differently from Tor so and do they have the same policy in place for blocking let's say private VPN which can also be used to uh yeah to change your IP with a click of a button if you want to bully someone but it might offer less privacy than Tor but if you really only want to bully someone that might be enough I think it it depends as the as the answer um they you know the extensions that they have they do block a lot of things from my piece so I think it depends on if there's been abuse through that thing before they they try and block open proxies I think some some people said that certain VPNs you could still edit through and some you couldn't it really depended thanks microphone one please so wikipedia is by no means an isolated case right no no so uh and there's more and more capability of blocking Tor exit nodes and whatnot so where's the project going I mean the great firewall for example could very well block all its users from accessing Tor right it it actually does um so it blocks people from accessing Tor and and it blocks people from accessing wikipedia in terms of the Tor project there are mechanisms through using pluggable transports and um and bridge addresses they can actually help people still access Tor um but then and then they'll be able to read wikipedia but again they won't be able to edit for these reasons so again we have 15 minutes of break after this so you can get out after this and change the room and please be quiet if we really have to leave the room already or if you come to the room already thank you um now to the signal angel please yes there's one question from the internet from whinness and um he or she is asking if there's actual and recorded instance of someone attempting to put a pipe bomb in the post because of wikipedia edits um I certainly don't have such some such information this was just people telling us things that they were concerned about or things that there had been threats that they uh they'd experienced uh nobody that I know of specifically mentioned that they'd experienced a pipe bomb and another question um from amonk um if blocked Tor traffic is a problem why does the Tor project publish the exit IP list making it easy to block um I that would be a question for the Tor people my understanding of it is that the Tor project does try and be a good internet citizen and they don't want to encourage the kind of uh sort of arms race that would happen with sort of them trying people trying to like find all the exits and block them versus making it just look here's here it is this is what's going on and it's also very helpful when you're running an exit node to be able to say look this thing is an exit node and that's um that's what was going on when this thing happened through my computer so I think you know there's the the ability of the exit relay operators to be able to say that that's what they're doing is is also an important concern okay so they're sending somebody at microphone five yes um you mentioned zero knowledge proofs in the beginning is there any more research on this uh um yeah so uh if you look at the research on on nimble uh by apucapadia there's also some people in nick hoppers group at the university of minnesota there's also uh ryan henry uh at indiana university that's done a lot of work on this and ian goldberg's group at waterloo those are the people that i would look up in terms of anonymous blacklist blacklisting schemes and i'm sure i'm forgetting some of them right now so hopefully they'll uh forgive me but those are good places to start okay so we have the next question at microphone one um yeah do you know if wikipedia ever thought about um hashing ip addresses so that um the contributions are still unique but the users are anima anonymized um i nobody at wikipedia talked to us about that so i do not know if they've thought about that or not um yeah okay and the last uh comment or question at the signal angel microphone thanks uh not really a question more comment i just wanted to highlight that indeed um wikipedia blocking toys uh pretty big concerns also for toy users because for instance uh the french wikipedia articles about toy have very very poor quality and a lot of people end up asking us questions about toy and are misinformed because of that and i cannot fix it because i'm not willing to edit wikipedia without toy and that's also a pretty big issue i think yeah so it would be interesting i think from our perspective using this to then look at the articles the types of articles about tour about anonymous participation where we would we would suggest we'd we'd like to do a bigger study to learn what articles about um the anonymous users would edit if they were going to edit wikipedia and then we could do an analysis like they did about the movie sites to figure out uh if these articles are in some way shorter or of lower quality than other articles because of they're missing that perspective thank you rachel thank you for the questions and yeah one more applause again for rachel rinstead