Comments on: Technical aspects of the censoring of Wikipedia

By: Phil Nash

Phil Nash — Fri, 12 Dec 2008 21:24:37 +0000

furthermore, anyone who knows how to mung a header could get round the block; for example
http://…/w/index.php?title=Virgin_Killer&iwf=please_dont_censor_me
worked; and it wasn’t blocked in the UK on the Finnish Wikipedia, so http:/;/fi.wikipedia.org/…/Virgin_Killer still worked. “Epic fail”, as they say.

By: Phil Nash

Phil Nash — Fri, 12 Dec 2008 21:20:51 +0000

@Clive Feather. Having worked for Demon Internet, you should be aware that there is a very great difference, and as a founder member of IWF, you could yourself have made that they were aware of that distinction. Their technical expertise seems strangely lacking, and certainly does not seem to be under the scrutiny of the ISPs.

By: Phil Nash

Phil Nash — Fri, 12 Dec 2008 21:16:49 +0000

“However, they couldn’t register for new accounts because the IP address from which they came was barred”

Not quite right; to limit vandalism-only accounts, the Wikimedia software imposes a per-day limit on account creation per IP address. This means that once that limit is reached, nobody using that proxy is able to create an account themselves, although we (Wikipedia) will create accounts via email- as long as there aren’t about 10,000 requests pending, of course!

By: Clive Feather

Clive Feather — Thu, 11 Dec 2008 15:07:09 +0000

[IWF] “have since made statements to the effect that the ISP’s blocking systems are designed for blocking pages and not images”

I don’t know why they should think this, since there’s no technical difference between blocking an HTML URL and a JPEG one. I’m not aware of any ISP who cares, or who asked for images not to be on the list.

By: Ed Davies

Ed Davies — Thu, 11 Dec 2008 12:06:03 +0000

“…(albeit we’ve just seen that a type extension is not an infallible guide in these matters).”

In principle, URLs are opaque strings. They do not have “type extensions” so the last few characters should not be taken as a guide, fallible or otherwise.

By: Torne

Torne — Thu, 11 Dec 2008 11:43:17 +0000

Gavin:
Yes, people don’t generally trust such headers, but Wikipedia has a list of those it *does* trust, for large ISPs that proxy all their customers.

By: Richard Clayton

Richard Clayton — Thu, 11 Dec 2008 11:22:27 +0000

@Jamie

Sorry, I didn’t make it clear enough. XFF can indeed be forged, and so Wikipedia has a list of trusted proxies from which they accept it. Since they had never encountered the blocking system before the proxies were not initially listed! But they are now (see here).

By: Gavin Jamie

Gavin Jamie — Thu, 11 Dec 2008 11:04:55 +0000

I am certainly no HTTP expert but is the “X-Forwarded-From” header to be trusted? Should Wikipedia (or any site) assume that this is a genuine proxy. It would seem a relatively trivial matter to write a browser extension to add this header to each request and then vandalise away.

Presumably wikipedia (and google and whoever) would need to recognise and authenticate each proxy individually.