Wikipedia:Village pump (miscellaneous)

Hey all, hope everyone here is doing well. Today I woke up to discover that a podcaster I follow had plagiarised part of an article I wrote, as well as parts of some other articles (some of which I had contributed to, others not). The podcaster did not cite their sources, nor did they make it clear that they were pulling whole paragraphs from Wikipedia, but they ran advertisements and plugged their patreon anyway. This is not the first time an article I wrote for Wikipedia has been plagiarised and profited off (earlier this year I noticed a youtuber had plagiarised an entire article I had written; I've also noticed journalists ripping off bits and pieces of other articles). Nor is this limited to articles, as I often see original maps people make for Wikimedia Commons reused without credit.

Obviously I'm not against people reusing and adapting the work we do here, as it's freely licensed under creative commons. But it bugs me that no attribution is provided, especially when it is required by the license; attribution is literally the least that is required. I would like attribution of Wikipedia to become more common and normalised, but I don't know how to push for people off-wiki to be more considerate of this. In my own case, the 'content creators' in question don't provide contact details, so I have no way of privately getting in touch with them. Cases in which I have been able to contact an organisation about their unattributed use of Wikipedia/Wikimedia content often get ignored, and the unattributed use continues. But I also have no interest in publicly naming and shaming these people, as I don't think it's constructive.

Does anyone here have advice for how to handle plagiarism from Wikipedia? Is there something we can do to push for more attribution? --Grnrchst (talk) 13:59, 16 December 2024 (UTC)[reply]

Sadly there are plenty of lazy sods who think that copying directly from Wikipedia is "research". This has happened with some of the articles that I have been involved with. It's rude, but hard to stop.--♦IanMacM♦ ^{(talk to me)} 14:13, 16 December 2024 (UTC)[reply]

I would start by writing to the podcaster and politely explaining to them that they are welcome to use the material but are required to provide attribution. They may simply be unaware of this and might be willing to comply if properly educated. Failing that, I assume the podcast was being streamed from some content delivery service like YouTube. You might have better luck writing to the service provider demanding that the offending material be taken down.

Realistically, crap like this happens all the time, and there's probably not a whole bunch we can do to prevent it. RoySmith (talk) 14:37, 16 December 2024 (UTC)[reply]

To support RoySmith's point, for those who may not have seen it, here is a very long youtube video about youtube and plagiarism [1]. (Works just having it on as background audio.) CMD (talk) 14:59, 16 December 2024 (UTC)[reply]

Funnily enough, plagiarism from Wikipedia comes up a couple times in that video. MJL also made a very good response video, which I think was a useful addition in the conversation of crediting Wikipedians. --Grnrchst (talk) 15:10, 16 December 2024 (UTC)[reply]

Thanks, I'll give that a listen. CMD (talk) 15:18, 16 December 2024 (UTC)[reply]

Aye, I figured it be an uphill battle trying to accomplish even minor changes on this front. As I can't find a way to contact the creator directly, sending an email to the hosting company may be the best I can do, but even then I doubt it'll lead to anything. Thanks for the advice, anyhow. --Grnrchst (talk) 15:12, 16 December 2024 (UTC)[reply]

If it's a copyright violation (e.g., exact wording), rather than plagiarism (stealing the ideas but using their own words), then you could look into a DMCA takedown notice. WhatamIdoing (talk) 03:25, 17 December 2024 (UTC)[reply]

@WhatamIdoing: It was more-or-less word for word, with a couple tweaks here and there. I don't want the episode pulled, I really just want Wikipedia cited, but I can't figure out any way to get in direct contact with any of the people involved. --Grnrchst (talk) 10:16, 17 December 2024 (UTC)[reply]

It's possible that the way to get in touch with them is a DMCA takedown notice. Having your platform take down the whole episode tends to attract attention. You could make it easy on them by suggesting a way to fix the problem (maybe they could add something like "This episode quotes Wikipedia in several places" to the end of the notes on the podcast?). WhatamIdoing (talk) 18:33, 17 December 2024 (UTC)[reply]

I'm curious as to what the plagiarized article in question is. Often there is no majority authorship of an article (in terms of bytes added), which might complicate DMCA claims. JayCubby 18:35, 17 December 2024 (UTC)[reply]

Anyone who contributed enough content to be copyrighted can issue a DMCA notice. The glaring problem with this approach is that the DMCA only applies if the copy is published in the United States. Phil Bridger (talk) 18:51, 17 December 2024 (UTC)[reply]

What about servers or companies based in the States (perhaps I've misremembered what little I know of copyright law)? JayCubby 18:56, 17 December 2024 (UTC)[reply]

@JayCubby: It's an article I wrote 99.9% of, minus minor copyedits by other users. I'm cautious about revealing which one as I think it would make it easy to figure out the podcast in question, and I'd still prefer to handle this privately rather than go full hbomberguy. Also, having now gone through more of the episode, it's not just that one article that got text lifted from it; text was also copied in whole or in part, without attribution, from other Wikipedia articles I have contributed to (but didn't author) and an article on another website that publishes under a CC BY-NC-ND license. I don't know how I would handle notifying the other parties that got plagiarised either. I haven't combed through the entire episode yet, but already a sizeable portion consists of unattributed text, either identical to the source or with minor alterations. --Grnrchst (talk) 19:29, 17 December 2024 (UTC)[reply]

One man deserves the credit, one man deserves the blame... JayCubby 00:42, 17 December 2024 (UTC)[reply]

Hmm... would Wikipedia:Standard CC BY-SA violation letter be of help? JayCubby 01:17, 30 December 2024 (UTC)[reply]

Unfortunately, you're talking about a medium where many people's understanding of copyright law, even when they do demonstrate an awareness that it exists and is applicable, is largely demonstrated by videos posted on YouTube of clips from movies and TV shows with the note "Copyright infringement not intended". Which, I sometimes leave a comment pointing out to them, is akin to dashing out of a clothing store with an armful of unpaid-for merchandise while shouting "Shoplifting not intended". Largoplazo (talk) 14:10, 2 January 2025 (UTC)[reply]

I've found Wikipedia plagiarized in scientific journal articles. I have no tolerance for that and I contact the publishers directly. But little to nothing comes of it. In the one instance, I waited almost a year but nothing really happened. Upon pushing the matter, the publishers allowed the authors to make some trivial changes but there was no retraction. (See my banner notes at the top of Talk:Semi-empirical mass formula if you are interested in this example.) Fortunately, this kind of plagiarism may be common in less prestigious journals and by less prestigious authors from universities in countries that may not care about plagiarism of Western sources. Jason Quinn (talk) 08:39, 24 December 2024 (UTC)[reply]

@Jason Quinn Wrong section? You wanted to post below? _{Piotr Konieczny aka Prokonsul Piotrus| reply here} 17:03, 24 December 2024 (UTC)[reply]

Yes, it was. Sorry about that. I moved my comment (along with yours) to the proper spot. Jason Quinn (talk) 21:12, 24 December 2024 (UTC)[reply]

@Jason Quinn PS. Make sure to use PubPeer and comment on those articles! _{Piotr Konieczny aka Prokonsul Piotrus| reply here} 17:04, 24 December 2024 (UTC)[reply]

I'll check it out. Jason Quinn (talk) 21:12, 24 December 2024 (UTC)[reply]

Looks like the publisher has a ... somewhat questionable reputation to put it politely. Jo-Jo Eumerus (talk) 10:10, 26 December 2024 (UTC)[reply]

Some years ago, we found a source saying that the 20% of lowest-ranked journals had a higher risk of copyright violations. (They did tend to be journals from developing countries or otherwise with limited resources – think "Journal of the Tinyland Medical Society".) I have discouraged using journals from the lowest ranked quintile ever since. WhatamIdoing (talk) 04:42, 26 December 2024 (UTC)[reply]

As an aside, I'm pretty sure I've been the "benefactor" of scholarly citogenesis several times—uncited additions from a decade ago that I'm scouring for cites and pondering whether to rewrite from scratch, when I find a passage that pretty much has the same structure and specifics (uncontroversial stuff, mind) and I smile. I do wonder if I should be so happy, but I figure they're qualified to conduct original research and this isn't likely to introduce poor quality infomation. Remsense ‥ 论 04:48, 26 December 2024 (UTC)[reply]

When the plagiarism is substantial, please remember to tag the talk page with {{backwardscopy}}. WhatamIdoing (talk) 21:49, 27 December 2024 (UTC)[reply]

Copyright infringement of Wikipedia by other people is not immoral, so I don't believe it's in anyone's best interest to try to police it at all. We write this stuff with the hopes that it is accurate and that it will be shared. The podcaster in question shared it. Presumably, if you are proud of it, you also consider it accurate. Big Success. No Stress.

Additionally, it does not do to mix complaints about plagiarism and copyright infringement together. Copyright is law, and plagiarism is not law. Just like us, the podcaster is fully within their rights as the users of text to copy it without attribution when their use isn't a copyright violation. If it was enough text for you to notice this, I'll trust you that it was a lot of text. But, just FYI, if someone copies a little from an article (or even a little from several articles), they would not need a license to do that and their lack of compliance with the unneeded license would not constitute copyright infringement. lethargilistic (talk) 08:37, 2 January 2025 (UTC)[reply]

I disagree, plagiarism of Wikipedia content is immoral, as the plagiarizer is (at least implicitly) claiming authorship of someone else's work, and is also a violation of the licensing terms (attribution is required). As an editor who has seen their contributions to Wikipedia plagiarized, I do not expect widespread recognition of my work, but I do resent some else taking credit for it. Donald Albury 17:10, 2 January 2025 (UTC)[reply]

I wouldn't go so far as to call it immoral, which implies deliberate malfeasance. Copyright law is complicated. There are a myriad of permissive licenses in use, some of which require attribution, some of which don't. It's unrealistic to expect most people to understand anything beyond "Wikipedia is free".

What bothers me more is when you explain to somebody that it's OK that they're using your stuff but they need to add an attribution and they argue with you. That's when it crosses the line from ignorance to deliberate. RoySmith (talk) 17:22, 2 January 2025 (UTC)[reply]

On your first point Wikipedia is free, Help:Introduction to Wikipedia doesn't explain that Wikipedia's content is copyrighted (unless you go into one of the policy links), and the footer is the kind of thing I'd ignore on any other website. I wonder if it could be reworded to something likeYou are free to reuse text under the Creative Commons Attribution-ShareAlike 4.0 License; additional terms may apply.

Though with most of the instances of plagiarism there are no measures we could take to prevent plagiarists. JayCubby 18:07, 2 January 2025 (UTC)[reply]

enwiki gets about 400 million page views per day. Help:Introduction to Wikipedia gets about 4500 per day. So, to a reasonable approximation, nobody reads it. RoySmith (talk) 18:27, 2 January 2025 (UTC)[reply]

Hello, before I added a category, this file was uncategorized on Commons, but was used on a page on the Greek language wikipedia. Maybe using Petscan?, is there a way of searching say all pages in the category Museums in Greece, and its subcategories, to list images used on those pages that are uncategorized in Commons? Thank you, Maculosae tegmine lyncis (talk) 08:06, 28 December 2024 (UTC)[reply]

@Maculosae tegmine lyncis: Something like this seems to already exist: commons:Category:Media needing category review by usage. MKFI (talk) 18:21, 1 January 2025 (UTC)[reply]

My font on Wikipedia (page & edit window) has changed, don't know why, is this a site setting, a Chrome setting. I'm not sure where to search for the issue. Appreciate any input. Thanx, - FlightTime (open channel) 16:25, 30 December 2024 (UTC)[reply]

I would try WP:VPT as tech minded editors would probably know. -- LCU ActivelyDisinterested «@» °∆t° 18:58, 31 December 2024 (UTC)[reply]

@FlightTime Mediawiki does not specify a specific font, it just tells your browser to use it's default sans-serif one. If your font has changed this will be due to your browser. 86.23.109.101 (talk) 23:29, 31 December 2024 (UTC)[reply]

Thank you. - FlightTime (open channel) 23:31, 31 December 2024 (UTC)[reply]

I'd had it in mind for quite some time to write an essay in project space about announcements. I've seen entire sections consisting of sentences with the word "announced" in them, giving the impression that the subject's history consists not of events and actions at all but only of announcements that such events or actions were planned, leaving the reader to wonder whether any of them ever actually happened. I wanted to exhort people who add to an article, in November 2024, "In November 2024 it was announced that X would be joining the series as a regular character in the new season" to return after the new season begins and replace the text about the announcement with "In April 2025, X joined the series as a regular character" or, if X didn't join the series after all, to remove the sentence as probably irrelevant, unless some mention is to be made of why X's addition to the series didn't come to pass.

So one day recently I sat down to begin such an essay, but first checked the status of the obvious shortcut, WP:ANNOUNCED—and found that it already existed as a redirect to a user-space essay belonging to User:HuffTheWeevil. That essay is quite thorough and covers most of the ground that I had had in mind, and I think it would be useful to have it in project space. So, while noting that that user hadn't edited in over two years but thinking the might see and respond to a ping if they even read Wikipedia while logged in, I went to their talk page to leave basically the same message that I've written here, to ask if they would be averse to having their essay moved to project space.

That was four weeks ago, and there've been no edits in that time by the user. I was wondering whether it would be reasonable, without express permission, either to move or copy the essay to project space and retarget WP:ANNOUNCED there. Also, if that were to happen, I'm seeking a good title. Floating around in my head:

• Wikipedia:Stuff finally happens
• Wikipedia:Prefer actions to announcements
• Wikipedia:Did the announcement ever come true?
• Wikipedia:Well, did it happen or not?

Largoplazo (talk) 17:35, 30 December 2024 (UTC)[reply]

What a good notion! That type of language in articles irks me too. Especially personal life sections that read "they announced they were engaged, they announced the wedding date, they got married, they announced they were expecting, they had a baby" and so on. (Sorry I don't have an answer to your questions, but I do like the idea.) Schazjmd (talk) 23:25, 30 December 2024 (UTC)[reply]

Articles about companies, particularly finance companies, drive me crazy in that way. You'd think from some of their articles that they're more noted for their announcements than for what they've actually done. "In October 2018, ABC announced that they were acquiring at 30% share in GHI. In February 2019, they announced the coming release of version 5 of their product." Did the GHI buy-in ever happen? Did they ever release version 5? Who knows??? The article doesn't say! Largoplazo (talk) 00:02, 31 December 2024 (UTC)[reply]

Even more annoying is when media happily passes on announcements, but fails to pay any attention when they actually happen, so we're left sourceless. Schazjmd (talk) 00:20, 31 December 2024 (UTC)[reply]

To go off a bit on a tangent, this is like when the media report someone's arrest (which goes on to be covered here) and then never follow up (leaving Wikipedia readers in the lurch). Largoplazo (talk) 00:39, 31 December 2024 (UTC)[reply]

I wouldn't mess with someone else's user space without asking them first (with the obvious exception of reverting vandalism), there might be a reason they didn't want it in project space. I do agree that this is an issue in articles though. Gnomingstuff (talk) 19:42, 2 January 2025 (UTC)[reply]

The question appears to be about whether it's okay, after you have asked them, waited a month, and still not gotten a response. WhatamIdoing (talk) 02:50, 8 January 2025 (UTC)[reply]

I would also suggest not moving people's userspace essays to mainspace. Looks like the shortcut did a good job here of directing you to the correct location. Hopefully that happens a lot in these types of situations. –Novem Linguae (talk) 22:39, 2 January 2025 (UTC)[reply]

I would agree that moving things out of someone’s userspace without their OK is bad form.

That said… no one “owns” the topic (whether that topic is for an essay or for an article). Consider writing your own essay/article on the topic (in your own userspace), and moving that to Mainspace. Then notify the other editor so they can amend your work if they want to (that is up to them). Blueboar (talk) 14:03, 3 January 2025 (UTC)[reply]

People have been trying to get me to move User:RoySmith/Three best sources to project space for years. I keep refusing because it's my own personal opinion and I don't want people editing my opinion (which they do anyway, but at least I feel justified reverting those in my userspace). I once had somebody hijack the WP:THREE redirect and point it to their own essay (quickly reverted). I once had somebody put the redirect up for deletion (quickly closed as keep). RoySmith (talk) 15:11, 3 January 2025 (UTC)[reply]

meh… Personally, I think personal essays should be marked as “User” and not “WP” (even for a shortcut) but whatever. Blueboar (talk) 20:35, 3 January 2025 (UTC)[reply]

You had a good idea that's been linked by lots of people, including me. Surely the Wikipedia way is to share it with the rest of us? Phil Bridger (talk) 20:59, 6 January 2025 (UTC)[reply]

I like the Stuff finally happens title. Either rewrite so you're not using the userspace version, or move it (I think since you've asked, this can count as being bold) Newystats (talk) 19:14, 6 January 2025 (UTC)[reply]

It usually is considered a bit rude to move something without receiving permission. At the same time since they haven't edited more than minimally in nine years that really is not that big a concern, and ultimately all pages belong to the community. Since content is licensed under CC BY-SA and the GFDL, you could also both move the page and then copy-back an archived version to the original location under WP:CWW that they would retain more control over this has been done before.

Unless you think updates are needed though it probably isn't necessary since the primary distinction between user and projectspace essays is the degree of control exerted over the contents of the essay by the original author. Granted, projectspace is a little more restrictive compared to userspace, but that distinction is not really important to this case. 184.152.68.190 (talk) 20:13, 6 January 2025 (UTC)[reply]

Ive seen people make separate pages that are still attached to their user, like this one: User:Littleghostboo/Story and I never knew how to make pages like this. Can someone please tell me how?

Thanks, Tenebre_Rosso_Sangue, Editing with SSStyle! (talk) 16:46, 3 January 2025 (UTC)[reply]

Easy, peasy. Just type "User:Tenebre.Rosso.Sangue995320/whatever" into the search box and hit return. That'll take you to a page that says "Wikipedia does not have a user page with this exact name" with a "Start the User:Tenebre.Rosso.Sangue995320/Whatever page" link. Click the link and off you go. RoySmith (talk) 16:51, 3 January 2025 (UTC)[reply]

Thank you! Tenebre_Rosso_Sangue, Editing with SSStyle! (talk) 16:55, 3 January 2025 (UTC)[reply]

As an alternative, you could put a link on your user page that looks like [[/whatever]]. That'll show up as a redlink. Click it and you'll be in the same place you were before. RoySmith (talk) 16:57, 3 January 2025 (UTC)[reply]

As English WP is coming up to this in a few days - are preparations being made?

Who are the longest serving Wikipedians (ie contributing regularly enough to be so considered)? A check shows there are presently 156 members of the Wikipedia:Twenty Year Society (and, I assume, some more who do not choose to join or are unaware of it), so the 25 year equivalent will be smaller still (and the various higher-year groups always will so be, and increase more slowly than the shorter timespan ones). Jackiespeel (talk) 13:31, 4 January 2025 (UTC)[reply]

With the caveat that the account creation info stored in the database may not be accurate for the oldest accounts (as I understand it, they may be even older if they transitioned from the pre-MediaWiki software, or the information might be blank), see Wikipedia:Database reports/Active editors with the longest-established accounts for a list of the oldest accounts who have made an edit in the last 30 days. isaacl (talk) 18:54, 4 January 2025 (UTC)[reply]

We're coming up to our 24th anniversary ... Graham87 (talk) 14:38, 5 January 2025 (UTC)[reply]

The 25th anniversary is in a year, Wikipedia was founded in 2001. QuicoleJR (talk) 16:58, 8 January 2025 (UTC)[reply]

I'm trying to fill out a list of "year in review" publications and I'm finding it difficult. I wanted to reach out and see if anyone knows any sources that come out annually (whether discontinued or still in publication) that summarize the previous year in a given field. The list so far is at Wikipedia:WikiProject Years/Resources and I'd really appreciate any suggestions or additions so we can get more scholarly and high quality sources on articles about years. Thebiguglyalien (talk) 02:01, 5 January 2025 (UTC)[reply]

I wonder if Annual Reviews (publisher) covers what you want. WhatamIdoing (talk) 02:52, 8 January 2025 (UTC)[reply]

I checked a few and there are a lot of articles about different subjects like you'd expect in a journal, but it doesn't look like they have anything to the effect of "here are the main takeaways/developments from this year". Thebiguglyalien (talk) 18:14, 8 January 2025 (UTC)[reply]

There’s a French series of this I’ve encountered but I’m not sure how useful that would be. PARAKANYAA (talk) 17:30, 8 January 2025 (UTC)[reply]

Depends on what it covers. If it's comprehensive and covers a global scope, that would be incredibly useful. If it's specifically about France, I'm also interested in finding some that are country-specific for articles like 2010 in France. Thebiguglyalien (talk) 18:16, 8 January 2025 (UTC)[reply]

This user's contributions are very strange. He only adds references to food articles, always recipes from the same website. In fact, I think he writes the recipes himself, since both the recipes and the user are E. Joven. I don't want to accuse anyone, but it also seems suspicious to me. He sometimes replaces pre-existing references with his own. How do I know if this user uses Wikipedia for self-promotion? The user: Emjoven – El Mono 🐒 (es.wiki account) 05:54, 6 January 2025 (UTC)[reply]

Please provide links to examples. Thanks. PamD 07:03, 6 January 2025 (UTC)[reply]

The links are to a site which says it's run by Ed Joven. The wiki account name is Emjoven. This one's not hard to figure out. RoySmith (talk) 16:57, 6 January 2025 (UTC)[reply]

I've reverted the most recent additions (in places where there was already at least as good a ref) and replacements. Largoplazo (talk) 17:27, 6 January 2025 (UTC)[reply]

And where do I ask questions like this? Another Wiki User the 3rd (talk) 16:39, 7 January 2025 (UTC)[reply]

Hey there @Another Wiki User the 3rd. You can ask simple questions like this at the WP:TEAHOUSE if you want. As for the requirements to run as a candidate in the yearly arbcom elections, there's surely a list of official requirements somewhere on one of the WP:ACE pages. I'd highly recommend becoming an admin first though, and the practical minimum edit count for becoming an admin based on who has passed recently is around 8,000 edits. Hope this helps. –Novem Linguae (talk) 16:43, 7 January 2025 (UTC)[reply]

WP:HELPDESK and WP:TEAHOUSE are probably better venues for questions like that. Wikipedia:Arbitration Committee Election/Rules covers your question, Candidates: Registered account with 500 mainspace edits that is not prevented from submitting their candidacy by a block or ban, meets Foundation's Access to nonpublic personal data policy, and has disclosed alternate accounts (or disclosed legitimate accounts to Arbcom). Arbitrators may not serve as members of either the Ombuds Commission or the WMF Case Review Committee while serving as arbitrators. Withdrawn or disqualified candidates will be listed in their own section on the candidates page unless their candidate page can be deleted under WP:G7. ScottishFinnishRadish (talk) 16:43, 7 January 2025 (UTC)[reply]

Not sure where to post this, or whether I'm overreacting, but I find this recent article by The Forward very concerning. Scoop: Heritage Foundation plans to ‘identify and target’ Wikipedia editors. It outlines how the Heritage Foundation is going to (or is already) attempting to identify editors who are 'abusing their position' by publishing content the group believes to be antisemitic. Methods of identification include:

• facial recognition software (not sure how this would work, considering most don't post their faces here) and a database of hacked usernames and passwords
• creating fake accounts to lure editors into revealing personal information or clicking malicious tracking links
• checking for resuse of usernames/passwords in breached databases
• more found in their slideshow for this [2]

ARandomName123 (talk)^{Ping me!} 23:28, 7 January 2025 (UTC)[reply]

May I suggest only clicking those two external links if you have a VPN on. They are very clear in these documents that they plan to harvest Wikimedian IP addresses using bait links that they control. –Novem Linguae (talk) 23:57, 7 January 2025 (UTC)[reply]

Actually, I think those two links are to the newspaper that did the investigative reporting, rather than the Heritage Foundation. So not as risky as I thought. –Novem Linguae (talk) 00:10, 8 January 2025 (UTC)[reply]

Yes, those links point to the website of The Forward, a 127-year-old publication known in Yiddish as פֿאָרווערטס and formerly known in English as The Jewish Daily Forward. Definitely not a Heritage Foundation property! Largoplazo (talk) 03:09, 8 January 2025 (UTC)[reply]

True, but to be fair to the Heritage Foundation, The Forward also harvests "IP addresses using bait links that they control", the bait being interesting and informative articles by sensible reporters. Sean.hoyland (talk) 09:11, 8 January 2025 (UTC)[reply]

Suspected IP-grabber domains are eligible for the m:Spam blacklist (and the local one as well). Suspicious links can be opened with tools like https://urlscan.io/. Make sure your password is long, strong, and unique, and if you don't have access to two-factor authentication you can request it at m:SRGP. You should also use a Wikipedia-specific (or at least Wikipedia-identity-specific) email address. This advice also applies to other places where you talk about Wikipedia or use the same identity. If you see something suspicious, report it to an administrator/functionary/steward/arb/etc. AntiCompositeNumber (talk) 00:41, 8 January 2025 (UTC)[reply]

Maybe all this should also be noted in a more visible place like WP:AN? (I have now done so). Clovermoss🍀 (talk) 04:08, 8 January 2025 (UTC)[reply]

Here's the deal, they don't plan on throwing the malicious links in (only) contentious articles. They are going to identify "targets", and then edit other topics the "targets" are interested in. That is when the bad sources will enter pages with fewer watchers (to discern which GET to associate with the suspected user).

Potential targets should click links on one device with a vpn, and edit on a different device.

This isn't new, one of our CUs had to step down because they were doing the same to try to catch UPE a few years ago, and I assume other groups have been doing so for awhile. 166.205.97.61 (talk) 06:51, 8 January 2025 (UTC)[reply]

I was thinking that they were probably going to pose as editors on talk pages, and engage in debates where'd they post links, partially hidden like this: AP News, which looks like it goes to an AP News site, which would be common on these sort of talk pages, but actually goes to example.com. (replacable with a tracking link). Most editors wouldn't think to hover over it to check the address. ARandomName123 (talk)^{Ping me!} 16:39, 8 January 2025 (UTC)[reply]

• If they're going to be using domains they control for this, should we start adding Heritage Foundation domains to the spam blacklist? This might require going to WP:RSN to deprecate their website, which is currently used on 5000 pages and is probably deprecable on its (dis-)merits in the first place. A few of their other domains are listed on the library of congress page for them. That wouldn't prevent them from creating additional honeypot domains, of course, but I don't see how we can continue to link to their website if they're using it in this manner. --Aquillion (talk) 13:28, 8 January 2025 (UTC)[reply]

  It would be safe to assume that their main domains would also participate in the cookie tracking, especially seeing as it is so heavily linked. I agree that their known domains should be deprecated as likely malicious. 166.205.97.61 (talk) 15:52, 8 January 2025 (UTC)[reply]

  Heritage Foundation seems to be making not only a threat against our WP:NOTCENSORED policy, but threatening retribution against wikipedia editors for building consensus on perrenial source reliability. I think blacklisting HF domains, and any subsequent honeypot domains is a sensible idea Bejakyo (talk) 17:10, 8 January 2025 (UTC)[reply]

Sigh. Nice work by Forward. Sean.hoyland (talk) 05:45, 8 January 2025 (UTC)[reply]

@AntiCompositeNumber that is a useful site, I revert a lot of spam 'cunningly disguised' as a genuine link.

I'm in the UK. Honestly, if they want my ip they can have it. I'm moving soon lol. Knitsey (talk) 08:02, 8 January 2025 (UTC)[reply]

I'm not familiar with US law, but is something like creating fake accounts to lure editors into revealing personal information or clicking malicious tracking links legal? Nobody (talk) 09:19, 8 January 2025 (UTC)[reply]

@1AmNobody24 I'm wondering if those companies, proudly displayed at the end of the document, are aware of their connection with this 'plan'? Knitsey (talk) 09:28, 8 January 2025 (UTC)[reply]

Yeah, I just had to re-read Phishing to make sure it's definition hadn't changed... Nobody (talk) 09:31, 8 January 2025 (UTC)[reply]

Honestly I don't want to wait on US law to (maybe) protect our editors. We should be proactively blocking Heritage Foundation domains from interacting with en.wp using whatever means are necessary. Simonm223 (talk) 14:31, 8 January 2025 (UTC)[reply]

Considering they're the people behind Project 2025, and Trump is coming to power, I do not have too much trust in relying on US law. ARandomName123 (talk)^{Ping me!} 16:19, 8 January 2025 (UTC)[reply]

I'm not worried for myself - I edit with my real name and am pretty sure I have freely given away enough information to enable anyone to distinguish me from anyone else who shares my name - but I'm worried for those who live under more repressive regimes. Some of those are in prison because of what they have said on Wikipedia, and many live under regimes that the Heritage Foundation would be vehemently opposed to. Phil Bridger (talk) 14:33, 8 January 2025 (UTC)[reply]

Yeah kind of the same situation here. While my username is not directly my personal name it's the same one I use on literally all platforms and is easily connected to my real-world identity. I don't consider myself as an anonymous editor. But we do need to protect anonymous editors. And not just in what we conventionally see as "repressive regimes" either. I'd say that there are considerable threats to the safety of anonymous editors in the United States from such a mass dox. Simonm223 (talk) 14:36, 8 January 2025 (UTC)[reply]

On the contrary, this doxxing campaign, apparently led by a former FBI agent and organized by a US-based organization, is specifically targeting editors in the Palestinian-Israeli conflict topic area, who are likely to face threats from the "democratic" regimes of the western world, namely those with expansive antisemitism definitions and where anti-Palestinian sentiment is rampant among the media, political and corporate class. It is the editors based there who everyone should be worried about. Makeandtoss (talk) 15:07, 8 January 2025 (UTC)[reply]

Sigh, take caution North American editors, you will need to arm up & watch your backs with these people. There's a clear agenda being pushed to shut down those who would combat disinformation / advocate fact checking, and that's either via ballot box or the ammo box. TheTechLich (talk) 15:28, 8 January 2025 (UTC)[reply]

Arming individual Wikipedians does not seem like a particularly effective response to what is being threatened here. _signed, Rosguill ^talk 16:35, 8 January 2025 (UTC)[reply]

Arming the community with information is more our schtick. "Be afraid!" may work for click media, but a check at RSNP is always a wiser place to start. BusterD (talk) 17:55, 8 January 2025 (UTC)[reply]

With regards to the facial recognition software, it is probably simple enough to run it through the many meetup photos we conveniently provide and categorize on Commons, sometimes even helpfully linking faces to usernames and perhaps even real names already. CMD (talk) 15:46, 8 January 2025 (UTC)[reply]

I'm sure these guys are not totally clueless, but probably best if we don't give them any ideas they hadn't allready thought of. RoySmith (talk) 15:52, 8 January 2025 (UTC)[reply]

I considered that, but this one seems obvious enough for them given facial recognition is already mentioned in their document, and yet also probably something worth making editors more aware of. CMD (talk) 15:58, 8 January 2025 (UTC)[reply]

Maybe it isn't a good idea to match those faces to usernames? QuicoleJR (talk) 16:56, 8 January 2025 (UTC)[reply]

• My real name is Pat Sajak and I live in LA. GMG^talk 15:54, 8 January 2025 (UTC)[reply]

  Negative, I am a meat popsicle. ScottishFinnishRadish (talk) 15:57, 8 January 2025 (UTC)[reply]

  Easy there fuzzy little man-peach. Ever drunk Baileys from a shoe? TheTechLich (talk) 16:04, 8 January 2025 (UTC)[reply]

  I'm Old Gregg! Lewisguile (talk) 17:28, 8 January 2025 (UTC)[reply]

A range block is in order, at the very least, lets be preventative. Slatersteven (talk) 15:57, 8 January 2025 (UTC)[reply]

• The report says that they're going to use a "database of hacked usernames and passwords". Do we know whether this is from other websites who have been hacked, or whether there's been a data breach at Wikipedia itself? ARandomName123 (talk)^{Ping me!} 16:21, 8 January 2025 (UTC)[reply]

  There is also a possibility they're making at least some shit up. Gråbergs Gråa Sång (talk) 16:23, 8 January 2025 (UTC)[reply]

  Yes, or it's sloppy reporting. As far as I can see it's the only place where passwords are mentioned. Phil Bridger (talk) 16:28, 8 January 2025 (UTC)[reply]

  The combination of malicious tracking links (fairly clever) and facial-recognition technology (rather useless for what they're trying to do here) suggests that they have some people who know what they're doing, but that their leadership (or at least their communications lead) is easily fooled by buzzwordy tech and has no idea what they're doing. _signed, Rosguill ^talk 16:32, 8 January 2025 (UTC)[reply]

  It's a pitch deck to potential donors who are presumably not super tech savvy, so things were probably kept simple and buzzy to both not overwhelm an be attractive. -- Patar knight - ^chat/_{contributions} 16:35, 8 January 2025 (UTC)[reply]

  Sure, but it seems like a red flag that facial recognition technology is anywhere near the slide deck. They may as well threaten us with "the blockchain". _signed, Rosguill ^talk 16:38, 8 January 2025 (UTC)[reply]

  I don't think that's right. If they can use facial recognition successfully to de-anonymize an editor they may be able to use various pressure tactics against that editor. I think their goal, whether through facial recognition and tracking links is to de-anonymize. They will meet with varying success but I definitely can imagine (with one way already listed above) ways facial recognition could be a threat to otherwise anonymous editors. Best, Barkeep49 (talk) 16:50, 8 January 2025 (UTC)[reply]

  My sense is that the overlap between editors that they are trying to de-anonymize and editors that can be meaningfully linked to images of themselves is near zero. _signed, Rosguill ^talk 16:53, 8 January 2025 (UTC)[reply]

  The plan is to learn enough about "targets" through web tracking and comparison to stolen user data to identify potential Facebook or Twitter accounts. They will then attempt to match personality profiles of editors with what they learn from these other sources - including pictures. 166.205.97.61 (talk) 17:07, 8 January 2025 (UTC)[reply]

  It would not be particularly difficult to see if someone's username is also their email, if an email is listed on their userpage, or to obtain an email if they reply to a Wikipedia email (IIRC your email is kept anonymous as long as you do not reply) and then comparing that to emails in publicized data breachs and trying any associated passwords. People should be checking https://haveibeenpwned.com/ and/or using any in-built tools for this in their password managers to see if this might apply to them and changing passwords as required. -- Patar knight - ^chat/_{contributions} 16:30, 8 January 2025 (UTC)[reply]

  Also, editors should not respond to Wikipedia emails that look like spam or nonsense out of politeness (e.g. "I think you have the wrong email?") if they want to be extra cautious. -- Patar knight - ^chat/_{contributions} 16:33, 8 January 2025 (UTC)[reply]

  Also, editors can choose to reply on someone's User talk page instead of replying by email. FactOrOpinion (talk) 18:21, 8 January 2025 (UTC)[reply]

Are T&S aware of this? Ymblanter (talk) 16:30, 8 January 2025 (UTC)[reply]

Do they have an on-WP "place"? Gråbergs Gråa Sång (talk) 16:33, 8 January 2025 (UTC)[reply]

An email was sent by RoySmith a couple minutes ago, see the phab task. ARandomName123 (talk)^{Ping me!} 16:36, 8 January 2025 (UTC)[reply]

Yes, I've already informed them of it. GorillaWarfare (she/her • talk) 19:57, 8 January 2025 (UTC)[reply]

• Is there a way to poison link harvesting? Horse Eye's Back (talk) 16:47, 8 January 2025 (UTC)[reply]

  Click through using a different device on a vpn. Send various other IPs through to muddy the waters. Realistically, if they create a fake publisher with a fake book about an obscure topic that they think a "target" will argue about, only a few hits will exist to the link, and the IP of the editor will be exposed. Wikipedia really should provide a proxy that disables Javascript when clicking through to links. This would hide all editor IPs. 166.205.97.61 (talk) 17:10, 8 January 2025 (UTC)[reply]

  I like the idea of being able to open links through wikipedia so to speak. Horse Eye's Back (talk) 17:20, 8 January 2025 (UTC)[reply]

I think we should put a note about this on T:CENT to make more people aware. QuicoleJR (talk) 17:49, 8 January 2025 (UTC)[reply]

It's on Jimbo's talk, AN, ANI and VP(m). T:CENT seems way overboard at this point. BusterD (talk) 17:58, 8 January 2025 (UTC)[reply]

Is there any essay with tips to protect anonymity/privacy on wikipedia? I know about WP:OUTING but proactive tips could also be helpful. In general, don't think this heritage slide deck is that useful and unlikely to work, but after other similar issues (see the Asian_News_International#Wikimedia Foundation case), it would be nice if we have useful tips to make sure bad actors can't target folks who wanna keep their wikipedia lives separate from their other life. Bluethricecreamman (talk) 16:54, 8 January 2025 (UTC)[reply]

@Your Friendly Neighborhood Sociologist has a good section on her user page User:Your_Friendly_Neighborhood_Sociologist#OPSEC Meluiel (talk) 16:59, 8 January 2025 (UTC)[reply]

(edit conflict)The problem with that would be that bad actors could read it too to work out ways round it. Personally I work on the principle that anyone determined enough can find out who I am anyway so I don't even try to be anonymous, but I understand why that doesn't work for everyone. Phil Bridger (talk) 17:02, 8 January 2025 (UTC)[reply]

Same here, if they can be arsed they will manage it. Especially (referring back to the India crap) if you have a government on your side. Slatersteven (talk) 17:15, 8 January 2025 (UTC)[reply]

Yes, making it more difficult at an individual level to identify you makes it more difficult, and therefore costly, at a global level to identify editors. Best, — Jules* ^talk 19:13, 8 January 2025 (UTC)[reply]

I think an important thing to understand here is that the baseline risk of being outed, even if you do absolutely everything right, is higher than a lot of people realize. There are over 100 volunteers with the ability to view your IP, and an order of magnitude more who pose subtler but equally dangerous risks that I won't get in to. All of these people are vulnerable to bribery, coercion, threats, deceit, and violence, same as anyone else. Now, a difference here is that most of those attack vectors are actual felonies in the US. Heritage, despite its willingness to engage in mustache-twirling levels of evil scheming, probably does not want to have its people go to prison, and get its own corporate veil pierced. They do have that reference to cracking accounts, which is a crime, but it's not clear how serious they are about it; they could also mean it in the sense of not cracking but correlation attacks, e.g. matching a username to someone's Facebook URL. But most of what they're talking about is, essentially, the maximally invasive strategy that doesn't blatantly violate any criminal laws.

There are people out there who don't give a fuck about violating criminal laws. Because they're ideologues, because they're unstable, because they're foreign agents, whichever. There is no way to mitigate that risk. Even completely abandoning the system of volunteer access to private information would just reduce the risk, not make it go away. So people who are reading this news and are really scared, who are thinking "My life would be over if I got outed like this", should understand that even if we came up with technical steps to mitigate every idea Heritage has, their IP is still no more secure than the weakest link in the entire cross-wiki system of privileged accounts, and that's not something we can fix, because vulnerability to money, lies, and violence is a bug in human.exe, not in MediaWiki. Remember that Wikipedia:How to not get outed on Wikipedia offers only two 100% effective strategies: Out yourself, or don't edit. Anything else is taking a gamble. -- Tamzin^{[cetacean needed]} (they|xe|🤷) 17:59, 8 January 2025 (UTC)[reply]

@Tamzin, maybe the strategy all along, is to scare people into abandoning editing Wikipedia? All they need to do is produce a low quality PDF, throw in a bunch of scare quotes, link to their partners that will help them dox, and bobs your uncle. Job done. They could even open some throw away accounts and make it obvious they are trying to trap people, without actually doing any trapping. Knitsey (talk) 19:41, 8 January 2025 (UTC)[reply]

This may be useful. Wikipedia:Personal security practices Ckoerner (talk) 19:31, 8 January 2025 (UTC)[reply]

Also see meta:Wikimedia Foundation/Legal/Community Resilience and Sustainability/Human Rights/Digital Security Resources. GorillaWarfare (she/her • talk) 19:58, 8 January 2025 (UTC)[reply]

Some more media:

• Wikipedia Won't Let Elon Musk Fluff His Resume. Heritage Foundation Will Help By Terrorizing The Editors.
• The People Behind Project 2025 Want to Reveal the Identities of Wikipedia Editors Gråbergs Gråa Sång (talk) 19:29, 8 January 2025 (UTC)[reply]