User:LuciferianThomas/沙盒/Wikipedia:2021年基金會針對中文維基百科的行動

Hello everyone,

I’m Maggie Dennis, the Wikimedia Foundation’s Vice President of Community Resilience & Sustainability.^[1] I’m reaching out to you today to talk about a series of actions the Foundation has recently taken to protect communities across the globe.

I apologize in advance for the length and the ambiguity in certain areas. These are complicated issues, and I will try to summarize a lot of what may be unfamiliar information to some of you succinctly. I will answer questions to the best of my ability within safety parameters, and I will be hosting an office hour in a few weeks where I can discuss these issues in more depth. We’re currently getting that set up in regards to availability of support staff and will announce it on Wikimedia-L and Meta as soon as that information is prepared.

Many of you are already aware of recent changes that the Foundation has made to its NDA policy. These changes have been discussed on Meta, and I won’t reiterate all of our disclosures there,^[2] but I will briefly summarize that due to credible information of threat, the Foundation has modified its approach to accepting “non-disclosure agreements” from individuals. The security risk relates to information about infiltration of Wikimedia systems, including positions with access to personally identifiable information and elected bodies of influence. We could not pre-announce this action, even to our most trusted community partner groups (like the stewards), without fear of triggering the risk to which we’d been alerted. We restricted access to these tools immediately in the jurisdictions of concern, while working with impacted users to determine if the risk applied to them.

I want to pause to emphasize that we do not mean to accuse any specific individual whose access was restricted by that policy change of bad intent. Infiltration can occur through multiple mechanisms. What we have seen in our own movement includes not only people deliberately seeking to ingratiate themselves with their communities in order to obtain access and advance an agenda contrary to open knowledge goals, but also individuals who have become vulnerable to exploitation and harm by external groups because they are already trusted insiders. This policy primarily served to address the latter risk, to reduce the likelihood of recruitment or (worse) extortion. We believe that some of the individuals impacted by this policy change were also themselves in danger, not only the people whose personal information they could have been forced to access.

Today, the Foundation has rolled out a second phase of addressing infiltration concerns, which has resulted in sweeping actions in one of the two currently affected jurisdictions. We have banned seven users and desysopped a further 12 as a result of long and deep investigations into activities around some members of the unrecognized group Wikimedians of Mainland China.^[3] We have also reached out to a number of other editors with explanations around canvassing guidelines and doxing policies and requests to modify their behaviors.

When it comes to office actions, the Wikimedia Foundation typically defaults to little public communication, but this case is unprecedented in scope and nature. While there remain limits to what we can reveal in order to protect the safety and privacy of users in that country and in that unrecognized group, I want to acknowledge that this action is a radical one and that this decision was not easily made. We struggled with not wanting to discourage and destroy the efforts of good faith users in China who have worked so hard to fight for free and open knowledge, including some of those involved in this group. We do not want them to fear that their contributions are unwelcome. We also could not risk exposing them to danger by doing nothing to protect them after we became aware of credible threats to their safety.

While some time ago we limited the exposure of personal information to users in mainland China, we know that there has been the kind of infiltration we describe above in the project. And we know that some users have been physically harmed as a result. With this confirmed, we have no choice but to act swiftly and appropriately in response.

I take it as both a triumph and a challenge that in the years of my own involvement I have seen Wikimedia go from a suspect non-mainstream website to a highly trusted and widely relied upon source across the world. When I first started editing the projects in about 2007, I already believed Wikimedia had the capacity to be one of the greatest achievements of the world — collective knowledge, at your fingertips. What an amazing gesture of goodwill on the part of all of its many editors. It didn’t take me long after I started editing to realize how entrenched the battles could be over how to present information and how that can be exploited to achieve specific ends. I’m not trying to suggest that I was astonishingly prescient; I think there were many who realized that risk long before I stumbled naively on the scene. I do think that the risk is greater than ever now, when Wikimedia projects are widely trusted, and when the stakes are so high for organized efforts to control the information they share.

Community “capture” is a real and present threat. For years, the movement has been widely aware of challenges in the Croatian Wikipedia, with documentation going back nearly a decade. The Foundation recently set up a disinformation team, which is still finding its footing and assessing the problem, but which began by contracting an external researcher to review that project and the challenges and help us understand potential causes and solutions for such situations.^[4] We have also recently staffed a human rights team to deal with urgent threats to the human rights of communities across the group as a result of such organized efforts to control information. The situation we are dealing with today has shown me how much we need as a movement to grapple with the hard questions of how we remain open to editing by anyone, anywhere, while ensuring that individuals who take us up on that offer are not harmed by those who want to silence them.

With respect to the desysopping, we hope to connect with the international Chinese language community in the near future to talk about approaches to elections that avoid the risk of project capture and ensure that people are and feel safe contributing to the Chinese language Wikipedia. We need to make sure that the community can hold fair elections, without canvassing or fraud. We hope that helping to establish such a fair approach to elections will allow us to reinstate CheckUser rights in time.

I want to close this message by noting that I am personally deeply sorry to those of you for whom this will be a shock. This will undoubtedly include those who wonder if they should fear that their personal information has been exposed (we do not believe so; we believe we acted in time to prevent that) and also those who fear that further such bold action is in the works which may disrupt them and their work and their communities (at this point, with this action, we believe the identified risks have been contained in the short to medium term). I am also truly sorry to those communities who have been uneasy in the shadow of such threats for some time. The Foundation continues to build our capacity to support every community that wants or needs its support - and we are still learning how to do so well when we do. One of the key areas we seek improvement is in our ability to understand our human rights impact and in our ability to address those challenges. You have not had the service you’ve deserved. We can’t fix things immediately, but we are working to improve, actively, intentionally, and with focus.

To the 4,000 active Chinese language Wikimedians distributed across the world and serving readers in multiple continents,^[5][6] I would like to communicate my sorrow and regret. I want to assure you that we will do better. The work you do in sharing knowledge to Chinese readers everywhere has great meaning, and we are committed to supporting you in doing this work into the future, with the tools you need to succeed in a safe, secure, and productive environment.

Again, I will answer what questions I can, also relying on the support of others in Legal and perhaps beyond. We’re setting up a page on Meta to talk, and I will be hosting an office hour in coming weeks.

Best regards, Maggie Dennis (WMF) (talk) 16:13, 13 September 2021 (UTC) Maggie

1. ^ Community Resilience and Sustainability
2. ^ Talk:Access to nonpublic personal data policy § Policy adjustment on behalf of Legal
3. ^ Wikimedians of Mainland China
4. ^ m:Croatian Wikipedia Disinformation Assessment-2021
5. ^ https://stats.wikimedia.org/#/zh.wikipedia.org
6. ^ https://stats.wikimedia.org/#/zh.wikipedia.org/reading/page-views-by-country/normal%7Cmap%7Clast-month%7C(access)~desktop*mobile-app*mobile-web%7Cmonthly

1. When was the Foundation aware of this risk and how long has this lasted?

   While we have received related questions, complaints, and concerns from other volunteers dating back to at least 2017, we have been investigating these concerns very seriously for nearly a year, as it became obvious that some early interventions by community members were not going to resolve the issue safely.

2. What is the connection between the NDA Policy Change and the recent Office Actions?

   The non-disclosure agreement (NDA) policy adjustment suspended recognition of NDAs from volunteer applicants who live in jurisdictions that have blocked access to Wikimedia projects and where there was reason to believe that the domicile associated with the user accounts were known to others than the individual applicant(s) and the Foundation. This was necessitated by recent world events triggered by credible information about a more focused security threat to the Wikimedia community that placed multiple volunteers at risk.

   The security risk related to information about infiltration of Wikimedia systems, including positions with access to personally identifiable information and elected bodies of influence. This meant that we could not pre-announce our action, without fear of triggering the risk to which we had been alerted. We restricted access to these tools immediately in the jurisdictions of concern, while working with impacted users to determine if the risk applied to them. This is because not all individuals whose access was restricted by that policy change, had bad intent.

   The policy change was a first step to address the immediate needs of keeping the community safe. The second step was to get in touch with the impacted users and to work with the Stewards to enact the preferences expressed by impacted accounts in response to individual non-public outreach.

   Only after this immediate step to close this security gap was complete did we commence to conclude the investigations into individual community members who may have been involved. The two actions are related in many ways, but not in every point. The Chinese investigation precedes that security risk review and response and does have issues that go beyond it.

3. Has private information of community members been exposed?

   We have no evidence that any technical breach occurred. The first action on changing the NDA policy was intended to prevent technical access to private information about other users by those who could be easily identified, located, and exploited whether by state actors or others with an interest in controlling information. Since our software tracks when such information is accessed, we do not have any reason to believe that this information was accessed in such a manner.

   There is always a question of how much information volunteers release themselves to other volunteers, including over private email and in meet-ups. I wish we lived in a world where everyone could be taken at face value and good intentions trusted, but while “assume good faith” is a key approach to working in Wikimedia communities, it does not and should not immediately extend to sharing personal information. In the near future, I hope we will be able to increase our collective work towards helping people better understand the risks of what they share and with whom and how to manage their private information safely in a digital environment. In the meantime, I would encourage every Wikimedian who is concerned about their own security to drop by the Voices Under Threat page on Meta: https://meta.wikimedia.org/wiki/Voices_under_Threat. This page collects some resources that may help.

4. Is the community allowed to hold RfAs for those removed of their advanced rights? Is reformation of the RfA system required (compulsory) for holding future RFAs, including or at least for those who were desysopped?

   The individual desyoppings took place for a number of reasons, including evidence of biased elections where individuals were pressured (sometimes with off-wiki threats on QQ and other platforms) to vote as they did and evidence of misuse of administrative tools to support the aims and activities of some of the banned members of the group. Activities include doxing, harassment, sharing accounts, and off-wiki coordination. However, it is not always clear how much these individuals knew or understood about what some of the members of that group were doing, and the Foundation does not object under the Secondary Office Actions provision of the Office Action Policy, on removal of advanced rights, to the community determining to fairly re-elect them. Considering that evidence evaluated of the groups’ activities includes physical coercion of volunteers who opposed the group, we do believe it would be better for the community to reform the RfA system first, but in the meantime we are prepared to support by reviewing any such elections against the patterns observed in prior elections.

5. Were users affected by the NDA policy change ultimately able to recover their accounts?

   Yes, although I am not sure if that process is fully complete. Given the nature of the threat, we felt it best secured the safety of the communities and the users themselves to shut down their access on the server-side while we contacted them individually. All users were offered the option to remove their access on their own accord, and some did so. Some users wished to request an appeal of the revocation of their NDA, and our Legal staff have been reviewing those appeals with the support of Trust & Safety to determine if higher levels of access could be restored. User accounts have been unlocked as their access has been formally withdrawn (either through self-request or Foundation process) or as their NDA appeal has been successful.

   In anticipation of the question, we do not intend to name the users whose appeals were successful. Doing so could increase the jeopardy of these individuals. They are welcome, of course, to identify themselves, but I would encourage them to consider whether they can do so safely, based on their own risk profiles.

   I am also not going to discuss the individuals whose access was removed by the NDA policy change except to note that their removal is not under a cloud.

6. The WMCUG still hosts public events, including editathons and news services as some globally banned user(s) are currently in control of WMCUG along with off-site social media platforms like QQ text channels. Should these organizations be removed from on-site exposure as long as they are still in control of such users to comply with global bans?

   This is a hard question, and I suspect I will not answer it perfectly. The Foundation has engaged in trust & safety activities for years, not all of which receive universal community support. Some do; some are very controversial. Years ago, in the face of a ban that was controversial in one community, the Foundation adopted a policy that users who edit by “proxy” on behalf of Foundation banned accounts may also be banned. Typically, we try to warn people, but it depends on the risks inherent in the situation at hand.

   It is not our current intention to eliminate the on-site page for WMCUG, although I do believe that it will be necessary for us to consider as a movement some of the hard questions around the formation of informal groups. These are allowed, and in my opinion that is a very good idea. It lowers the barrier to participation and organization. It can, however, raise concerns about misuse if such an informal group uses Wikimedia’s sites to suggest to others that they are recognized and authorized in ways they are not.

   It is our hope that the remaining editors of WMCUG, including those warned, will take heed of this action and reconsider how they work with others in our communities collaboratively. In some cases, we believe some users may not have been fully aware of what was going on. I strongly suspect that some users may need a period of time to reflect on these actions and determine how they can best move forward with the goals of the movement without the problems of the past.

   As to the user group pages, we will continue to watch the ones on our sites to understand if action is necessary if they seem to misrepresent their affiliation or to be proxying for banned users.