Wikipedia talk:Open proxies/Archive 2

Let's determine what we agree on.
Is there consensus that softblocking open proxies is an acceptable precaution? -Amarkov moo! 19:41, 26 July 2007 (UTC)
 * Until 9862 can be somehow implemented, soft-blocking is fine with me&mdash;not as status quo, but as volatile practice. However, I suggest that we leave certain open proxies hard-blocked, e.g. web accelerators. Soft-blocking won't last forever (at least I hope not). Grace notes T § 20:37, 26 July 2007 (UTC)
 * Well, yes, certain proxies should probably be hardblocked. I'm just trying to see if there's agreement that they should at least be softblocked. -Amarkov moo! 23:26, 26 July 2007 (UTC)


 * Yes, softblocking (blocking anonymous users) open proxy IPs is sensible. Fnagaton 08:55, 27 July 2007 (UTC)


 * Agreed. You should at least have to be editing from an account to edit with a proxy. -- The_socialist talk? 10:05, 27 July 2007 (UTC)
 * I absolutely agree we should softblock proxies. Allowing anonymous editing that way would be a nightmare. Seraphimblade Talk to me 10:07, 27 July 2007 (UTC)
 * I agree, softblock with account creation enabled. &larr;BenB4 08:02, 4 August 2007 (UTC)

Softblock or hardblock?
Alright, let's get down to the next issue here. There seems to be significant disagreement on whether open proxies should be softblocked or hardblocked. (For those not familiar with the terminology, a softblock only prohibits anonymous editing through an IP, but allows registered accounts to edit from the blocked IP address, while a hardblock prevents any editing from the IP at all, including from a registered account). Currently, addresses found to be proxies are hardblocked. For quite some time, it was a softblock that was used. There are several issues raised here: I think these issues do need to be addressed, and that there are points on both sides. In the end, we've got to do one or the other, so which shall we do and why? Seraphimblade Talk to me 08:30, 4 August 2007 (UTC)
 * Softblocking may allow banned users or sockpuppeteers the ability to use proxies to help in evading detection.
 * Softblocking may also allow vandalbots to cycle through pre-created accounts and proxies to vandalize.
 * Hardblocking prevents many good or potentially good editors from editing, including all of China and many editors from other parts of the world who cannot or will not edit without anonymity.
 * Hardblocking any IP creates a much more significant risk of collateral damage to innocent users, especially if the blocked proxy is a compromised machine on a dynamic IP. This is especially true since proxy blocks are often long or even indefinite ones on IP addresses.


 * Softblock all, hardblock vandal and sockpuppet IPs to the extent possible without causing detriment to users in good standing. Do not hardblock or ban users in good standing editing from open proxies; privacy is a fair enough request and open proxies are necessary for those with extenuating political or social concerns. -- The_socialist talk? 08:52, 4 August 2007 (UTC)


 * Could you please add that to the policy? I live in Beijing, the proxies I use get hardblocked constantly, and several administrators at the English Wikipedia refuse to convert those into softblocks, no matter if those proxies have been used by vandals or not. Some believe it's a matter of principle to hardblock open proxies. —Babelfisch 05:03, 8 August 2007 (UTC)
 * Working on it ;) -- The_socialist talk? 11:55, 13 August 2007 (UTC)


 * Softblock, with account creation disabled. To the extent softblocking lets vandalbots through to use existing accounts, it also lets us identify those accounts and permanently block the vandal accounts.  I think that is a net benefit.  The cost of hardblocking them, in loss to users with legitimate reason to use proxies for privacy protection, is too high to go with hardblocking.  With account creation disabled, they have to at some time register for an account on a non-proxy machine, but that is a one time risk and far less significant than the ongoing risk of editing only from non-proxy machines.  GRBerry 21:27, 8 August 2007 (UTC)
 * That would be true only if they could not keep creating accounts, which they can do easily via ordinary IPs and via open proxies that do not happen to have been blocked. For long-term abusers and vandalbots, soft-blocking open proxies is effectively equivalent to not blocking them at all. —Centrx→talk &bull; 22:57, 12 August 2007 (UTC)
 * And we can go on blocking the vandals' accounts just as easily. A negligible increase in vandalism is a small price to pay to let all of mainland China edit Wikipedia.-- The_socialist talk? 11:55, 13 August 2007 (UTC)
 * I wholeheartedly agree. &larr;BenB4 16:20, 13 August 2007 (UTC)
 * I also agree. I am not afraid to be identified by my account, but I would prefer that my account not identify *me*... so is anyone going to initiate a formal vote for consensus? LobStoR (talk) 04:51, 23 November 2007 (UTC)


 * I'm not sure whether or not account creation should be enabled, but definitely no hardblocks. The minimal harm we get from autoblocks not working (people could just get an ISP that cycles addresses each connection) is far outweighed by the benefit of getting people who can't edit without a proxy. -Amarkov moo! 00:30, 9 August 2007 (UTC)
 * Hardblock all that are easily accessible (like Tor), softblocking just invites sockpuppetry. Admins have no way of determining whether a proxy is used abusively or not, and we do not have enough checkusers to figure out how to do this. Kusma (talk) 11:09, 12 August 2007 (UTC)
 * It's really very easy to tell whether an open proxy is being used abusively: insist that those using such proxies edit from accounts.-- The_socialist talk? 11:52, 13 August 2007 (UTC)
 * As a non-checkuser admin, I have no way of determining whether an edit from a logged in user was made through an open proxy or not. I can only tell that for edits made while not logged in. Please explain how you can easily tell whether an open proxy is being used abusively. Kusma (talk) 12:01, 13 August 2007 (UTC)
 * Well, that's what checkusers are for in the first place. If you or I suspect an account linked to vandalism is from an open proxy, we can alert a checkuser who can tell us. Also/alternatively, we could require open proxy users to include a template on their userpage identifying themselves as such. In any case, it shouldn't get in the way of your blocking the account. A vandal is a vandal is a vandal. -- The_socialist talk? 12:24, 13 August 2007 (UTC)
 * Vandalism is easy to deal with (except in the case of vandalbots, who can't be effectively blocked if proxies are softblocked, as that overrides autoblocking). Less obvious abuse (ban evasion, sockpuppeteering to votestack etc.) is much harder to deal with, and it can become almost impossible if there is a large supply of non-hardblocked open proxies (killing our ability to use autoblock). Kusma (talk) 13:17, 13 August 2007 (UTC)
 * Yes, that's quite a problem. It's why a patch was submitted for 9862, and why one should be submitted for 6711 (among other reasons). Grace notes T § 16:15, 13 August 2007 (UTC)
 * Once ipblock-exempt is actually implemented here, and given out to editors who need it, I have no objection to hardblocking open proxies. But even if the patch is activated, I'm not convinced that people will give it to new users just because they must use proxies to edit. -Amarkov moo! 16:29, 13 August 2007 (UTC)
 * You're right, getting it to the editors who need it would be a serious problem. There'd have to be a big promotion for the patch and a willing staff of admins ready to spend their time assessing requests and doling out ipblock-exempt status. I'm not sure if I like this yet, because it seems to assume bad faith and put the burden of proof on those who are trying to help the project... but if there's a general consensus, we could do a trial of the patch, where we only softblock anonymous ips and try to set up a working request system with harblocks to follow once it's in place. I'm not clear if that's possible with the technology, though. -- The_socialist talk? 09:11, 14 August 2007 (UTC)
 * The ban on open proxies is a result of abuse and vandalism. If you think about it, had these IPs not been abused there would be no reason to block.  I kind of understand this discussion, since some proxy IPs are softblocked to allow legitimate users from countries who block access to edit.  VoL†ro/\/Force 16:34, 17 October 2007 (UTC)

Changed status
I have added the policy header, and updates the status to more accuratly reflect the situation. Navou banter 14:42, 13 August 2007 (UTC)
 * Is there actually a consensus about this? It seems to me that the supporters and detractors have been about equal in number in the last several sections of this talk page. &larr;BenB4 16:19, 13 August 2007 (UTC)
 * You may of course undo the change. I was unable to find the discussion changing it from policy to rejected or proposed.  Navou banter 16:27, 13 August 2007 (UTC)
 * I thought that was done after Jimbo suggested that we should reconsider it. But I see that the text has been replaced by the version from Meta. &larr;BenB4 21:15, 13 August 2007 (UTC)
 * There is no consensus about this page, and for that reason, it really shouldn't have the sense of authority a policy tag brings. It's plainly wrong to say that this policy has "wide acceptance among editors and is considered a standard that all users should follow." While "proposed" may be inaccurate, it is true that this page is "still...in development, under discussion, [and] in the process of gathering consensus." Someone with 1337 template skillz really ought to create a "Policy under review" template to accurately reflect situations like this one, where a previously-accepted policy faces strong, new criticism from a good section of the community, but until then, "proposed" is the best we can do. As per Navou's gracious statement, I'm going to undo his change and direct him to Pathoschild's talk page, where I responded to this question the first time it came up and this archived section of this-here talk page, where I first suggested the policy tag should be taken off. -- The_socialist talk? 08:58, 14 August 2007 (UTC)


 * Thesocialistesq does not have the authority to revoke policy. What matters here is not the amount of alleged supporters or detractors, but the fact that this is how Wikipedia works in practice.  &gt; R a d i a n t &lt;  11:21, 21 August 2007 (UTC)
 * Other than that, what exactly is the issue at hand here, other than the apparent fact that some people don't like some policies?  &gt; R a d i a n t &lt;  11:23, 21 August 2007 (UTC)
 * Jimbo has stated that he believes the policy is overbroad, and that we should work to find a way to allow editing from China, e.g., via Tor. Since the "some people" who don't like the current version include Jimbo and are numerous enough that there is clearly a lack of consensus, I endorse demotion from policy to proposal status. &larr;BenB4 11:58, 21 August 2007 (UTC)
 * Except that there's no such thing as "demotion" or as "proposal status". Please look up "proposal" in the dictionary; this page is not a "proposal".  &gt; R a d i a n t &lt;  12:51, 21 August 2007 (UTC)
 * If you'd have read what I said above, you'd have seen that I said the "proposed" tag is imperfect. Since there is no "under review" tag, however, it's the best reflection of the status of this policy. Also, no-one grants the "authority" to remove policy tags: it just happens when a policy no longer has "wide acceptance among editors." Anywhoo, hopefully we can solve the problem with discussion or technology or both soon and the point will be moot. -- The_socialist talk? 21:35, 21 August 2007 (UTC)
 * This policy is clearly not a proposal as has been explained to you in several ways. Which part are you proposing? -- zzuuzz (talk) 22:35, 28 August 2007 (UTC)
 * I have said a few times that this is not strictly a proposal. Neither is it a policy, though. Would you rather there were no tag? -- The_socialist talk? 06:40, 29 August 2007 (UTC)


 * The policy on blocking open proxies is very well established, and even has considerable consensus on this page - even among the detractors. What is at issue is whether they should be hard or soft blocks. This policy, when it was first drafted, used to say that editors were prohibited from using them (for not very sensible reasons - vandalism and attribution). Now it's been updated from the meta policy and says that there are occasions when people should be allowed to use them (that they shouldn't be penalised specifically for doing so). It's just that the IP they're using might be blocked at any time. That's the existing policy and practice, and that's what this page says. -- zzuuzz (talk) 12:29, 21 August 2007 (UTC)
 * Based on that, I'd suggest renaming it simply to Open proxies, to address the above concerns.  &gt; R a d i a n t &lt;  12:51, 21 August 2007 (UTC)
 * Perhaps explicitly stating that proxies should be soft blocked would more accurately address them. &larr;BenB4 13:00, 21 August 2007 (UTC)
 * I believe there is no consensus for that position. In particular there is considerable sockpuppetry through open proxies in addition to the usual vandalism. -- zzuuzz (talk) 13:11, 21 August 2007 (UTC)
 * When I asked the question above, I saw a significant consensus for softblocking form. Did you see that discussion? Seraphimblade Talk to me 03:00, 23 August 2007 (UTC)
 * There may not be consensus that they should not be hardblocked. But since nearly everyone agrees that at least a softblock is justified, why not go ahead and do that while we decide whether or not to do hardblocks? -Amarkov moo! 03:04, 23 August 2007 (UTC)
 * I have no objections to a name change by the way. We have a policy for No original research, but we don't have one for No vandalism. In regards to the consensus for hard or soft blocks, the discussions on this page have raised numerous concerns about soft blocks. There is a consensus for softblocking at minimum, there are 'detractors' who are in favour of hard blocking some open proxies, and there are certainly many admins and checkusers in favour of it. -- zzuuzz (talk) 09:24, 23 August 2007 (UTC)
 * I support Radiant's proposal for a change in name, but only if we re-write the policy to deal only with soft blocking until we can reach a consensus on the hard-block issue. It would be confusing to change the name of the policy without substantively changing its blanket prohibition on open proxies. -- The_socialist talk? 12:40, 28 August 2007 (UTC)

Zombies
If there's going to be talk of changing the current practice of hardblocking all open proxies indiscriminately, I believe more attention will have to be paid to the differences among various kinds of open proxies. While some notable proxy services, such as Tor and the Google Web Accelerator are provided voluntarily by companies or individuals, the by far overwhelming majority of all open proxies on the net are zombie computers which have been hijacked by hackers and viruses and turned into proxies without their owners' knowledge or consent. Exploiting such proxies to edit Wikipedia is not merely problematic for us, but also a violation of the owners' rights to their property and privacy as well as a criminal act under most jurisdictions.

My personal opinion is that such unauthorized proxies should always be hardblocked, not just for our sake but to protect their owners from abuse of their systems and to send a clear message that we do not condone such activities. Of course, there will be collateral damage: indeed, in a number of cases such collateral damage has ultimately enabled me to alert the owners of such compromised computers to the fact that their computer has been infected and is being used without their consent. Under the circumstances, I consider this a positive outcome, and would strongly oppose any attempts to water down this aspect of the policy in any way. —Ilmari Karonen (talk) 04:48, 17 August 2007 (UTC)
 * As has frequently been said, our difficulties are with the abusive use of proxies, not with the genuine users behind them. It does seem that any solution will require technical changes of some sort, whether we hand out something akin to ipblock-exempt through some community-based process or find some means of sorting "good" users from "bad" ones. – Luna Santin  (talk) 09:57, 17 August 2007 (UTC)
 * While your point is valid, I'd suggest, at the risk of sounding a bit provocative, that zombie proxies ought to be blocked with no exemptions whatsoever. In fact, ideally we ought to be running our own MediaWiki-integrated portscanner to detect and block (most) such proxies automatically, though I'm aware that this has some issues.  I'm not one of those (few?) people who believe that editing Wikipedia via Tor is inherently abusive, but I do feel that editing via some innocent and unwitting third party's hijacked computer is, no matter how reputable the editor and how valid their reasons might be.  If some of the owners of such computers may also end up blocked, and thus become aware that someone else is (ab)using their computer, that's just icing on the cake.  —Ilmari Karonen (talk) 13:36, 17 August 2007 (UTC)

Well, there's no way to tell, is there, whether an address is zombied or just an open proxy that someone decided to set up? If there is a way to tell, then I'm all for the hard block, but are we sure it should be permanent? Forbidding any editing forever just because someone got infected doesn't seem right. (But it's a shame we would have to tell everyone the block duration publicly.) And what if the zombie is at a dynamically assigned address? Blocking shouldn't be permanent then, certainly. &larr;BenB4 11:50, 21 August 2007 (UTC)
 * In fact, it is sometimes possible to recognize zombie proxies by the results of a portscan: many common viruses and trojans open distinctive high-number ports for their control interfaces. Sometimes, connecting to those ports may produce responses that (further) confirm it.  This works the other way too; for example, Tor nodes are quite easy to distinguish from ordinary (usually unauthorized) open SOCKS proxies, not just by the port choices but by the very fact that they route the connections through the Tor network.  Another way to tell zombies and accidentally misconfigured proxies from deliberately open ones is that the latter are rarely completely open; Tor exit nodes, for examples, usually disallow connections to port 25 at least, since allowing them would let the proxy be used as a spam relay.


 * But I'd actually suggest that the easiest way to recognize zombie proxies is simply that, unless there are specific reasons (such as being listed as a Tor node) to assume that a particular proxy is deliberately open, it's rather likely that it isn't. Deliberately open proxies are few and far between, whereas zombies and misconfigured servers, unfortunately, aren't.  (The "CGI proxies", like those on the list recently posted to WT:OP, are a borderline case; they're certainly deliberately set up, but may not be authorized by the web hosting companies whose servers they actually reside on.)  And, should we accidentally hardblock a deliberately open proxy, it won't be hard for the owner or the users of the proxy to let us know.


 * You do have a point about dynamic addresses, though. The most commonly (ab)used proxies tend to be at relatively stable addresses, simply because a proxy that continually changes address is hard for anyone to find and use.  Even so, even those do sometimes change address or simply get fixed.  The current practice is to block all proxies indefinitely, but there's a system for reporting addresses for re-checking, and they're unblocked if they're found not to be open anymore.  From what I've seen, it seems to more or less work.  I'm certainly open to suggestions for changing the block length (as opposed to hardness) for proxies on dynamic addresses, but it's worth remembering that an indefinite block is not infinite.  Of course, ideally, as I wrote above, we'd detect (some) open proxies using automated portscans, and only block them as long as the portscan keeps coming back positive.  —Ilmari Karonen (talk) 13:41, 21 August 2007 (UTC)


 * If the re-checking system is effective, then I have no objections at all. I presume a blocked address is shown a prominent link to the re-checking request instructions when they try to edit? &larr;BenB4 20:07, 21 August 2007 (UTC)


 * They should be shown either Template:Blocked proxy or possibly Template:Zombie proxy, since those are normally given as block reasons. Both of them contain a link to WikiProject on open proxies; arguably they should link directly to meta:WikiProject on open proxies/Help:blocked, but at least the former links prominently to the latter.  In the past, I've blocked some proxies myself using just the words "open proxy" wikilinked to the same WikiProject page.  As a last resort, the general text shown to blocked users is MediaWiki:Blockedtext, to which I've just added the link as well.  —Ilmari Karonen (talk) 21:31, 21 August 2007 (UTC)

Bug 9862
I'm having trouble understanding the last few comments on 9862. Is it done? What's left to make it work? &larr;BenB4 12:08, 21 August 2007 (UTC)
 * We've had a modular user interface on Wikipedia for a while now (~2 months). When I suggested implementing ipblock-exempt through the modular user interface (on WP:VPT), I was told that the system was unstable, untested, and will probably be removed soon. Well, it's still here, and we're not using it (and still using Makesysop and Makebot). I'm not sure what to make of this. Grace notes T § 20:54, 21 August 2007 (UTC)

"may be blocked" versus "are prohibited"
Seraphimblade's wording which includes "Open or anonymising proxies may be blocked for any period at any time" is better than Crum375's wording "Users are prohibited from editing Wikimedia projects through open or anonymous proxies." The reason is: Blocking open proxies serves a purpose, but stating or implying that someone is doing something wrong if they edit via an open proxy serves no purpose. If someone edits via an open proxy and makes only positive contributions and no vandalism, there is no reason to label that person as doing something wrong or breaking rules. For example, such a person should not be later denied admin status on the grounds that they broke a rule by editing via an open proxy. Such a rule serves no purpose. --Coppertwig 17:24, 22 August 2007 (UTC)
 * I think both wordings are suboptimal; it's not a may, open proxies will be blocked as soon as they are identified. I haven't seen anyone even suggest leaving some open proxies unblocked. -Amarkov moo! 22:10, 22 August 2007 (UTC)
 * I probably see ten times more confirmed open proxies edit in one day than I block in one week (and I block a lot). The idea that we will block any and all open proxies is simply wrong. We leave loads of them alone, usually until a vandal finds them. -- zzuuzz (talk) 22:26, 22 August 2007 (UTC)
 * We do? Well, then I guess I'm wrong. I was told otherwise. -Amarkov moo! 02:40, 23 August 2007 (UTC)
 * We could block the entire Tor network if we wanted, but we don't. Anyone can find an open proxy if they need to use one. What they can't do is find lots of them. -- zzuuzz (talk) 09:24, 23 August 2007 (UTC)
 * So how about "Anonymous users using open or anonymising proxies are prohibited from editing Wikipedia and will be blocked." It mentions the anonymous users, using proxies and editing Wikipedia. Fnagaton 16:04, 23 August 2007 (UTC)
 * That sounds sane. It gets across the consensus for soft blocking without sounding uncertain. I'd suggest saying "Non-registered users" instead of "Anonymous users", though, to prevent using the root word "anonymous" twice in the same sentence. -- The_socialist talk? 21:52, 23 August 2007 (UTC)
 * Yes trying to get across the consensus for soft blocking was my goal. I agree repetition of anonymous is a bit clunky. Is "non-registered" or "unregistered" a better choice? Fnagaton 10:12, 24 August 2007 (UTC)

The current policy wording seems fine to me, and I think most people here prefer it to any blanket prohibition (see Jimbo's comments). Admins need a free licence to deal with open proxies. They are responsible for quite an extraordinary volume of abuse and it's usually really nasty stuff too. To stem the firehose we need to be able to block them not comprehensively but en masse. We need to be able to leave some open to editing at times and not penalise editors for having used them - unregistered, anonymous, or otherwise. We do not really have a problem with unregistered editors using open proxies to make edits: we have a problem with lots of vandals using lots of proxies. With the wording proposed just above, as is often the case, too much emphasis is placed on having a registered account. I have news - anyone can create an account, sometimes whole armies of them. Indef-blocks, softblocks, autoblocks, checkusers, and even semi-protection are usually completely powerless against them. The only way we can have any effect on the flow of sewage is to prevent vandals being able to easily move between proxies at a high rate without inconvenience, and to do that we need to block a large proportion of them, hard.

No one actually really cares if you use a proxy to make edits. If you look at the histories of some articles about sensitive issues, you will see loads of open proxies making some very constructive edits and you can also really see why they are using open proxies. I won't block them. In fact you won't find a single admin who would block such anonymous users when they are on a roll just because they are on a proxy. One day however the proxy is going to find itself on a list used by vandals or an abusive sockpuppeteer and it may get blocked to cut down on the abuse. So find another. There always more.

The wording of this policy is actually now the closest to reality it has ever been. Open proxies may be blocked, and are in fact quite likely to be. This may cause inconvenience. You are not prevented from editing because of it, even anonymously, it just means you have to show a little patience and commitment and think about your edits for a little while before you make them. Users subject to censorship and using the same networks as vandals need to realise they will be inconvenienced by it, but not silenced by it. Please don't ask us to open up all the thousands of proxies which as a whole are used for seriously destructive vandalism by registered users, for the convenience of being able to switch tor nodes at regular intervals. The prohibition on open proxies has only ever been a partial de facto prohibition due to the large number of blocks needed to reduce overwhelming vandalism from this network and nothing more. We don't block them all, even softly, nor do we particularly want to. I don't think legislating for any further prohibition is a good idea. In fact I thought we had decided that was a bad idea.

I'll stop going on now, but I'll finish with a pertinent quote from a SPA Chinese editor (some of whom have been bothering us surprisingly regularly recently) which has just been put on the admin's noticeboard:
 * "no, in tor, must click new identity and press f5 many times then can edit, but wait long. --饿鬼 12:00, 25 August 2007 (UTC)"

I think that sums it up well. -- zzuuzz (talk) 12:46, 25 August 2007 (UTC)


 * Yes, in other words, only disruptive contributors have enough patience to find an unblocked proxy, so we continue to have problems with them, while well-meaning contributors who are unable to edit without a proxy consider themselves essentially banned by this policy (and rightly so), and thus do not even try to edit. So we continue to shoot ourselves in the foot by losing good contributors without actually preventing abuse – Gurch 17:11, 17 October 2007 (UTC)

Policy status
Thesocialistesq: http://meta.wikimedia.org/wiki/WM:NOP states "...prohibition on open proxies on Meta and other Wikimedia projects". Whats going on? And why do you suppose consensus has arrived to undoing the policy here? Navou banter 22:00, 23 September 2007 (UTC)
 * Policy requires a positive consensus. Such a consensus is not forthcoming on this page, and therefore, this page can't be considered policy. The Foundation has mandated a proxy policy and it is indeed our responsibility to craft one, but this one does not have consensus. Cheers, -- The_socialist talk? 19:19, 24 September 2007 (UTC)
 * Meta policies are only policies on Meta. They serve as examples on which new policies for developing projects may be modelled, and they may be taken as de facto policy on those projects which do not yet have their own equivalent policy page, but Foundation issues aside, individual projects are free to create their own policies. Just as our protection policy differs from the Meta policy, so may any other one – – Gurch 12:10, 4 October 2007 (UTC)
 * This problem still exists. People are insisting on calling this "policy" despite the lack of consensus. Lurker  (said · done) 16:32, 9 December 2007 (UTC)


 * There is considerable consensus and practice that open proxies may be blocked. There is some difference of opinion - the only difference of opinion - over whether they should be hard or soft blocked. This policy offers no comment on that. But the fact that they may be blocked is not disputed. Incidentally, the resolution to the difference of opinion which is not covered by this policy also has considerable consensus - implement 9862. -- zzuuzz (talk) 23:19, 9 December 2007 (UTC)

Tor nodes
An ongoing discussion is in progress regarding adjusting the blocking policy in reference to TOR nodes. The discussion is here. Regards, M- ercury at 13:18, January 8, 2008

Probation for proxies
Put proxy users and proxies on perpetual probation instead of permabanhammering them. Trace the proxy user's IP and keep a record of that (their actual IP) to nullify the proxy server. —Preceding unsigned comment added by 75.157.191.45 (talk) 15:02, 7 February 2008 (UTC)

Blocking policy
I have slightly modified the wording to this policy, as follows:

The problem is that the wording from october implied not only the desirable things discussed, but also implied a proxy could not be blocked unless/until abuse was actually detected or probable. This was a problem since the detection of abuse is precisely what a proxy is so often used to prevent, and also has led to suspected abuse being unable to be detected and addressed easily in the first place. In practice administrators have blocked open proxies easrlier than this. I have resolved this by simply removing the wording that gave this impression, thus:


 * Old - "Open or anonymising proxies may be blocked from editing for any period at any time to deal with editing abuse."


 * New - "Open or anonymising proxies may be blocked from editing for any period at any time."

This meets the needs of abuse detection and the community's efforts to integrity, but does not actually change the common understanding, nor does it penalize users.

FT2 (Talk 03:04, 12 March 2008 (UTC)
 * I agree with the change in wording; this basically codifies existing practice and closes a gap that was use to wikilawyer around disruption. &mdash; Coren (talk) 03:12, 12 March 2008 (UTC)
 * I support this change of wording as it reflects current practice and frankly is needed to dispel the often stated thought that users have a right to edit through open proxies as long as they are not editing abusively. FloNight&#9829;&#9829;&#9829; 13:42, 12 March 2008 (UTC)
 * I agree as well. I see the change was actually made in September, with an edit summary suggesting that the user probably did not intend any limitation of that nature.  But I agree that it is better without it.
 * Even so, you have to keep in mind the same tension about blocking the IPs but not the editors. Whichever way it is written, I don't believe there is agreement that longstanding accounts can be blocked simply for using open proxies.  That is still, as I understand, a judgment call by the checkusers about whether a particular account is abusive.  My feeling on that remains that there are probably steps that should be taken before blocking an account in that situation, such as approaching the editor about it.  Still, I hope that the checkusers notice and consider these situations. Mackan79 (talk) 13:58, 12 March 2008 (UTC)
 * Yes. That was the problem over the summer. An open proxy can be blocked, but that doesn't mean penalizing a user who used one just for having chosen to use it while it was open. The wording "legitimate users... may freely use proxies until those are blocked" still stands unchanged to make this clear. FT2 (Talk 14:04, 12 March 2008 (UTC)

This policy is killing people
Dear honorable administrators,

Please realize what this policy is doing to people. I beg you.

I am a freedom lover in a country which loves freedom less than the US, where I am visiting and using a computer that can not be traced to me. I cleared the cookies and turned off scripting, and the IP address was reset by the ISP.

There are others where I live that are not as smart as me. I can read Wikipedia, but I dare not post because I know personally a person whose only crime, I know, was posting the hidden truth about a powerful man to another wiki with the same policy.

That person was arrested, and the police will not tell even the person's family where the person is, they say that the person will be gone for three years. I know it was because of a fact which was a perceived insult to a politician, and if the police know I knew, they could take me to jail, too. You in US and UK don't understand these things; you can't, because they are not part of your lives and never have been.

Do you realize that your personal convenience to make it easier for you to fight abusive users is being traded off for the freedom, hard labor, and lives of the imprisoned. Do you deserve convenience paid with that price?

Please hear my words and understand them. Please allow editing from open proxies. There are the lives of real people at stake. If your mission is to spread knowledge, then isn't that mission served by keeping more people out of jail, labor camps, and the morgue to receive that knowledge? It must be.

I intend to post this also on Jimbo Wales talk page and the Village Pump for Policy. 75.61.97.179 (talk) 13:51, 4 May 2008 (UTC)


 * I'm sorry but Wikipedia is not a place to bring about social change. Opening up proxies won't help save lives, and I seriously doubt rejecting proxies is actually killing anyone. Keep in mind that using a proxy does not guarantee you can't be traced. I'm sorry your nation is harsh against freedom of speech, but there's really nothing we can do about it. At best, you might want to use a proxy to contact a Wikipedia editor you trust, and send them your sources for information you want included. -- Kesh (talk) 14:24, 4 May 2008 (UTC)


 * Firstly, the words "social change" or the jist of your statement do not appear in the What Wikipedia is not policy you cited, but even if it did, it would be overruled by the Foundation's Statement of Purpose, which clearly states that:
 * "The mission of the Wikimedia Foundation is to empower and engage people around the world to collect and develop educational content under a free license or in the public domain, and to disseminate it effectively and globally."
 * Is fighting repressive regimes by making it harder to block abusers within that statement of purpose? New Account in Support (talk) 16:28, 4 May 2008 (UTC)


 * WP:NOT is the relevant portion. "Advocacy" is the general term for promoting a specific social change, so nitpicking about the words "social change" is rather pointless. Your second point, using the Statement, is off-topic: Wikipedia is here to "disseminate… educational content," not to support a particular movement or oppose a particular regime.
 * While I sympathize, this is simply not what Wikipedia was made for. It's for the neutral dissemination of verified information. Open proxies have led to serious abuse of this purpose, as people use it to fight for their particular vision of the Truth or for lulz. If you really want to use a wiki to "out" politicians or expose oppressive regimes, Wikileaks would be an appropriate venue. -- Kesh (talk) 17:53, 4 May 2008 (UTC)


 * How do you consider allowing people to edit from open proxies to be advocacy? There isn't a shred of equivalence. Now, 75.61.97.179's post above is advocacy, but it is on a policy talk page and specifically pertinent to the policy by advocating for the ability of people under repressive regimes (of which there are no shortage) to be able to edit without fear of retribution.  That is the beginning and end of advocacy, but your position is as much advocacy for admins' ability to block people; as 75.61.97.179 says, convenience in blocking abusers in return for putting real people in danger.  Are you really presuming to put mere convenience above people's lives?
 * And you specifically ignored part of the mission statement, which is, I believe, the highest law here apart from a ruling from Jimbo. You omitted "empower ... people...." Blocking open proxies empowers who but admins?
 * Further, we already have edit wars and vandalism from places other than open proxies -- how would allowing editing from open proxies make any change to that? New Account in Support (talk) 21:16, 4 May 2008 (UTC)


 * 75's entire argument was based on advocacy, so that's what I addressed. It's not about Wikipedia policy advocacy, but political and social advocacy, and that's what I answered. I still have yet to hear how allowing open proxies is going to save lives.
 * I did not ignore part of the statement. Rather, you're misrepresenting it entirely. Read it again: "to empower and engage people around the world to collect and develop educational content" (emphasis mine). The empowerment is to provide information, not personal empowerment or socio-political empowerment. The mission statement is about education.
 * Yes, vandalism happens. It can't be stopped. But open proxies have provided ways for vandals to get around our only prevention measures. Preventing editing from proxies is a way of controlling vandalism, and a necessary one in my view. I've yet to see anything here to change that view. -- Kesh (talk) 00:09, 5 May 2008 (UTC)


 * Is advocacy to change a policy allowed on the policy's talk page?
 * Does anonymity empower people living under repression to provide more information than they otherwise could? 75.61.101.202 (talk) 11:43, 5 May 2008 (UTC)
 * Policy advocacy is allowed on the talk page. Political/social advocacy is not. Anonymity can certainly encourage people to provide information they might otherwise be frightened to. However, nothing on the Internet is truly anonymous. Even using a proxy does not guarantee that you can't be traced. It makes it harder for volunteer groups (like Wikipedia), but if the government suspects you of being a dissident, it's quite simple for them to sit at your ISP and watch your traffic, well before it reaches the proxy. Regardless, the individual would still have to provide verifiable sources for all their information. With an oppressive regime, that can be exceedingly difficult. -- Kesh (talk) 14:22, 5 May 2008 (UTC)
 * That in no way absolves Wikipedia from having policies that oppose the safe dissemination of knowledge. --The Cunctator (talk) 02:11, 19 May 2013 (UTC)
 * After seeing tons of vandalism, sock puppetry and general personal attacks from numerous Tor IPs I have to agree that allowing Tor users to edit is generally a bad idea as they are too hard to effectively block with the existing tools. Fnagaton 00:32, 5 May 2008 (UTC)


 * Is there more abuse from tor addresses than non-tor? 75.61.101.202 (talk) 11:43, 5 May 2008 (UTC)
 * Yes, TOR nodes have been the worst of the open proxy lot. -- Kesh (talk) 14:22, 5 May 2008 (UTC)
 * So far, nobody in this thread has yet mentioned WP:IPEXEMPT, which allows specific non-admin users to log in through a blocked IP. It is my impression this would allow logging in even through a TOR node. The criteria for giving out this ability are rather strict, so it would not be a simple matter to get this permission, but it does exist. EdJohnston (talk) 01:12, 7 May 2008 (UTC)
 * Open proxies are not an effective means of protection for editors who wish to remain anonymous for political reasons, because the proxies themselves are operated by people who have no interest in protecting the user or their activity logs. These editors should take advantage of a system that allows them to tunnel secure traffic through a trusted contact in another country; many such systems exist, and closed proxies are permitted by policy because the operators would be taking personal responsibility for your actions. Dcoetzee 00:35, 9 May 2008 (UTC)


 * So, ignoring the technical aspect for the moment, is there a moral argument for blocking any editing from IP which been verified to be Tor? I think so because Tor creates many more problems that the benefits. I see there is already at least one bot that marks Tor IP user pages with a box saying it is believed to be an open proxy. Fnagaton 08:10, 9 May 2008 (UTC)

Is it actually true that more abuse comes from anonymous proxies than not? I would believe that the proportion is larger, but is it really true that the number of abusive edits is larger? Does anyone have any actual data about this?

PERRENIAL suggests that there would have to be a huge number of people editing from anonymous proxies for Kesh's statement above to be true.

Does anyone doubt that real people's lives hang in the balance of internet administrators' anonymity decisions? New Account in Support (talk) 21:44, 19 May 2008 (UTC)


 * What percent of TOR edits are abuse, and what percent of all edits are TOR edits? 76.240.228.226 (talk) 14:36, 22 May 2008 (UTC)

why are we blocking for 1 year?
I need to know one thing; why are Admins blocking open proxies for 1,2,3,5 years, etc. Why not block them indefinetly? Id like to know. Regards,  I am sooooo cool!   20:39, 4 May 2008 (UTC)


 * It may be a proxy today, but how do you know it'll be a proxy next week, much less ten years from now? --Carnildo (talk) 22:23, 4 May 2008 (UTC)
 * Thanks, now i get it.  I am sooooo cool!   15:23, 19 May 2008 (UTC)

Is this why I can't edit Chicken?
Is this policy the reason that the Chicken article is locked because I'm not logged in?

How many more admins would we need if we turned this one off? 76.240.228.226 (talk) 14:34, 22 May 2008 (UTC)

Golden Shield Project
I think the bit about Wikipedia being blocked should be updated. I'm currently writing this from a computer in Shanghai without using any proxies. It's only the Chinese version of Wikipedia's that being blocked. Meanwhile, even the Cantonese version of Wikipedia can be easily accessed without problems.-- Alasdair 07:19, 4 August 2008 (UTC)

Closed proxies
I'm having some problems understanding this "the IP address will eventually be transferred or dynamically reassigned, or the open proxy closed. Once closed, the IP address should be unblocked." What does the policy mean with closed? Do they mean a closed proxy, or a proxy that no longer exists on a specific ip? I believe we should make it more clearer with that. -- 'Kanonkas' : Talk  14:49, 20 September 2008 (UTC)
 * It means either, and the ambiguity seems fairly appropriate. It refers to an open proxy ceasing to exist. Closed proxies are not necessarily a problem. -- zzuuzz (talk) 14:55, 20 September 2008 (UTC)
 * Thanks, what I thought but I wasn't sure. -- 'Kanonkas' : Talk  15:28, 20 September 2008 (UTC)

70.86.0.0/16 - The Planet
A big range at The Planet was blocked completely. An entire /16 block. I left a message on User:Dmcdevit's talk page who did it but he doesn't look to be getting much talk in the last few months so I don't know if he is around. The Planet hosts managed servers. They do direct allocation of IPs to customers. We shouldn't block the entire netblock completely.

My servers and my 16 ips (70.86.83.48/28 or basically everything from 70.86.83.49-70.86.83.62) I was allocated a few years ago surely don't count as

70.86.0.0/16 - The Planet open proxy - web hosting company ThePlanet.com

Blocking out 65,534 ips is huge (more like a max of 16,384 in real unique ones being used though since the smallest block they give is a /29 direct allocation many with only 1 out of the 8 ips being used. Surely not many of them were hitting wikipedia since these are mostly servers. Those with open proxies should be few and far between and should be handled on a case by case basis. What is the best way to appeal this? -- Zac  Bowling  (user 09:13, 29 November 2008 (UTC)
 * Why would people be editing Wikipedia from inside of Web hosting servers? Proxy use is not allowed. rootology ( C )( T ) 03:35, 8 February 2009 (UTC)

Category discussion
This page might get a new policy category; the discussion is at WP:VPP. - Dank (push to talk) 01:04, 26 November 2009 (UTC)

They aren't Allowed to edit Wikipedia
Why doesn't Wikipedia want open proxies to edit Wikipedia? Keyboard mouse (talk) 16:21, 9 May 2010 (UTC)