Wikipedia talk:Paid editing (proposal)

Talk just for alt text page
I'm unsure a subpage such as this should be allowed but I'm not convinced it should be userfied. Meanwhile you should keep talkpage comments about with the page itself. -- Banj e b oi   04:48, 24 August 2009 (UTC)

Wikipedia talk:Paid editing
Since the material on Wikipedia talk:Paid editing covers the same topic as this, I suggest we conduct all talk there. Smallbones (talk) 12:37, 24 August 2009 (UTC)

Do we get paid by editing in Wikipedia Swarnimjain177 (talk) 16:26, 18 October 2018 (UTC)

Hi, How can I have someone write a wikpedia about my father? I do not want to violate the conflict of interest but I do not know where to start. Any help would be greatly appreciated. MilosGeyser (talk) 15:44, 22 February 2019 (UTC)

Strengthening
I just made some edits strengthening what has been written. Feel free to revert, these are not exactly *proposals* so much as an indication of my own views.

The best reason for any edit to Wikipedia is a passionate commitment to the facts of reality; anything else should be strongly discounted and it should be clear that dishonesty of any form, including as a simple sub-type paid advocacy, is a blockable offense.--Jimbo Wales (talk) 03:24, 25 August 2009 (UTC)

2 important topics
Jimbo's edit (see above) seems to raise this from a proposed guideline (... is strongly discouraged) to a proposed policy (... is forbidden....will be blocked) I'm not against this; he is not insisting on this; but in any case it should be discussed.

I've also put in a section on "Exceptions and safe harbors", most importantly "If an editor wishes to help individuals or organizations create neutral point of view articles, without giving up his or her independent editorial judgement, while accepting payment he or she may strictly follow these rules:
 * I have no idea how this would work, but many editors have said this is possible. Please fill us in."

I'm not joking on this. People do insist that this can happen, and I'd love to see it if this loophole is not abused. I just don't see how it could work, so I'm asking others to put in their ideas. Smallbones (talk) 15:45, 25 August 2009 (UTC)


 * I went ahead and removed two exceptions from the "safe harbor" section. While I like the first section in that it mandates disclosure, I think that could be handled by the reward board.  I'm guessing you have in mind something like Amazon MechanicalTurk edits, which I agree (like a bot) needs to have approval.  The second needs to have the details filled in, I think, before we can say what it is.


 * Maybe both circumstances with a wording like "Those who wish to reward editors in a manner which is not outlined here must seek the consensus of the community." The foundation probably does not want to take an active role in the approval of content for a project, so I changed it to "consensus of the community."  Thoughts? --TeaDrinker (talk) 15:58, 25 August 2009 (UTC)

The "fill this in section" was certainly sloppy, but I really want to make sure that people have a chance to fill this in. If - maybe I'm dreaming - somebody would come to me and say - We want you to take the time to research and write an unbiased article on polygraphic penumbras, and we'll pay you for it; I'd love it and think it a wonderful thing for Wikipedia. Alas, it's probably too good to be true, but I think folks should have a chance to show how this would work.

On the first section - requests to the Wikimedia Foundation - I was copying something I think you put in earlier - only you wrote Jimbo Wales instead of the Foundation. Consider this case:


 * A Scandinavian government decides that youth unemployment, English writing skills and knowledge of African geography all need to be improved, so sets up a program to pay college students in the summer to write articles on African geography. But they look at the requirements here and say "these may change, and that discrimination against administrators might be against our laws."  I think we'd want this project, and only the Foundation could make a binding agreement.

It would be easy to make up cases that looks similar that we probably wouldn't want (e.g. a Mideastern government and archeology, a Post-Soviet government and history). These all would require a bit a diplomacy and a binding agreement. I think the foundation would have to do it. They probably wouldn't want to mess with a summer intern who might write 5 articles, but they might say with the African geography if the plan was to write 50,000 articlesSmallbones (talk) 16:19, 25 August 2009 (UTC)


 * OK, I came up with a fairly simple method for "safe harbor" paid editing - do everything through the reward board. Some may think this is a trivial solution - OK, please come up with a better one.
 * (I hope TDrinker doesn't consider this a violation of my promise on WP:1RR, but if he does I'll self-revert. Smallbones (talk) 18:55, 25 August 2009 (UTC)
 * Not at all. I think the foundation would go with whatever the project decides.  I think it is a fine idea to develop a structure by which people can request community consensus on specific rewards-type editing such as the rewards board.  We might also note that a great approach would be to set up a separate site with GFDL/CC-A-SA-3.0-compatible licenses, and notify Wikipedia about it.  That does not require permission or consensus, since the incorporation into Wikipedia is done by independent editors.  If for some reason they really want to edit Wikipedia directly, I think it is probably best to seek consensus before starting such a project, just as they would for bot edits or something similar, but we shouldn't need Foundation permission for it (honestly I would bet they would just tell the Scandinavian government to address the project directly).  But honestly I don't worry to much about how such cases are handled, provided they do not provide the loophole through which the more usual sort of problems can arise. --TeaDrinker (talk) 00:44, 26 August 2009 (UTC)

Too weak
As I understand it:
 * Alternative = WP:Paid editing/Alternative text is a proposed policy being constructed by editors who want strong impediments to "bad" paid editing.
 * Original = WP:Paid started as a summary of existing policy, and is not considered sufficiently strong in its stance against paid editing by many editors who contribute to "Alternative".

Given my above assumption, the lead of Alternative is far too waffly and weak, while Original is exactly correct. If Alternative is to be useful, it must guard against wikilawyering, however the first sentence defines "paid editing" as a state of mind. The whole policy can be ignored by anyone who claims their editorial judgement is independent ("sure, I received $100 but that just helped me find time to do the editing; it didn't influence my judgement at all"). Of course some paid editing could be excellent, and Alternative has to reflect that, but the current lead is totally unhelpful. Any thoughts? Johnuniq (talk) 00:57, 27 August 2009 (UTC)


 * Feel free to edit the lede or anything else here - I make no claims to ownership or perfection. I've gone back and forth myself on the lede.  I do think that any policy has to make room for a broad range of editors in order to get consensus.  There's even an essay WP:Write for the enemy - except I hope there are not too many WP editors who would consider me the enemy.  All I really want from this is a clear rule that everybody can easily understand (perhaps you're right), that will allow unpaid editors to include content without being overwhelmed by flacks. If that means outlawing all paid editing - so be it, but my personal view is that giving paid editors some sort of tightly monitored access will work better.


 * I believe that you are wrong about the "original" being a summary of existing policy from the start. Look at the Wikipedia:Miscellany for deletion/Wikipedia:Paid editing - from the first vote it was about making policy.


 * There's also a question of which talk page to use. Same topic - same talk page, as far as I'm concerned.  There's also the practical question of how to let people know that this page is here, since the "see also" was long ago taken off the "original" page, despite consensus for its inclusion.
 * Happy editing. Smallbones (talk) 03:09, 27 August 2009 (UTC)

Time to rename and launch?
We don't have WP:COI and WP:COI/Alternative text for very good reasons.

I think it's time to find a separate and accurate name for what the editors here think will be the main focus of the proposed policy and get it moved from being a subpage of WP:Paid editing. "Paid advocacy", "Paid promotion" or "Paid COI" would be a good candidates IMHO. In this way this page would then be it's own and not a subpage, it can then be appropriately linked and once further refined possibly be even summarized in its own section on the paid editing page. Thoughts? -- Banj e b oi   16:47, 5 September 2009 (UTC)


 * This is a proposed policy on "Paid Editing." Please do not revert again on the "see also".  If you wish to have a personal essay on Paid Editing that you do not allow other people to edit, there will be other versions. Smallbones (talk) 23:18, 5 September 2009 (UTC)
 * There is no deadline. Wait. Johnuniq (talk) 00:50, 6 September 2009 (UTC)

Sort of related.
Jimbo makes the point "a passionate commitment to the facts of reality".

There are archives with original materials for a fair number of the articles on people, particularly those who have died in the last hundred years.

I have proposed a COI exception to archives and libraries with original materials adding a section "Research Resources" to such articles that states where this material is located.

Assuming they don't lie (most unlikely) I think such pointers would be a "facts of reality" and a useful addition to Wikipedia.

If this is done, the format of WP:Research resources (section) or WP:Archives (section) will need to be described. Keith Henson (talk) 20:14, 5 September 2009 (UTC)

Talk from switched talk page
Smallbones (talk) 12:58, 6 October 2009 (UTC)

"...and he spoke to them in parables ..."
If I donate blood, I am providing a community service, on a volunteer basis, without any monetary remuneration (although, I must admit, the little sugar cookies the physician gives me afterward is somewhat of a motivation :)

If Sally is offered money by a medical research organization, for donating the same blood, does her receipt of payment discourage me from donating my blood?

Go one step further. Is her blood any less valuable to the one who needs it, than is mine?

Go one step further. Sally needs that money for her blood, for one reason or another. Perhaps she has mouths to feed at home; perhaps her husband told her to do something constructive to bring home money for the household instead of spending all her time volunteering her time for free.

...But the reason Sally accepts payment for her blood is really non-essential.

Take another step. Does Sally's transaction adversely affect my commitment to donating blood? And if it does, what does that say about me? Does her getting paid to donate blood make me wish to donate any less? And would it were, what does that say about me? Do I get less satisfaction from knowing that I've contributed to the "expansion of all human blood", for the betterment of humankind? And if my satisfaction is diminished, what does that say about me?

Take another step. Do not the organizations who offer payment in exchange for blood, actually have a positive effect of producing more - not less - blood for others to use?

Will some people only donate blood out of a "bad" motive? Of course. One will donate his blood, only to get his check and feed his habit. Another donates blood so she can get her check and pay for that college textbook she couldn't afford because she waited too long to fill out her Work-Study application and doesn't dare tell Dad that. A third donates her blood so she can have "Friday night booze money".

But does the motivation really matter, in the end? More importantly: Does the existence of paid-for blood tarnish the integrity of volunteered-blood - or does it degrade the institution of blood donation as a whole?

Understand this parable and you understand why this entire dispute of paid v. non-paid editing misses the point; is ridiculous; won't stop it from happening (short of enforcing the old-Communist-China-type of stranglehold on the Project); is a moot point; isn't worth spending enormous amounts brain cells arguing over ... and is really, IMHO, a reflection of delusion.

Wikipedia isn't the real world. It's a WEBSITE, people! for crying out loud! Lest we forget, Wikipedia is only what it is because of the profit-motive of companies like ... well ... Google, for starters. If it weren't for the Google algorithms which enable Wikipedia to be on page 1 of the most trafficked commercial website in the world for virtually every search term imaginable, few would even know Wikipedia existed. The claim that Wikipedia is only as successful as it is due to the tireless efforts of volunteers isn't wholly accurate and really, truth be told, plays the martyr. Wikipedia is as successful as it is precisely because of the success of for-profit, commercial establishments like the Googles of the Cyberworld.

It thus would not have gotten anywhere close to the reputation it now enjoys, would not have gotten anywhere close to the number of admins, editors, bureaucrats et al it has now, to even have an RFC that could eat up a Meg.

I'm opposed to paid editing. But I'm also a realist and a pragmatist. In our quest to uphold the sanctity of Wikipedia, let's not forget that we live in the real world and that world is governed, in large part, by monied interests and it's just the way it is and absolute, principled resistance to this fact is futile.

Artemis84 (talk) 04:42, 14 September 2009 (UTC)
 * In brief, yes, a significant increase in paid editing does matter because it would affect the culture here. Your talk about Google and commerce misses the point: the reason Wikipedia is near the top of most search results is that Wikipedia provides great value as a result of the extraordinary efforts of its volunteers. Sure, some parasitism is inevitable, but if it goes unchecked, volunteers will justly feel exploited and are likely to move elsewhere. Johnuniq (talk) 05:35, 14 September 2009 (UTC)

I think that's an incorrect parable. Editing Wikipedia articles is not like donating blood. When you donate blood, you simply sit there while somewthing is taken, and then you leave. You have no further involvement in the blood donation, and you do not particiapte in decisions over how the blood will be used.

I think that a better analogy is an amateur sports league, in which the players are the members who also set the league rules. What if a team decides to start hiring professional athletes, and to also use those athlete/members to change the rules to give professionals an advantage over amateurs? If that happened, how long would the volunteer amateurs, who may have limited time for practice, continue to participate? How much integrity would the league be perceived to have if the so-called "amatuers" were actually being paid? Would the games still be seen as fair?  Will Beback   talk    09:11, 14 September 2009 (UTC)
 * I was thinking of an analogy myself. A friend of mine is a reporter for the AP.  His ethics, when it comes to journalistic practice, are above reproach.  If he were to be paid by a party which played a role in a story he were writing (even if they just took him out to dinner), it would be a serious breach of ethics.  Of course, those are "professional" ethics, and we're all amateurs, but they are professional in the sense of someone who takes their work seriously (a doctor does not abandon their professional ethics when they volunteer their labor, for example).  Professional ethics do not come from being paid, they come from wanting, in the case of the AP, to be taken seriously as a news organization.  If we want to be taken seriously as a source of information, we should follow suit.
 * As for the issue of enforceability, I would make two points. First, a strongly worded policy is a deterrent against more problematic editing.  It is not impossible to enforce, it is simply hard to enforce.  At present, companies risk bad press if they are caught paying people to edit.  They would love an ambiguous policy to point to. Second, there is the issue of trust.  There's trust that most editors are going to follow most policies most of the time.  Yes, there's going to be the odd vandal, conflict of interest editor, or troublemaker.  But a policy should set out clear expectations for what an editor should do, even if some do not follow it.
 * The Google example is telling. They sell advertising to pay the bills (and make a tidy profit).  Google also does not take money to change search rankings. In fact, that was one of the key factors which made Google a success: editorial independence.  They refuse to take money to alter search rankings, and will actively delist websites which are trying to manipulate the system .  They would make money hand over fist to sell Google ranks, of course, since they are the number one search engine at this point.  At least at first. Many search engines have done precisely that, and thereafter failed.  What people want from a search engine is websites related to their search term, not just advertisements related to their search term (Google users get those too, of course, but separated and labeled).  It is their (independent) search algorithm which brings people back to their Google.  They give that up, someone else will take over.  Users want a search engine they can trust is not slipping them ads, and they want an encyclopedia that to the best of its ability maintains editorial independence.  --TeaDrinker (talk) 01:23, 15 September 2009 (UTC)
 * The blood donation analogy is interesting. In many places payment for blood donations (although not for plasma donations by some odd chance) is forbidden. One major reason for this is that people who are paid have an incentive not to report disqualifing medical conditions, so the blood supply would be less safe. Similarly much paid editing introduces serious COI risks. DES (talk) 02:13, 9 February 2010 (UTC)

"Paid editor" label
I didn't have the time to read all that was written by now in this talk page and in other related pages, however, from what I saw, it's mostly theory, I couldn't find anything relevant about what is already happening in relation with this subject. Personally, I keep experiencing the tribulations of being labeled " paid editor", although I did not even do this. Two months ago, when the paid editing issue was brought to surface, my account got a "paid editor" label. I detailed then the relation I previously had on non-paid subjects with people accused of "paid editing". And, after some discussions in real life about this issue, I also presented my views on it, in favor of legalizing this kind of editing and treating it as any other kind of editing, hoping for a clear discussion about this issue. However, it looked like I stumbled upon some hardliners with no intention to discuss, even, to my surprise, I was blocked indefinitely for a stupid reason. This, ironically, while those guys that spilled their problem on me, were free to edit. It looked like my blocking was just to shut me up and forestall a real life discussion. Then I presented my problem at wikien-l, I was also covered in an article of a group working in this field. An user run a chekuser, found nothing wrong and unblocked me. In a normal approach, the accusations of suckpuppeting would have been dismissed from the very beginning, even a first glance would have showed that some of "my sockpuppets" have my invite on their talk page. Well, now I have again the sockpuppet suspect tag on my user account, brought by a an user with strong views against paid editing. He did not bring any new developments from the last checkuser, only continuing the bullying. Take a look at this discussion. I'm not sure what was that for, probably trying to play with me both roles of "bad cop" and "good cop".

The question is: is this kind of "extrajudicial" behavior now accepted at Wikipedia when it's about "paid editing" label? Is this area of "paid editing" becoming a safe haven for endorsed bullying, a kind of Guantanamo base of Wikipedia? When I tried to talk about the issue, I was so easily blocked indefinitely for an untrue reason, then changed to a flimsy reason that certainly did not deserve an indefinite block. Now, it's this guy who tells me that paid editing is an "illicit activity" at Wikipedia, who labels the paid work as spam without even seeing it, playing with me the tough guy.

This vacuum of regulation on this issue produces such results; from my point of view, these are the real problems brought by now by this public discussion. In theory, it is required to disclose if it's paid editing or not, in reality, it is impossible to do this, they get their accounts blocked and their work deleted only because it was paid. Plus, the collateral victims, who just get the label and start a brand new extrajudicial life.

See also Gregory Kohs' statement. BTW, if he is allowed to edit for money with undisclosed accounts, then this is a community accepted precedent permitting the others to do the same thing legally, in order to have a fair approach.

Desiphral-देसीफ्राल 11:22, 15 September 2009 (UTC)


 * How can we regulate what undisclosed accounts do secretly? The fact that we have difficutly enforcing a rule doesn't mean the rule doesn't exist. I would seek blocks or bans of any editors who are engaged in outright paid editing of the type described in this page.   Will Beback    talk    18:06, 15 September 2009 (UTC)
 * (following edit conflict, hi Will)Nobody likes to be labeled, and it looks like some of what you want to do would be perfectly acceptable to many Wikipedians. What's not acceptable to me is folks who want to hide their paid edits, and then fight to the death over any changes to them.  The current proposed policy has a couple of safe harbors, could you use those to do the type of editing that you want to do?  If not what changes would you suggest?
 * I should say that the current WP:Reward board doesn't seem to be working very well, or at least not very often. Why doesn't this work so well?  I'll suggest 2 reasons: a) potential payers don't know about it, and b) they don't seem to be willing to pay more than $50, whereas on e-lance they are paying $250.  If somebody posted a $250 reward on the board, and editors were able to write NPOV articles to get that money, I'd guess the article would be written in a day to very high quality standards.
 * Can you suggest anything where what you want to do could be fit in with what others want to do here, that would make a Paid Policy work for both groups? I really look forward to an answer to this question.  Smallbones (talk) 18:10, 15 September 2009 (UTC)


 * Both of you present the nondisclosure as a guilt, while its cause is in front of your eyes, that's what Desiphral just wrote. The image of the paid editing review is made by users like Triplestop who consider from the start that this is an illicit activity and all paid editing is spam. The focus in on the reason for editing, no on the edit itself. To my knowledge, in all other contexts of Wikipedia it is emphasized the assumption of good faith, the focus on the edit not on the editor, on who they are, why they edit or what personal opinion they have. This makes possible a certain enforcement of civility and a focus on the quality of the articles. But this is not the case for the context of paid editing. "You are a paid editor" and end of the story. It should be clarified what real role, if any, plays this notion of "paid/not paid" in the evaluation of the edits. At this moment, this user information, unlike other information, is singled out and, if it's on the "yes" side, it casts a question mark upon the edits, permitting questioning the respective edits without objective reasons, circumventing the assumption of good faith and the other rules of civility. This is a loophole that can be safely and legally used at Wikipedia to cast a desired question mark and to attack someone, even in the absence of objective facts. Citing from the proposed policy: "other editors may assign less weight to or discount paid opinions in the same manner they would discount the opinion of a sockpuppet"... One must be an idiot to work in such conditions.


 * The normal approach would be to consider the "paid editing" variable as a personal information of anecdotal value and to focus on the quality of the edits. Given the labeling and the unfair approach yielded by the "paid editor" anathema, the current normal behavior of the paid editor is to not boast about the "yes" side of this variable (which anyway has no current regulation on Wikipedia, this project page itself has the proposed word in its nutshell), in order to be a normal user benefiting of a normal approach.


 * Regarding Smallbones's questions about the specific meeting places of supply and demand, my opinion is that they should be left to the will of the free market. Cinagua (talk) 20:39, 15 September 2009 (UTC)


 * This is why it is hard to assume good faith, you are just making attacks and circumventing the issue and using sockpuppet accounts. "Good faith" means yourfaith that what you are doing is good, which clearly isn't the case if you need 100 sockpuppet accounts. Did I ever say all paid editing is spam? NO. The only paid editors I am interested in are the ones who are spamming, sockpuppeteering and ban evading.  Triplestop  x3  22:06, 15 September 2009 (UTC)

I am a noted professional in my industry, and want to create a personal Wikipedia page.

However, my CV is lengthy, so distilling it to highlight important matter requires an intuitive, PR-savvy writer.
 * And if that isn't spam then I don't know what is.  Triplestop  x3  22:11, 15 September 2009 (UTC)
 * The problem with Desiphral is the ban evasion and sockpuppeteering. No matter who does it, its still not alright.  Triplestop  x3  19:50, 15 September 2009 (UTC)
 * This is not a great place to appeal blocks, nor comment on individual editors. If it is not germane to this policy proposal, I suggest removing it to user talk or appropriate dispute resolution pages.  If the facts of the case are in dispute, I suggest it is not a good case for an example of acceptable or unacceptable behaviour re this policy proposal.  Let's stay focused on the proposal.  --TeaDrinker (talk) 00:13, 16 September 2009 (UTC)
 * Good idea. If we get more people wanting a debate, perhaps we could make a subpage ("General discussion"?) and move all sections not focused on fixing the proposed policy to that page. Johnuniq (talk) 00:45, 16 September 2009 (UTC)

Desiphral has 29 confirmed + 3 likely sockpuppets (all blocked) – see the SPI (thanks Triplestop). Johnuniq (talk) 02:24, 16 September 2009 (UTC)

Getting back to editing the project page?
It's nice to see a discussion, but changes on the project page, with discussion on those changes, might be better. Of course it might be perfect now - No, didn't think so. Are there sections that folks really like, or really hate? I would like to get more editors involved, some different views to explore how more editors could be satisfied. Really all I personally want is a limited policy that would be clear to everybody, that would stop the worst abuses of paid editing. Smallbones (talk) 02:58, 16 September 2009 (UTC)

Clarification
I think i understand the current state of rules, but wanted to clarify a potential scenario:

If at the next inter-faculty meeting of my university, I was to volunteer to rewrite the uni's wikipage, would that be paid editing? I'm on a salary, so any editing would not be directly paid for, but as i am salaried and on flexi-time, even work from home is theoretically paid for. Is it banned, or allowed if declared? What if i didn't inform the faculty until after the fact? Seemed most like the intern example, without the "i'm just an intern" excuse :-). Just wondering, thanks. Yob  Mod  22:07, 16 September 2009 (UTC)


 * Of course this is just a proposed policy, but even without this I'd say it's a conflict of interest and should be declared. But that doesn't mean you can't write it.  Maybe the "graduate student" exception could be enlarged to all academics?  I don't know, but reading this pp as written, I'd say you'd need to declare as a paid editor, but can still edit. Smallbones (talk) 04:07, 17 September 2009 (UTC)
 * After rereading:if there was any advocacy it's clearing forbidden by the pp. The key words are probably " (if) the editor's employer has some control over the editing process."  Would the faculty boo you, or would you be denied a promotion if you repeated the news of the conviction of the rector for __ and ___ (from a reliable source)? Sounds likely - so definitely a paid editor. Smallbones (talk) 04:18, 17 September 2009 (UTC)
 * Oki doke. I'll give it a miss then. Paid editors seem pretty hated from the arguements i see in the archive. Thanks for the input! Yob  Mod  09:26, 17 September 2009 (UTC)

Quote from Jimbo
The quote from Jimbo at the top needs a ref, but before I add it I thought I'd check what people think. I favor keeping the quote and adding a note (and a "Notes" section). The note would link to the edit by Jimbo, and would briefly discuss how Jimbo decided to give up use of the block tool. However, I am also aware that quite a few people think that we may as well pick an arbitrary editor and quote their opinion – what is special about Jimbo? Any thoughts? Johnuniq (talk) 10:25, 17 September 2009 (UTC)
 * I think a notes section would be fine, if there are other notes to add in (stylistically, we can probably find a better way if that's the only note needed). I don't think the link to his giving up blocking as relevant.  I take his quote to empower editors to block paid editors, not a claim that he and he alone may do so.  I would have no qualms about blocking an editor I believed was behaving inappropriately.  As for his powers, I think this is the wrong place to discuss his role in governance.  Like it or not, he has the authority to make things stick (even while not himself blocking people). I don't see it as integral to the proposal, however.  --TeaDrinker (talk) 01:42, 18 September 2009 (UTC)
 * I take your point that mentioning Jimbo's block relinquishment is not relevant. When I went to add a reference, I noticed that Jimbo's name is actually a link to the RFC statement, so a reference is not required. Following is the wikitext I was planning to add, in case anyone feels it is needed: Johnuniq (talk) 04:32, 19 September 2009 (UTC)
 * Just take a look at WP:IAR. Jimbo's quote, "IAR is policy, always has been" is included there. So why not here? There seems to be precedent for it. --  At am a  頭 23:31, 23 September 2009 (UTC)

Clarification, part 2
Just want to put out a scenario that is semi-possible and see what would happen...

A while back it was announced that a branch of the German government was going to pay to improve articles on the German language version for various topics about it. (There's probably an English-language article somewhere here, but I'm using these two articles as sources.) What the money will do is to get experts in various fields to edit the Wikipedia articles. If you closely read the announcement, the government agency is paying the Nova Institut; there is nothing in those articles that indicate that the Nova Institut is going to be paying the experts. Now here is a scenario based on that; names & such used fictitiously as clarification aids:


 * The US Department of Energy decides the articles on Wikipedia about physics need improving, so they go to various recognized experts in the field and pays them directly to edit articles directly about their specific fields of study and expertise to improve both accuracy and readibility. For instance, Stephen Hawking would edit the article about black holes. Once the expert has agreed to make the edits, the agency publicly announces that it was funding said editing.

Now, would the editors in this instance fall afoul of this proposed policy? If they do, how should the department arranges in order to avoid seeing newspaper headlines saying things like "Wikipedia blocks experts from editing"?? Tabercil (talk) 02:54, 2 October 2009 (UTC)
 * There has been much discussion about that example, and most (all?) comments I have seen were totally supportive of the idea of a group sponsoring NPOV article improvement. The current wording of WP:PAID does not reflect that, but I think it will be addressed eventually. However, it is tricky to express the obvious point that Wikipedia welcomes improvements, while discouraging the many possible negative interventions, such as a government paying editors to "improve" cultural relations in ways which just happen to promote a POV. Johnuniq (talk) 03:23, 2 October 2009 (UTC)


 * As I read the proposed policy, this would be allowed, BUT the editor would have to post on his user page and on the talk page that he is a paid editor. Fair enough as far as I'm concerned.  This would help avoid paid advocacy.  People who disagree with the paid editor's edits would likely comb them for hidden advocacy, so these paid editors would have to be very careful not to advocate, or they could be banned.  This might show up in articles about politics and history, as the linked articles note could be a problem.  It could show up in other places - say Mideastern archeology - where the editors paid by Israel advocate that such and such a site proves that King David existed, but the paid editors from Syria state the opposite, and the Vatican editors say something else about another site, but the Orthodox scholars say ...  This policy does give some transparency and control over that type of thing - which is good.


 * An aside - there's nothing special in this about WP:OR - the policy on original research is the same for both paid and non-paid editors. I'm imagining Stephen Hawking getting hauled up to arbitration for doing OR. :]


 * There is a little quirk here - if the paid government experts were already on staff, there would be no problem (other than posting "I'm a paid editor"). But if they answered a position announcement (!) they could be banned immediately in the pp.  So how did the German Gov't recruit their experts?  One possible solution to this quirk would be to allow editors to answer ads, but require them to state that they will follow WP:PAID and WP:COI and give the links to these policies. Possibly controversial.  Smallbones (talk) 14:29, 2 October 2009 (UTC)


 * I do not see the wording that allows the "good" sponsored editing raised here. I think the issue of how paid editors are recruited is vital and should be in WP:PAID. If a group intends to recruit paid editors, they should prominently announce the details on Wikipedia (needs to be in a defined and well-watched location like "Paid editing/Noticeboard"). Transparency would eliminate many paid editing problems. The user page for a paid editor should include a clear statement and link to the noticeboard where consensus has approved the activity. Johnuniq (talk) 02:04, 3 October 2009 (UTC)


 * Agreed. The bulk of the paid editing that I think people are most familiar with are people inserting marginally notable people into Wikipedia, and those people who are pushing a specific POV. For those editors, we already have policies in place that will enable people to deal with them with needing to point to something like "no paid editing". By closing off the bad, we need to make sure we're not closing off the good as well. And oh, Smallbones, your mention of the image of Hawking at arbitration for OR? Made my day.  Tabercil (talk) 03:31, 3 October 2009 (UTC)

Moving Forward - a bold proposal
How does a proposed policy become an actual policy? And how does a proposed guideline become an actual guideline? I assume the final and critical step is for consensus at an RfC that's made known to the general community. Most of what happens before that is ultimately irrelevant. That's what we have now, a past that is mostly irrelevant, and a future that involves at least one RfC.

I propose a 3 step process for this particular quandry.


 * Let's ask the editors, in particular folks who watch WP:COI for participation in bringing the current proposals in line with general formatting for polices and guidelines. I suggest COI folks in particular (but not exclusively) because both proposals are close in many ways to issues covered by COI.  Of course, editors can also add content as well, but I'd ask that people who want a guideline to only contribute to the proposed guideline, and people who want a policy to only contribute to the proposed policy.
 * Have an RfC fairly soon - say in one week - to see which proposal should be submitted first to a second RfC, for adoption. That is, the question would be "Should WP:Paid editing(guideline) or WP:Paid editing(policy) be submitted first for adoption?"  The one not chosen could be userfied and submitted later if the first proposal was not adopted.
 * The second RfC on whether the chosen policy or guideline should be adopted. Could we set a tentative starting date? say December 1?

As far as the edit histories go - could they be joined by just putting them in the same file? - i.e. without tracking the order of each individual change, only the editors' contributions. Is this a difficult technical problem? Or perhaps, just leaving everything as is? Is it really that important compared to the above 3 step process?

I do suggest putting the shortcut WP:Paid on the proposal that seems to have the most support. But to avoid a controversy, why not a disambiguation page? Smallbones (talk) 17:02, 15 October 2009 (UTC)
 * I've changed Paid editing to a dismbiguaiton page and redirected WP:PAID there. (Ithought I'd done that days ago but apparently not).   Will Beback    talk    19:40, 15 October 2009 (UTC)

Please see Request for Comment
Please see Wikipedia_talk:Paid_editing_(guideline). Smallbones (talk) 04:46, 20 October 2009 (UTC)

Request for paid admin
A recent post at User talk:Jimbo Wales includes a Craigslist advert which I think is worth recording:
 * "We need an Wikipedia editor with Admin access to edit our Wikipedia company list. And maybe put up some additional listings for us. ONLY respond to this ad if you have Wikipedia Administrator credentials!"

Of course it might be bogus, but it might be worth noting these kind of requests somewhere (here?). Johnuniq (talk) 01:13, 3 November 2009 (UTC)


 * Would it be a WP:Point if we recruited an administrator with impeccable credentials just to answer to see if the advertiser is serious? You never know, he might be back. Smallbones (talk) 01:20, 3 November 2009 (UTC)

Closing out this proposal
I think we need to close this proposal. It's been a year since anyone seriously considered this; we are well beyond the "under discussion" stage.

IMO, it should be tagged as failed, which means "failed to gain consensus in a reasonable period of time" (because that's indisputably true). Does anyone object? Does anyone think that the conversation above indicates widespread community support for this proposal, or an ongoing discussion, or anything other than a lack of a clear consensus? WhatamIdoing (talk) 20:56, 13 December 2010 (UTC)


 * I support this move, and agree with the argument above. Community opinion on this issue is certainly quite split, on top of the issue that it is impossible to detect if in fact somebody is getting paid other than by self declaration, which to me makes this a useless policy to even try to form in the first place.  In other words, the threat by Jimmy Wales has no teeth at all.  That discussion has calmed down here is all that more reason to simply close this, and with the same end call this a failed policy.  Discussion has happened more recently on the Village pump and some of the mailing lists (I know of foundation-l as one) but even on those lists there was mixed opinion on the topic mostly going in favor of at least permitting some significant kinds of paid editing not permitted under the guidelines on this page.  Declaring this to be policy would open up a pandora's box, and one that should be left alone with a whole new policy concept if there are some who want to revisit this issue at a later date.  Declaring this as a failed policy initiative is to me the best route to go.  --Robert Horning (talk) 23:49, 13 December 2010 (UTC)


 * Anyone else have an opinion? WhatamIdoing (talk) 21:51, 15 December 2010 (UTC)


 * There is already Paid editing (guideline). It doesn't make sense to have both a policy and a guideline on the same issue. The reason we have both pages can be traced back to the disruptive influence of user:Benjiboi, who was working as a paid editor and was strongly opposed to any policy or guideline that disapproved of it. I think that a new RfC would have a very different result than the last one. However, I agree that this should be marked as historical and the attention should go into improving the guideline. It may, in time, be promoted to a policy but that should happen gradually.   Will Beback    talk    22:20, 15 December 2010 (UTC)


 * The guideline (which I personally liked slightly better, but I agree that both had flaws) likewise failed to gain consensus, and has recently been marked as such. WhatamIdoing (talk) 22:49, 15 December 2010 (UTC)
 * Oh, I hadn't noticed that. I must have removed that page from my watchlist accidentally. If I'd seen it I would have participated in that discussion. In any case, WP:COI basically covers the same ground. A section there on paid editing would suffice.   Will Beback    talk    22:56, 15 December 2010 (UTC)
 * I don't think that there was much of a discussion. Perhaps it had fallen off of a lot of watchlists.
 * Would you object to having it labeled as "failed to gain a consensus in a reasonable time"? The historical tag is really for things that were in use at one time, but have since been superseded.  WhatamIdoing (talk) 06:41, 18 December 2010 (UTC)
 * Fine with me. If folks get interested again in the future this or the guideline can be resurrected. But in the meantime this is dormant.   Will Beback    talk    07:35, 18 December 2010 (UTC)

Glad this didn't pass
It's pretty useless for me to comment at this point but my 2 cents on this proposal I just discovered are that it's ridiculous. Apart from the fact that there are a million grey areas when it comes to defining "paid editing", the edits that a user makes, speak for themselves. Wilfully biasing an article, advertising in an article, putting in slanderous remarks and trying to mislead the readers are all forbidden. If a company pays its employees to do these things, those Wikipedia accounts will be banned for breaking existing rules. If a company pays its employees to contribute to their favourite articles with useful encyclopedic information, banning those accounts would do Wikipedia a great disservice. Most successful open source projects have people who are paid to commit code. I'm surprised Jimmy Wales would say something this naive. Connor Behan (talk) 05:32, 16 August 2012 (UTC)

Legality of paid editing and hosting paid promotional content.
A few months after this proposal was deemed to have failed - based on a count of !votes !!, The FTC issued "Guides Concerning the Use of Endorsements and Testimonials in Advertising". The FTC just stated (in March 2013) that the Guides
 * "apply to “any advertising message . . . that consumers are likely to believe reflects the opinions, beliefs, findings, or experience of a party other than the sponsoring advertiser . . . .” 9 The Guides refer to advertising without limiting the media in which it is disseminated.
 * 9 16 C.F.R. § 255.0(b)."

My reading of the Guides is that the FTC indicates that a paid editor would be considered an endorser and liable for any false statements she made on wikipedia. Furthermore, the seller is also liable for misrepresentations made through the endorsement. (See Examples 3 and 5 on page 4 at http://www.ftc.gov/os/2009/10/091005revisedendorsementguides.pdf.)

Furthermore, per § 255.5, (page 10): The paid position of the editor must be fully disclosed, because it might materially affect the weight or credibility of the endorsement (i.e., the connection is not reasonably expected by the audience), so such CoI disclosure is a legal requirement, but WP:COI makes no mention of this. (See Examples 7, 8, and 9 on page 12 at http://www.ftc.gov/os/2009/10/091005revisedendorsementguides.pdf.)

I strongly encourage the WMF, and counsel in particular to consider the ethics and legal liability of not having this as policy. We have a policy that disallows content where there is a copyright violation-or even a reasonable suspicion thereof. So it doesn't look good that we have policies that take pains to avoid disallowing content that as I see it, would seem to be a violation of the FTC Act, 15 U.S.C. § 41. Update: Request made.

I would strongly urge that the community reconsider this proposal, or something like it, soon. I don't want the WMF paying or fighting fines like this. Anyone willing to volunteer to write and shepherd an RFC to address this?

Currently, our COI policy guideline both does not forbid paid article editing AND does not require COI disclosure, which to me is a recipe for mass violations of law. --Elvey (talk) 19:03, 22 May 2013 (UTC); revised ~2 hrs later.


 * The liability is not to the ordinary editors who may be involved with a particular article, nor to the WMF itself. It is instead to those editors who may be involved with this kind of paid editing... and they assume those risks by taking the contract.  Frankly, I see this as a non-issue in terms of Wikipedia or WMF policy and something that should be only done as a general advisory for somebody who may want to get into that kind of business... and even that isn't strictly necessary.  --Robert Horning (talk) 01:00, 23 May 2013 (UTC)


 * So you say, but you cite no sources and assert no authority. Much of the justification for wikipedia's strict image/file licencing policies is to avoid liability that the WMF is largely already immune to due to its status as a publisher (per OCILLA).  Do you dispute that there's some residual liability if the organization is seen as turning a blind eye or even encouraging illegal activity?  (I'm thinking of the Napster case.)  Much of the justification has an ethical basis.  Do you contend that  ethics are a non-issue in terms of policy?  You say a general advisory may be appropriate; where and what should it say? --Elvey (talk) 02:31, 23 May 2013 (UTC)


 * Certainly, illegal acts are against our terms of service, and advertising degrades the the quality of the encyclopedia. It is certainly outside the scope of the project and almost certainly will run into problems with WP:NPOV, WP:OWN, and many other policies and guidelines. So it seems silly for RH to basically say "It doesn't effect me - so let's ignore it." Ignoring the law is never a good option.  Smallbones( smalltalk ) 03:51, 23 May 2013 (UTC)


 * This sounds like "The community should give legal advice to paid editors about how to do their jobs". I don't want to do that.  If a paid editor needs to take certain steps to avoid legal problems—whether those steps involve dancing around an oak tree at midnight or disclosing the fact that he's being paid—then that paid editor needs to get his own lawyer.  We have no business trying to tell paid editors which of hundreds of laws in many dozens of countries apply to them.  "The FTC said so" is not going to impress the majority of the editors at the English Wikipedia, who are not nationals of the United States.  WhatamIdoing (talk) 04:30, 23 May 2013 (UTC)


 * Legal advice? Are we giving legal advice when we have policies that define what editors may or may not upload?  I'm suggesting the same sort of policies define the capacity in which editors may edit.  --Elvey (talk) 17:56, 23 May 2013 (UTC)


 * There is no way for paid editors to appropriately edit English Wikipedia. Ethics and legalities make it inappropriate.  And on top of that, Jimbo has said as much - see the quote at the top of this proposed policy.  Nationality per se doesn't matter. Jurisdiction does.  What percent of 'en' edits last month were from US-geolocated IP space?  Is it in 1st place?  Where is the WMF incorporated? Located? Mainly CA and FL. (irrelevant, given Smallbones' point below.)--Elvey (talk) 17:56, 23 May 2013 (UTC)


 * I'm not a paid editor; are you? I wouldn't be surprised if lots of 'em come out of the woodwork to oppose this.  But votes don't carry weight.  Valid arguments do.--Elvey (talk) 17:56, 23 May 2013 (UTC)


 * To be clear - the US law applies to any company that sells, markets, or promotes a product or service in the US. There is a similar law for the EU, i.e. the law applies to any company that sells, markets or promotes any product or service in the EU.  I suspect that most countries that regulate advertising in any way have some similar law, certainly countries like Canada and Australia.  So from any practical viewpoint, what companies would be left that want to advertise on en:Wikipedia? These laws clearly apply to almost anybody who wants to edit on en:Wikipedia.  Smallbones( smalltalk ) 03:27, 24 May 2013 (UTC)


 * Yes, there are similar laws in other countries as well, for example the Unfair Commercial Practices Directive, valid throughout the European Union. There was a German court decision last year (that also relied on the directive) regarding Wikipedia: "The court held that when a company edits a Wikipedia article, the resulting text falsely creates the impression that the edit has no business-related purpose. By implication, the judges found that the average reader of Wikipedia articles expects to find objective and neutral information." That is a very very important condition, comparable to the FTC Guide "that consumers are likely to believe reflects the opinions, beliefs, findings, or experience of a party other than the sponsoring advertiser”. IF this common belief, this impression, this expectation by consumers of neutral information on Wikipedia, changes to a "common knowledge" that companies write "their" WP articles for PR/marketing purposes ("hey, everybody does it!"), then this legal protection is soon gone. This is critical, and the public perception of Wikipedia can change (and it does!) if Wikipedia tolerates paid advocacy (in the public perception and in reality). If we don't want Wikipedia to deteriorate to a notorious platform for PR agencies, marketers and paid advocates, we need 3 things:
 * 1) Clear rules against paid COI editing. Clearer than now ("strongly discourage"? what does a PR agency consider "neutral POV"?). See proposals.
 * 2) A not overly complicated way to handle legitimate concerns, factual corrections and issues by companies, update numbers etc., in an acceptable time span (talk page templates to "request an edit", wikiprojects that respond etc.). A publically known "This is the way to do right", if you don't want a shitstorm about your companies "Wikipedia manipulation".


 * 3) We really need the volunteer editors that apply the rules and work on those legitimate requests. This is very important, Wikipedia needs enough Wikipedians that make people adhere to the rules and that write sourced and neutral articles and that delete the advertisement/PR crap. If the ratio of experienced Wikipedians without COI vs. the paid advocates (those with skin in the game) increasingly changes, then a vicious circle of paid editing will kill Wikipedia. My third point here is about resources of time, motivation and editors. If every company with a PR/social media department writes and "improves" "their" WP article, then we cannot cope with the amount of non-neutral, badly sourced, barely notable articles. More stringent notability guidelines for articles could help, a little, additionally. If the number of COI-articles and the number of paid editors grows faster and Wikipedians give up working on neutrality, we have a big problem.
 * Basically, there are 2 vicious circles to be concerned about: first the vicious circle of volunteer/ paid editor engagement (see pic) and secondly the vicious circle of public perception that "everybody does PR on Wikipedia". I seriously believe this could essentially kill Wikipedia in the next 5 years. --Atlasowa (talk) 11:59, 29 May 2013 (UTC)
 * Ok, so what next? I asked earlier, "Anyone willing to volunteer to write and shepherd an RFC to address this?"... FYI: I've asked directly for input from legal.--Elvey (talk) 22:48, 29 May 2013 (UTC)
 * Is there an evidence base for all the normative statements, or even just the diagram... or is it all just ipse dixit? bobrayner (talk) 00:15, 30 May 2013 (UTC)
 * [Subsequent note: The above comment was intended for Atlasowa, but was directed at me.-Elvey] Are you kidding me? My initial post alone included 4our references to back up my claims re. US law, and others have added info re German, Canadian, Australian and EU law. --Elvey (talk) 03:23, 30 May 2013 (UTC)
 * Nobody seriously doubts that various laws apply to editors. That's not the problem. Perhaps this will help:
 * If we don't want Wikipedia to deteriorate to a notorious platform for PR agencies, marketers and paid advocates, we need 3 things: ... If the ratio of experienced Wikipedians without COI vs. the paid advocates (those with skin in the game) increasingly changes, then a vicious circle of paid editing will kill Wikipedia. ... If every company with a PR/social media department writes and "improves" "their" WP article, then we cannot cope with the amount of non-neutral, badly sourced, barely notable articles. ... If the number of COI-articles and the number of paid editors grows faster and Wikipedians give up working on neutrality, we have a big problem. ... Basically, there are 2 vicious circles to be concerned about: first the vicious circle of volunteer/ paid editor engagement (see pic) and secondly the vicious circle of public perception that "everybody does PR on Wikipedia". I seriously believe this could essentially kill Wikipedia in the next 5 years.
 * I could repeat the exercise for the whole page, and add several hundred tags, but you get the point. When presenting a proposal to the broader community, they're likely to ask for better evidence, in lieu of the vague moralising and isn't-it-obvious connections that are sufficient when preaching to the converted. Yes, yes, it's well evidenced that certain laws apply to certain editors. So what? Plenty of countries have lèse-majesté laws but we don't write policies against insulting governments or kings; plenty of countries have strict regulation of professions (and job titles) but we don't demand that editors in reserved fields present professional credentials; and so on. We could, perhaps, write a policy that says "don't do stuff on en.wiki if doing that stuff would be illegal"; but attempting to embed the requirements of every such law into enwiki policy would be folly, and the discussion above goes a couple of steps beyond what the law says. bobrayner (talk) 03:03, 30 May 2013 (UTC)
 * You should have responded to Atlasowa's comment instead of to my comment, since he wrote that, not me.--Elvey (talk) 03:39, 30 May 2013 (UTC)
 * So what next? I asked earlier, "Anyone willing to volunteer to write and shepherd an RFC to address this?"... Evidence of the legal danger has been provided.  Clear evidence of net harm by paid editors when we can't ID them with any reliability is infeasible.  But I think a zillion and a half editors have encountered determined POV-pushing advocates of commercial enterprises and that many of them have been paid editors.  --Elvey (talk) 22:48, 29 May 2013 (UTC)

Paid editing by User:EagerToddler39
Recently I stumbled on this discussion via the LingQ article. It seems that the user EagerToddler39 is obviously a paid editor. As en.wikipedia is not my home wiki, I would like to know, what is the policy of en.wikipedia on this? To which site do I have to appeal? --Paramecium (talk) 13:07, 26 September 2013 (UTC)
 * Wow. . "... the editor in question has already described the provision of these links as harassment. I fully support any move to reduce the impact of paid editing, But per policy, we can't out editors as part of the process of showing their COI." "Due to privacy concerns and the risk of outing Wikipedia editors, the data will not be publicly available. Being paid as a Wikipedia editor is not currently against policy, so privacy concerns were deemed to outweigh other interests."  Unbelievable. --Atlasowa (talk) 14:25, 26 September 2013 (UTC)

What is going on here?
I don't understand the Failed Proposal tag at the start of the article. Does this nullify the entire article? It seems to contain good information such as what paid editing is defined as, etc. It doesn't make any sense. If there is no paid editing on WP, the article on "paid editing" should state this and give a history of failed attempts. It should not have a huge red X at the start of the article. The way it's worded, the article itself is a failed proposed article. Is this the case, or is this a sound article about (the lack of) paid editing? In short, you can't have a tag that says essentially "this is all wrong" if it contains useful information... Squish7 (talk) 22:27, 25 February 2014 (UTC)
 * The tag just means that this wasn't accepted as a new policy. The description of paid editing may be accurate, but the basic procedure being described - requiring disclosure by paid editors - wasn't accepted by the community in this form. - Bilby (talk) 21:37, 26 February 2014 (UTC)

just a small point
Link to the corporate vanity policy appears broken — Preceding unsigned comment added by Garymonk (talk • contribs) 10:02, 26 March 2014 (UTC)

Generate Consensus
Please, everyone disscus on this thread. Lets help this policy get on it's feet with a new consensus! 146.200.163.2 (talk) 19:28, 2 November 2015 (UTC)

Make my wikipedia
Make my wikipedia Mon das animesh (talk) 01:13, 25 March 2021 (UTC)

If not then it would be a nepotism of you. Mon das animesh (talk) 01:15, 25 March 2021 (UTC)

Paid editing; is it reason to think many do not disclose they are paid?
On linkedin one can find lots of profiles from people and even companies that say they even make pages on wikipedia, that they make and edit pages for prominent people etc. Wikipedia has a policy that one must disclose if one are a paid editor, but as editors can have anonymous profiles how is this monitored? No one would know if the editor is not edit totally stupid. Such editors if enough clients will also have time to edit a lot on wikipedia as they indeed get paid for it. These editors can get powerful as they become senior editors with lots of privileges in editing. For me it seems like wikipedia potentially have a large problem with paid editors that likely many not have declared they are paid, and therefore are heavily biased. Has this been studied? Quite easily one can do some statistical tests here that likely will give good indication if this is a growing issue on wikipedia. Just a though. ChrisCalif (talk) 11:01, 9 June 2021 (UTC)

Paid Editing
This can bring up more editors and can make Wikipedia grow — Preceding unsigned comment added by Justus Muindi (talk • contribs) 20:26, 22 January 2023 (UTC)

HACKING types
What is a Cyberattack? A cyberattack – also known as a cybersecurity attack – is any form of malicious activity targeting IT systems and/or the people using them to gain unauthorized access to systems and data they contain.

Criminals typically are looking to exploit an attack for financial gain, but in other cases the aim is to disrupt operations by disabling access to IT systems. Threat actors can be anyone from a single person attempting to obtain stolen credentials and hold them for ransom to a state-sponsored contingent looking to disrupt operations on foreign soil. Whatever the motivations, most IT networks – and the people that maintain them – will experience some type of attack over the course of their lives and must be prepared.

7 Common Types of Cyberattacks If you've ever studied famous battles in history, you'll know that no two are exactly alike. But there are strategies that, over time, have proven to be effective. Similarly, when a criminal is trying to hack an organization, they won't try something novel unless absolutely necessary. They draw upon common hacking techniques that are known to be highly effective, such as malware, phishing, or cross-site scripting (XSS).

Whether you're trying to make sense of the latest data-breach headline in the news or analyzing an incident in your own organization, it helps to understand different attack vectors. Let's take a look at some of the most common types of cyberattacks seen today.

Malware Malware refers to various forms of harmful software, such as viruses and ransomware. Once malware is in your computer, it can wreak all sorts of havoc, from taking control of your machine, to monitoring your actions and keystrokes, to silently sending all sorts of confidential data from your computer or network to the attacker's home base.

Attackers will use a variety of methods to get malware into your computer, but at some stage it often requires the user to take an action to install the malware. This can include clicking a link to download a file, or opening an email attachment that may look harmless (like a document or PDF), but actually contains a hidden malware installer.

Phishing In a phishing attack, an attacker may send you an email that appears to be from someone you trust, like your boss or a company you do business with. The email will seem legitimate, and it will have some urgency to it (e.g. fraudulent activity has been detected on your account). In the email, there may be an attachment to open or a link to click.

Upon opening the malicious attachment, you'll unknowingly install malware in your computer. If you click the link, it may send you to a legitimate-looking website that asks you to log in to access an important file – except the website is actually a trap used to capture your credentials. To combat phishing attempts, it’s essential to understand the importance of verifying email senders and attachments or links.

SQL Injection Attack An SQL injection attack specifically targets servers storing critical website and service data using malicious code to get the server to divulge information it normally wouldn’t. SQL (structured query language) is a programming language used to communicate with databases, and can be used to store private customer information such as credit card numbers, usernames and passwords (credentials), or other personally identifiable information (PII) – all tempting and lucrative targets for an attacker.

An SQL injection attack works by exploiting any one of the known SQL vulnerabilities that allow the SQL server to run malicious code. For example, if an SQL server is vulnerable to an injection attack, it may be possible for an attacker to go to a website's search box and type in code that would force the site's SQL server to dump all of its stored usernames and passwords.

Cross-Site Scripting (XSS) Cross-site scripting (XSS) attacks also involve injecting malicious code into a website, but in this case the website itself is not being attacked. Instead, the malicious code only runs in the user's browser when they visit the attacked website, where it directly targets the visitor.

One of the most common ways an attacker can deploy an XSS attack is by injecting malicious code into a comment or a script that could automatically run. For example, they could embed a link to a malicious JavaScript in a comment on a blog. Cross-site scripting attacks can significantly damage a website's reputation by placing users' information at risk without indication anything malicious has occurred.

Denial-of-Service (DoS) Denial-of-service (DoS) attacks flood a website with more traffic than it’s built to handle, thereby overloading the site’s server and making it near-impossible to serve content to visitors. It’s possible for a denial-of-service to occur for non-malicious reasons. For example, if a massive news story breaks and a news organization’s site is overloaded with traffic from people trying to learn more about the story.

Often though, this kind of traffic overload is malicious, as an attacker floods a website with an overwhelming amount of traffic to essentially shut it down for all users. In some instances, these DoS attacks are performed by many computers at the same time. This scenario of attack is known as a distributed denial-of-service attack (DDoS).

Session Hijacking Session hijacking occurs when an attacker hijacks a session by capturing the unique – and private – session ID and poses as the computer making a request, allowing them to log in as an unsuspecting user and gain access to unauthorized information on the web server. If everything goes as it should during any internet session, web servers should respond to your various requests by giving you the information you're attempting to access.

However, there are a number of methods an attacker can use to steal the session ID, such as a cross-site scripting attack used to hijack session IDs. An attacker can also opt to hijack the session to insert themselves between the requesting computer and the remote server, pretending to be the other party in the session. This allows them to intercept information in both directions and is commonly called a man-in-the-middle (MITM) attack.

Credential Reuse Credential reuse occurs when someone uses the same credentials on multiple websites. It can make life easier in the moment, but can come back to haunt that user later on. Even though security best practices universally recommend unique passwords for all applications and websites, many people still reuse their passwords – a fact attackers will readily exploit.

Once attackers have a collection of compromised credentials from a breached website or service (easily acquired on any number of black market websites on the internet), they know there’s a good chance they’ll be able to use those credentials somewhere online. When it comes to credentials, variety is essential. Password managers are available and can be helpful when it comes to generating and managing unique passwords for every corner of the internet.

How to Prevent Cyberattacks We could cover thousands of tactics and tips for preventing cyberattacks at scale, but let's zoom in an take a look at some key examples:

Phishing awareness training: Educate employees on why phishing is harmful and empower them to detect and report phishing attempts. This type of training includes email simulated phishing campaigns to employees, monitoring results, reinforcing training, and improving on simulation results.

Compromised credentials detection: Leverage user behavior analytics (UBA) to create a baseline for normal activity on your network. Then, monitor how administrator and service accounts are being used, which users are inappropriately sharing credentials, and whether an attacker is already expanding from initial compromise on your network.

Ransomware prevention: Create a three-point plan to prevent ransomware attacks. This includes minimizing an attack surface, mitigating potential impact once exposure has been detected, and debriefing to pinpoint existing plan gaps. From there, teams can rebuild systems, quarantine endpoints, change credentials, and lock compromised accounts.

XSS attack prevention: Institute a filtering policy through which external data will pass. This will help to catch malicious scripts before they can become a problem. This leads into creating a wider content security policy that can leverage a list of trusted sources that are able to access your web applications.

Threat intelligence program: Create a central hub that feeds all security-organization functions with knowledge and data on the highest-priority threats. Organizations rely heavily on automation to help scale a threat intelligence program by continuously feeding data into security devices and processes, without the need for human intervention. — Preceding unsigned comment added by MRXM1000 (talk • contribs) 14:40, 16 January 2024 (UTC)