The sockpuppet who ran for adminship and almost succeeded

News and notes

The sockpuppet who ran for adminship and almost succeeded

By Artoria2e5, Bri, Ganesha811, Smallbones, and Yair rand

RfA candidate blocked as sockpuppet by Arbitration Committee

An RfA candidacy favored 123 to 1 was closed with the comment "This was unsuccessful due to the candidate being ArbCom blocked during the nomination process." Eostrix was blocked as a sockpuppet of Icewhiz during the RfA, though the Arbcom decision was not unanimous.

Beeblebrox explained "This was a very determined, carefully planned attempt to fool the community, and it nearly succeeded, probably would have if it weren't for one particular committee member who doggedly pursued this for quite some time, although it obviously acquired a sense of urgency when the account ran for adminship."

The community generally reacted with shock and thanks for Arbcom's vigilance. Few editors defended Eostrix or questioned the decision.

Little or no public evidence on the guilt or innocence of Eostrix and Icewhiz has been available. The Signpost emailed Icewhiz for a response, which was evasive. They wrote that they would neither deny nor confirm the sockpuppeting allegations or even whether they edit Wikipedia at all. The Wikilawyer-like tone of the two Icewhiz responses and even some exact wording matched extensive email discussions between Icewhiz and The Signpost conducted in 2019.

A new account on a Wiki-discussion site claimed that they were Eostrix and denied being a sockpuppet. Members of that site were generally unimpressed with the denials. They claimed that Eostrix and Icewhiz consistently made the same rare editing mistake – spelling "albeit" as "all be it".

Several editors asked whether candidates for adminship should automatically be checked for socks on the theory that we can't risk having a long-term abuser become an admin. Worm That Turned and others expressed horror that editors' privacy could be violated so routinely, until it was shown that checkuser data was used by stewards to verify election results. Thereafter the objections focused on arguments that checkuser data wouldn't have helped discover the socks in this particular case, and then to a statistical argument that CU data doesn't help in any case where there is no prior evidence of sockpuppetry. – S

Vacancies at WMF

Wikimedia Foundation leadership team as published by the Foundation earlier this year. The corresponding C-suite in 2019 had ten members. Titles missing in the 2021 roster include chief technology officer, chief of staff, chief operating officer, chief creative officer, and now, the chief product officer, leaving just four (or five including the incoming CEO, not pictured).

Toby Negrin, the head of WMF's product department, posted a letter of resignation on 12 October. The function of the department is to "build, improve and maintain the features of Wikimedia sites". This departure leaves the WMF with less than half of the C-team that was previously around: the positions of the heads of the Technology, Communications, and Operations departments are all still vacant, as is the CEO. – Y, B

Wikimedia Enterprise launches

The new service's logo

Wikimedia Enterprise, the commercial data service launched by the WMF, officially opened for business on October 25. With three different API services offered starting at $25,000/year, the product is designed for corporations who depend on Wikimedia data such as Google posting knowledge boxes on their search page. It is designed to minimize or eliminate any backflow effects on Wikipedia content or the Foundation. The WMF has capped commercial revenue at 30% of overall revenue. Previous coverage in The Signpost resulted in some skeptical comments from Wikipedians. – G

RfA 2021 review enters brainstorming phase

In last month's News and notes, we covered the RfA 2021 review in "Another look at requests for adminship". The review has progressed into a brainstorming phase to address these issues, and possibly a handful of others:

Corrosive RfA atmosphere
Level of scrutiny
Standards needed to pass keep rising
Too few candidates
"No need for the tools" is a poor reason as we can find work for new admins
RfA should not be the only road to adminship

There is no fixed deadline, but it may have wrapped up by the time The Signpost is published. We will cover more details at this month's Discussion report. – B

Mass block coming for many Apple users

3–5% of editors using Apple's Safari browser may be blocked in the next few months. This includes logged-in, active editors who may not understand why they've encountered a block. This is because of iCloud Private Relay, a new service in Safari, which is similar to a proxy or a VPN. There is a discussion about this on Meta. The goal is to learn what iCloud Private Relay could mean for the communities. – Tech News weekly editors, selected by B

Brief notes

An introduction to Maryana Iskander

CEO's listening tour begins: Presentations by Maryana Iskander, the incoming Wikimedia Foundation Chief Executive Officer, are viewable at Maryana's Listening Tour on meta and a presentation at WikiConference North America (Red Stage video) – there have also been presentations at WikiCon 2021, WikiArabia, and Wikidata Con.
Maggie Dennis, VP of Community Resilience and Sustainability answers questions on Chinese bans and other topics 1:02:10. The main surprise is that the big picture and so many details can fit into one hour.
Beijing strikes again: China vetoed WMF's accreditation to World Intellectual Property Organization again, citing the same "one China" issues as the last time.
The Farsi Wikipedia banned IP editing for six months starting on 22 October, joining the Portuguese Wikipedia in the IP-free experiment. The Spanish Wikipedia will likely start its IP-free experiment as the other two experiments are concluded.
The Wayback Machine shows us the way forward: their nightmare vision is a dystopian future filled with censorship and "copyrighted facts".
New user-groups: The Affiliations Committee announced the approval of this week's newest Wikimedia movement affiliate, Wikimedia Small Projects in Spanish on 23 September. The group is a development from SmallProjects grant which was approved 13 August this year.
No new administrators: There were no successful requests for adminship in October. The total number of successful candidacies during 2021 stands at seven.
Take the lead: The lead section-writing contest of English Wikipedia has come back after five long years.
Fundraising banners: Annual fundraising banners will be displayed on English Wikipedia beginning 30 November. The community has been invited to make suggestions.

← Previous "News and notes"

Next "News and notes" →

In this issue

News and notes

+ Add a comment

Discuss this story

These comments are automatically transcluded from this article's talk page. To follow comments, add the page to your watchlist. If your comment has not appeared here, you can try purging the cache.

Re: Vacancies at WMF. What is "the C-team"? DuncanHill (talk) 20:30, 31 October 2021 (UTC)[reply]
- The term refers to the top level management of an organization such as a corporation, also known as the c-suite. Ganesha811 (talk) 20:32, 31 October 2021 (UTC)[reply]
  - (they're called the "c-suite" or "c-team" because their titles all usually start with "c": CEO, CTO, COO...) AntiCompositeNumber (talk) 20:40, 31 October 2021 (UTC)[reply]
    - Thanks, I did google the term and only found something to do with Dungeons & Dragons, and I tried typing it into the search box and got redirected to a radio station in Australia. It might be a good idea to explain obscure jargon. DuncanHill (talk) 21:04, 31 October 2021 (UTC)[reply]
- Linked from the caption but not the body text. Oops. ☆ Bri (talk) 21:23, 31 October 2021 (UTC)[reply]
The sockpuppet who ran for adminship and almost succeeded: This is the first time an RfA has been stopped dead in its tracks, but it's by no means the first case of a totally corrupt admin, and it won't be the last. The scary part is not knowing just how many admins of this kind are undetected? Some, for sure. Kudpung กุดผึ้ง (talk) 20:35, 31 October 2021 (UTC)[reply]

It is scary, but it also makes me think about this xkcd. If a malicious actor looking to damage Wikipedia has to maintain an account with thousands of useful or neutral contributions while participating for years, just to get found out, who's really getting played here, us or them? Ganesha811 (talk) 20:39, 31 October 2021 (UTC)[reply]

Socking with determination is not difficult. Those who have an agenda create sleepers from different IPs and user agents. CU is basically useless unless a sock is really stupid. The Duck test is best. It's apparently what caught this clown out, but it's only coincidence that puts a researcher on the right track. But even that needs some training, a sharp eye, a huge watchlist, and being everywhere all the time. Kudpung กุดผึ้ง (talk) 20:49, 31 October 2021 (UTC)[reply]

I never understood why Icewhiz went off the rails but I hope they get the help they clearly need. I'm glad CU was able to protect the community from such corrosive influences. I wish CU could be used more freely to catch many other socks which I suspect have long been operating. Chris Troutman (talk) 22:31, 31 October 2021 (UTC)[reply]

What happened with them? DogsRNice (talk) 07:00, 9 November 2021 (UTC)[reply]

@Ganesha811 and Kudpung: It is scary, but it also makes me think about this xkcd. Very much this. (I don't even have to click on it to know which one you're referencing. Mission f--- accomplished indeed.) Our entire vocabulary around socking has evolved to obscure the fact that it isn't a thing you are, it's an action you take — a "sockpuppet" is an account abused by someone socking, it can't take any actions because it isn't a real person. A sockpuppet didn't almost succeed in their RFA — Icewhiz nearly succeeded in obtaining adminship using their sock account. That's a bit more different than people seem to be acknowledging.

I certainly get that it would be undesirable, and I don't even disagree with our guilty-until-proven-innocent attitude towards socking. (Meaning, if you're operating a sock account everything you do using it is presumed malicious, regardless what the actual intent of the actions are.) But people are acting like, if a user ever obtained adminship using a sock account, we should just pack up this whole failed Wikipedia experiment and head home. That strikes me as a bit histrionic. -- FeRDNYC (talk) 14:17, 1 November 2021 (UTC)[reply]

Actually, correction — if you're operating a sock account, everything you do is presumed malicious, period, under any/all of your accounts. Again, I'm not saying that's even incorrect, but it means that Icewhiz's RfA itself becomes a malicious act by default. Which is why this report is implicitly interpreted as "ATTACK ON WIKIPEDIA NEARLY SUCCEEDED", when I'm not convinced that's quite the correct read. -- FeRDNYC (talk) 14:37, 1 November 2021 (UTC)[reply]

Revealing Icewhiz's mistake to him, merely helps him avoid that mistake in his 'next' bid for administratorship. GoodDay (talk) 03:00, 1 November 2021 (UTC)[reply]

You'd best tell that to the folks at WO, GoodDay. Kudpung กุดผึ้ง (talk) 07:47, 1 November 2021 (UTC)[reply]

I'll let'em figure it out. GoodDay (talk) 07:49, 1 November 2021 (UTC)[reply]

Icewhiz spent two years, making 22,000 edits, to get to a failed RFA with his/her sockpuppet. At two minutes per edit (to be conservative), that's more than 700 hours contributed to a project that he/she doesn't seem to believe. Perhaps the lesson to be learned is to spend one's time elsewhere? -- John Broughton (♫♫) 04:58, 1 November 2021 (UTC)[reply]

@John Broughton, Ganesha811, and FeRDNYC: to this point, and the "mission accomplished" analogy, sadly the Eostrix account only made c.8,500 mainspace edits, of which 84% were automated.[1]. So the account only made 1,429 normal mainspace edits, using John Broughton's 2 mins per edit that is only 48 hours. That pales into insignificance against the time wasted by the community in order to identify, prosecute and post-mortem this mess. Onceinawhile (talk) 09:47, 2 November 2021 (UTC)[reply]

@Onceinawhile: That's fair, and thank you for reminding us of the real cost of this situation: Not that our admins' collective (and completely imaginary) Shield of Absolute Trustworthiness was nearly breached (as Daniel Case points out below, that's happened before and will happen again), but that a lot of already-overtaxed Wikipedians' time was wasted on this. That's Not OK™. -- FeRDNYC (talk) 10:05, 2 November 2021 (UTC)[reply]

Eostrix has nothing on Law, for those who remember that debacle ... a sock of the undertow who became an admin with the full awareness of several other admins, all of whom had IIRC had to resign the mop as a result.
And before that there was Archtransit ... who, well, wasn't a sockpuppet but a sockmaster who gave himself away after getting the tools because he went and unblocked all his previously blocked socks ... when people wondered what was going on, someone ran a Checkuser which revealed all the socks, included some he still hadn't unblocked.
I still see the latter incident as the worst RfA failure, ever. Daniel Case (talk) 22:18, 1 November 2021 (UTC)[reply]
"The goal is to learn what iCloud Private Relay could mean for the communities" - this is facinating, and I agree with the page's point that this is likely to become more common as other companies add similar features. Maury Markowitz (talk) 20:40, 31 October 2021 (UTC)[reply]

Re Icewhiz + "wiki discussion site" - is the word "wikipediocracy" verbotten here? It seems unusual to do such a dance to avoid naming a publication. 142.157.234.234 (talk) 22:10, 1 November 2021 (UTC)[reply]

re: the "wiki discussion site" I believe it is still the case that they are blacklisted (i.e. we can't link to them) IMHO - gained from my personal experience - they were properly blacklisted. I don't believe this means that anybody who posts there is automatically persona non grata, but my personal opinion of the website as a whole is very negative. It's essentially a site where all the rules of Wikipedia don't apply (e.g. personal attacks, banned-by-Wikipedia editors, outing, incivility, battleground behavior) are the norm. That's fine if they keep it there, but when they want to import their garbage into Wikipedia - its absolutely wrong. Using that site as a convenient way to work around Wikipedia rules, IMHO is - I repeat - absolutely wrong. I won't mention their name on The Signpost and I have nothing more to say on the matter. Smallbones_(smalltalk) 23:29, 1 November 2021 (UTC)[reply]

Yes, of course that place is a total cesspit, Smallbones, but ironically its founder and major Wikipedia critic everywhere is a former E-in-C of The Signpost and still writes major articles in it... Kudpung กุดผึ้ง (talk) 07:13, 2 November 2021 (UTC)[reply]

Re: Mass block coming for many Apple users --- Is the WMF gonna tell iOS users what the issue is when they are blocked? Common sense suggests that the WMF has already figured out how to remind iOS users not to use iCloud's "VPN", but I can't shake the feeling that they'll not do something like that. And Re: Eostrix --- Wow. Professor Quirrel didn't put that much effort to hide his secret. Stories like this one just show how important The Signpost is for people who live under a rock like me. Tube·of·Light 03:03, 2 November 2021 (UTC)[reply]
Mass block coming for many Apple users Apple is doing the right thing for Apple Safari users. Unfortunately, the setting is all or nothing. I hope Apple users will not turn the feature off. I have done so since the early days of the developer beta program. Toggling the feature on and off lies too deeply in the settings for most editors to do so dynamically as they shift from Wikipedia editing to other web browser activity. I hope we do not lose too many valuable edits and I also hope Apple users keep the setting on. —¿philoserf? (talk) 21:28, 3 November 2021 (UTC)[reply]
That was scary in reference to Icewhiz. Imagine a sock got sysop powers the damage they could do. I think the RFA system should be slightly redone so that there are roadblocks in place in an attempt to prevent this from happening. The nominating admins were very well known ones as well and he fooled them. Bobherry Talk Edits 13:16, 7 November 2021 (UTC)[reply]
Looking at the sock's RfA nom, I'm thoroughly disturbed that a sockpuppet became a trusted contributor at SPI, but also a little comforted by the fact they were still detected. I also hope something will be done to make this less likely in the future. Daß Wölf 19:07, 7 November 2021 (UTC)[reply]

Want the latest Signpost delivered to your talk page each month?

Home

About