|
Wikis have been around for a long time on the Web. It’s taken a while for them to transform from geek tool to a mainstream word, but we’re here now.
Last week at the ICANN Meeting in Vancouver, it was fun to watch hundreds of people get introduced to Wikis and start using them, thanks to Ray King’s ICANN Wiki project.
In the past few days since, I’ve come to believe that Wikis are doomed unless they start thinking about security in a more serious way.
Someone is attempting to deface the ICANN Wiki main page, and the Sysop has a full-time job on their hands!
Last week, John Seigenthaler, assistant to Attorney General Robert Kennedy in the early 1960’s, wrote an article in USA Today about how for 132 days, he was a victim to Internet character assasination - courtesy Wikipedia.
Wikipedia has since changed its rules and now requires registration prior to any postings. ICANN Wiki needs to follow, as do any serious Wikis that want users to treat their content as reliable.
Registration alone as a preventative measure is unlikely to solve the underlying problem—what to do when collective knowledge pooling is poisoned by bad actors? Wikis allow posting spurious, damaging or bad content about someone else so much easier than literally any other method. And if companies and individuals don’t pay close notice, their reputation can be smothered, or worse.
Is it time for paid Wiki Marshalls who will keep the peace?
Sponsored byRadix
Sponsored byVerisign
Sponsored byCSC
Sponsored byVerisign
Sponsored byIPv4.Global
Sponsored byWhoisXML API
Sponsored byDNIB.com
Although I find that wikis can be extremely useful they seem to have been adopted by a lot of organisations without any real thought of the implications. If email spam and blog comment spam wasn’t bad enough, having to contend with junk on wikis could become a full-time job for any wiki maintainers. I doubt if anyone will pay to have it done though :)
Yes, wiki spam is definitely a problem and ICANNWIKI currently gets spammed about 4 times per day. If this grows, we will have to change our rules. That pains me, however, because the beauty of the current system is that it allows such easy editing, with or without logging in. Right now, it is more important to lower the barrier for legitimate users, especially those just learning how to use the system, than to raise the barrier to a few bad actors.
The spam we get today is all from people outside the industry putting up tons of links for drugs and the like. In fact, they put the links up in an invisible way, hoping that we won’t notice and the presence of these links will improve their own search engine rankings.
I am happy to report that there have not been cases of people in the ICANN community “spamming” the site with offensive material or blatent advertisements. Of course there will always be differences of opinion, but the wiki environment naturally tends towards a neutral point of view so over time the wiki may be the best place to look for material presented in a neutral point of view (NPOV).
I think the paid marshall notion is premature. At this point it is easy enough to keep ICANNWIKI clean of spam and growing in a constructive manner, but if that changes, then my plan would be to ask for volunteers to oversee various areas.
I will be guest speaker on the Domain Masters webcast on Webmaster Radio today at (7pm E / 4pm P), and I will be mentioning the ICANNWiki and the participation at the ICANN Conference.
Author apologizes for fake Wikipedia Biography - USA Today
Wikis have to start implementing better security practices ... perhaps implement something similar to collaborative approval of edits ... Mike Nelson of ISOC introduced me to swarmsketch.com - an innovative way to do collaborative editing.
Security for public wikis is certainly a growing issue, but for most corporate and group applications, there is no reason to make a wiki open to the greater public. I work with two separate organizations that maintain private wikis as a workspace where individuals can post material, mark up existing material, and agree on final versions, among many other apps, and I wonder if we’ll see more use of wikis as intra-organization tools.
And in other news, having engaged in the debate many times myself as to the veracity of data in public wikis, Nature Magazine just posted an article citing that wikipedia’s public science entries were just about as accurate as Britannica. Viva wikipedia!
True—Wikis are great in internal debates/discussions, my security concerns are for public wikis which can be spammed without any restrictions.
I must report that ICANN WIKI got a serious bout of spam in the past week. It is almost all from the same source and is of the form of URL spam, it is plain to see in the recent changes view. As a result, we’ve:
1) Made login required
2) Stopped accepting saves with
tags, which is what is often used to “hide” the spam entry
3) Started using common blacklists to prevent posts from certain IPs. On this one, we may need to upgrade hardware to prevent degradation of performance.
I’m most bummed about the first one, because I think it raises the bar for participation and participation is the key to a public wiki’s success. I am hoping that some of the other measures we’re taking may allow that bar to be lowered again in the future.
I also think that the paid marshall notion is premature. I have been using wiki for my various internal and public projects. Although we have experienced many problems of wiki, I just want to say that we cannot succeed if we are afraid of failure. If you do not make mistakes you do not make anything.
Anyway, I would like to say thanks to Raymond King and other people involved in ICANN wiki. ICANN wiki has been providing a good place to get to know each other among ICANN participants and should continue to play such a role.
I like your comment “If we do not make mistakes, we do not make anything”! In that spirit, we just re-instated anonymous edits because some of the other things we’ve done seem to have helped curb spam enough. Let’s hope it holds.
paid? probably the best way to go is to find volunteer wiki admins who can be trusted to have a free, fair attitude plus operate with a light hand.
it’d build a sense of community there, something that ICANN would definitely need.
Interesting ... the Wiki debate is almost similar to the question of “who shall tend to the public garden”. Everyone agrees that it’s in the public good, but when vandals deface it, people stop visiting.
When Wiki admins create mechanisms to ensure tighter security of posts and better deterrents against spam, they need to publish that in a proper way so that other Wikis can start adopting these procedures. Is there a global Wiki Admin Society to share best practices?
IMO, most of the reasonable schemes for fighting email spam are equally applicable to fighting wikispam:
- DNSBLs, e.g. URIBLs
- Content-based filtering
- Statistical filtering
- Authentication and Reputation (A&R)
- Cost-Based systems, e.g. bonds
- Heuristic filtering, e.g. SpamAssassin
-from http://en.wikipedia.org/wiki/Stopping_e-mail_abuse
My favorite is A&R - The Reputation system can be designed to work with an Authentication system to protect any Internet media from spam.
If you look up something in wikipedia, you’ll find that high quality articles are the norm, even when it comes to articles on, say, the Middle East.
COMMENT PREVIEW
More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.
Related
eco Survey Shows: One in Four Germans Has Been a Victim of Illegal Websites
Why Most People Haven’t Heard of the DNS Root Server System
New WhoisXML API White Paper Highlights Registration Trends in Top gTLDs and ccTLDs
A DNS Investigation of the GootLoader Campaign
Silent Night, Deadly Sites: How Christmas Cyber Threats Lurk in the DNS
Multistakerholderism and Its Discontents: A Reply
A Review of the 2024 Threat Landscape and Implications for Domain Security
Exploring the Impact of WHOIS Data Redaction on Unsolicited Emails
Exploring the SideWinder APT Group’s DNS Footprint
A Collision Between Tech Policy and Foreign Policy: the UN Cybercrime Convention