Miss the Internet of the 1970s? It's still here.

Imagine the following conversation took place some time before 15 January 2001.

Alice: "Why don't we create a Web page that anyone can edit?"

Bob: "Cool. How do we prevent 'bad people' from posting 'bad things'?" [Note that "bad people" and "bad things" are entirely subjective.]

Alice: "Don't worry, people will be nice."

Bob: "What if they are not nice?"

Alice: "We'll keep track of the IP addresses people use to post content. We'll block bad IP addresses."

Bob: "What if bad people post bad content using anonymous proxy servers? What about NAT, such that hundreds of people can be using the same public IP address?"

Alice: "Don't frighten me with your sorcerer's ways."

Bob: "So what do we call this system?"

Alice: "Wikipedia!"

Now, people are shocked -- shocked I say -- when anyone can edit pages they would wish said something else.

The Wikipedia model works when the user community is small and the participants trust each other. When was the last time that was true? Oh yes -- the Internet of the 1970s. Is that true now, or at least in 2001 when Wikipedia was founded? Well, the community was certainly smaller back then. But a small user base does not hold up well as a defense model. As Wikipedia's activity has grown, it has attracted the attention of people who are more likely to act maliciously. Sounds the Internet as a whole, from the 1970s into the 1980s, followed by the explosion of users in the 1990s.

I would personally never use Wikipedia as a resource for any serious research. I might use it as a starting point, but why should I trust what it says? Am I going to go back through the editing history and note that 195.89.26.53 made a change that looks suspicious, but 216.192.4.32 seems more reliable? That is ridiculous.

I think Wikipedia is fundamentally broken. Here's what would reduce it to scrap -- a MalWikiBot. The MalWikiBot would edit Wikipedia pages at random. Maybe it would replace whole sentences with material found on other Web pages. Perhaps it would change dates, measurements, and other numeric quantities. MalWikiBot couldn't be blocked using existing Wikipedia techniques because it would use bot nets to appear to come from legitimate IP addresses. On some days it would delete whole pages, but that would be far too obvious. Better to silently corrupt small sections of data in a manner not immediately obvious.

Wikipedia is going to need to at least restrict changes to authenticated users. Sign up with a username and an email address. At the very least a MalWikiBot writer would need to overcome that small hurdle before changing pages on the fly. If the current Wikipedia "security model" continues, I predict ongoing decline as users lose faith in the integrity of its data.

Update (28 July 2019): I was wrong about Wikipedia! I use it regularly. I'm glad it's withstood the attacks upon its content.

Update (26 August 2020): I was right about so-called Scottish Wikipedia! Since 2013, most of it is fake!

Comments

Anonymous said…
Personally, I prefer the Uncyclopedia:

http://uncyclopedia.org/wiki/Main_Page
Anonymous said…
As usual, you are 100%, Richard, and I share your opinion. Wikipedia is not even a resource for me, but rather an amusing distraction at best simnply because anyone can update it, even an uninformed 14 year old looking to be a smart-ass.

Oh, now, I need to research this more, but does this tie into "tagging?" This would be the process of people tagging sites as "good" and then everyone's tagged sites being compiled centrally so that we get "the best" sites when we search for something? This is worse than when metadata and displayed words in HTML was the sole basis for search engines. I may have this wrong though...

At any rate, the point stands: you just can't trust the masses.

--LonerVamp
Anonymous said…
> Perhaps it would change dates, measurements, and other numeric quantities.

You mean like this sort of thing? It looks like vandalism, but only because they made nonsensical changes as well as legitimate-looking ones.

Scary indeed.

But I still think wikipedia is useful, provided you know its limitations. (like anything really).
Anonymous said…
IMHO wikipédia is the best place to grab superficial knowledge. For example, if you're searching on a specific topic on WWII, wikipedia serves you with very usefull keywords that can help you when googling for that topic.

If people decide to, naively, only rely on a wikipedia post, without cross-checking with other internet sources, or 'physical literature', then they ain't *really* interested on the subject (in-depth).

Looking from this prespective, I find wikipédia to be a brilliant project.
Moreover, you can doubt from any information source, but that isn't related with the main topic.

Wikipédia should require authentication.
Sean C said…
Wikipedia is one of those things you want to like, but you just can't take it at face value. The recent controversy over the poor soul who was unfortunately associated with the murder of JFK is a recent case in point:
http://en.wikipedia.org/wiki/John_Seigenthaler_Sr._Wikipedia_biography_controversy

While I'll still use it to look up a date, or some historical content, everything must be taken with a grain of salt.
Anonymous said…
Not requiring login to edit is a core wikipedia value and is not likely to change. A lot of good edits never would have been made if signup were required. You can safely go ahead and ignore wikipedia for now; in a few years it'll either be gone or be more apparent that it isn't going away.
Anonymous said…
Basically, Wiki is full of crap because that's the way the people who run the show like it. An insidious new development is the way ghost writers in public institutions are now realizing Wiki's propaganda value.

An interesting case in point is Barcelona City Council (Spain), which has a bevy of people selling the city through "contributions" to the entry. Any information deemed to damage the city's image (pollution, crime, etc.) is quickly censored. After all, where else are all the tourist punters going for "information"?
Anonymous said…
This comment has been removed by a blog administrator.

Popular posts from this blog

Zeek in Action Videos

New Book! The Best of TaoSecurity Blog, Volume 4

MITRE ATT&CK Tactics Are Not Tactics