How to be a sockpuppeteer

Editors, Admins and Bureaucrats blecch!
User avatar
JuiceBeetle
Sucks Warrior
Posts: 681
Joined: Sun Jul 07, 2019 8:27 pm
Has thanked: 15 times
Been thanked: 45 times

Re: How to be a sockpuppeteer

Post by JuiceBeetle » Sat Sep 21, 2019 2:44 pm

Masked User wrote: But cookies aren't considered CheckUser data, I'm pretty sure. They're just there so that socks can be prevented.

To be exact, it's to prevent block evasion, not socking. If a blocked user logs in, a cookie "enwikiBlock" is set in the browser, and kept after logging out. It blocks editing, even if the IP is changed, that's the purpose of it. Of course blocking cookies, or going to incognito (after logout) disables the cookie. It delays block evasion, and for non-technical people it makes it harder.
If you aren't blocked, then there is no tracking of logout, then login with another acc.

User avatar
Kumioko
Sucks Mod
Posts: 860
Joined: Wed Aug 23, 2017 11:54 pm
Has thanked: 43 times
Been thanked: 177 times

Re: How to be a sockpuppeteer

Post by Kumioko » Sat Sep 21, 2019 2:48 pm

Creating a sock is the easy part. What a sockmaster needs to do is decide what they want to use that account for.

- Are they going to just evade the ban and edit until caught, in which case their contributions are vandalized and their time wasted.
- They could weaponize the Checkuser tool as I have and get as many IP ranges, accounts and networks blocked as possible to the point where they are seeing your socks in their soup
- The sockmaster could use the accounts to troll or vandalize the Wiki, which will be caught usually very quickly
- They could use the accounts for advertisement, which are usually caught very quickly

So it's pretty easy to create alternate accounts but depending on what they want to use them for that makes the difference and how long they are going to be able to last.
#BbbGate

User avatar
Masked User
Sucks Noob
Posts: 13
Joined: Fri Sep 20, 2019 7:32 pm
Has thanked: 1 time

Re: How to be a sockpuppeteer

Post by Masked User » Sat Sep 21, 2019 3:06 pm

CrowsNest wrote:
Gaslighted wrote:CheckUsers use IP info. If two editors edit from the same IP, and only one IP, then it's either the same person (most likely), or a house (possibly family, but usually fake brother) or a school/dorm (favorite target of Bbb23). These are CU blocked before they can claim it's a shared network behind NAT. This is called a "confirmed CU block".

Complications start, if a user edits from vastly different IPs (home, cafe, office, train, vpn, can be many reasons), or different IPs from the same subrange (dynamic IPs of one ISP). It's likely other people will use the same networks, thus the IP addresses used is not unique to one user. The user agent can distinguish these users, but 1. an editor might use different browsers and devices, 2. two editors might use the same browser or device type. It's up to the CU to judge the "uniqueness" of the data (taking into account the behavioral evidence). This results in suspected sockpuppets, or "possible sock-puppetry".
I don't mean they don't use it. But in the world of socky-socking, looking at an IP as your primary identifier, is about as much use as asking for ID in a forger's den. You only catch the stone cold idiots, or the completely innocent.

Cookies, device/browser, and behavior, is what it's all about. Change/mask those, you're home free. People who don't know how to do that, including how to evade AI tools, will be caught. And people who need to be taught how to do that, will also be caught, just a little later.

With a bit of work on appeal, you could even get away with using a Grawp IP. Might even be granted IP block exemption!

At the end of the day though, what potential socks have to be clear on, is why they are socking. It's a lot of effort, and in my experience, the only reward that justifies it, is just to fuck with Wikipedians, to waste their time and make them mad/bad/sad. If that's the goal, then by all means, become the best socky-sock you can be. If not, maybe find another hobby.

Here's what I'm trying to say about cookies. If Account A is blocked and you try to edit with Account B on the same device, then a cookie will cause MediaWiki to think that you are still logged on to Account A, thereby preventing you from editing (the block message will say "Editing from Account A has been disabled...", not Account B). However, CheckUsers can only use IPs, UAs, and types of devices to determine whether accounts are linked; they are unable to see what accounts are affected by what cookies. A CheckUser cannot prove that Account A and Account B are operated by the same person using cookies.

User avatar
Masked User
Sucks Noob
Posts: 13
Joined: Fri Sep 20, 2019 7:32 pm
Has thanked: 1 time

Re: How to be a sockpuppeteer

Post by Masked User » Sat Sep 21, 2019 3:09 pm

CrowsNest wrote:This advice is out of date.

Wikipedia primarily tracks socks using cookies now. So clear 'em.

I seriously doubt they ever really used IP addresses as the primary identifier. It's always been User Agent strings and behavioral cues.

I think CheckUsers use mostly UA, device, and geographical data, and occasionally IP addresses. Behavioral cues are not considered CheckUser data; they have to be evaluated by clerks or admins. And that's where the tips about giving your accounts distinct personalities comes into play.

User avatar
JuiceBeetle
Sucks Warrior
Posts: 681
Joined: Sun Jul 07, 2019 8:27 pm
Has thanked: 15 times
Been thanked: 45 times

Re: How to be a sockpuppeteer

Post by JuiceBeetle » Sat Sep 21, 2019 3:36 pm

Masked User wrote:If Account A is blocked and you try to edit with Account B on the same device, then a cookie will cause MediaWiki to think that you are still logged on to Account A, thereby preventing you from editing

We agree on that. It's a minor technical detail, that it's not thinking that you are still logged in with Account A. It's only a message that the reason for the block is that Account A logged in recently (thus you are likely the same editor).
See the documentation referenced in my former post on this topic:
https://www.wikipediasucks.co/forum/viewtopic.php?f=5&t=1227&p=10829&hilit=cookie#p10824

I think CheckUsers use mostly UA, device, and geographical data, and occasionally IP addresses.

Yes, according to the documentation. Device only if included in the UA (UserAgent) header.
I think IP address is always used. I most certainly use it, when investigating. The same IP is a very strong clue. Two IPs on the same subnet (ISP) is also a strong clue, if there are few edits from the same subnet in the same topic (and here comes the behavior into the picture). The whois records tell the subnet of an IP.

User avatar
Dysklyver
Sucks Critic
Posts: 391
Joined: Thu Jun 21, 2018 10:14 am
Has thanked: 8 times
Been thanked: 24 times

Re: How to be a sockpuppeteer

Post by Dysklyver » Sat Sep 21, 2019 4:05 pm

The checkuser will always work with an IP since only accounts and IP addresses can be checked.

Firstly the CU puts the account name into the checkuser tool, and gets a list of IPs and useragents.

Then they put the IPs into the CU tool checking each one, getting a list of accounts linked to each.

And so on.

User avatar
Guido den Broeder
Sucks
Posts: 91
Joined: Mon Mar 26, 2018 2:45 pm

Re: How to be a sockpuppeteer

Post by Guido den Broeder » Sat Sep 21, 2019 4:23 pm

Dysklyver wrote:The checkuser will always work with an IP since only accounts and IP addresses can be checked.

Firstly the CU puts the account name into the checkuser tool, and gets a list of IPs and useragents.

Then they put the IPs into the CU tool checking each one, getting a list of accounts linked to each.

And so on.


In between, they will access CUwiki where information from previous checks is kept illegally.

User avatar
Guido den Broeder
Sucks
Posts: 91
Joined: Mon Mar 26, 2018 2:45 pm

Re: How to be a sockpuppeteer

Post by Guido den Broeder » Sat Sep 21, 2019 4:30 pm

Gaslighted wrote:
Masked User wrote: But cookies aren't considered CheckUser data, I'm pretty sure. They're just there so that socks can be prevented.

To be exact, it's to prevent block evasion, not socking. If a blocked user logs in, a cookie "enwikiBlock" is set in the browser, and kept after logging out. It blocks editing, even if the IP is changed, that's the purpose of it. Of course blocking cookies, or going to incognito (after logout) disables the cookie. It delays block evasion, and for non-technical people it makes it harder.
If you aren't blocked, then there is no tracking of logout, then login with another acc.

You are allowed to login with a blocked account. That way you can still use your watchlist. It becomes annoying though when you regularly copy source tekst, because the block message that appears each time is huge. You may want to create a second account to avoid those messages, but don't edit with it.

User avatar
Masked User
Sucks Noob
Posts: 13
Joined: Fri Sep 20, 2019 7:32 pm
Has thanked: 1 time

Re: How to be a sockpuppeteer

Post by Masked User » Sat Sep 21, 2019 4:40 pm

Guido den Broeder wrote:
Gaslighted wrote:
Masked User wrote: But cookies aren't considered CheckUser data, I'm pretty sure. They're just there so that socks can be prevented.

To be exact, it's to prevent block evasion, not socking. If a blocked user logs in, a cookie "enwikiBlock" is set in the browser, and kept after logging out. It blocks editing, even if the IP is changed, that's the purpose of it. Of course blocking cookies, or going to incognito (after logout) disables the cookie. It delays block evasion, and for non-technical people it makes it harder.
If you aren't blocked, then there is no tracking of logout, then login with another acc.

You are allowed to login with a blocked account. That way you can still use your watchlist. It becomes annoying though when you regularly copy source tekst, because the block message that appears each time is huge. You may want to create a second account to avoid those messages, but don't edit with it.

Can't you just copy source text while logged out?

User avatar
JuiceBeetle
Sucks Warrior
Posts: 681
Joined: Sun Jul 07, 2019 8:27 pm
Has thanked: 15 times
Been thanked: 45 times

Re: How to be a sockpuppeteer

Post by JuiceBeetle » Sat Sep 21, 2019 5:05 pm

Masked User wrote:Can't you just copy source text while logged out?

Yes, but then the watchlist is not available. Of course, its not a problem, if one doesn't need it.

Post Reply