Attempts to secure Admin accounts leads to less security. Welcome to Wikipedia. Dispshit central.

Editors, Admins and Bureaucrats blecch!
Post Reply
User avatar
Jake Is A Sellout
Sucks Warrior
Posts: 717
Joined: Mon Mar 15, 2021 1:01 am
Been thanked: 113 times

Attempts to secure Admin accounts leads to less security. Welcome to Wikipedia. Dispshit central.

Post by Jake Is A Sellout » Sun Aug 15, 2021 11:42 am

https://en.wikipedia.org/w/index.php?ti ... 1033606833

https://en.wikipedia.org/w/index.php?ti ... 1038408440
Very sorry you are being asked to perform like a bear being made to dance on a ball. It is ludicrous to me that someone with your history of contribution to the project is being asked to fetch a shrubbery. Regardless I hope that you do jump through these hoops and return to your good work.

As much as people like to talk about how much Wikipedia has changed, it really has not changed that much. People are still making a giant fuss about the cause de jour.

If I ever take another extended absence I know that it is better to hold onto the bit rather than give it up temporarily for the safety of the project. I have 2fa and a strong password so not much danger there. I think it is sad that the community has asked admins to give up their bit with the promise of getting it back later for the security of the project and then renegging when the time comes. HighInBC Need help? Just ask. 22:03, 12 July 2021 (UTC)
Not much danger? :lol:

Since Wikipedia is public, and this dude is an open book, the world probably already knows enough about this guy to make a passable impression of him, enough to be able to claim he has simply lost his credentials, so can they maybe override it? Just a matter of time. And if he is off in the woods and you know he is off on the woods, that's time a determined spoofer would know he has.

I mean, come on. As a community, they're not serious about 2fa. Not really. If they were, it would be a mandate for all Admins. And 2fA only works if you really are prepared to say to someone, no, I can't be sure who you are, you don't have your authentication, and so you can fuck off.

This is the flaw of Wikipedia's approach to advanced rights. It's just too important to them all to have that status, that prestige. Even without the required concrete proof that they are who the say they are, the powers that be would give him his Admin rights back, eventually, with fingers crossed that their lingering doubts that he might not be who he says he is, are groundless.

Would bad actors go through all that hassle for such a limited user right? For sure. Just fo fuck with them. Remember of course that Wikipedians, especially the Admins, are people who are so corrupt, you would never tire of punching them in the face. So why wouldn't you devote many hours to an attempt to pull off such a grand deception? Just for shits and giggles. And while you can't do a lot once you are granted his lost rights, you can do bad stuff.

Shit, 2fA only really works if all the users who have it, have developed alternative means to be able to vouch for each other, since in the Wikipedia environment the Foundation isn't legally allowed to do what all other users of 2fA do as a matter of course, and simply require the retention of personal data that can be used to independently verify an account holder is known to you, should they ever lose their credentials.

And that's bad for two reasons. First, it opens up even more attack vectors. And two, it makes the community even more fearful that these power tripping bastard Admin types, are doing a lot of their work through these back channels, which are super convenient for making it seem to the community, that they're not breaking the rules when they are.

I think it says a lot about the Wikipedia community's approach to security, that this serving Admin won't even be warned, won't even be sat down and had a quiet word with, not even after making a clear statement of intent to nullify a policy that exists only to secure Wikipedia. All because it conflicts with his ego.

Of course, ego is the key. They would already have a workable system of being able to switch Admin rights on and off based on evident need, if their community wasn't so seriously mentally unbalanced as to see the holding of these rather insignificant rights (but supremely powerful in the context of Wikipedia) as if it was some very real part of their self worth.

Post Reply