lengthy announcement
As some folks may have noticed, there has been a major uptick in short open proxy blocks by ST47ProxyBot lately. Now that the block infrastructure is in place, it's time for some explanation. We have had a lot of issues lately with a type of proxy called a "peer-to-peer" or "residential" proxy. In short, unlike normal VPNs (where your internet traffic goes into a datacenter somewhere and is forwarded from there to its destination), peer-to-peer proxies route traffic through normal peoples' internet connections. Some of these are known to the person doing the proxying (for example, some services route traffic through all of their users) while others might not be (compromised devices or shady smartphone apps can turn you into an exit point). Since these exit points are motly on residential networks, they tend to have rather dynamic IPs, so we can't always perform long blocks on them. A small group of editors has recently been given access to a data feed from Spur ([spur.us]) that identifies IPs belonging to some peer-to-peer proxy services, and this data feed is being used to hardblock these proxies both on enwiki and globally. What you need to know:
These proxies have been a huge issue. I don't want to go into too much detail here per WP:BEANS (though I'm happy to email trusted editors with additional details), but we have had a lot of issues with very nasty folks using these proxies. I have personally dealt with some of them editing as IPs, and I believe the checkuser team can confirm that they have seen abusive accounts using these services. Until now, we've always been reacting - blocking an IP after the fact. Now, we are able to block these IPs before they are abused.
It's hard to identify these proxies. A lot of existing proxy detection tools won't be able to identify these endpoints as belonging to peer-to-peer proxy services. If you think that one of these blocks was made by mistake, contact a CheckUser or make a request at WP:WPOP (checkusers and several WPOP members have access to a service that can identify them), but we are very confident in our data source here.
We trust the data. Some proxy-detection services are well-known at WP:WPOP for being questionably reliable. In this case, we have worked directly with Spur to develop a detection method and have spot-checked results ourselves.
There will be teething issues. This has been a quick turnaround effort to deal with a major uptick in abuse. We've done a lot of monitoring and sanity checks, but nothing is perfect the first go-round. We will be actively keeping an eye on everything and fixing issues as they come up.
There will be a lot of churn in these blocks. The nature of residential proxies means that devices will move around and dynamic IPs will be dynamic IPs. This means that the blocks will necessarily be short (though the bot can do escalating block durations when it sees proxies pop up on the same IP multiple times) and that something that was marked as a proxy one day might not be a proxy a couple days later.
There will be some collateral damage. It's unfortunate, but it's true. Some people may not be aware they have one of these proxies running on their internet connection. Some Internet Service Providers use Carrier-grade_NAT (basically, multiple customers behind one IP), so if one customer on a given IP is running a peer-to-peer proxy, a block will affect everyone on that IP. This is nothing new - that's how blocks normally work - but given the scale of the blocks here, there will be an uptick in legitimate editors impacted by this. Editors who are trying to make accounts but are affected by this should be directed to WP:ACC, and existing editors who are affected should request WP:IPBE from the checkuser team (and probably m:GIPBE from the steward team). This will be the source of most "false positives".
Finally, I'd like to give out a lot of kudos. In no particular order: thanks to Blablubbs and MarioGom for getting this effort moving and getting us the data feed, ST47 for quickly integrating the data feed into their proxy-blocking bot, Tks4Fish for getting these blocks applied at the global level, and L235 and TheresNoTime for interfacing with the CheckUser team as we figure this out. I would also like to extend a heartfelt thank-you to the folks at Spur - we've worked closely with them throughout this process and they have provided amazing support. GeneralNotability (talk) 00:10, 6 August 2021 (UTC)
