Jump to content

Privat reläservice på Apple iCloud

From Meta, a Wikimedia project coordination wiki
This page is a translated version of the page Apple iCloud Private Relay and the translation is 41% complete.
Outdated translations are marked like this.

IP-adresser har länge varit det mest använda verktyget för återkommande vandalism och missbruk på wikierna — men av flera orsaker förändras IP-adressernas tillgänglighet och pålitlighet. Den senaste förändringen är Apples privata reläservice på iCloud. Den påverkar Safari-användare med ett betalkonto på iCloud.

Den nya funktionen kan maskera IP-adressen för 3-5% av våra redigerare fram mot slutet på 2021. Tiotusentals människor kommer påverkas, det kan försvåra gemenskapernas förmåga att motverka vandalisering och missbruk. Webbläsare kommer troligen följa Apples exempel som de gjort förut. Problemet kommer förmodligen växa.

Gemenskaperna blockerar vanligtvis IP-adresser som maskerar individuella användare. Om det bruket fortsätter med iClouds privata reläservice kan 3-5% av våra redigerare komma att blockeras de kommande månaderna. Detta inkluderar inloggade, aktiva redigerare som kanske inte förstår att de blockerats.

Allteftersom ändringarna sker måste gemenskaperna, användare med avancerade MediaWiki-behörigheter, Wikimedia Foundation (WMF) och andra samarbeta. Vi behöver lära oss hur säkerheten på wikierna ska upprätthållas samtidigt som möjligheten att redigera vara kvar för välvilliga deltagare.

Vi skulle vilja ta reda på mer för att kunna planera.
  • Har du upptäckt problem angående de nuvarande globala blockeringarna av iClouds privata reläservice på din wiki?
  • Tycker du det är sannolikt att redigerare med god tro kommer påverkas av blockeringar?
  • Vi vet inte säkert men vi tror att situationen kommer växa under de kommande åren. Det är möjligt att andra webbläsare som Chrome och Firefox tar efter och begränsar tillgång till IP-adresser.[1] Om det händer kommer det att innebära en större förändring i hur internet fungerar. Vad tycker du, på vilket sätt skulle detta påverka wikierna?

Låt oss diskutera på diskussionssidan!

Wikimedia och IP-adresser

IP-adresser IP-adresser har länge varit det mest använda verktyget för återkommande vandalism och missbruk på wikierna.

  • IP-adresser är unika identifierare för en källa till internetaktivitet. De kan tillhöra sånt som en telefon, en wifi-uppkoppling eller ett företagsnät. För den större delen av internets historia har de kunnat användas för att ungefär identifiera en internetanvändare. De kan också ge information om användarens plats på stadsnivå.
  • Våra gemenskaper förlitar sig på IP-adresser för sin kärnidentitet och säkerhetsmodell.
    • Användare har alltid kunnat redigera utan att logga in. Deras IP-adresser har varit det enda sättet att identifiera dem — att ta emot meddelanden, spåras och blockeras.
    • För användare som loggat, används IP-adressen huvudsakligen för att identifiera återkommande missbrukare. De kan blockeras utifrån deras IP-loggar.
    • I vissa fall blockeras hela intervaller av IP-adresser för återkommande missbruk.

Tekniska ändringar

The broad change

The availability and reliability of IP addresses is changing for many reasons. Apple’s iCloud Private Relay is the latest change. Other tech providers will probably make similar changes.

  • The nature and availability of IP addresses is changing. With the advent of IPv6, IP addresses are more dynamic than before. This problem will only be worse in the future as more users come online.
  • Additionally, IP addresses and user agent information have become personal data. Hiding them has become a service more and more internet users want.
  • External market and government actions make these changes. They are not under the control of the Wikimedia movement or WMF.
  • The Anti-Harassment Tools team at WMF has been looking into the issues surrounding IP addresses. It is building tools that may reduce the effect of these changes. But the work will not prevent IP addresses from becoming less useful over time.
  • Changes like these can quickly spread. Once Apple makes this change, other browser providers like Google and Mozilla may remove browser information sent with requests as well. While this is not known for sure, it is a prediction based on market analysis. For example, after Google announced that Chrome will no longer send user agent info, Mozilla also announced that similar changes were in the works for Firefox browsers.

More details on iCloud Private Relay

  • Apple is starting to provide a service called “iCloud Private Relay”. It masks the IP address of a Safari user such that they appear to be coming from a central pool of Apple IP addresses. It will apply to Safari browsing behavior on both desktop and mobile devices. Learn more.
  • iCloud Private Relay is available only for iCloud+ subscribers and any family member in their Family Sharing group (i.e., one subscription can serve a maximum of 6 users across all their devices) and only affects browsing in Safari. Not all Apple users are iCloud+ subscribers. As of August 2023, it is a paid service with a low barrier of entry, with pricing starting at $0.99/month or local equivalent.
  • As of the release of iOS 15 and macOS Monterey in 2021, iCloud Private Relay has been enabled by default for iCloud+ subscribers. Users can turn off the service (opt-out) entirely but don't have the option to allowlist websites.
  • As of the release of iOS 16 and macOS Ventura in 2022, users can reload a page and temporarily show their IP address. This only affects that specific browsing session in the tab in which this option is used. In practice, this is automatically disabled once the user browses to a different domain or subdomain and after a certain amount of time has elapsed. In practice, this means that if a website does a redirect, like during an SSO login session, or a page is loaded in a new tab, like how some scripts do, iCloud Private Relay is reenabled. Wikimedia properties don't always detect the regular IP, despite the forced reload when the user uses this option, possibly due to caching issues. This issue is especially prevalent on the mobile version of wikis.
  • It may eventually be included in the operating system for free, as a similar service for how Mail is now free.
  • The advent of iCloud Private Relay has been known about by community members for some months. The English Wikipedia administrators noticed this service coming and had a related discussion in June 2021.
  • Users of the Opera web browser have faced a similar situation for several years. Opera offers a free VPN service. This is a non-default (opt-in) service. Note that Opera has a significantly lower share of the usage.[2]

Effect on Wikimedia

Many communities block edits from IP addresses that obscure individual users. If they do so with iCloud Private Relay editors, 3-5% of editors will likely encounter a block in the near term. This number would likely grow as other browser providers follow Apple’s practice.

We want to learn the extent to which communities are okay with the effect this will have on editors. Also, we are curious if there is openness for reconsidering the rules on large IP blocks.

  • We want administrators to feel safe and supported. The quality and reputation of Wikimedia projects needs to be protected. Marginalized editors who need protection should also be supported. Casual good faith participants should be able to edit on the browser and device of their choice. The loss of IP-as-identity challenges all these goals.
  • When users of iCloud Private Relay attempt to edit from Safari, they will appear with one of the dedicated Relay IP addresses.
  • Decisions around whom to block and why are made at a local community or global governance level. There are rare “office actions” to ban users. But in principle, blocking is an area with a long history of community self-governance. Large communities and global sysops have decided that “open proxies”, virtual private networks (VPNs), shared IP services, iCloud Relay, and similar services will be blocked on all wikis.[3] The reason is that identity fraud is too easy to commit using them, since IPs are our identity model.
  • Certain IP addresses are blocked from editing even by logged-in users. As a result, iCloud Private Relay will affect logged-in users as well.
  • Because iCloud Relay only affects Safari browsers, editors in the Wikipedia iOS app will not be affected. Also, iCloud Private Relay subscribers will not be affected when they change their browser.
  • Apple has published the IP ranges that will be used for iCloud Relay, and blocks are currently in place on those ranges.
  • The way to request an IP block exemption (IPBE) is not designed with large numbers or global groups in mind. Even a cautious estimate is that a few thousand logged-in editors will encounter a block. This is far more than existing IPBE processes are set up for. If we don't change the way IPBE works, for those users it will be difficult to ask for and gain exemptions or explanations in their language. What's more, on small and medium wikis there may be no related policies. Also, communities of those wikis may not know how to help the affected users.

Statistik

  • To estimate the potential effect, we looked at the edits coming through Safari browsers. Next, we combined them with estimates around the update of iCloud Private Relay.
    • In the last 90 days, 11.6% of logged-in editors edited with Safari and 17.7% of logged-out editors edited with Safari.
    • We used these numbers and estimated when iCloud Relay will become widespread. We believe 1.6% of logged-in editors and 2.5% of logged-out editors will encounter a block in the month after iCloud Private Relay comes out for macOS. Update - iCloud Private Relay is now integrated, though still opt-in, in MacOS 12 (Monterey), released in November 2021.
    • When iCloud Relay becomes opt-out, we estimate 4.6% of logged-in editors and 7.2% of logged-out editors will encounter a block each month.
    • The usage of Safari for editing varies by wiki. Please see the accompanying table for numbers on the most and least affected wikis.
  • We also attempted to estimate how many edits are being prevented because of the range blocks currently in place for iCloud Relay IP ranges.
    • As of the November 2021 release of MacOS 12 Monterey, iCloud Relay is available to all Apple devices running current public releases, including iOS 15. This addition of desktop users is not reflected in the analysis here.
    • We made this estimate by comparing the number of edits being made from iOS 15 to the number of pageviews coming from iOS 15. Next, we split it by whether they are coming through Relay ranges or not. See more details on why we did it this way, along with some assumptions this method makes.
    • For iOS 15 users not using Relay, there are about 241 edits per million page views. For iOS 15 users using Relay, there are about 9 edits per million page views. Applying some arithmetic, this seems to come out to about 120 blocked edits per day right now (as of October 2021).
    • We expect this number to increase as iOS 15 and Relay usage increases, and as Relay becomes available for desktop users.

Tabellen visar användningen av Safari-webbläsare för redigering på utvalda wikier de senaste veckorna. Det finns de där det används mest (japanska, svenska och norska (bokmål)) och de där det används minst (bengali och hindi). Notera att endast en del av alla Safari-användare använder iCloud privata reläservice.

Wiki Inloggade redigerare[4] Oinloggade redigerare[5] Inloggade redigeringar[6] Oinloggade redigeringar[7]
Överlag 11,6% 17,7% 7,9% 14,7%
Engelskspråkiga Wikipedia 14,4% 22,0% 11,1% 18,8%
Japanskspråkiga Wikipedia 21,7% 27,3% 16,5% 19,7%
Svenskspråkiga Wikipedia 18,4% 29,3% 12,8% 26,8%
Bokmålsspråkiga Wikipedia 17,1% 31,3% 7,3% 31,5%
Bengalispråkiga Wikipedia 0,8% 1,4% 0,3% 0,7%
Hindispråkiga Wikipedia 1,4% 1,1% 2,7% 2,1%
Wikimedia Commons 8,0% 17,3% 4,5% 10,5%
Wikidata 6,6% 11,9% 4,1% 18,6%

Referenser

  1. Det finns inga direkta indicier på att detta definitivt kommer hända utan hypotesen bygger på marknadsanalys.
  2. See also: Usage share of web browsers.
  3. See also: No open proxies.
  4. Procent av redigerande konton de senaste 90 dagarna som gjort en eller fler redigeringar i Safari
  5. Procent av redigerande IP-adresser i augusti 2021 som gjort en eller fler redigeringar i Safari
  6. Procent av redigeringar från konton de senaste 90 dagarna som gjorts från Safari
  7. Procent av redigeringar från IP-adresser i augusti 2021 som gjorts från Safari