search

edsu / anon

tweet about anonymous Wikipedia edits from particular IP address ranges
Creative Commons Zero v1.0 Universal
973 stars 152 forks source link

Quarrantine PII #169

Open edsu opened 5 years ago

edsu commented 5 years ago

As some might have already seen, congressedits has been suspended because it was tricked into tweeting Personally Identifying Information (PII) which is against Twitter (and Wikipedia's) Terms of Service. The tweets went viral and, political affiliations aside, were very unfortunate. I resigned myself to not appeal the suspension to Twitter, and to leave the account off.

However, after talking with Daniel Schuman I think it might be useful to introduce the ability to configure anon to filter out tweets that appear to contain PII, and to alert an admin via email or Twitter, who could then notify Wikipedia.

Given the imprecise nature of matching PII I think this code needs to live external to anon, and to be kept private to prevent obvious gaming of the logic. The alerts should also be useful for noticing if someone is trying to probe the logic.

If this fails, then the options are to move to manual review of all edits (it's not a huge number), or discontinue the bot (or at least my administering of it). However, I'm open to suggestions if people have other ideas about how best to proceed.

antoinemcgrath commented 5 years ago

The filtering idea seems necessary and worthwhile. Congressedits is an appreciated and important bot for transparency.

Line 30 of the congresseditors.coffee could be a good place to add the PII check. Regarding notifying wiki I didn't see a PII report form, it looks like they have a pref. to be emailed. It would make sense to have twit direct message a responder who can evaluate the wiki post. Or the responsibility could be crowd sourced, twit could simply publicly post notice that a wiki edit is believed to have PII and encourage followers to investigate and report.

edsu commented 5 years ago

I appealed the suspension indicating that the bot would integrate PII filtering, but it looks like Twitter is not going to reopen the congressedits account:

img_9360

If I start the bot with PII filtering on a new Twitter account it would be interpreted by Twitter as me trying to get around the rules, and could compromise some of my other accounts and apps which would not be good for me. I do think it could be useful to have this PII quarantine behavior built into anon for other WIkipedia edit monitoring bots.

edsu commented 5 years ago

@antoinemcgrath thanks for finding that info about how to notify Wikipedia. I like the idea of DM'ing the admin of the bot to alert Wikipedia. I worry that a public post could, in the case where there are many thousands of followers, still lead some to want to use it as a megaphone.

Btw, the CoffeeScript code has been converted to JavaScript.

JoshData commented 5 years ago

This is unfortunate. We should find some Twitter public policy people to connect with.

edsu commented 5 years ago

I would like to get the word out to current admins of the other anon bots that are still alive, and have lots of followers. The pattern could repeat elsewhere.

dphiffer commented 5 years ago

Yeah detecting PII is a Hard Problem, especially if somebody is determined to intentionally coerce a bot into tweeting it out. Maybe it would help to enumerate which things you'd want to detect?