Hacker Newsnew | past | comments | ask | show | jobs light | darkhn
Tell HN: Wikipedia blocks T-Mobile's entire IPv6 address space
60 points by assttoasstmgr on July 9, 2022 | past | 33 comments
Wikipedia, the free encyclopedia anyone* can edit, blocks T-Mobile's entire IPv6 address space of 2607:fb90/32 from anonymous editing and account creation and has for years.[1] For reference, that is 79,228,162,514,264,337,593,543,950,336 or 2^96 IPv6 addresses. Most T-Mobile customers use native IPv6 without knowing it, so they have de facto blocked an entire nationwide ISP. Since they now sell home internet, this is not just limited to mobiles anymore. Wikipedia has published a sob story[2] where they justify these actions, claiming it's so difficult to ban IPv6 users because the addresses dynamically change when the device is restarted and the address space is so large, and T-Mobile's use of proxy acceleration, they are left with no choice but to ban the entire ISP's customer base, all 110 million of them. Their "advice" is to have a friend on another ISP create an account for you on a desktop computer. Why even allow access over IPv6 at all at that point, if they can't deal with the management of it? This is all especially hilarious and hypocritical given this quote:

"The Wikimedia Foundation believes that the principle of net neutrality is critical to the future of the open Internet."

[1] https://en.wikipedia.org/w/index.php?title=Special:Log&page=...

[2] https://en.wikipedia.org/wiki/Wikipedia:Advice_to_T-Mobile_I...


Wikipedia has long done the same thing for Tor relays, anonymous VPNs, and other ISPs that do this kind of proxy acceleration.

It is a tricky issue, but I have a lot of sympathy for the folks at Wikipedia trying to deal with absolutely massive amounts of spam and malicious editing. I'm not an admin there, but I read it a lot and lurk a bit behind the scenes, and maybe fix a few typos every now and then. If you've ever moderated a forum or a comment section with even just a bit of popularity, you know how hard that can be. They're a top 10 website globally, so getting spam on a popular Wikipedia article even for just a few seconds can get you massive pageviews. Then to add to the challenge, Wikipedia is one of the only user-generated content sites that *do not require you to register an account.* Unthinkable in today's internet.

From what I understand, this is what the OP is concerned about: people editing without having to register an account. I have no idea why this is so important to some Wikipedia folks. You don't have to give your real name or personal info when you register an account. You don't even have to give an e-mail address, much less validate it. Editing without an account is incredibly generous in the first place. So I see the reason behind the restrictions on anonymous editing from IPs like Tor relays, VPNs, open anonymous proxies, and ISPs with proxy acceleration where large-scale long-term campaigns have been launched from across the /32 block. It might take a little work to find an internet connection on another ISP or to have a friend or family create it for you. But I don't see it as some huge injustice.


I'd never consider letting anyone publish anything without an account on a platform I'm responsible for. I was absolutely baffled to find out that Wikipedia allows it. It seems insane.

I was also surprised how well it works; but oh well, apparently only with desperate measures.


It was standard on old days wiki.


anonymous editing is important because all edits are public. if you track all edits of one account you can learn a lot about them, depending on what they edit. their political or religious affiliation, what kind of movies they like, many other interests or hobbies.

for some people this can be invasive and scary.

there may be other solutions to this problem, but until wikipedia provides those, anonymous editing is preferable.


Isn't this just for non-logged in users? Needing to sign up to edit is a non-issue, you don't even have to provide an email address.

Almost no website, HN included, let you submit content without a form of registration, Wikipedia could block all non registered users and still be "the free encyclopedia anyone can edit".


The headline on this post is misleading. The text seems accurate, though I think the author is unaware that T-Mobile exists in other countries beside the US, and the wikipedia links are not totally clear if the block applies to all of T-Mobile or just the part they say is difficult to deal with (T-Mobile USA). Presumably just T-Mobile USA???


Sounds like you are also blocked from signing up though.


From the second wikipedia link:

Solutions Create an account Blocks on T-Mobile IPv6 servers are set to "anon. only" (sometimes abbreviated as "AO" or "AB") meaning only registered users who have logged in can edit from this IP address. If you are currently blocked from creating an account, we suggest the following:

Create an account on a desktop or laptop computer and then log in with your phone. Ask a trusted friend on a different network to create an account for you. You may use Wikipedia:Request an account. Try again after the block on your IP address expires. Go to my contributions and follow the Block log link at the top of the page to find the length of the block. See Why create an account? for a full list of benefits that come with registration.

Bypass T-Mobile's IPv6 servers The easiest solution to avoid being blocked from editing Wikipedia while using T-Mobile is to bypass their servers altogether. By connecting to the Wikipedia servers from your desktop or laptop computer (or from your WiFi), the IP address that Wikipedia's server will see is one that is owned by your desktop ISP, rather than that of T-Mobile.

Instead of editing Wikipedia using the T-Mobile cellular connection, try using your WiFi connection. (This is increasingly a false dichotomy. T-Mobile is pushing into the home internet market with 5G cellular—to the tune of more than 640k US households at the close of 2021.) Use a desktop or laptop, or WiFi only tablet computer. These computers are most likely not using T-Mobile, and therefore, do not route traffic through T-Mobile servers. Autoblocked If you have already logged into an account and your block message reads "Autoblocked because your IP address has been recently used by" followed by a username, or your block log (check via the Block log link at the top of your "my contributions" page) does not list any current blocks, then you have been autoblocked. Please go back to your blocked page and follow the instructions under the Autoblocked? section or alternatively here.


Isn't this an inherent problem when ISPs make it too easy for users to move between IP addresses? What other options do they have to stop IP-hopping vandals?


[flagged]


Range blocks are not only entirely rational but an essential part of the toolbox for Wikipedia administrators. There are many cases where a range block is the best option, and many ranges where the only edits ever are pure vandalism. Admins consider collateral damage in all other cases.

(Also: the Wikimedia Foundation has no part in this decision; it's entirely volunteer administrators.)

I will say, though, the main idea is correct: IPs suck for user identification, have sucked for a while, and are getting worse every year; eventually we'll be forced to switch.


What are the cases where a range block is the best option? How is discriminating based on ISP justifiable at all, barring technical noncompliance?

It's irrational because it goes against a stated principle of Wikipedia.


It is noncompliance. Such severe actions are undertaken only when the ISP react to multiple abuse@ notifications.


I don't have any cases handy off the top of my head, but lurk en.wikipedia.org/wiki/WP:AIV for a while and I'm sure some will come up.

It's just discriminating against ranges that happen to correspond to IPs. There's no principle that says that's not allowed.

Re principle, you can always make an account. See the top-level replies to the story from humanistbot and disruptiveink.


Wouldn't the switch just be to make it mandatory for all edits to come from a registered account? I see this the other way around, they're attempting to allow unregistered edits for most people at the cost of extra administration when they really don't have to.


Doesn't that just push the problem down a level? If they do that, then they just need a way to keep the vandal from making a new account every time his old one gets banned. What do you want them to do about that other than banning all of T-Mobile from registering new accounts? Require something onerous like phone number verification?


That's completely correct.


What would you suggest they do instead?


To whoever is annoyed at this, please use this space to discuss this instead of vandalizing the Wikipedia:Advice_to_T-Mobile_IPv6_users page in an incredibly childish way ('we are poo poo heads').


And the vandalism was done with an anonymous IPv6 account (from bt.com), which is perfect in a way as it illustrates the issue and trade-off Wikipedia has to deal with.


This is why you don't use IP endpoints as proxies for user bans.

IP != person.

What people want but aren't willing to admit is a UUID per person so that a person can be "written out" of or "safely excluded from" social systems.

The moment we make that technically feasible is the moment we've pretty much set up for having to embark on some of the most bloody tragic learning our species is likely to have to be faced with.


We the IP is the identifier for the person, you block the IP. That's how wikipedia Works.


I honestly can’t wait for the day when we’re all only using IPv6. I know that day may never come but I’m curious how everyone would deal with being unable to block dynamically changing addresses.


How different in this regard is an IPv4 address versus an IPv6 /64 block? (And similarly, any bigger IP block belonging to an ISP.)


Currently, from Wikipedia's perspective: zero difference, we block the whole /64 (or bigger, depending on the ISP).


Yeah that’s the thing, if everyone is only using IPv6 you can’t just block an entire /64 block.


Ah. What mormegil (and I) left unstated was that ISPs will often map a single user to a single /64, and then keep that mapping relatively stable. So when everyone is using IPv6, many ISPs may continue this behavior, so we'll be able to continue blocking /64s.


Exactly. I'm definitely not an IPv6 expert, but my (possibly wrong) understanding is that you'll never really get anything smaller than /64 (it's not a temporary thing during IPv6 roll-out). Sure, your assigned IPv6 block might be changing, but AIUI it should be less frequent than in IPv4, not more. (It's one of the proposed advantages of IPv6, isn't it, that everyone could have a stable public address. Also, if you want to have IPv6 working even inside your LAN, you want your public prefix to be stable, I'd say.)


Also, IPv4 is far from perfect too, especially with some countries wide-spread usage of carrier-grade NAT. I had a new IP every day. I usually edit Wikipedia without being logged in, mostly just due to laziness (most edits are just small entirely uncontroversial fixes of syntax, sometimes adding a reference, etc.) and would regularly get IP blocked because one of the who-knows-how-many-people used this IP in the last year engaged in some twattery.


Editing without logging in is setting you up for failure anyway (and honestly I think WP should join every other site on the internet in requiring an account to edit; it doesn't even require an email). Just request an account. (https://en.wikipedia.org/wiki/Wikipedia:Request_an_account)


How’s this going to end when, eventually, everybody is on IPv6? Blocking everybody doesn’t seem like an option.


Most IPv6 providers are fine since they usually assign /64 ranges like individual IPv4 addresses. See https://en.wikipedia.org/wiki/User%3ATonyBallioni%2FJust_blo....


Maybe they did this to thwart abuse from users on prepaid plans from TMUS MVNOs?

Either way, users can just WireGuard their way in (Mullvad supports IPv6 tunnels)


VPNs/open proxies are even more commonly used abusively so will also be blocked on sight (there are even bots that do this).[1] But again, this is a non-issue since, again, you can just register an account.

[1]: https://en.wikipedia.org/wiki/Wikipedia%3AOpen_proxies




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact |

Search: