Redirect Wikipedia to Wikiless #232
Comments
|
On the project description for Wikiless it says "No JavaScript or ads.", though I see on Wikiless itself there is a script tag right on top. This seems like a contradiction to me, is it? |
Wikiless has a strict CSP.
This prevents all JavaScript from running in the browsing, including the <script> tags you mentioned, and even inline JavaScript. So no, it's not a contradiction. Why there's <script> tags is because the page HTML comes pretty much directly from Wikipedia (Wikiless does only minor changes to the page, like changing Logo, link modifications etc.). EDIT: Now with Wikiless version 0.0.3, all <script> and <iframe> elements are automatically removed from the HTML code. Also JavaScript event attributes all removed from all elements. So now Wikiless is not relying only on the strict CSP headers. |
|
+1! |
|
Hi @orenomfi thanks for bringing this to my attention. Seems fairly straightforward to implement, happy for someone else to have a go at this if they are interested? Otherwise I could do it when I next get a chance. |
SimonBrazell
added
enhancement 💪
|
I've added Wikiless support in this pull request: #257 |
|
I just came here to open exactly the same ticket. Thank you OP. And thank you @Kotuklion !! Seems we're close. |
|
"No JavaScript or ads." - Hold on, there are no ads or trackers on Wikipedia. "Circumvent censorship" - this is indeed a good reason, but I don't see this as fitted for an extension aimed at "privacy" redirect. Why does it need a redirect? |
See here: https://codeberg.org/orenom/wikiless#why-i-should-use-wikiless-instead-of-wikipedia |
Yup I've read. It is the assumption that Wikipedia might be infiltrated by NSA....which I think is a wild assumption and if you accept that than any website might "suffer" from this.... As I understand the reasons are: Wikipedia is censored in some countries and if you use wikiless you may be able to access it. Also: Wikipedia might be infiltrated by the NSA so Wikipedia has your IP and thus NSA might have it and profile you. These two reasons can be used for any website in the world. I am concerned it will give people the false impression that Wikipedia is not privacy-friendly. |
I believe that the whole existence of private frontends is based on assumption that no website can truly be privacy-friendly. You can't prove that the Wikipedia doesn't, for example, track your visits to their website, they don't log what articles you read, how long does it take for you to read one page. Even though these accusations aren't likely to be true, this is a privacy concern, which Privacy Redirect should eliminate. |
|
But you see, even when you write that, you make very wild assumptions that only fuel the distortion of what Wikipedia is. I say it is utterly wrong to make such wild assumptions especially about a trade-free project like Wikipedia that doesn't ask you anything in order to use it (you do not trade your data, currency, or attention). They have a fantastic project that also needs donations. You fueling these conspiracies about Wikipedia will make more people not support it (financially or by volunteering for them). It is wrong and unfair to put Wikipedia alongside Youtube, Twitter, and the like, that are clearly trade-based. You trade your data and attention to them, so we know 100% that they are not private because of this. My stance on this is that a Wikipedia alternative added to this extension protects you from nothing, on the other hand it muddies the image of Wikipedia. Wikiless is a nice project if you want to circumvent any Wikipedia censorship. But should be seen as that. |
|
I spend a lot of time on Wikipedia. By tracking the stuff that I read, a lot can be learned about me. I don't want anyone to have that power. EDIT: The point I'm trying to make, in case it's not clear: I don't care about intentions. I want to eliminate high risk exposure because I don't know the people who really control Wikipedia / the people they can be coerced by. EDIT2: Totally fine if we disable it by default or hide it in the advanced settings, or put a disclaimer that Wikipedia is probably not evil. |
|
@orenomfi By the way, I already tested your PR for a bit and it works fine for me so far. Thank you! EDIT: one more idea ... what if we make the |
|
I've read the Wikipedia's Privacy Policy https://meta.wikimedia.org/wiki/Privacy_policy Wikiless should link to it to make more sense as to why wikiless exists. Indeed Wikipedia collects some information to improve their websites but never uses it to make any profits. Since Wikipedia is so huge and it allows anyone to contribute, it may be impossible not to collect some data but they are transparent about it. So here's my input:
Personally I would never use wikiless in this scenario considering all of these points. Let wikiless mature more, let people test it and create other instances, and think more about the ups and downs of putting Wikipedia alongside Google and Facebook. Your intentions are good and we provide lots of privacy-friendly instances (see https://trom.tf/) + we use this extension as default in our TROMjaro Linux (https://www.tromjaro.com/), but please don't rush with this one ;). |
It's explained in the README why Wikiless exists. Your previous comments indicate that you might not fully understand the issue. Even websites which are non-profit, run by good people, might be targeted and infiltrated by the NSA or by other malicious actors, if the data is valuable enough. Wikipedia which is a volunteer financed and supported project, run by good people, has been a target of surveillence by the NSA already back in 2009 because of the valuable data which Wikipedia has. No one is trying to say that Wikipedia is doing immoral things with the data they collect, or that Wikipedia is as bad as Google and the like.
It's more likely for certain websites to be targeted by the hackers/NSA. Saying "any website in the world might be infiltrated by NSA" is just absurd. Wikipedia and my mom's blog about her two cats are on the same line, both websites have the same risk of being infiltrated/surveilled? We even know for the fact that the NSA has targeted Wikipedia in the past...
Is this a problem? Currently SimplyTranslate and OpenStreetMap redirects also have only 1 instance. SimplyTranslate is about 5 months old.
Wikipedia has fundraising ads yearly, and the banners are dynamically inserted to the page with JavaScript. Also average Wikipedia article contains about 50 KiB of JavaScript. |
I do, but it is not an issue it is an assumption. Answer this question: is Wikipedia infiltrated by the NSA? If the answer is "I do not know" then make sure people understand that it is just your assumption that it might be. And based on such an assumption, you think is necessary to have another website acting as a proxy between you and Wikipedia just in case NSA infiltrated them. If that's how the situation is, then this needs to be clearly stated in this extension. And yes you mom's blog is not as important as Wikipedia, but then all of the big websites need a proxy, including EFF, Linux websites, KhanAcademy, or whatever, if we are relying on the NSA-motive, which is again an assumption. I just want to make it clear that you are ASSUMING Wikipedia is not safe because NSA might have infiltrated it.
SimplyTranslate replaces Google Translate which is, without a doubt, not privacy friendly. So I'd say it is a good compromise. Also, 5 months is almost 3 times more than 2 months. OpenStreetMap is an old and established project, and replaces a very obviously privacy nightmare Google or Bing maps. On top of this, as I suggested these days, there are other OpenStreetMaps insatnces like one that we provide at maps.trom.tf. Plus facilmap.org. So we can improve the situation there.
I cannot consider these as ads. They are information popups to help support the project not to sell anything. https://en.wikipedia.org/wiki/Advertising "Advertising is a marketing communication that employs an openly sponsored, non-personal message to promote or sell a product, service or idea." - They simply ask for help. And a genuine question, what's the problem with JavaScript? |
|
Is Wikiless removing the Wikipedia's donation banners? If so I think this is a very wrong approach since that is not an ad. And it hurts Wikipedia. I am not criticizing you, but I want you to be aware of what you are doing. What are the pros and cons of your wikiless. |
In the README you can find the answer. The NSA has targeted Wikipedia already in 2009, and because of this and other facts I think it's not a that far-fetched idea that they could be infiltrated right now. Is it as 1% or 10% chance that they are infiltrated? Who knows, but even if it was 0.1% chance it would make sense to use alternative front-end / VPN / Tor etc. for Wikipedia browsing. So yes, even if there's a little chance that a website is infiltrated/surveilled, I'm all in favor of having a "privacy respecting" front-end for it. One for EFF, one for Linux Journal, why not - although I think there are much more needed alternative front-ends than for those EFF/Linux websites.
Yes, but by the NSA or any other malicious actor.
In the Washington Post article I linked: These ads, or "information popups" or whatever, are removed by Wikiless since they are loaded with JS.
Quoting the NoJS Club: "Unnecessary Javascript bloats websites, hogs system resources, enables surveillance, hinders accessibility that’s native to devices and clients, and introduces vulnerabilities." |
|
Besides what has already been said here, here's my personal reasons to be interested in this project and why the extension should support it: Wikipedia has a heavy left-leaning bias and I don't trust them on data collecting on that alone, I already try to use other sources of info because of that too. Having this project featured in this extension is gonna increase visibility for it and make more instances more likely. Any front-end for any US based service, if that front-end is outside 5 eyes countries, is preferable to the service itself. Telemetry is bad. Period. No excuses for it. The constant donation begging might as well be ads for they look much the same and work p. similarly. |
I think you are nitpicking to the extreme. We do not know if NSA is currently infiltrated Wikipedia and yet you want us to be protected from that just in case it happened. Which is ok if it is stated as such. But is quite extreme, especially for this Privacy Redirect extension that is about stopping trackers and such. Things that exist, not assume that may exist. And I have no clue what's that Washington Post about but you cannot call those popups as "ads" since they do not advertise anything, they ask for help to keep the project running. If you consider that an ad than any piece of information that is in the form of a pupup is an ad. Which is again, extreme. I won't say much About Javascript because I do not know much, but I suspect it may be another nitpicking. But maybe you are right about it, so ok. Mind you, I do not criticize your wikiless project, but the fact that it was suggested to be added to this extension. I do not think it belongs here since it does not protect us from anything really - in the best case scenario it MAY protect us from NSA.
I have no idea what "left-leaning" is but wikiless is not about the content, nor is this extension. It is about trackers/surveillance.
For someone who runs donation-based projects since 2011, it is sad to see this attitude from people. For one, calling it "begging" is really a low-grade insult. Projects like Wikipedia and what we do, are brave enough to not sell you stuff and scam you by lying to you, putting "offers" and ads in your face, tracking you and such; and this comes at a massive costs in this trade-based society where you have to trade what you do, in order to survive. To give what you do away as trade-free, meaning to ask nothing in return, is a very bold move that will make you suffer a lot in this society because you lack (money, resources). And when you ask for support to keep your project honest, then if that's regarded as begging or ads, then this world is truly upside-down. What do you prefer? For us to put paywalls? Or to ask for donations from whoever can afford to donate to keep the project free for everyone, including you? |
Of course, but it's just the attitude of Wikipedia moderators on politically charged articles paints them as generally untrustworthy to me.
Asking for donations is fine, but I'd say the desperate-sounding and obnoxious way Wikipedia goes about it definitely fits the criteria of "begging". |
I can say from my experience with relying on donations 100%, that often you are in desperate situations and a few times I too have been accused of "begging". It is unfortunate that we live in such a weird society where people cannot focus on doing good things. You always have to sell yourself. But yah, I always donate to Wikipedia and I think their desperate messages are because of desperate situations. I would never regard these as ads, that would be ridiculous since they do not "advertise" anything. |
|
I don't understand why this has become such a big discussion, for me it's a no-brainer. A proxy not only makes sense when the business model of the company is shady, but also when the site is a prime target for user surveillance. To me it doesn't matter much whether we have any indication that it's a true problem today. Proactive risk mitigation alone is a sufficient motive. Wikipedia has become too big, too important, and also a bit too political to be trusted blindly. I'm already using this PR and seriously considering hosting an own instance. I do like the fact that the JS gets removed, who knows what that does. There should be information in the extension on how people can donate to Wikipedia/Wikimedia, maybe even a popup when the user enables Wikiless, because donations should obviously still be encouraged. Very likely the project itself is 100% legit and people have good intentions. |
I agree with you when you called it a proxy. But the discussion started exactly because this is not called a proxy, but a "Privacy Redirect" extension geared almost exclusively to stop trackers and ads. This extension is used, in my view at least, by the people who hate what these big tech companies are doing in regards to data mining and the attention economy. Adding Wikipedia into this context is unfair. The only compromise I see is to make it clear in the extension options and on the GitHub page that Wikiless is pretty much a proxy and what is its role, as we discussed above. I think these discussions are normal and useful. |
It depends, for example I use Privacy Redirect to be sure that websites i spend a lot of time on can't build my profile by analyzing my usage of their resources. If there was, for example, a project that would provide an alternative frontend to bash.org or xkcd.com, which i like to read sometimes, i would rather use the private frontend than the website, even though these websites don't even have any Javascript, let alone ads or trackers. It would simply free me of the possibility that the owners of these sites could use my website visits to do something evil. I don't think that Wikipedia's reputation will drop if they are mentioned with other big websites. The presence of Wikiless in this extension will only attract more people that didn't visit Wikipedia before because of privacy concerns. I think that along with the rise of private frontends there will be more "no known ocurrence of datamining" websites added to Privacy Redirect, at least I wish there would. I also don't think that Wikiless should be treated differently from other websites. It is the same as everything else - an alternative frontend.
I don't think that it's the extensions job to gather money for anyone. When you turn on reddit redirects, there is no popup that you should support reddit by purchasing their coins or donating. There isn't anything like that for any other instance in this extension. |
Personally I don't have hard feelings about this, just saying it would be a good compromise for me if that shortens the discussion :) |
|
@orenomfi whatever happens here, do you plan on maintaining your fork with the wikiless addition? Would appreciate it. |
|
I've merged the PR for this one, I'm going to disable it by default, so those that do want to make use of it will have to enable it in the popup or settings menu. I've learned my lesson when it comes to enabling things by default, so this will be the behaviour of all new redirects going forward 🙂 |
|
@SimonBrazell perfect decision. Thank you. |
|
@SimonBrazell Cool, thanks! I'm glad this PR made it to the extension :) |
|
I know I'm late, but I came across this discussion and I had to write this. I think y'all are missing the elephant in the room here. Why do we have to use a custom front-end for simple sites like Wikipedia ? What is so special about https://wikiless.org/ that isn't available on https://searx.tux.land/morty/?mortyurl=https%3A%2F%2Fen.wikipedia.org%2Fwiki%2FMain_Page&mortyhash=7ebaec8bd16aa09cda5ea1ab60a80644ab14c4ae72d9f257e665aad197b40511 ? Many Searx instances already have this proxy feature enabled in them, so we have more than one instance of it. The cool thing about using a proxy service like morty is that it works on all websites, and it removes JS from those sites as well. All you have to do is to go to a searx instance like https://searx.tux.land/, and search for any website you want. And instead of clicking the main link, use the proxy button below it. Don't get stuck in this mindset of wanting a custom front-end for each and every website, its a very inefficient way to solve problems. For simple websites like wikipedia, use a proxy/vpn/tor and block JS locally on your browser, that seems like the best way to do it. Also note that proxies like morty removes JS for you. |
|
I agree that there are some cases where front-ends can be useful:
I don't see any of these advantages on https://wikiless.org/, so it seems kinda silly to me. This is my personal opinion though. |
|
I think we should just add morty as an alternative option for Wikipedia. Good to have choice in the dropdowns. |
If they already exist, then why not incorporate them into this extension?
As morty doesn't only work with Wikipedia I think it would be confusing for users, but dunno. Wikiless is designed for Wikipedia and I believe in the future it will provide more features than just proxying requests and removing JS. |
I agree with @tio-trom that having Wikipedia among other privacy invasive sites would give people the wrong idea, and is overall bad for the reputation of Wikipedia. Unlike other sites like twitter, instagram, youtube etc, wikipedia is not a privacy invasive company, they're a non-profit that completely relies on donations and volunteers. Wikipedia doesn't have any kind of trackers or unnecessary JS in their site. You can say that NSA might be trying to infiltrate Wikipedia, but how does https://wikiless.org solve this problem ? By using wikiless you're essentially moving your trust from one person to another, because now wikiless can see all your browsing habits. Even if wikiless was a completely trustable entity, at the end of the day you're only safe from Wikipedia. Do you think Wikipedia is the only site NSA has an eye on ? The real way to solve this problem would be to use Tor browser in its safest security setting, which blocks JS and hides your IP address (from the site and your ISP). If you feel like this is overkill, then use a vpn or proxy instead, but they're less safe.
No, morty is proxy service that works for all websites, this extension is not about that. I mentioned morty to explain why I think wikiless is useless. Morty is superior to wikiless in every way, it works on all websites and already has a lot of instances running. Its also integrated with searx, making it more user friendly and easy to use. |
I explained here some of the use cases where alternative front-ends could be useful. So far I don't see any of these qualities in https://wikiless.org. If they provide more features in the future, then that's something. But I don't think this is very likely. What extra feature can they add to Wikipedia that's not already on it ? Because Wikipedia is a nonprofit, they don't have any kind of premium plans or anything that can lock away features. Wikipedia is a very simple site that is mostly just text and pictures, what could they possibly add to that ? |
I think it's simple, i'll use a trusted wikiless instance, for example hosted by my friend.
Even though i don't think these qualities matter in a privacy-focused addon, wikiless adds dark mode, which is not present in wikipedia. |
This is what I'm doing. I coincidentally found an abandoned but always fully patched Wikiless instance hosted in some random foreign country. I just entered its IP address in the extension. EDIT: Oh by the way, they also happen to have an .onion and .i2p address. |
Look, I know wikiless can be useful sometimes, but that's not my point. My main concern is that it'll give people a wrong idea about Wikipedia. Think about it for a moment, what did Wikipedia do wrong here ? Is it their fault that their site is so popular ? Is it their fault that NSA is targeting them ? Wikipedia doesn't have any trackers or unnecessary Javascript on it, they don't have any ads or premium plans, what more can they do ? Wikipedia is only one among the millions of sites that NSA is targeting. Not sure if this was intentional, but wikiless seems kinda biased against Wikipedia. They're trying to solve a problem, a problem that exists for many different websites, but they're only solving it for Wikipedia. This is why I like morty, it does everything that wikiless claims to do, but it works for all sites.
I got curious and tried using google this way, here's what I got when I searched for linux - https://searx.tux.land/morty/?mortyhash=626285694446881741eef945c9fe9996b85ef8a34060682d01b76db05ff56222&mortyurl=https%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3Dlinux%26gbv%3D1%26sei%3D9ZALYdnFDpvk5NoP0MyGsAs Not sure if you see the same thing, but the first 3 or 4 result I got were ads. I saw ads of Microsoft Azure, Redhat and some hosting companies. I think this answers your question. Also note that Searx can combine different search engines together, lets you customize what search engine you wanna use, has extra features like the proxied/cached buttons, etc. This is why I always strain on 2 things:
Because of these 2 things, I find it absurd to use a custom front-end for it. It doesn't make any sense to me. |
Sorry about that, didn't intend to mislead, I've checked that earlier, but ads didn't pop up for me, I used different queries though. |
|
@Kotuklion |
|
I know this issue is closed, but new shit has come to light that is worth considering for Privacy Redirect users who want context on wikiless.org.
Are y'all aware that Wikimedia has launched for-proft LLC, Wikimedia Enterprise, in October? You can read more about it in their meta wiki, and also in the write-up in the Daily Dot. Previous comments already discussed the how Wikipedia is swimming in money while implying they aren't with in-your-face donation banners, which is sus.
@futureisfoss here is your answer. It's worth pointing out that folks from WMF have commited that "customers of the "Enterprise API" only get the same data that is otherwise publicly available. Enterprise API customers do not get additional, privileged, better, or in any way 'different' access to any kind of data (personal, or content etc) than is available to any normal user on the website (or user of the existing APIs)."(see "Relation to IP Masking"). But the creation of a for-profit LLC should be grounds enough for an alternative front-end, despite WMF's promise. |
|
I will have to look more into this. At first glance it does sound very sad. But how does it affect wikipedia.org? |
|
Can anyone explain what the backstory is and if there's a good explanation maybe? (Benefit of the doubt ...) |
|
As far as I understand, there is a new company (LLC) with the goal of providing Wikipedia's data.
There is also a community essay. I currently have mixed feelings about this. I think having an idea about how to generate money, not only through contributions, is important. |
|
From what I understand, Wikiless is a live proxy which is supposed to protect your IP address. However, it forwards requests to Wikimedia Foundation servers, so it doesn't provide any protection from a sophisticated attacker who can correlate the packets going in and out of Wikiless servers. All the requests also remain recorded on the Wikimedia Foundation side, just with a different IP address; so the personal information remains stored in the USA (like search strings and so on). The net effect is only that you have one more entity (Hetzner and its providers + Wikiless) to trust with your personal information (and they don't even have a privacy policy: https://wikiless.org/about ). We have a list of Wikipedia mirrors at https://en.wikipedia.org/wiki/Wikipedia:Mirrors_and_forks . I have no idea what the threat model is here, but maybe you can find something more compliant over there. |
|
Hey, just wanted to say I think it would be nice to link to this issue in the project README (or even in the extension itself ?) I had the idea to search the issues for this because I was shocked to see wikipedia in the extension, but everyone might not do that, and I think it would be nice to link to the discussion here. |
|
Yeah I agree with @iTrooz, adding wikiless is a bit controversial and maybe we should link to this discussion here. |
|
I was also shocked to see Wikipedia in the list (without any explanation). The discussion here rather strengthened that shock, because if I wanted to surveil every person who doesn’t want me knowing their wikipedia access, it would be much easier to simply run a wikiless instance than to infiltrate wikipedia. The only actual use-case I see is censorship in countries that block Tor, and at least in the more options there should be an explanation, why the site is there. Better still: There should be a mouse-over (title?) that gives a short explanation and a link to additional information (for example to this issue). |
Looks like this project and its main instance aren't going to exist for much longer, so it would probably be good to remove it entirely. |
I think wikiless looks too close to the wikipedia website and that might've been the issue here. If you visit https://wikiless.org/ and https://en.wikipedia.org/wiki/Main_Page they almost look the same, even the logos are identical so its easy to get confused. But I'm not a lawyer, maybe there's something else going on, let's wait and see what happens...... |
|
The only purpose I see for this is to get around IP blocks, not because of this NSA bullsh*t. |
|
Il 06/02/23 18:43, f478ccf2 ha scritto:
The only purpose I see for this is to get around IP blocks
Do you mean, like The Great Firewall? Isn't the PRC going to block
Wikiless quite quickly if it gets used for that?
|
I made a project called Wikiless, it's self-hostable, FOSS. How it works is that the backend basically mirrors the Wikipedia content to the user. The user's browser never talks to Wikipedia, only the server backend does. So you don't give your IP address to the Wikipedia. Currently there's no other instances but the official one wikiless.org.
URL renaming:
https://en.wikipedia.org/wiki/Monero
->
https://wikiless.org/wiki/Monero?lang=en
https://de.wikipedia.org/
->
https://wikiless.org/?lang=de
https://en.wikipedia.org/w/index.php?title=Monero&action=history
->
https://wikiless.org/w/index.php?title=Monero&action=history&lang=en
The text was updated successfully, but these errors were encountered: