Monday, November 10, 2014

How to sock on Wikipedia

Shared via MZMcBride and encyclopediadramatica. This article is not meant for promoting sock puppetry though, it serves as an equal tool for those trying to catch it by understanding how it is done.

So you want to sock and not get caught? Well, it's not exactly easy, but there are definitely some things that can make it easier. The following are some tips for socking well.

Multiple accounts are the natural result of a non-anonymous website. People switch accounts just to stay anonymous. But a sock puppet is when a person uses these accounts to prove they've not gotten laid for a very long time, if ever. It is a tactic often used by trolls harrassing people on certain sites, faggots "trolling" on Wikipedia, and even pplz on ED who are evading a well-earned ban.

Anonymous websites let you samefag with little pissing away of your life and people can spot them with just a little bit of intelligence.

However, non-anonymous websites are MMORPGs where people work their sock accounts up to epic activity histories. Then when the sock puppets come by to back each other up, people look at their long histories of activity and go, "There's no way someone would spend that much of their time making all these accounts look like different people. They must be different people in real life because no one could have that less of a life spend that much time building these accounts up just to win some petty arguments."

And that, prey tell, is why sock puppets are effective. It's not that people can't tell, it's that they really don't want to believe.


A sock farm is where someone creates a sock puppet account, and then another, and another, and another, and another... These accounts all make minor edits to articles aka "farming", and as many useless ones as they can to build up their edit count. They start having conversations with one another. Then they fall in love, get married, break up, and fight.

Eventually this farm is "harvested" and it can get administrators elected, articles deleted, kept, merged, and through sheer numbers make anything happen on Wikipedia that they want.

Of course you need a lot of time before getting the fruits of your farming, but it's worth the efforts. Eventually you will manage to control over 9000 sock puppets, have yourself elected as Sysop, have everyone banned, and then organize a massive raid (maybe with /b/tards, but they are not your personal army) in order to vandalize and delete the whole encyclopedia. Wikimedia will collapse, Jimbo Wales will be screwed and you will be considered as a legendary hero, even greater than Willy on Wheels or Grawp.

Anyway, you are too lazy to do it, aren't you?

Become familiar with the tracking tools

On Wikipedia there are those elite few, the Magic 40, that possess CheckUser abilities. This means that they check the IP addresses that any account edits from. While you're busy socking away there can be slip-ups: you might sign a post or edit a user page with the wrong account. Since this is Wikipedia after all, and suspicion is the order of the day there, this will be noticed. A CU will be notified and an IP check conducted: "ZOMG 34 accounts edited from ip" And you're screwed. But who wants that?
  1. Use Tor. Liberally. If you're caught just say you're editing from China and that the secret police would kill you if they knew you were editing Wikipedia.
  2. Use AOL. Yuck what internet veteran uses AOL you say? A smart one, AOL gives you a new IP with every page load. CheckUser=CheckUseless!
  3. Open Proxies This is risky as they are blocked on sight, and just editing from an open proxy can be seen as a sign of trollkind. Well, yeah.
  4. Use shared IPs like cybercafes and community colleges for some of your accounts.
  5. Get in your car and go searching for unsecured Wireless hotspots. This is great when using troll socks to post power words. Maybe you'll even get someone else banned!
  6. If you live in a city like Portland that offers wireless across town...well it can't get any easier than that.
  7. Use different browsers. The greater the chance you can reduce human error, the better. Instead of having to remember to log in and log out, each browser stores your separate session.
Since you'll likely be socking on a MediaWiki wiki, all of the documentation and source code of the extensions used by the software is publicly available. Read the page about the CheckUser extension and browse its source code if you know PHP decently.

Also, it's important to understand Wikimedia's configuration of the extension. The data available to CheckUser is only stored for 90 days. After that, it gets deleted.

Use different browsers

This is one of the easiest ways to sock. The greater the chance you can reduce human error, the better. Instead of having to remember to log in and log out, each browser stores your separate session. Protip: you can tint backgrounds of edit textareas to distinguish them (slight reddish color for alt account, slight blueish color for master account, e.g.).

Use a shell account

Using SSH or a VPN, use a shell account to proxy. This masks your actual IP address and instead assigns you whichever IP you're proxying through.

Shell accounts can be purchased (from a web hosting provider) or most schools and offices have publicly available VPNs.

However, be warned that some proxies retain XFF headers (see below for more) and others don't. You'll likely need to spoof your headers to be safe.

Alter your headers

When a CheckUser checks your account, they can get header information that looks something like this:

Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_4_2; en-us) AppleWebKit/525.27.1 (KHTML, like Gecko) Version/3.2.1 Safari/525.27.1

You need to spoof this info if you'll be using the same computer or browser to sock.


XFF headers reveal information about your originating IP address. As mentioned above, your proxy may strip the XFF headers, however this isn't guaranteed. Generally speaking, spoofing XFF headers is pointless.

User agent

User agent headers are easily spoofed. These reveal the browser you're using. If you're using two separate browsers as suggested above, it's probably still a good idea to spoof the user agent string as it always includes operating system information.

Alter your behavior

This is one of the most important steps to not get caught socking.

Time zones

It's trivial to map someone's contributions throughout the data. And sock trackers regularly use this tactic to spot patterns between accounts. Edit at different time zones with different accounts. Direct overlap between two accounts always looks suspicious.

Content areas

This is rather trivial to understand, yet many people get caught this way. To effectively sock, you have to edit in different areas than your master account. If your master account is involved in every bot discussion, your sock should not be. While it may be helpful to comment occasionally on bot discussions using your sock account to throw people off, you should avoid similar content areas.

It's equally important to avoid similar types of edits. If you're the master of fixing references, make your sock the master of writing content or the master of typo fixes. Don't have your two accounts making the same type of edits.

Edit summaries

This is another easy way to get caught. If you always edit using edit summaries, make sure your alt account does not. Also, make sure you use different types of edit summaries. For example, for a standard reply, many users use "+reply", "re", "r", or "reply". Some even copy and paste part of the message in the edit summary box. Whichever way you choose, be sure to not do the same thing on your alt account.

Writing style

This is very important if you make a lot of 'public' comments (comments on various noticeboards and talk pages). One obscure word used by both accounts and people could start to ask questions. If you're a poor speller, have one of your accounts use Firefox's spelling checker. If you always spell you as 'u,' well, you shouldn't do that for any reason. But if you do anyway, make sure your other account doesn't do the same thing. Writing style can quickly give away a user's true identity.

Talk with yourself

This is an incredibly tricky tactic that can easily backfire, but if done effectively, it can make it seem very, very implausible that the two accounts are connected. This should be done rarely, if at all. The occasional talk page comment to your alt account or point something out to them. Do not give them awards or constantly praise their work. That quickly raises suspicions, especially after a recent incident on the English Wikipedia.

Avoid double voting in major elections

Every user who votes for Board officials or for stewards is CheckUsered. Don't double vote in major elections unless you're sure that your IP information and XFF headers won't reveal a direct similarity.

Act your age

New accounts don't know about noticeboards. They don't usually even know about namespaces. Remember that when someone is examining your contributions history, a normal account always shows a predictable evolution. Be sure to keep this in mind when using your alt account. Sure, you can try to excuse your behavior with claims that you edited anonymously for years or whatever, but it's a whole lot easier to simply edit linearly (using edit summaries more often as time passes, exploring other namespaces, getting involved with the administrative side of things, etc.).

However, as a caveat, do not try to act like a completely new user. Blatant mistakes and downright stupidity will just get more attention focused on you. Play it cool and you'll have no issues.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.