A group of Hong Kong Wikipedia editors have convened an urgent meeting and shared guidelines to prevent doxxing, after users from mainland China allegedly threatened to report the group to the city’s national security police. Representatives from the group told HKFP they are hoping to seek assistance from the Wikimedia Foundation after a meeting.

Members in a Wikimedians in Mainland China QQ Chat group discussed reporting their Hong Kong colleagues to the city’s national security police hotline. Photo: Screenshot via Telegram.

HKFP reported on Sunday how key pages on the crowd-sourced encyclopaedia had become “edit war” battlegrounds between pro-democracy and pro-establishment contributors. Each side is seeking to establish their version of controversial current events using approved “reliable” news sources — from pro-democracy or Chinese state-owned media outlets — to support content in the website’s articles.

Screenshots allegedly taken from a QQ chat group of mainland Wikipedia editors showed that a user under the handle “Walter Grassroot” threatened to report members of the Wikimedia Community User Group Hong Kong (WMHKG) to the Hong Kong national security police hotline. The group of around 30 avid Wikipedia users is affiliated with the Wikimedia Foundation.

A Wikipedia article on the July 21, 2019 Yuen Long MTR attacks. Photo: Selina Cheng/HKFP.

“We should report those from the Hong Kong user group,” a QQ user under the handle “Walter Grassroot” wrote after another user posted an image of the national security hotline’s details. “Nice idea,” another replied.

A user under the same handle – “Walter Grassroot” – on Wikipedia, who is active in the mainland Wikipedia community, declined a request for interview in an email to HKFP, and denied having knowledge of messages about reporting Hong Kong users to the national security hotline.

Whilst HKFP was unable to independently corroborate whether the users sharing the same handle on QQ and on Wikipedia were controlled by the same individual, a current and a former board member of the Hong Kong group said they received evidence proving that the QQ discussion was authentic. They subsequently convened an urgent meeting with members and provided them with guidelines to prevent the malicious publishing of private or identifying data.

Safety concerns

Two Wikipedia users representing the group — current director Arthur Cheung, known under the Wikipedia handle “Dasze”, and ex-director William Chan known as user “1233” — said the group acted “instantly” after they became aware of the threat last Thursday, as it “greatly threatens the physical safety” of users in Hong Kong, including those who are not members of the user group.

A Wikipedia article on the Yuen Long MTR mob attack in July 2019. Photo: Selina Cheng/HKFP.

Under the national security law enacted in Hong Kong last July, acts of secession, subversion, terrorism and foreign collusion are punishable by life imprisonment. The law allows no presumption of bail while the prosecution can request a trial without jury.

The user group said it was unable to give details about how it is protecting the group but said the safety of its members was a top priority: “We feel extremely shocked and concerned that the one who shall be the defender of the Wikipedia Community was involved in such an atrocious discussion and act against the values of the Wikimedia Movement,” a statement by the group read. ” Such an act also violates the fundamental values of collaboration and trust which allow us to construct, contribute and collaborate within Wikipedia.”

One member of the Wikimedians of Mainland China (WMC) user group who was involved in the chat about reporting Hong Kong users has top-level editor positions on Wikipedia, including Administrator, Bureaucrat and Oversight status. However, they did not express explicit support or disapproval to the proposition in the chat, the Hong Kong users said.

Cheung and Chan said they are concerned that the user may be able to triangulate real identities of Hong Kong users using such high level permissions, although the person in question would not have direct access to personal data, such as users’ IP addresses. Such access was revoked from the Chinese edition by the Foundation in 2018 after data was leaked, they said.

File photo: Pixabay.

The group is concerned that WMC users “may have enough information to track personal, sensitive information of some of the personnel who they deem as so-called ‘violating’ the national security law by promoting free knowledge and also the exchange of free information,” Chan said.

The duo said their concerns are related to events that occurred in the past, although they declined to disclose the details publicly. “That is not a hypothetical issue,” Cheung said.

Policy of ‘no legal threats’

Editorial activities on Wikipedia rely heavily on a set of complex guiding principles and policies. Violations or repeat offences may lead to users being warned or even banned by administrators, who are users elected from the community.

One of the policies is the prohibition of the use of legal threats: “Legal threats should be reported to Administrators’ noticeboard/Incidents or elsewhere to an administrator. Users who post legal threats on Wikipedia are typically blocked from editing while the threats are outstanding.”

Wikimedia Foundation has not responded to HKFP’s media enquiry sent last week.

As a crowd-sourced website, any internet user can edit content on Wikipedia articles. As all edits are logged, IP addresses of unregistered users will be displayed, while those of registered users will be masked.

As a policy, Wikipedia typically blocks the use of VPNs in order to prevent banned users from resuming activities under a proxy identity. However, if users face a risk of being reported to the authorities, of surveillance, or of being doxxed, they may apply for “IP blocking exemptions” from elected Wikipedia administrators that will allow them permission to use the circumvention software.

VPN privileges

An administrator and long-time editor of Wikipedia’s Cantonese and English editions Deryck Chan said he encourages Hong Kong users to use a unique identity on Wikipedia and apply for VPN exemptions.

Deryck Chan speaking at a Wikipedia event in 2015. Photo: Krislcc via Wikipedia by CC 4.0

“In recent years, there is significant understanding [of] the enforcement of this policy… there are many valuable Wikipedia editors who are physically in places with oppressive governments, and the best way to let them participate in the editing and the debate is to allow them to use VPNs behind their user names,” he said.

“There is a different level of risk for people like me who edit using [my] real name, because I’ve done so for the last 15 years and – until 2020 – there is no reason why that should be dangerous at all,” Chan said. “Anyone I personally trust from Hong Kong who are editing on the Cantonese or English editions, I would give them that permission when they ask for it.”

In response to HKFP’s enquiries, a Wikimedia Foundation spokesperson said it has been in touch directly with its volunteers in Hong Kong.

“The Legal and Trust & Safety teams at the Wikimedia Foundation consistently support our volunteers in ensuring their safety and security for their contributions to Wikipedia,” their spokesperson told HKFP in an email.

“The Foundation has been closely monitoring the situation in Hong Kong,” they said, adding that details cannot be made public in order to protect the privacy and safety of its volunteers, and that it retains “very little” data about Wikipedia users, and only for a short time.

Update 23.7.21: This story has been updated with Wikimedia Foundation’s comments.

Selina Cheng

Selina Cheng is a Hong Kong journalist who previously worked with HK01, Quartz and AFP Beijing. She also covered the Umbrella Movement for AP and reported for a newspaper in France. Selina has studied investigative reporting at the Columbia Journalism School.