User blog:Deadcoder/5 Security and Safety Tips For Wikia Users

Hello, I'm Deadcoder. Most of you know me for my work and episode review blog on the Code Lyoko Wiki. But today, I'm blogging about a serious matter that's important to every Wikia user, from anon accounts to Wikia staff, to everyone in between: Security. In this post, I'll post 5 security tips that you can follow to make your communities safer.

0: Use HTTPS whenever possible. Most links that go somewhere other than the same website start with a set of letters, followed by a colon and two slashes, such as "http://", "https://", or "ftp://". This is the Protocol of the link. Whenever possible, use https instead of http. The difference with https is that the transmission is encrypted and authenticated. This means that third party scum "NSA" have a much harder time reading your transmissions. The authentication means that you know the website is who it claims to be.

Not every website supports both https and http. Many websites, such as Youtube and Facebook, are https only. Tragically, some major websites, such as Wikia and IMDB don't support HTTPS at the time of this writing. However, you should use https whenever possible. Whenever you add an outbound link on any of your pages, comments, posts, templates, etc; check if the link works with https. If it does work with https, use that instead. If it doesn't work, use whatever you can.

Here's an example: I was recently editing a page which has a link to Wikipedia, which supports HTTPS. Here's how I changed it:"http://en.wikipedia.org/wiki/Code_Lyoko" became "https://en.wikipedia.org/wiki/Code_Lyoko". The only difference in the text is the s in "https", but this minor simple change can protect your users' privacy and safety.

You might think "isn't encryption a little excessive, since this is a public page?". The answer is that it is not excessive. Most post-1998 computers can support https easily, and how would you feel about some creepy old guy monitoring every single thing that you browsed. That sounds like stalking, because it is. It also helps guarantee that your page won't be intercepted, and modified to inject spam or malware. Overall, this is the opposite of overkill. It's the easiest legal thing you can do to protect your users.

1. Restrict what users post about themselves on your wiki. For those of you who have maps enabled on their wiki "the geographical kind", this is especially important. This is more of a safety tips. Tell users to never reveal any of the following information on your wikis, and discourage them from revealing it elsewhere. Do not reveal your addresses, phone numbers, social security numbers, passwords, bank information, or anything else that could allow for kidnapping or theft. Make sure users do not reveal their addresses within a radius of 5 Kilometers "10 for rural areas.". You should follow this rule across all of the internet, and make it a general policy on your wiki. Again, this is a very simple rule, and this can prevent stalking, theft, and violent crime; so it's important.

2. Report security flaws and incidents. Sometimes, despite people's best effort "or because they were negligent", security screwups happen. Passwords get stolen. Mass vandalism happens. Scripts get compromised. People screw up. If or when you encounter a breach or flaw, report it. If it happened on Wikia, report it to Wikia. If the issue was with an external script, report it to Wikia and the script developers. If it happened on a specific wiki, report it to an active admin on the wiki, and to Wikia. This should be your personal policy, and your wiki's general policy. It's the digital equivalent of calling the police or hospital when you find a dead body or someone who will be dead without medical intervention.

On a related note, if you have any reason to believe your password to anything may have been compromised, change it. This applies to all passwords. Good passwords are at least 10 characters, aren't a single word or two words, have special characters, etc. Your password shouldn't be guessable by trying every word, combination of two words, or modifications thereof, of every word in the dictionary.

3. Get rid of inactive Admins and Bureaucrats. Inactive accounts with elevated privileges are a major security threat. Demote these to standard user. It's a standard penetration procedure to use a forgotten account to break into a system and compromise it. One of the best things you can do to protect your wiki is to take admins who have been inactive for at lest a year, and demote them to standard user. You can do the same thing for crats, but you need to go to a staff member about it. Make sure your wiki consents to this policy before implementing it.

4. Be careful before promoting someone. Don't just give someone admin rights because they ask for them. Look at the user's edit history before issuing promotions, and look at their activity on other wikis. This can prevent vandalism. Give careful consideration before issuing promotions. Like it or hate it, there have been serious cases of vandalism that happened because of incidents like this. This should be both personal policy and wiki policy.

And there you have it! 5 basic tips that you can use to protect yourself and your community! Yes, I'm aware it ends with #4. Look at the first one. It starts with 0. Count them. There's 5. Computer science people often start counting at 0.

Leave comments! If this is popular, I'll probably make more of these posts. I hope you enjoyed reading this, and I hope you actually follow these recommendations.