The original information is still archived, my understanding is that those attacks just inject other data that changes what is shown to the user, but as they mention it’s easily detectable and the original information can still be recovered.
A bigger risk would be that the organization asks the archive to delete their data, but that would look very suspicious, and you could use multiple archives (e.g. https://archive.is/ )
Thank you for your reply and technical insights, Lorenzo.
To clarify, we are actually not that concerned about archived documents being manipulated. From what we understand, this is extremely rare.
What we are quite concerned about is that we will be falsely accused of manipulating archives, and the charity accusing us will be given the benefit of the doubt. They could cite articles like the one we cited earlier, and most people do not have the technical expertise to evaluate disputes over archive integrity.
I think that is extremely unlikely, they have a lot to lose as soon as it’s confirmed that the archived data is not manipulated.
Also, from the page you cite:
we emphasize that these attacks can in most cases be launched only by the owners of particular domains.
So they would need to claim that you took control of a relevant domain as well.
But even if something like that happened, you could show that the archive has not been tampered (e.g. by linking the exact resource containing the information, or mentioning the “about this capture” tool that was added by the web archive to mitigate this)
I think that is extremely unlikely, they have a lot to lose as soon as it’s confirmed that the archived data is not manipulated.
Not just that, I expect charities to have a lot to lose just from the fight alone, for better or worse. Getting into fights about your integrity generally has negative effects on your reputation and fundraising capacity.
they have a lot to lose as soon as it’s confirmed that the archived data is not manipulated.
We think our team still has some disagreements with you over how effective disinformation campaigns can be (especially when the disinformation is technical and the audience is mostly non-technical). That being said, we really appreciate your insights—you’ve made some great points.
I think the typical member of the EA community has more than enough technical skill to understand evidence that a web page has been edited to be different from an archived page, if pointed to both copies from a reliable source
My first impression is that these techniques are pretty obscure and technical, and charities would not think to use them or know how to by default. In fact, sharing them here might make it more likely that charities use them (an infohazard).
EDIT: But maybe if motivated and strategic enough, they would find them through online search.
Didn’t they already address this specific vulnerability with the measures described on that page?
The aforementioned page states that they took action “to mitigate these attacks,” so from our understanding it is still possible to do.
Also, the organization who completed the study still cautions users who rely on Wayback Machine (the archive platform that was manipulated).[1]
https://rewritinghistory.cs.washington.edu/index.html See section “I rely on Wayback Machine—what should I do?”
The original information is still archived, my understanding is that those attacks just inject other data that changes what is shown to the user, but as they mention it’s easily detectable and the original information can still be recovered.
A bigger risk would be that the organization asks the archive to delete their data, but that would look very suspicious, and you could use multiple archives (e.g. https://archive.is/ )
Thank you for your reply and technical insights, Lorenzo.
To clarify, we are actually not that concerned about archived documents being manipulated. From what we understand, this is extremely rare.
What we are quite concerned about is that we will be falsely accused of manipulating archives, and the charity accusing us will be given the benefit of the doubt. They could cite articles like the one we cited earlier, and most people do not have the technical expertise to evaluate disputes over archive integrity.
I think that is extremely unlikely, they have a lot to lose as soon as it’s confirmed that the archived data is not manipulated.
Also, from the page you cite:
So they would need to claim that you took control of a relevant domain as well.
But even if something like that happened, you could show that the archive has not been tampered (e.g. by linking the exact resource containing the information, or mentioning the “about this capture” tool that was added by the web archive to mitigate this)
Not just that, I expect charities to have a lot to lose just from the fight alone, for better or worse. Getting into fights about your integrity generally has negative effects on your reputation and fundraising capacity.
Thanks for the tool! It seems very useful.
We think our team still has some disagreements with you over how effective disinformation campaigns can be (especially when the disinformation is technical and the audience is mostly non-technical). That being said, we really appreciate your insights—you’ve made some great points.
I think the typical member of the EA community has more than enough technical skill to understand evidence that a web page has been edited to be different from an archived page, if pointed to both copies from a reliable source
My first impression is that these techniques are pretty obscure and technical, and charities would not think to use them or know how to by default. In fact, sharing them here might make it more likely that charities use them (an infohazard).
EDIT: But maybe if motivated and strategic enough, they would find them through online search.