Page MenuHomePhabricator

Several major news websites (NYT, NPR, Reuters...) block citoid
Open, Needs TriagePublic

Description

A number of websites have blocked Citoid due to the high volume of traffic its activity is placing on their websites. This results in Citoid errors when attempting to cite content by inserting these websites' URLs.

Known blocked websites

  • New York Times (T323169)
  • NPR (T362873)
  • Reuters
  • Elsevier ScienceDirect

Strategy and state

Strategy

At present, there are four strategies we are pursuing to ensure volunteers are able to reliably generate citations using Citoid in ways that meet our partners' needs and expectations.

These four strategies are as follows…
1. Align with partners so that we can:

  • Understand their needs and expectations to further improve how Citoid behaves.

2. Improve UX so that we can:

  • Offer volunteers clear path(s) forward when Citoid fails
  • Simplify the steps to generate a reference when Citoid is unable to do so automatically

3. Increase observability so that we can:

  • Swiftly address issues, when they emerge
  • Ensure Citoid is behaving in ways that meet volunteers and partner needs
  • Evaluate the impact of changes we're making to Citoid
NOTE: our ability to observe Citoid is constrained by its interaction with Zotero, a system we don't have full insight into.

4. Reconsider internal assumptions so that we can:

  • Ensure Citoid behaves in ways that accommodate the technical and business constraints that ensure the longevity of partner infrastructure
State

The section contains the actions we are taking, and will consider taking in the future, to deliver the impact described in the Strategy section above.

StrategyTicket(s)DescriptionStatus
Improve Citoid UXT364595Offer people an alternative path for generating citations from within Citoid's error state✅ Done; deployed 12 June 2024
T364594Revising Citoid's error message to be more specific✅ Done; deployed 13 June 2024
Increase observabilityT364901Log data about which domains are failing most frequently✅ Done; data being logged as of ~24 June 2024
T365583Log data when Citoid fails because the media type is (e.g. PDFs) is no supported✅ Done; deployed 12 June 2024
T364903[SPIKE] Determine how specific we can be about logging why Citoid is failing✅ Investigation complete; results informing work in T365583 and T364901
T368802Identify patterns in data now being logged about Citoid performanceUp next
Reconsider internal assumptionsT366093Change Citoid user agent to use same pattern as Zotero✅ Done; deployed 12 June 2024
T367194Citoid/Zotero: Create rate limiting configurable on a per site basisExploring technical feasibility; work not yet prioritized
T367452Reduce Citoid HTTP request volume by using HTTP HEAD instead of HTTP GET✅ Done; deployed week of 17 June 2024
Ticket neededCache metadata results to reduce amount of traffic we're sending to domainsInvestigation required to assess feasibility; this work has not yet been prioritized
Ticket neededEnable people to do the metadata scraping themselves.Investigation required to assess feasibility; this work has not yet been prioritized
Ticket neededWrite Citoid as a layered set of data adaptersInvestigation required to assess feasibility; this work has not yet been prioritized
T95388Fallback to archive.org when Citoid request fails🟢 Investigation is active
Align with partners-Talk with partners directly to understand what they need from Citoid to fulfill the requests people are making with itIn progress

Original description
first seen today at an event: https://en.wikipedia.org/wiki/Special:Diff/1218432547

later during same event had a problem with NY times. https://en.wikipedia.org/wiki/Special:Diff/1218452300

I went home, pulled a link off NY times front page and tried a test at [[Wikipedia:Sandbox]]. (didn't save)
link: https://www.nytimes.com/2024/04/11/us/politics/spirit-aerosystems-boeing-737-max.html
error message: We couldn't make a citation for you. You can create one manually using the "Manual" tab above.

NY times was definitely working here, (2024-02-13) this URL also now broken: https://en.wikipedia.org/wiki/Special:Diff/1207056572

Related Objects

StatusSubtypeAssignedTask
OpenNone
OpenBUG REPORTNone
OpenMvolz
Opennayoub
OpenNone
Resolved Esanders
OpenNone
ResolvedMvolz
ResolvedBUG REPORTMvolz
ResolvedMvolz
OpenNone
OpenNone
OpenNone
ResolvedBUG REPORTNone
OpenNone
StalledNone
OpenNone
OpenMvolz
OpenNone
OpenMNeisler
OpenNone
OpenNone

Event Timeline

There are a very large number of changes, so older changes are hidden. Show Older Changes

Note: the Editing Team is thinking through a couple of ways we could incrementally improve the current experience.

You can expect to see another comment from @Esanders, @Mvolz , or me before this week is over outlining those approaches.

While the Editing Team has not yet converged on a set of potential solutions that could enable people to reliably use Citoid to generate references for major news websites, the Editing Team has identified two short-term interventions that could improve the current experience...

InterventionTicketReference(s)
Revise the current error message to explicitly state why people are encountering itT364594Current error message:
CitoidErrorMessage-Current.png (318×458 px, 94 KB)
Leverage Edit Check infrastructure to offer people a call to action from within CitoidT364595We're imagining something similar to the current Reference Reliability experience:
image.png (1×2 px, 239 KB)

The NYTimes has been blocking us for a while, it briefly worked when we changed datacenters and ergo IP, but they've understandably reblocked us after a few weeks' reprieve!

There's not a whole lot we can do except to ask for IP exemptions - @Samwalton9-WMF would this be something partnerships could try?

Possibly! It's easiest in cases where The Wikipedia Library has an ongoing dialogue, as is the case with Elsevier, who we're currently talking with about this issue.

This is partly a consequence of the fact that over the last few years our traffic has increased a lot, we didn't used to trigger IP blocks as often.

A possible solution would be to close off the API, but that would mean we'd no longer support things like reftoolbar.

We may also want to look into adding blacklists for websites who have expressed they definitely do not want us accessing them to be respectful of that.

Could we set up a system whereby API keys are manually distributed for tools which are going to be used on Wikimedia projects? I'd hope we could find a middle ground between 'fully open' and 'fully closed'. Unless of course tools like reftoolbar are the primary culprit of this increased traffic.

We could model ourselves after the crossRef API: https://www.crossref.org/documentation/retrieve-metadata/rest-api/tips-for-using-the-crossref-rest-api/

The issue of having api keys and giving them to reftoolbar is there is no way to store secrets on wiki! It's not private in the least. It would end up being security via obscurity and trusting that people a) don't either steal the publicly viewable key or b) use the toolforge service which uses the key. Which, might be enough, really. But if we are still letting people other than for on wiki stuff on purpose, it's still going to be an issue.

Whereas it could help if the tool was available only to wiki logged-in users (aka editors) as a precaution, I have my doubts this behavior is because of high traffic in all cases, see below.

besides statistics about which tools have this much volume would you also drop some kind of time series graph dashboard with request volume and error volume? thank you.

https://grafana.wikimedia.org/d/NJkCVermz/citoid?orgId=1&refresh=5m&from=now-30m&to=now

I see ~3 requests/second, which is presumably for all sites (NYT, Reuters, NPR, etc) combined. Let's be generous and say a single site is taking one third of the requests. Are organizations like Reuters seriously concerned by ONE request per second?

I have the same question. Instead, I 'd suggest that in some (if not many) cases Citoid is instead triggering some bot detection mechanism (those have proliferated in the last few years) and served some Captcha first by some CDN (e.g. Fastly) which it obviously can't (and shouldn't) solve. The best solution is probably to ask that it isn't classified as a bot.

Let me note that Citoid utilizes Zotero under the hood and we have very little visibility into what Zotero does. Zotero's Grafana dashboard is pretty empty as Zotero doesn't expose metrics AFAIK. If 1 request to Citoid ends up being multiplied by 10 or 20 by Zotero it could be that in some cases it triggers some high traffic detection mechanism. I still find it hard to believe though.

Note: the Editing Team is thinking through a couple of ways we could incrementally improve the current experience.

You can expect to see another comment from @Esanders, @Mvolz , or me before this week is over outlining those approaches.

While the Editing Team has not yet converged on a set of potential solutions that could enable people to reliably use Citoid to generate references for major news websites, the Editing Team has identified two short-term interventions that could improve the current experience...

InterventionTicketReference(s)
Revise the current error message to explicitly state why people are encountering itT364594Current error message:
CitoidErrorMessage-Current.png (318×458 px, 94 KB)
Leverage Edit Check infrastructure to offer people a call to action from within CitoidT364595We're imagining something similar to the current Reference Reliability experience:
image.png (1×2 px, 239 KB)

In general it's imho preferable to invest time into just making it work instead of writing better error messages. Maybe like..

/*<nowiki>
This script is public domain, irrevocably released as WTFPL Version 2[www.wtfpl.net/about/] by its author, Alexis Jazz.
I can haz ciatation? Plz?

https://www.sciencedirect.com/science/article/abs/pii/S2468023024002402
https://www.npr.org/2024/03/19/1239528787/female-genital-mutilation-is-illegal-in-the-gambia-but-maybe-not-for-much-longer
https://www.reuters.com/world/africa/gambia-mp-defends-bid-legalise-female-genital-mutilation-2024-04-08/
https://www.nytimes.com/2024/04/11/us/politics/spirit-aerosystems-boeing-737-max.html
*/


hazc={};
async function getSiteSource(url, siteHTTP, siteHTTPtext, urlinfo, sitejson, first1, first2, first3, last1, last2, last3, date, accessdate, title, template, website) {
	url=$('#hazcinput')[0].value;
	console.log('get '+url);
	hazc.siteHTTP = await fetch(url);
	hazc.siteHTTPtext = await hazc.siteHTTP.text();
	hazc.urlinfo=new mw.Uri(url);
	if ( hazc.urlinfo.host.match(/npr\.org/) ){

		sitejson=JSON.parse(hazc.siteHTTPtext.match(/NPR.serverVars = (.*);/)[1]);

		template='cite web';
		website='[[w:en:NPR|NPR]]';
		first1=sitejson.byline[0].match(/([^ ]*)/)[0];
		last1=sitejson.byline[0].match(/([^ ]*) (.*)/)[2];
		if ( sitejson.byline[1] ) {
			first2=sitejson.byline[1].match(/([^ ]*) (.*)/)[1];
			last2=sitejson.byline[1].match(/([^ ]*) (.*)/)[2];
		} else {
			first2='';
			last2='';
		}
		if ( sitejson.byline[2] ) {
			first3=sitejson.byline[2].match(/([^ ]*) (.*)/)[1];
			last3=sitejson.byline[2].match(/([^ ]*) (.*)/)[2];
		} else {
			first3='';
			last3='';
		}
		dateobj=new Date(sitejson.fullPubDate);
		articledate=dateobj.toISOString().replace(/T.*/,'');
		title=sitejson.title;
	} else if ( hazc.urlinfo.host.match(/nytimes\.com/) ) {
		mw.notify('NYtimes TODO, try NPR');
	} else if ( hazc.urlinfo.host.match(/reuters\.com/) ) {
		mw.notify('Reuters TODO, try NPR');
	} else if ( hazc.urlinfo.host.match(/sciencedirect\.com/) ) {
		mw.notify('Sciencedirect TODO, try NPR');
	}
	mw.notify('{{'+template+'|url='+url+'|title='+title+'|website='+website+'|first1='+first1+'|last1='+last1+'|date='+articledate+'|access-date={{subst:#time: Y-m-d }}}}');

}

hazc.input=document.createElement('input');
hazc.input.id='hazcinput';
hazc.input.value='https://www.npr.org/2024/03/19/1239528787/female-genital-mutilation-is-illegal-in-the-gambia-but-maybe-not-for-much-longer';
hazc.input.size='50';
hazc.submit=document.createElement('button');
hazc.submit.id='hazcsubmit';
hazc.submit.innerText='I can haz ciatation?';
$('body').prepend(hazc.input,hazc.submit);

$('#hazcsubmit').on('click',function(){
	console.log('clicked');
	OO.ui.confirm('Ur privacy will be violated cookie jar etc etc').done(function(a){if(a){getSiteSource();}});
});
Mvolz renamed this task from Several major news websites (NYT, NPR, Reuters...) block citoid due to too much traffic to Several major news websites (NYT, NPR, Reuters...) block citoid .May 11 2024, 6:25 AM

Per https://meta.wikimedia.org/wiki/OWID_Gadget, having our users perform the requests is a non-starter.

This is really weird, I don't understand. they would benefit from giving us the metadata, the metadata isn't a backdoor around their paywall and they don't benefit from hiding it. are we just not talking to the right people there?

Per https://meta.wikimedia.org/wiki/OWID_Gadget, having our users perform the requests is a non-starter.

what's wrong with the bookmarklet version T362379#9729585? it could spit out JSON, copy, paste into VE. or it could make some kind of link to a Wikipedia page which then caches the citation locally and next time you insert with same browser you can use the cache instead of regenerating from scratch.

maybe it wouldn't get a ton of usage because it's a bit more involved to use. but it's better than nothing.

@akosiaris

In the Grafana dash, Saturation -> Total Network says it's about 10 MB/s. Does this count everything the job is doing, including what Zotero might be sending out?

I still think what you said makes sense - I've seen at least one bug where Zotero was stuck in a loop, so knowing what the egress from a single citoid request is would be useful. https://forums.zotero.org/discussion/102507/zotero-causing-continuous-article-download-request-loop

@akosiaris

In the Grafana dash, Saturation -> Total Network says it's about 10 MB/s. Does this count everything the job is doing, including what Zotero might be sending out?

I still think what you said makes sense - I've seen at least one bug where Zotero was stuck in a loop, so knowing what the egress from a single citoid request is would be useful. https://forums.zotero.org/discussion/102507/zotero-causing-continuous-article-download-request-loop

In terms of getting stuck in redirect loops, we do actually test that before we send anything to Zotero - it is the source of at least one extra request (making at least two total requests, one each from citoid and zotero), to see if the resource is there, before we pass it on. Not error proof, though.

We do have logs of all outgoing requests: https://logstash.wikimedia.org/app/dashboards#/view/398f6990-dd56-11ee-9dd7-b17344f977e3?_g=h@c823129&_a=h@19b3870

Looks like there are about 2 citoid requests for every 1 zotero one; no obvious sign we're making a ton of requests to one resource or that Zotero is the culprit. One thing that might help is to make our citoid user agent string more browsery, like the Zotero one does, for when we check for redirects, which might make us run less into automated /algorithmic issues.

@akosiaris

In the Grafana dash, Saturation -> Total Network says it's about 10 MB/s. Does this count everything the job is doing, including what Zotero might be sending out?

Zotero wise:

Last 30 days ranges ~100KB/s transmit and between 200kB/s and 400kB/s receive.

This does indeed count everything that Zotero is sending and receiving. Including health checks. This sum does include traffic that Citoid sends to Zotero, but DOES NOT include traffic that Citoid sends to/receives from the world, other parts of the infrastructure etc

Citoid wise:

Last 30 days ranges from to ~150kB/s for transmit and up to 10-15MB/s receive as you point out. This includes traffic that Citoid receives/sends, including traffic that it sends to /receives from Zotero but similarly to the above it DOES NOT include traffic that Zotero sends to/receives from the world/other parts of the infrastructure etc.

The discrepancy you note is big and intriguing. I can't attribute it to something specific. What I can say it's not something a specific instance does, a quick explore shows that traffic from all 8 instances of Citoid have similar patterns (which is good cause it matches my expectations)

image.png (482×1 px, 201 KB)

@Mvolz correct me if I am wrong, but Citoid relies almost exclusively to Zotero for workloads and all does thing itself if Zotero fails, right ? I find it difficult that health checks could create so much traffic, hence my asking.

I still think what you said makes sense - I've seen at least one bug where Zotero was stuck in a loop, so knowing what the egress from a single citoid request is would be useful. https://forums.zotero.org/discussion/102507/zotero-causing-continuous-article-download-request-loop

Agreed. But both egress and ingress. This 10MB/s traffic is weird.

@Mvolz correct me if I am wrong, but Citoid relies almost exclusively to Zotero for workloads and all does thing itself if Zotero fails, right ? I find it difficult that health checks could create so much traffic, hence my asking.

I still think what you said makes sense - I've seen at least one bug where Zotero was stuck in a loop, so knowing what the egress from a single citoid request is would be useful. https://forums.zotero.org/discussion/102507/zotero-causing-continuous-article-download-request-loop

Agreed. But both egress and ingress. This 10MB/s traffic is weird.

My best guess is this is a pdf thing. They're big and Zotero rejects them (historically trying to load them caused memory problems), after which point I citoid still tries to unsuccessfully scrape them... it's in the works to reject it in citoid, too:

https://gerrit.wikimedia.org/r/c/mediawiki/services/citoid/+/1031870

If it is downloading PDFs, would that affect both ingress and egress?

Perhaps the problem is people trying to cite things like https://pdf.sciencedirectassets.com/271102/1-s2.0-S0014579310X00084/1-s2.0-S0014579309009831/main.pdf

In which case, the fix is simple, we simply don't make the request at all if we see the extension .pdf (sometimes the extension is missing and we have no way of knowing that, but it should get the traffic down). Zotero already isn't doing this, I think.

Not probably the problem for the other sites which don't have pdfs.

EDIT: The way Zotero does this is simply aborts the request if it's getting too much data back: https://github.com/zotero/translation-server/pull/69

A quick iftop in one of the Citoid instances says that the bulk of this 10MB/s traffic is from urldownloader1004. Which is the current proxy that citoid and zotero (and all applications that want to reach the internet) use. So this is probably a result of Citoid requests directly to the outside.

I 'll have a deeper look tomorrow.

I 'll have a deeper look tomorrow.

urldownloaders don't have the visibility needed to look at URLs since most sites are accessed over HTTPS. So the only thing they do see is URL domains, not paths. We need Citoid to log out what requests it sees.

We do have logs of all outgoing requests: https://logstash.wikimedia.org/app/dashboards#/view/398f6990-dd56-11ee-9dd7-b17344f977e3?_g=h@c823129&_a=h@19b3870

This relies on the URL downloaders and suffers from exactly the same problem as pointed out above. Btw, the top 1 domain is accessed so much that it makes 0 sense that someone would try to cite it. Smells like abuse.

I 've calculated the rate of outgoing traffic from urldownloaders to both citoid and zotero based on response sizes and it matches what we see in Grafana. So it's safe to say that this is almost entirely traffic that Citoid generates via requests to makes to the world.

I 've also tried to find if there is any pattern worth singling out in the visited domains, but the top 20 domain in the last 15 hours barely account for 15% of traffic in bytes (in requests, the top 1 visited domain accounts for ~15% of requests but the responses are barely 7.5KB)

But I think all of this is unrelated to the main issue this task is about. Even if incoming Citoid traffic is high (despite requests being low) this doesn't explain why we experience various sites not functioning.

The ditch PDFs thing is a good idea anyway, I 'd say go ahead with it.

But overall, we need Citoid to log the error (including the body) the urldownloaders get from upstream sites.

Just as a data point, I 've had a look into urldowloaders logs today for nytimes and apparently the last time we got an error has been in May 4th (2 errors). Before that, we had a spew of errors on April 19th (~20) a pattern that continues until 4th of March, at which point we no longer have data in logstash.

Total number of errors: 743
Domains: nytimes.com, www.nytimes.com
Definition of error: HTTP 403
Time range of errors: 2024-03-04 to 2024-05-04

I deployed a quick change today that reports a 415 if Zotero reports an unsupported media type (T365583) It also supposedly prevents us from re-scraping the page, avoiding downloading the pdf twice once Zotero fails.

On the plus side, looking at those saturation panels, you can see it immediately reduced our network transmission, as well as CPU and memory usage (CPU was most dramatic) which is nice: https://grafana.wikimedia.org/d/NJkCVermz/citoid?orgId=1&refresh=5m&from=1716376689141&to=1716380289141

Weirdly, the total request volume jumped seemingly in direct response: https://grafana.wikimedia.org/d/NJkCVermz/citoid?orgId=1&refresh=5m&from=1716376689141&to=1716380289141&viewPanel=13

We have much fewer 500s (good!) but I was more expecting 404s to drop and 415 to rise in equal measure. And 200s to remain roughly stable, but those have also jumped. I can't really explain this.

Are our metrics broken? Anyway, probably should continue this on that ticket, but wanted to post here for anyone following that thread.

@Mvolz Maybe some requests previously timed out (not necessarily at the HTTP level) because the CPU was too busy, and those requests now get handled? If that's possible.

This ticket is in reference to the automatic citation generator in Visual Editor, correct? When adding new citations? If so, I am surprised that NYT et. al. have decided this is too much traffic. I imagine it would be a drop in the bucket for them.

Maybe it's part of a larger strategy of theirs to block bots/scraping/strange user agents in general and we are unintentionally caught in the crossfire?

image.png (349×806 px, 171 KB)

We're learning more as we are talking to owners of the sites who've decided to block Citoid, while also trying to be sure about how much traffic we're sending to them.

We're in conversation with the owners of one property who have said that the traffic pattern looks like abuse traffic. We're trying to learn in what way this is so - Volume? A nonstandard user agent pattern (which we've since changed)? Spikes?

More updates to come.

Change #1034555 had a related patch set uploaded (by Mvolz; author: Divec):

[mediawiki/services/citoid@master] Switch back to using HEAD instead of GET for redirect tracking

https://gerrit.wikimedia.org/r/1034555

We're learning more as we are talking to owners of the sites who've decided to block Citoid, while also trying to be sure about how much traffic we're sending to them.

We're in conversation with the owners of one property who have said that the traffic pattern looks like abuse traffic. We're trying to learn in what way this is so - Volume? A nonstandard user agent pattern (which we've since changed)? Spikes?

More updates to come.

Abuse traffic to whom within the property?

If it is the marketing/web analytics team, maybe we can consider having the Citoid service be submitted to IAB/ABC International Spiders and Bots List which many analytics services such as Google Analytics and Adobe Analytics are relying to exclude bot-like traffic from the actual traffic automatically for their users/clients across the board.

Change #1034555 merged by jenkins-bot:

[mediawiki/services/citoid@master] Switch back to using HEAD instead of GET for redirect tracking

https://gerrit.wikimedia.org/r/1034555

@Robertsky We heard back from the property owner who showed us graphs of traffic and traffic levels and said that this was clearly more than what they considered acceptable. Their concern was purely about volume and not about suspicious looking user agent strings.

ppelberg updated the task description. (Show Details)
ppelberg updated the task description. (Show Details)

Update: 14 June

We've updated the task description to include the Strategy and State section that's meant to help us all understand:

  1. The strategy that is guiding the action we're taking to address this issue
  2. The state of the "actions" mentioned in "1." (above)

If anything you see brings questions/ideas to mind, we'd value knowing.

@Robertsky We heard back from the property owner who showed us graphs of traffic and traffic levels and said that this was clearly more than what they considered acceptable. Their concern was purely about volume and not about suspicious looking user agent strings.

And what kind of volume were they seeing?

And just to be sure: there is no excessive traffic generated by some random (non-Wikimedia) spider/harvester operator who might be using the Citoid user agent?

Why are the details about the problems sites report so vague? 😅
Did T367452 resolve any of these sites problems? Every visit being a double-download might have been enough of a spike for some of them to block.

As editors visit the pages themselves while reading, a longer term solution might be something that captures cites client-side while browsing and lets you post those to a wikibase as Mvolz mentioned, then checks that base first in citoid before pinging out to the web.

For instance, when I'm doing writing that involves dozens of PDFs, the last thing I want is to generate all those cites by hand. But could quickly capture them all while reading them and then insert them while editing.

In T362379#9913315, @Sj wrote:

Why are the details about the problems sites report so vague? 😅

@Sj can you say a bit more what you mean by "vague" in this context? What might you expect us to be able to know about the problems that you've not seen documented?

Did T367452 resolve any of these sites problems? Every visit being a double-download might have been enough of a spike for some of them to block.

Great question! We're investigating this as part of T368802 and will share what we learn...

For instance, when I'm doing writing that involves dozens of PDFs, the last thing I want is to generate all those cites by hand. But could quickly capture them all while reading them and then insert them while editing.

Oh! What a nifty idea...

Could you please read the newly-created T368980 and boldly edit the description to align with what you had in mind...?

Thanks Peter, I commented on T368980; the description is fine.

Vagueness:

  • "told by at least one organisation that the block is deliberate." (which orgs?)
  • "owners of one property said that the traffic pattern looks like abuse... showed us graphs of traffic... [t]heir concern was purely about volume.
" (what patterns? how much volume?) - @AlexisJazz asked about this above

One could imagine smoke tests of our outgoing traffic against a glossary of patterns we've tried to avoid in the past.

ppelberg updated the task description. (Show Details)