Page MenuHomePhabricator
Create Task
Maniphest T138165

Allow users to restrict which user groups that can send them direct emails via Special:EmailUser
Closed, ResolvedPublic3 Estimated Story Points
Actions

Assigned To
dmaza
Authored By
MER-C
Jun 19 2016, 11:40 AM
Tags
Referenced Files
F11777438: Screen Shot 2017-12-11 at 5.23.40 PM.png
Dec 12 2017, 1:43 AM
F9384420: Screen Shot 2017-09-07 at 4.31.42 PM.png
Sep 7 2017, 11:52 PM
F9384314: Screen Shot 2017-09-07 at 4.31.42 PM.png
Sep 7 2017, 11:39 PM
F9090734: Screen Shot 2017-08-16 at 2.06.38 PM.png
Aug 16 2017, 9:20 PM
Subscribers
Aklapper
BethNaught
dbarratt
dmaza
gerritbot
kaldari
MarcoAurelio
View All 16 Subscribers
Tokens
"Like" token, awarded by Liuxinyu970226."Like" token, awarded by BethNaught.

Description

Background

As a target of harassment, I want to restrict which user groups can send me email (e.g. choose between all users, require autoconfirmed access or admins). If sending email is disallowed this way, the "email this user" link should not be displayed and visiting Special:EmailUser/Foobar should display the "This user has chosen not to receive email from other users." message.

On-wiki specification

Meta — Community health initiative/Allow users to restrict which user groups can send them emails

Discussions

Acceptance criteria

  • In the 'Email options' of the 'User profile' tab of Special:Preferences, add a new tickbox preference
    • Label: Allow emails from brand-new users (learn more)
    • 'learn more' should link to a help/project page (TBD)
  • If the user has this preference enabled (ticked) the Special:EmailUser feature should work exactly as it does today.
  • If the user has this preference disabled (unticked):
    • Users in the autoconfirmed group should be able to use the Special:EmailUser feature as it exactly does today.
    • Users not in the autoconfirmed group:
      • should not see the "Email this user" link in the left rail on userspace pages
      • should see the standard error message of "This user has chosen not to receive email from other users" as if the other user had the entire preference disabled when they directly navigate to Special:EmailUser/Foobar
  • The default for new accounts created when their email address is confirmed should be ticked (on)

Details

SubjectRepoBranchLines +/-
Allow users to prevent new users from sending them email.mediawiki/coremaster+58 -7
Customize query in gerrit

Related Objects
Search...

Event Timeline

There are a very large number of changes, so older changes are hidden. Show Older Changes
BethNaught awarded a token.Jun 19 2016, 11:55 AM
MER-C added a project: Trust-and-Safety.Nov 10 2016, 12:32 PM
MER-C mentioned this in T149665: UX to create safe spaces.Nov 10 2016, 12:39 PM
MER-C mentioned this in T138166: Allow users to restrict who can send them direct emails via Special:EmailUser.Nov 10 2016, 12:41 PM
Liuxinyu970226 subscribed.Nov 27 2016, 9:06 AM
Liuxinyu970226 added a project: Community-Wishlist-Survey-2016.Jan 1 2017, 2:59 AM
Liuxinyu970226 removed a project: Community-Wishlist-Survey-2016.Jan 2 2017, 12:46 AM
jrbs moved this task from Backlog to Security/Privacy on the Trust-and-Safety board.May 3 2017, 11:50 PM
Nemo_bis added a parent task: T164542: Epic: ⚡️ General user mute/block feature.May 13 2017, 3:46 PM
TBolliger added a parent task: T138166: Allow users to restrict who can send them direct emails via Special:EmailUser.Jun 1 2017, 5:32 PM
TBolliger added a project: Anti-Harassment.Jul 13 2017, 8:22 PM
TBolliger moved this task from Untriaged to Snackbox on the Anti-Harassment board.
TBolliger subscribed.
Platonides subscribed.Aug 10 2017, 8:42 PM
TBolliger updated the task description. (Show Details)Aug 16 2017, 9:06 PM
TBolliger updated the task description. (Show Details)
TBolliger added a comment.Aug 16 2017, 9:20 PM

Here is a screenshot of the current email preferences:

Screen Shot 2017-08-16 at 2.06.38 PM.png (259×723 px, 67 KB)

I propose we replace the top tickbox with a dropdown with the following options:

Enable emails from:

  • All users
  • Autoconfirmed users
  • Admins and functionaries
  • Nobody
MGChecker subscribed.Aug 17 2017, 12:28 AM

I don't think you should hardcode the list, but do something like that:

DefaultSettings.php :

$wgEmailAccessLevels = [
  [ 'user' ],
  [ 'autoconfirmed' ],
  [ 'sysop', 'bureaucrat' ]
];

WMF standard settings:

$wgEmailAccessLevels = [
  [ 'user' ],
  [ 'autoconfirmed', 'confirmed' ],
  [ 'sysop', 'bureaucrat', 'checkuser', 'oversight' ]
];

This would allow wikis to react to their user hierarchy, for example:

$wgEmailAccessLevels = [
  [ 'user' ],
  [ 'autoconfirmed', 'confirmed' ],
  [ 'templateeditor', 'review', 'rollback' ],
  [ 'sysop', 'bureaucrat', 'checkuser', 'oversight' ]
];

Or anything like that. I'm not quite happy with this design yet, but it gives a rough idea what I intend to do. Maybe it's better to use keys and to define the order of the keys elsewhere.
Besides, how would you define functionaries in code?

TBolliger added a comment.Aug 17 2017, 5:42 PM

I agree the list shouldn't be hard coded.

TBolliger mentioned this in T173535: Perform Email Mute community consultation.Aug 17 2017, 7:15 PM
TBolliger added a subtask: T173535: Perform Email Mute community consultation.
MGChecker mentioned this in T171624: Investigate making Mute cross-wiki.Aug 19 2017, 11:32 AM
Thryduulf subscribed.Aug 22 2017, 4:56 PM
TBolliger moved this task from Snackbox to Triage/To be Estimated on the Anti-Harassment board.Aug 29 2017, 4:48 PM
TBolliger closed subtask T173535: Perform Email Mute community consultation as Resolved.Aug 29 2017, 5:04 PM
TBolliger moved this task from Triage/To be Estimated to Snackbox on the Anti-Harassment board.Sep 7 2017, 11:08 PM
TBolliger added a subscriber: SPoore.Sep 7 2017, 11:39 PM

I posted on https://meta.wikimedia.org/wiki/Grants_talk:IdeaLab/Allow_users_to_restrict_who_can_send_them_email#Updates_from_the_WMF.27s_Anti-Harassment_Tools_team with a wireframe of what this could look like:

Screen Shot 2017-09-07 at 4.31.42 PM.png (282×871 px, 68 KB)

@SPoore — do you think we should ping users who participated on the idealab and the wishlist to get their input? Should we mention this on https://en.wikipedia.org/wiki/Wikipedia_talk:Community_health_initiative_on_English_Wikipedia/User_Mute_features ?

TBolliger updated the task description. (Show Details)Sep 7 2017, 11:52 PM
TBolliger updated the task description. (Show Details)Sep 8 2017, 12:00 AM
TBolliger renamed this task from Allow users to restrict which user groups that can send them emails to Allow users to restrict which user groups that can send them direct emails via Special:EmailUser.Sep 19 2017, 9:27 PM
TBolliger updated the task description. (Show Details)
TBolliger moved this task from Snackbox to Triage/To be Estimated on the Anti-Harassment board.Sep 26 2017, 4:21 PM
TBolliger added a comment.Sep 26 2017, 6:49 PM

Another potential solution to this problem will be to simply have a tickbox (default TBD) to dis/allow email from non-autoconfirmed users.

TBolliger updated the task description. (Show Details)Sep 26 2017, 7:00 PM
TBolliger moved this task from Triage/To be Estimated to Analytics on the Anti-Harassment board.Sep 26 2017, 8:02 PM
MGChecker added a comment.Sep 26 2017, 9:50 PM

On the one hand, it's a simple approach conceptwise and codewise, on the other hand, it reduces the feature flexibility. To get autoconfirmed isn't that difficult, and many wikis have groups kind of representing trusted users.

One alternative possibility to let this work like page protection (with just one action and without expire time): You define multiple levels and link them with user rights. (The simplest variant would be to hard code two levels direclty, this would simplify the approach, but I really think it isn't needed.) That way, you could configure the feature freely for a given wiki, combine it with global groups etc. and wouldn't have any complicated UI issues. Personally I think at the moment this would be a very good approach to handle this.

TBolliger added a comment.Oct 23 2017, 9:19 PM

Related task: T178842: If a user has never triggered a logged action on a wiki, they should not be able receive emails by non-privileged users from there

TBolliger updated the task description. (Show Details)Oct 23 2017, 9:21 PM

Per feedback on wiki and discussions with the rest of the Anti-Harassment Tools team, we decided to change the default for new accounts to be to accept email from non-autoconfirmed email. (So, no change in the current experience/functionality.) If we need to adjust this in the future, we will re-approach the topic.

TBolliger added a comment.Oct 23 2017, 10:20 PM

I've posted an update of all the on-wiki feedback we've received so far: https://meta.wikimedia.org/wiki/Talk:Community_health_initiative/Allow_users_to_restrict_which_user_groups_can_send_them_direct_emails#Feedback_summary_and_updates.2C_October_23

dbarratt removed a parent task: T138166: Allow users to restrict who can send them direct emails via Special:EmailUser.Oct 24 2017, 4:17 PM
dbarratt added a subtask: T138166: Allow users to restrict who can send them direct emails via Special:EmailUser.
TBolliger mentioned this in T177985: Make decision about Email Group Prohibit.Oct 25 2017, 9:06 PM
TBolliger added a subtask: T177985: Make decision about Email Group Prohibit.Oct 25 2017, 9:14 PM
Liuxinyu970226 awarded a token.Oct 28 2017, 4:09 AM
TBolliger moved this task from Analytics to Triage/To be Estimated on the Anti-Harassment board.Nov 2 2017, 10:43 PM
TBolliger updated the task description. (Show Details)Nov 2 2017, 10:47 PM

We haven't received enough feedback on the ticbox-vs.-dropdown discussion, so we will size both in estimation tomorrow and build whatever is simplest. (This most likely will mean the tickbox.)

TBolliger updated the task description. (Show Details)Nov 3 2017, 6:39 PM
TBolliger set the point value for this task to 3.
TBolliger moved this task from Triage/To be Estimated to Cards ready for development on the Anti-Harassment board.
MGChecker added a comment.Nov 3 2017, 9:06 PM

How would the autoconfirmed restriction be managed internally? In my opinion, it should be a new user right (sendemail-restricted maybe).

TBolliger closed subtask T177985: Make decision about Email Group Prohibit as Resolved.Nov 4 2017, 12:06 AM
TBolliger moved this task from Cards ready for development to AHT Sprint 9 on the Anti-Harassment board.Nov 6 2017, 9:55 PM
TBolliger edited projects, added Anti-Harassment (AHT Sprint 9); removed Anti-Harassment.
dbarratt claimed this task.Nov 13 2017, 5:26 PM
dbarratt moved this task from Ready to In progress on the Anti-Harassment (AHT Sprint 9) board.
dbarratt added a comment.Nov 14 2017, 9:28 PM

@TBolliger Will this feature be on/off per wiki or should there be no config (and it will roll out on the next train)?

TBolliger added a comment.Nov 14 2017, 9:31 PM

If this is a low-risk change, it should be in the next train to all Wikimedia wikis. If you feel this would benefit from a round of production QA, please release it only to meta.wikimedia and test.wikipedia.

gerritbot subscribed.Nov 14 2017, 9:54 PM

Change 391342 had a related patch set uploaded (by Dbarratt; owner: Dbarratt):
[mediawiki/core@master] Allow users to prevent new users from sending them email.

https://gerrit.wikimedia.org/r/391342

gerritbot added a project: Patch-For-Review.Nov 14 2017, 9:54 PM
dbarratt moved this task from In progress to Review on the Anti-Harassment (AHT Sprint 9) board.Nov 14 2017, 9:54 PM
TBolliger mentioned this in T178842: If a user has never triggered a logged action on a wiki, they should not be able receive emails by non-privileged users from there.Nov 15 2017, 6:27 PM
dbarratt moved this task from Review to In progress on the Anti-Harassment (AHT Sprint 9) board.Nov 22 2017, 6:34 PM
TBolliger moved this task from AHT Sprint 9 to AHT Sprint 10 on the Anti-Harassment board.Nov 27 2017, 4:26 PM
TBolliger edited projects, added Anti-Harassment (AHT Sprint 10); removed Anti-Harassment (AHT Sprint 9).
TBolliger moved this task from Ready to In progress on the Anti-Harassment (AHT Sprint 10) board.
dbarratt added a subscriber: dmaza.Nov 27 2017, 5:05 PM

@dmaza Everything I have so far is on https://gerrit.wikimedia.org/r/#/c/391342/6 I basically added an empty JS file.

Also see the email I forwarded you. :)

dbarratt reassigned this task from dbarratt to dmaza.Nov 27 2017, 5:05 PM
dbarratt subscribed.
TBolliger edited projects, added Anti-Harassment (AHT Sprint 11); removed Anti-Harassment (AHT Sprint 10).Dec 6 2017, 7:39 PM
TBolliger moved this task from Ready to In progress on the Anti-Harassment (AHT Sprint 11) board.
dmaza mentioned this in T180729: Email preferences should show as disabled/enabled, not hide/show .Dec 8 2017, 12:18 AM
dmaza moved this task from In progress to Review on the Anti-Harassment (AHT Sprint 11) board.Dec 8 2017, 2:54 AM
kaldari subscribed.Dec 12 2017, 1:43 AM

@dmaza: Tested out the patch, but strangely the pref disabling behavior isn't working for me locally:

Screen Shot 2017-12-11 at 5.23.40 PM.png (191×541 px, 45 KB)

kaldari added a comment.Dec 12 2017, 1:51 AM

Figured out the problem. See https://gerrit.wikimedia.org/r/#/c/391342/12/resources/src/mediawiki.special/mediawiki.special.preferences.personalEmail.js.

dmaza added a comment.Dec 12 2017, 2:24 AM

@kaldari my bad. Fixed.

MZMcBride subscribed.Dec 12 2017, 2:50 AM
gerritbot added a comment.Dec 12 2017, 5:48 PM

Change 391342 merged by jenkins-bot:
[mediawiki/core@master] Allow users to prevent new users from sending them email.

https://gerrit.wikimedia.org/r/391342

ReleaseTaggerBot added a project: MW-1.31-release-notes (WMF-deploy-2018-01-02 (1.31.0-wmf.15)).Dec 12 2017, 6:00 PM
dmaza moved this task from Review to Done on the Anti-Harassment (AHT Sprint 11) board.Dec 12 2017, 11:50 PM
dmaza closed this task as Resolved.Dec 13 2017, 8:53 PM
Liuxinyu970226 unsubscribed.Dec 14 2017, 4:00 AM
TBolliger mentioned this in T184104: Update documentation about new Email preferences.Jan 3 2018, 7:10 PM
TBolliger mentioned this in T184105: Inform users about new Email preference.
dbarratt merged a task: T198053: Option to prohibit email from non-confirmed editors.Jun 25 2018, 4:52 PM
dbarratt added subscribers: TheresNoTime, MarcoAurelio.
TBolliger mentioned this in T198053: Option to prohibit email from non-confirmed editors.Jun 25 2018, 4:52 PM
ToBeFree merged a task: T198053: Option to prohibit email from non-confirmed editors.Jul 1 2018, 3:08 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL