Page MenuHomePhabricator

Block Special:OAuth/authorize for WP Zero users
Closed, DeclinedPublic


Is really needed for T168142: Cleanup uploaded files, WP zero abuse.

We can create a blacklist/whitelist of OAuth clients apps, later.

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJun 17 2017, 6:03 PM
Framawiki updated the task description. (Show Details)
Restricted Application added a subscriber: Dereckson. · View Herald TranscriptJun 17 2017, 6:22 PM

This request doesn't seem especially legit. You "just" want to block them from using Phabricator, don't you?

Nemo_bis closed this task as Declined.Jun 17 2017, 9:04 PM

It's not acceptable to break core functionality of Wikimedia (content) wikis for an entire class of users just to combat a minority of abusers. Targeted blocks must be used instead, see T168142#3357904. Let's close this one to avoid having a hundred parallel discussions.

Thanks for your comment, I agree with your argument.
But in an other hand I think that we need to be able to do this block, if it's needed, in a larger vision than phabricator. Perhaps we should work on the software to be able to do this in case of emergency. Curently as I know nothing is designed to do this. Do you think that it's necessary ? Or it's a spent of time ?

Tgr added a subscriber: Tgr.Jun 18 2017, 9:34 AM

Even apart from collateral damage, this does not seem particularly useful. There is no such thing as a Zero user; only a Zero request. Users could easily do the authorization via some proxy or different provider and do the file uploads via Zero. In the case of Phabricator, OAuth is only used to log you in, anyway (and it's not even the only way to do that); actual usage of Phabricator does not depend on OAuth in any way.

Also, the point of the Zero piracy is to allow users to download pirated material free of charge. Uploading it free of charge is convenient but I doubt the pirates really depend on it as it is easy to make money out of pirate sites. And public files can be downloaded from Phabricator without logging in, so the only part of the workflow that requires Zero does not involve login at all.