Page MenuHomePhabricator

Security review for disabling user-to-user email on wikis where a user has never edited
Closed, DeclinedPublic

Description

Project Information

Description of the tool/project

See also: T178842: If a user has never triggered a logged action on a wiki, they should not be able receive emails by non-privileged users from there

Wikimedia accounts use unified login across all wikis. If a user never visits a wiki, then they do not technically have an account created, therefore the 'Email this user' link is not visible on their userpage and Special:EmailUser will not accept their username as valid. However, when a user visits a page on another Wikimedia wiki while logged-in (via on-wiki or off-wiki link, Google search, or direct navigation) the system 'creates' their account on that wiki, and they can therefore be contacted via email.

We are attempting to close off potential venues for malicious people to send harassing emails. We believe that if a user has not made an edit or triggered a logged action on a wiki where they did not create their account, they should only be emailable from stewards, WMF SuSa staff, bcrats, and global account renamers.

This tool may also include T179414: Create API option to see if user has an email address associated with their account. We would like feedback on both concepts.

Description of how the tool will be used at WMF

n/a

Dependencies

None known at this time

Has this project been reviewed before?

Not to our knowledge

Working test environment

n/a

Post-deployment

Anti-Harassment Tools team