Page MenuHomePhabricator

Add hideuser right to administrators on it.wiki
Closed, DeclinedPublic

Description

Currently it.wiki has no oversight user group and doesn't feel like it is really needed. However, we agreed here and here that the hideuser right may come in handy for better handling abusive user names which appear in logs, lists, histories, etc. Of course, right now we can already do some clean up, but it takes a lot of time, and nevertheless certain occurrences remain visible. We hereby request, if possible, that the hideuser right is added to the administrator user group. Thank you.

Event Timeline

Sakretsu created this task.Aug 20 2018, 9:40 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptAug 20 2018, 9:40 PM
Jdforrester-WMF added a subscriber: Jdforrester-WMF.

Tagging in the Trust and Safety team, who would need to approve this.

Framawiki added a project: WMF-Legal.
Framawiki added a subscriber: Framawiki.

I see legal implications here - hideuser right allow to remove a username from a history page, thus remove author credit that is required by Wikipedia license.
Also, if I understand correctly your request, sysops will not be able to view action log that requires abusefilter-hidden-log right, only stewards will be able to do this. And they probably will not monitor abuses, that not the purpose of this group.

This is an oversight level permission. On Wikimedia wikis only oversighters
are permited to have this and, where they do not exist, stewards can be
called to do so. Hidding of usernames with this feature is governed by the
oversight policy as well. I do not think this should be made avalaible to
non-stewards/oversighters. Thank you.

Sakretsu added a comment.EditedAug 20 2018, 11:09 PM

I see legal implications here - hideuser right allow to remove a username from a history page, thus remove author credit that is required by Wikipedia license.
Also, if I understand correctly your request, sysops will not be able to view action log that requires abusefilter-hidden-log right, only stewards will be able to do this. And they probably will not monitor abuses, that not the purpose of this group.

According to Manual:User rights, hideuser right doesn't allow to permanently remove a username, but rather allows to hide it almost everywhere from the public. Hiding usernames in history pages is one of the things administrators can already do with RevDel, even though sometimes, as said, it's not that simple. What we actually cannot do is, for example, hiding a username in lists like Special:ListUsers or preventing it from appearing in Special:RecentChanges at the moment of the block.
About the action log, unfortunately I've never been an oversighter, so I don't know if something else would be needed.

Rxy added a subscriber: Rxy.Aug 20 2018, 11:25 PM
Legoktm closed this task as Declined.Aug 21 2018, 1:19 AM
Legoktm added a subscriber: Legoktm.
Dcljr added a subscriber: Dcljr.Aug 21 2018, 3:37 AM

Excuse this comment from the peanut gallery, but could the offending username be changed (i.e., user rename) and then the old name be hidden? Would that help anything (i.e., make the offending name visible in fewer places but keep authorship credit visible under the new name)?

I must also note that hideuser does just allow the users to block an username, hidding it from the public. However to be able to control who did what (and therefore reverse wrong or abusive blocks; and hold people accountable to their actions) all administrators would need to be able to access the suppression log which contains all oversight operations and contains all sorts of private/abusive data. That'd be against the OS policy and the access to nonpublic information policy.

Excuse this comment from the peanut gallery, but could the offending username be changed (i.e., user rename) and then the old name be hidden? Would that help anything (i.e., make the offending name visible in fewer places but keep authorship credit visible under the new name)?

In theory indeed abusive usernames can be renamed, however we don't do it because we end leaving far more evidence of their existance if we rename them than if we do not do so. Please note that renaming an username does create a log entry in the global rename log at Meta, and individual local rename log entries at every wiki the user is registered. Plus, the userpages get moved, the edits reatributed, etc. There's no way to "silently" rename an user to avoid this.

It'd be good if a feature to block-hide usernames at a sysop-level existed (similar to what happens with revisions, that you can delete them (sysop level; revisiondelete) or suppress them (oversight level; suppressrevision). Unfortunatelly such a feature does not exist yet.

There's the posibility of "hidding" the username via CentralAuth, however that only removes the username from Special:GlobalUsers; making the feature a bit useless for most of the cases.

Yeah if the action you'd be allowing them to take ends up in a log they can't view... let's not even go there.

Sakretsu added a subscriber: Tgr.Aug 21 2018, 2:27 PM

Alright, so I guess it would be more appropriate to open a new task and request such a feature at a sysop level. Maybe @Tgr is interested since he already mentioned this in T24251#4021789.