Page MenuHomePhabricator

Add confirmation if account creation rationale/summary is an email address to prevent accidental self-outing
Closed, ResolvedPublic

Description

Hello,

If a person attempts to register an account with its email as the creation summary, they should be prompted if they really want to have their email as the creation reason/summary. If they confirm then fair enough, but odds are this would be an accident (e.g. filled in by autofill). Having the user confirm would help avoid accidental self OUTing.

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptSep 17 2019, 3:05 AM

I have never seen someone who puts "email@example.com" as the reason for creating an account. Perhaps you should add example if there's any. In addition, anyone who adds email as a reason for creation of an account they're providing wrong information, so it's their fault not Mediawiki's. The field is for providing "Reason" of creating new account not email and that has been clearly explained in the placeholder text of the field.

I have never seen someone who puts "email@example.com" as the reason for creating an account. Perhaps you should add example if there's any.

The whole point of the ticket is that it is an easy mistake for someone to make and one I have run across a few times. As for examples, I imagine most if not all are oversighted. Any that I have run across have been as I informed an oversighter who was around about them, who the suppressed the logs. By definition, giving any example would most likely be a violation of "outing" and/or harassment policies.

In addition, anyone who adds email as a reason for creation of an account they're providing wrong information, so it's their fault not Mediawiki's. The field is for providing "Reason" of creating new account not email and that has been clearly explained in the placeholder text of the field.

You are correct that it is not mediawiki's fault. I didn't mean to imply that it is. It is an easy mistake for the user to make. What I am proposing is just a quick validation that the creation reason is not just an email address. If it is, then you ask the creator if they really meant for it to be "email@example.com" by means of a prominent checkbox or something similar. If they say "yes" then so be it, that must have really been their intention. (If they still didn't mean it and they confirmed "yes" they did, then that is clearly on them.)

Jony added a subscriber: Jony.Sep 17 2019, 6:50 AM

It is an easy mistake for the user to make.

This is an assertion. There's no data to prove whether it's true.

You are correct that it is not mediawiki's fault. I didn't mean to imply that it is. It is an easy mistake for the user to make. What I am proposing is just a quick validation that the creation reason is not just an email address. If it is, then you ask the creator if they really meant for it to be "email@example.com" by means of a prominent checkbox or something similar. If they say "yes" then so be it, that must have really been their intention. (If they still didn't mean it and they confirmed "yes" they did, then that is clearly on them.)

There's already a prominent placeholder text on which the user write the very reason: Unambiguously asked: Why you are creating another account. I don't know, but perhaps it should have a question mark.

The header of the field used to read Reason. It was recently further clarified to become Reason (publicly logged).

That's more than enough. If it doesn't stop someone from putting invalid/wrong data, further confirmation wouldn't do either, it'd just be yet another unnecessary check.

But of course I am not the one to make the decision, so I will leave it to CPT to decide.

TheSandDoctor claimed this task.EditedSep 23 2019, 6:26 PM

Been working on a proposed commit to add this. Will submit for review soon (just testing and tweaking).

TheSandDoctor triaged this task as Low priority.Sep 24 2019, 2:09 PM
TheSandDoctor raised the priority of this task from Low to Medium.

Change 539649 had a related patch set uploaded (by TheSandDoctor; owner: TheSandDoctor):
[mediawiki/core@master] AccountCreation: Add user confirmation if reason is email address

https://gerrit.wikimedia.org/r/539649

Tgr added a subscriber: Tgr.Nov 1 2019, 8:50 PM

Quick sanity check:

[enwiki]> select count(*) from logging where log_type = 'newusers' and log_action in ('create', 'byemail');
+----------+
| count(*) |
+----------+
|   329463 |
+----------+

[enwiki]> select count(*) from logging join comment on log_comment_id = comment_id where log_type = 'newusers' and log_action in ('create', 'byemail') and comment_text like '%@%';
+----------+
| count(*) |
+----------+
|      861 |
+----------+

(Not a proper email regexp but on inspection those are basically all emails.) So in the 20 years of enwiki there have been 861 cases of someone doing this, out of 330K total account creations by proxy. I guess that's frequent enough to justify an extra check...

TheSandDoctor added a subscriber: Anomie.EditedDec 21 2019, 4:53 PM

@Tgr @Anomie I've emailed you both, but this was probably a better spot to ask. $this->msg() and AuthManager::singleton()->setAuthenticationSessionData() appear to conflict. When setAuthenticationSessionData() is present, $this->msg() will not appear. I was wondering if either of you (or anyone else for that matter) knows of the cause and/or a solution to this? (code in question)

$this->msg() and AuthManager::singleton()->setAuthenticationSessionData() appear to conflict. When setAuthenticationSessionData() is present, $this->msg() will not appear.

That seems unlikely. More likely is that your logic is somehow incorrect for what you intend there.

Tgr added a comment.Feb 22 2020, 3:17 AM

$this->msg() and AuthManager::singleton()->setAuthenticationSessionData() appear to conflict. When setAuthenticationSessionData() is present, $this->msg() will not appear. I was wondering if either of you (or anyone else for that matter) knows of the cause and/or a solution to this?

See https://gerrit.wikimedia.org/r/c/mediawiki/core/+/539649/14/includes/specialpage/LoginSignupSpecialPage.php#876. (Sorry I took so long to respond.)

With @Tgr 's help, a new patch set has been uploaded that is functional. Just awaiting review.

Change 539649 merged by jenkins-bot:
[mediawiki/core@master] AccountCreation: Add user confirmation if reason is email address

https://gerrit.wikimedia.org/r/539649

TheSandDoctor closed this task as Resolved.Feb 22 2020, 6:28 PM
TheSandDoctor raised the priority of this task from Medium to High.
TheSandDoctor moved this task from git review pending to merged/done on the User-TheSandDoctor board.

Merged. Thanks @Tgr !

Aklapper removed a subscriber: Anomie.Oct 16 2020, 5:40 PM