Page MenuHomePhabricator

Ban IP edits on pt.wiki
Closed, DeclinedPublic

Description

Hi all!

Portuguese Wikipedia is discussing banning edits from IPs. This is an idea that has been discussed for a long, long time.

RfC link: https://pt.wikipedia.org/wiki/Wikip%C3%A9dia:Esplanada/propostas/Banimento_de_IPs_(23ago2020)

There are no benefits, for ptwiki, in allowing IP editions, at least in the main domain. Over the years, IPs are slowly destroying the site.

In this scenario, the community is massively supporting the idea because we believes that mandatory registration will increase new users retention and decrease the energy spent to combat these edits, since the vast majority of which are inappropriate. Note that it is very easy to create an account.

No founding principle of Wikipedia would be disrespected. We will remain free, open, but more secure and credible.

However, there are doubts about the feasibility. There is no mention of this possibility, or any restrictions, in "Limits to configuration changes": https://meta.wikimedia.org/wiki/Limits_to_configuration_changes. On the other hand, WMF staff previously informed community members that this decision would be in the hands of the community.

Some points:

a) is it possible to ban IP edits?
b) if technically possible, what level of support is required?

Kind regards,
Érico Wouters

EDIT - Related links:
https://meta.wikimedia.org/wiki/Research:Value_of_IP_Editing
https://meta.wikimedia.org/wiki/Talk:IP_Editing:_Privacy_Enhancement_and_Abuse_Mitigation/Archives/08-2019#Simpler_solution_-_turn_off_IP_editing
https://discuss-space.wmflabs.org/t/report-on-the-hungarian-wikipedia-experiment-with-partially-disabling-flagged-revisions/1984

Event Timeline

There are a very large number of changes, so older changes are hidden. Show Older Changes

consulted with 2 WMF employees last November

I'm afraid that a lot of folks out there can't be aware of all and any potential principles and guidelines of the Wikimedia movement and know them by heart, no matter who might employ them or not. :)

I believe that this proposal/idea (and the underlying problems which led to this proposal) would benefit from a discussion with broader input in the movement (probably on meta or wikimedia-l@?), across Wikimedia communities, as it would be quite a change in the interpretation of principles that I've seen so far.

For the records, this comment is my personal opinion.

Demian added a subscriber: Demian.Aug 24 2020, 10:44 PM

See also https://meta.wikimedia.org/wiki/Talk:IP_Editing:_Privacy_Enhancement_and_Abuse_Mitigation/Archives/08-2019#Simpler_solution_-_turn_off_IP_editing

IP Editing is a hot topic with many different views. Disregarding a community's decision in that matter without understanding the circumstances and listening to the reasons or answering the raised questions is concerning.

To start with I'd be curious whether reviewing IP edits using FlaggedRevs Extension was considered.
Huwiki made a comparison about using or disabling flagged revision, which suggest me that IP edits are better quality when IP edits are reviewed.
Additionally if IP edits are overwhelming, not reviewing the flagged revisions has the practical effect of disabling IP editing.

We are full of tools, bots and filters there, we don't need more. What we miss is quality volunteer force for everything, from maintenance to content creation and improvement, and that quality force is being put to waste to feed that fantasy about allowing everyone to edit the project

I agree with this sentiment. There is a huge disconnect between the "everyone can edit" idea and the general unfriendliness towards IP and new editors. This idea is more motivated by ideology than practicality. How the balance between beneficial and non-beneficial IP edits plays out depends greatly on the community (including unwanted elements) surrounding a project. What works for most projects does not necessarily work for all.

Darwinius added a comment.EditedAug 24 2020, 10:54 PM

See also https://meta.wikimedia.org/wiki/Talk:IP_Editing:_Privacy_Enhancement_and_Abuse_Mitigation/Archives/08-2019#Simpler_solution_-_turn_off_IP_editing

To start with I'd be curious whether reviewing IP edits using FlaggedRevs Extension was considered.
Huwiki made a comparison about using or disabling flagged revision, which suggest me that IP edits are better quality when IP edits are reviewed.
Additionally if IP edits are overwhelming, not reviewing the flagged revisions has the practical effect of disabling IP editing.

Hello Demian,

Yes, we tried flagged revs for about 5 years, and it proved to be so useless and counterproductive that the community decided by unanimity for the total removal of that tool from there: https://pt.wikipedia.org/wiki/Wikip%C3%A9dia:Esplanada/propostas/Acabar_com_a_valida%C3%A7%C3%A3o_de_p%C3%A1ginas_(29nov2018)

It didn't blocked the bad editions, which still were kept in article history. It created a mess of good and bad editions intermixed, and, above all, consumed a lot of community resources by forcing those editions to be reviewed (or else they would be ignored for weeks, causing that huge mess of conflicting editions). After 5 years everybody was so sick of it, that we didn't even wanted to see the colour of it anymore around there, not even as an option, and it was completely removed.

Demian updated the task description. (Show Details)Aug 24 2020, 10:56 PM

@Darwinius Thank you, I'm sorry to hear that. This sounds like a very pressing issue.

Yeah this should probably be added to https://meta.wikimedia.org/wiki/Limits_to_configuration_changes

I must had that I had (informally) consulted with 2 WMF employees last November, while at Wikindaba (Christel and Tony, from T&S, after an workshop related to IPs and security) about the possibility of a project community to decide to exclude edit access for IPs, and they said that we just needed to obtain visible consensus for it at our community, and present it to the developers.

It's worth noting that most WMF employees are unlikely to be in a position to guarantee the passage of any particular config change unless they're in the deployment/ops groups.

Now you say it can't be implemented because of what, really? What is the argument for not respecting an entire project community decision, in case consensus is obtained there?

Changes that make the wiki less open, among other things, can be prohibited.

Darwinius added a comment.EditedAug 24 2020, 11:33 PM

Hello Krenair,

It's worth noting that most WMF employees are unlikely to be in a position to guarantee the passage of any particular config change unless they're in the deployment/ops groups.

Thanks for the clarification.

Changes that make the wiki less open, among other things, can be prohibited.

Many projects already have exceptions approved that make the wiki less open, such as allowing copyrighted content under fair-use. Why would that be allowed, while we have to get stuck with IP editions that nobody there wants, by near unanimity?
And what would be the legitimacy of using some "foundational" (!!!) principles written at wiki.en by 2005 or so, by the wiki.en community, to counter the consensus of another wiki community?

Note to those I see in the ptwiki comments proposing AbuseFilters: Abuse Filter has emergency checks that will disable a filter matching 5% or more of edits.

$ curl -s 'https://pt.wikipedia.org/w/api.php?action=query&list=recentchanges&rctype=edit|new&rclimit=500&rcprop=user&format=json' | jq '[.query.recentchanges[] | select (.anon)] | length'
113

113/500 = 22.6%

Darwinius added a comment.EditedAug 24 2020, 11:43 PM

Note to those I see in the ptwiki comments proposing AbuseFilters: Abuse Filter has emergency checks that will disable a filter matching 5% or more of edits.

$ curl -s 'https://pt.wikipedia.org/w/api.php?action=query&list=recentchanges&rctype=edit|new&rclimit=500&rcprop=user&format=json' | jq '[.query.recentchanges[] | select (.anon)] | length'
113

113/500 = 22.6%

Thank you very much for that information. If consensus is reached, and implemented through filters, and it starts happening, we'll try to see if there is some way to bypass that limitation.

If consensus is reached about blocking IP editions from there, we'll most probably do whatever would be at our hands to implement it. If the filters fail, then max range permanent blocks can be applied by default to ranges where vandalism is found, as well as making article permanent protection a kind of default. We already have thousands of articles in permanent protection against IPs. If the developers chose to ignore the community consensus, we'll probably do what would be possible to to with the tools we have, alone. Anything is better than the current state of affairs.

Bypassing the protective measures implemented in abuse filter would end up getting reverted and admins of that wiki getting desysopped by the stewards. There are limits to what community can do in a wiki. It's like raising a child, you can raise your child any way you want but there are limits, if you cross those limits, custody of the child will be revoked, try to bypass those limits, there will be similar actions.
It's not dev vs. community, it's rest of Wikimedia vs. that community.

JMagalhaes added a subscriber: JMagalhaes.EditedAug 25 2020, 12:20 AM

So far, the proposal has been supported by an overwhelmingly majority of editors. The most likely outcome will be a clear consensus to require registration in order to edit.

As such, a valid reason to overturn this community decision in the future must be presented. So far, none was given.

  • There's absolutely nothing in the 'five-pillar' page regarding registration. Even if there was, contrary to a common misconception 'five pillars' are no sacred, immutable "founding rules". It's just an overview of the most relevant rules of english wikipedia in a nutshell, created five years after Wikipedia itself.
  • "Founding principles" is another of such pages. Although the title may induce some to think it's some kind of manifesto for Wikipedia, it was actually created four years after Wikipedia.

The fact is that allowing unregistered edits is just an unwritten ideal and feature of Wikipedia, not a written rule. Trying to promptly dismiss a community decision by pointing to such pages or using fallacies like "it has always been this way", instead of a dialogue where valid reasons are presented, will only enrage community members.

That being said, editors at pt.wiki do share those same unwritten ideals about Wikipedia. I was a strong advocate for unregestried editing in the past myself. Its is important that you understand this decision was not taken lightly. But reality bites. Many other anti-vandalism measures were tried before, but the amount of vandalism and improper edits is just overwhelming.

I do understand that some things just can't be done, regardless of community decisions. Namely, things that may increase vulnerability or violate the terms of service. But requiring registration to edit is not one of such things.

Darwinius added a comment.EditedAug 25 2020, 12:25 AM

Bypassing the protective measures implemented in abuse filter would end up getting reverted and admins of that wiki getting desysopped by the stewards. There are limits to what community can do in a wiki. It's like raising a child, you can raise your child any way you want but there are limits, if you cross those limits, custody of the child will be revoked, try to bypass those limits, there will be similar actions.
It's not dev vs. community, it's rest of Wikimedia vs. that community.

The assumption that bypassing that limitation can only be done using unlawful ways is yours, and only yours. I would like to ask you to please refrain from using that tone and making menaces based on your own assumptions, since it is neither friendly, nor constructive.

If filters prove to be ineffective, we'll see what other solutions are available (namely using what we already use there to fight and prevent that problem).
But I would really like to know in whose name and based on what policies are you speaking, @Ladsgroup, since what you've been saying here does not seem to be supported by any documentation or directive.

I would suggest rather than asking for IP users to be blocked (which seems like a clear XY problem), which will lead to being shut down, asking for help with specific types of vandalism or abuse is more likely to lead to actual solutions that can be implemented without compromising on our values.

There is no mention of this possibility, or any restrictions, in "Limits to configuration changes": https://meta.wikimedia.org/wiki/Limits_to_configuration_changes.

It's listed under "Remove editing permission from an user group". Logged-out users are a user group, and blanket removing their editing access goes against Wikimedia principles. With my sysadmin hat on, I can also say this isn't going to happen.

I would suggest rather than asking for IP users to be blocked (which seems like a clear XY problem), which will lead to being shut down, asking for help with specific types of vandalism or abuse is more likely to lead to actual solutions that can be implemented without compromising on our values.

+1. If there is any particular issue, we can help. However, anonymous edits are never an issue per se, they're just a specific type of edit.

There is no mention of this possibility, or any restrictions, in "Limits to configuration changes": https://meta.wikimedia.org/wiki/Limits_to_configuration_changes.

It is worth nothing the page is merely informative, and system administrators have the ultimate authority's to (not) implement any config changes, whether or not they are supported by community. In accordance with Wikimedia principles, most of the config changes are done after community's request, but in many cases that cannot be predicted beforehand, requested changes need to be rejected. The page serves as an informative page, explaining what is likely to happen, but it is not a policy.

It's listed under "Remove editing permission from an user group". Logged-out users are a user group, and blanket removing their editing access goes against Wikimedia principles. With my sysadmin hat on, I can also say this isn't going to happen.

<small>Perhaps I should've mentioned that explicitly, it is there because I just added the item to the list: https://meta.wikimedia.org/w/index.php?title=Limits_to_configuration_changes&diff=20393720&oldid=20393719.</small>

FTR, I also want to note with my sysadmin hat on that this is not going to happen, as it would be a violation of Wikimedia principles.

Ixocactus rescinded a token.
SPoore added a subscriber: SPoore.Aug 25 2020, 4:39 AM
Ltrlg added a subscriber: Ltrlg.Aug 25 2020, 8:08 AM
Mjunii added a subscriber: Mjunii.Aug 25 2020, 12:24 PM
1997kB added a subscriber: 1997kB.Aug 25 2020, 3:35 PM
Meirae added a subscriber: Meirae.Aug 25 2020, 3:39 PM

The fact is that allowing unregistered edits is just an unwritten ideal and feature of Wikipedia

At the risk of nitpicking, the fact its named wiki pedia does kind of mean its written, since that is what that word means (which predates wikipedia)

Tgr added a subscriber: Tgr.Aug 26 2020, 1:48 PM

Suggesting changes to founding principles, or asking that a certain project be exempted from them, is a valid discussion for global community forums like Meta or wikimedia-l. (Not one that's likely to succeed, but valid nevertheless.) Phabricator is not such a forum. (See Phabricator etiquette.) Please do not get into policy debates here, you will be wasting your time, and you will be wasting other people's time too.

De facto policies around anonymous edits have been shaped by research on the value of IP editing. If you want to have a productive discussion about whether those policies are wrong for pt.wiki, or in general, engaging with the arguments made on that page is probably a good way forward.

Base added a subscriber: Base.Aug 26 2020, 1:53 PM

I must had that I had (informally) consulted with 2 WMF employees last November, while at Wikindaba (Christel and Tony, from T&S, after an workshop related to IPs and security) about the possibility of a project community to decide to exclude edit access for IPs, and they said that we just needed to obtain visible consensus for it at our community, and present it to the developers. Now you say it can't be implemented because of what, really? What is the argument for not respecting an entire project community decision, in case consensus is obtained there?

HI, all. @Darwinius: I do not recall the conversation in question. To clarify, the Foundation's Legal department is happy to assist if needed to assess the legality of configuration changes to projects. We are not the arbiter for whether a configuration change should be made. If Christel or I said anything at Indaba that implied that a project could unilaterally approve such a change (i.e., without consensus from the developer community and/or input from the systems administrators), please attribute it to a miscommunication.

Legal is very aware that Portuguese Wikipedia has been struggling with vandalism and spam for some time, and the need for technical support. We are discussing multiple initiatives in partnership with Product that we hope will help.

I must had that I had (informally) consulted with 2 WMF employees last November, while at Wikindaba (Christel and Tony, from T&S, after an workshop related to IPs and security) about the possibility of a project community to decide to exclude edit access for IPs, and they said that we just needed to obtain visible consensus for it at our community, and present it to the developers. Now you say it can't be implemented because of what, really? What is the argument for not respecting an entire project community decision, in case consensus is obtained there?

HI, all. @Darwinius: I do not recall the conversation in question. To clarify, the Foundation's Legal department is happy to assist if needed to assess the legality of configuration changes to projects. We are not the arbiter for whether a configuration change should be made. If Christel or I said anything at Indaba that implied that a project could unilaterally approve such a change (i.e., without consensus from the developer community and/or input from the systems administrators), please attribute it to a miscommunication.

Legal is very aware that Portuguese Wikipedia has been struggling with vandalism and spam for some time, and the need for technical support. We are discussing multiple initiatives in partnership with Product that we hope will help.

Hello Tony,

That conversation was after, and on the context of the workshop/talk on IPs and Security by T&S. I am sure I asked about the possibility of a project to not allow IP editions, because that has been discussed at wiki.pt since ever, and I knew there was a significant part of the community that was longing for that. I do not recall the exact words of the answer, but the idea I got from it was that yes, it was possible, we just needed to get a community consensus and communicate it to the developers afterwards. If you say it was misunderstood, I believe so.

In any case, that situation is merely accessory, and very much unrelated to the opening of the RfC at wiki.pt, which was started by another community member. When I supported it, I recalled there what I remembered from the conversation, and then pinged you after the (for us) unexpected and harsh closing of a merely request for information about it here - also opened by another editor - as declined, as maybe you could explain what was going on.

As you said, the conversation at Indaba was informal (was a doubt I had, asked on the context of a workshop), and it's very much accessory to this situation, and since this is not a clear-cut case, it doesn't matter anymore. I apologize for any inconvenience this misunderstanding may have caused to you, as it was not my intention to make you take sides, but just ask for some help (some clarification).

Thank you very much for clarifying that the Foundation's Legal department is happy to assist if needed to assess the legality of configuration changes to projects, this is something we have been discussing how to do this at our VP, and that information will certainly be very helpful.

While we are at it, could you please further clarify how should the Foundation's Legal department be contacted about this, since we are discussing that as a community at wiki.pt?

Also, can we know more about those multiple initiatives in partnership with Product that are being discussed, which could help us?

Thanks,
Paulo

dbarratt added a subscriber: dbarratt.EditedAug 28 2020, 1:20 AM

@Erico

To answer the questions directly from the description on a purely technical basis:

a) is it possible to ban IP edits?

According to the documentation, Yes.

There are a few wikimedia wikis that have this configuration set already:

Wikimedia Nederland, Wikimedia Suomi, Wikimedia Topluluğu, Wikimedia Sverige:
https://github.com/wikimedia/operations-mediawiki-config/blob/933cec2c2cfae7d76cffdab8c9b0ae2ffff9fcca/wmf-config/InitialiseSettings.php#L10120-L10132

All closed wikis (all of the wikis that have a strikethrough on Special:SiteMatrix):
https://github.com/wikimedia/operations-mediawiki-config/blob/933cec2c2cfae7d76cffdab8c9b0ae2ffff9fcca/wmf-config/InitialiseSettings.php#L10078-L10118

All fishbowl wikis (all of the wikis that have restricted write access, full read access on Special:SiteMatrix):
https://github.com/wikimedia/operations-mediawiki-config/blob/933cec2c2cfae7d76cffdab8c9b0ae2ffff9fcca/wmf-config/InitialiseSettings.php#L12596

Wikitech:
https://github.com/wikimedia/operations-mediawiki-config/blob/933cec2c2cfae7d76cffdab8c9b0ae2ffff9fcca/wmf-config/InitialiseSettings.php#L11320

b) if technically possible, what level of support is required?

It would require writing a configuration patch and having that patch deployed during a backport window.

Technically speaking, the change would be relatively trivial (from what I can tell). If it needed to be reverted in the future, that could be done as well by following a similar process.

(i.e., without consensus from the developer community and/or input from the systems administrators),

I disagree somewhat with this position (to be clear, i'm nobody important so my view is just my view, nothing more). Developer consensus is needed for changes that could affect the stability, performance, maintainability or security of the site. This is clearly not such a change; it is a trivial change to do technically. In situations where technical issues are not implicated in a change, developers should strive to follow the general consensus of the Wikimedia movement. In most such cases this has been delegated to the local wiki communities. However there has been long held precedent that Wikimedia is a host of wiki-like websites, one of the fundamental traits of which is that you do not need to register an account to edit. Changing this has not been delegated to the local community but is something that requires agreement of the global Wikimedia community (or if you subscribe to the view that WMF rules the world, high level management approval). The developers' role is not to decide this matter nor are they the group you need to convince.

Juan90264 added a comment.EditedAug 28 2020, 6:33 AM

In the discussion of the Lusophone community, I was in favor of banning IPs, as they are the main vandalists of Wikipedia Lusophone; but the foundation principle says that

The ability of almost anyone to be able to edit (most) articles without registering.

she says without registering, it is an easy matter to assimilate; it is not a condition, in which if the community accepts the ban of IPs; banning happens. It is a condition, which I even understand why WMF employees refuse; I sincerely think it is even better to use the abuse filters and tools against vandalism, for example: Huggle - That it is easy to detect vandalism, and reverse it. I will exchange my vote for a disagreement for the part of the possibility that an abuse filter is possible, since the filter will monitor the edits by IPs and be able to revert it if it is vandalism and would not have to ban IPs; that I violated a pillar of the foundation's principles.

dbarratt renamed this task from RFC: Banning IP editions on pt.wiki to Ban IP editions on pt.wiki.Aug 28 2020, 1:51 PM
Darwinius added a comment.EditedAug 28 2020, 2:16 PM

In the discussion of the Lusophone community, I was in favor of banning IPs, as they are the main vandalists of Wikipedia Lusophone; but the foundation principle says that

The ability of almost anyone to be able to edit (most) articles without registering.

she says without registering, it is an easy matter to assimilate; it is not a condition, in which if the community accepts the ban of IPs; banning happens. It is a condition, which I even understand why WMF employees refuse; I sincerely think it is even better to use the abuse filters and tools against vandalism, for example: Huggle - That it is easy to detect vandalism, and reverse it. I will exchange my vote for a disagreement for the part of the possibility that an abuse filter is possible, since the filter will monitor the edits by IPs and be able to revert it if it is vandalism and would not have to ban IPs; that I violated a pillar of the foundation's principles.

First, there is no pillar being "violated". We are challenging not a pillar, but a "foundational" principle born and implemented at wiki.en in 2005, 4 years after wiki.pt was running as a community. Nobody there was consulted, as far as I know, before alien entities decided that the bizarrery that "anyone can edit" forcibly included IPs - which are not persons, and are not equivalent to them - was something "foundational". Not unsurprisingly, that topic has been controversial since ever at wiki.pt, with a lot of community members wanting to get rid of it, but with fear of challenging a status quo where they had no word, to start with. To me, this was clearly a colonial/imperial-like interference of the wiki.en community into other local communities, which unfortunately continues to be perpetuated.

As for filters and Huggle, the first requires a very qualified task force to implement, monitorize and update, while the second relies on the availability of enough qualified members of the community to run Huggle almost continuously, or at least at peak times. Both have shown to be very problematic over the times due to the very limited community resources. While we have a stupendous battery of filters in place now, it is the work of 4 or 5 persons at most, and it's not replicable. And we need a minimum taskforce for at least monitoring and updating them, which often is not available. Either you already have an expertize on stuff like regexp and an excellent domain of logic, or it would be quite difficult to make something useful with them. As for Huggle, not only there is a chronic problem of people willing to waste their volunteer time there operating it, instead of creating content, but it's a bad solution as well, since it fills up the historic of the articles with revertions after revertions, polluting it and making it much less readable.

Finally, about the mentioned "foundational principle", let's not forget the huge fallacy of talking about "freedom" when referring to using IPs to edit. IPs are a liability, both for then persons behind them, for the project and ultimately for WMF, which has the obligation/ideal of ensuring a safe environment for editing the projects. IPs can reveal who and where you are, up to the desk the computer is installed at. Just to mention a well known case from wiki.pt, less than 2 years ago a military police worker from São Paulo, Brasil, which politically edited Wikipedia using and IP from the Military Police network, was easily detected, publicly denounced and subject to disciplinary process and other charges at their workplace, for using an IP he most probably believed was "anonymous", as Wikipedia policies very wrongly call them. This liability and source of danger for Wikipedia users should have been more than enough reason to have thrown that "foundational" principle down the toilet long ago. Yet, inexplicably, there are still people defending it (never caring to explain why, but just parroting "it's the status quo", as you just did). In any case, calling this "anonymity" and "freedom to edit" is nothing but a sad joke.

Best,
Paulo

dbarratt reopened this task as Open.Aug 28 2020, 2:40 PM

Boldly re-opening this task. With great respect to @Ladsgroup, I find the reasons given in T261133#6406865 to be non-technical and speculative.

This task still requires Product Owner input (who?) to be implemented. I do not see any technical objections. If there are Product or Technical objections, please feel free to decline.

Likewise, I think it is worth considering other technical implementations to solve the described problem as is recommended in T261133#6406865.

Ladsgroup closed this task as Declined.EditedAug 28 2020, 3:32 PM

From https://meta.wikimedia.org/wiki/Requesting_wiki_configuration_changes

Gaining on-wiki consensus and filing a task does not guarantee that the request will be fulfilled. Ultimate authority lies with the system administrators, and site configuration requests may be declined for any reason, including but not limited to the following: to protect the Wikimedia founding principles and core values, to protect the integrity of a project, because performance issues or because fulfilling the request would include deploying an extension that was discontinued.

It doesn't need to be technical to be rejected and we have been rejecting similar requests by other communities before (IIRC). Me and other members of the team of deployers (including Martin and others) decided this is against "Wikimedia founding principles". If you're willing to override this, please give the team a board directive or a statement from c-levels. For improving anti-vandalism and anti-harassment tools in ptwiki, please create other tickets.

Teles added a subscriber: Teles.Aug 28 2020, 4:25 PM
Juan90264 added a comment.EditedSun, Aug 30, 7:14 PM

First, there is no pillar being "violated". We are challenging not a pillar, but a "foundational" principle born and implemented at wiki.en in 2005, 4 years after wiki.pt was running as a community. Nobody there was consulted, as far as I know, before alien entities decided that the bizarrery that "anyone can edit" forcibly included IPs - which are not persons, and are not equivalent to them - was something "foundational". Not unsurprisingly, that topic has been controversial since ever at wiki.pt, with a lot of community members wanting to get rid of it, but with fear of challenging a status quo where they had no word, to start with. To me, this was clearly a colonial/imperial-like interference of the wiki.en community into other local communities, which unfortunately continues to be perpetuated.

Finally, about the mentioned "foundational principle", let's not forget the huge fallacy of talking about "freedom" when referring to using IPs to edit. IPs are a liability, both for then persons behind them, for the project and ultimately for WMF, which has the obligation/ideal of ensuring a safe environment for editing the projects. IPs can reveal who and where you are, up to the desk the computer is installed at. Just to mention a well known case from wiki.pt, less than 2 years ago a military police worker from São Paulo, Brasil, which politically edited Wikipedia using and IP from the Military Police network, was easily detected, publicly denounced and subject to disciplinary process and other charges at their workplace, for using an IP he most probably believed was "anonymous", as Wikipedia policies very wrongly call them. This liability and source of danger for Wikipedia users should have been more than enough reason to have thrown that "foundational" principle down the toilet long ago. Yet, inexplicably, there are still people defending it (never caring to explain why, but just parroting "it's the status quo", as you just did). In any case, calling this "anonymity" and "freedom to edit" is nothing but a sad joke.

Hello Darwinius, well ... there is no wiki that I know of, that IPs have been banned, I understand that people inexplicably still defend (never bothering to explain why, but just repeating). But this request will only be made if WMF employees; not taking that request, a "violation" of the founding principles. And I will change (again) my vote to Agree, because it is still possible to use the abuse filters; in relation to the abuse filters I refer to the Filter 180.
In short, we need to find a way or an answer for WMF employees to accept the ban, without them claiming that it "violates" the founding principles; the more I believe it is possible. Send one, good luck with that decision!

P.S .: I forgot to add that the order will only be accepted if ALL WMF employees; do not consider it a violation of the founding principles.

But this request will only be made if WMF employees; not taking that request, a "violation" of the founding principles

You're aware right that the people objecting are mostly not currently WMF employees/contractors.

Unless i missed people's WMF employee/contractor status changing (entirely possible), the only current wmf people commenting here are: aklapper, tgr, dbarratt and keynote2k. Contrary to popular belief the developer community is not just WMF employees

Demian updated the task description. (Show Details)Mon, Sep 7, 7:30 PM

Unless i missed people's WMF employee/contractor status changing (entirely possible), the only current wmf people commenting here are: aklapper, tgr, dbarratt and keynote2k.

And Ladsgroup declining the task twice.

Thank you @Tgr for the constructive and helpful comment!

Unless i missed people's WMF employee/contractor status changing (entirely possible), the only current wmf people commenting here are: aklapper, tgr, dbarratt and keynote2k.

And Ladsgroup declining the task twice.

I'm not working for WMF.

Demian added a comment.Tue, Sep 8, 9:13 AM

And Ladsgroup declining the task twice.

I'm not working for WMF.

I'm sorry for the misunderstanding. It would help to clarify what "As a software engineer in Wikimedia Germany" means in that case and how much difference WMF or WMDE makes in regards to affiliation.

Darwinius added a comment.EditedTue, Sep 8, 5:54 PM

Suggesting changes to founding principles, or asking that a certain project be exempted from them, is a valid discussion for global community forums like Meta or wikimedia-l. (Not one that's likely to succeed, but valid nevertheless.) Phabricator is not such a forum. (See Phabricator etiquette.) Please do not get into policy debates here, you will be wasting your time, and you will be wasting other people's time too.

De facto policies around anonymous edits have been shaped by research on the value of IP editing. If you want to have a productive discussion about whether those policies are wrong for pt.wiki, or in general, engaging with the arguments made on that page is probably a good way forward.

Why would it be a valid discussion for the "global community" (whatever that is), and not for phabricator? I don't recall anyone from wiki.pt being forced to ask the "global community" if we could implement the local upload of copyrighted files when it was approved by community decision back in 2009.
As far as I know, it was simply implemented by the devs based on that decision, without any kind of drama, like is happening here.

This is not a "policy" debate. This is about a (still eventual, though probable) community decision. I really do not understand what is the basis for the refusal.
I hope it's not this joke or personal essay from 2004, which, as far as I know, has never - NEVER - been sanctioned by any community.

I would also like to stress that this kind of study, even if interesting for those studying wiki.en, is unrelated to our community at wiki.pt. You can't take evidence gathered in one specific context and community and blindly apply to an entirely different community without any kind of evidence that both share the same context. Without that evidence, it is basically irrelevant and unhelpful.

Best,
Paulo

Request of enabling CAPTCHA for IP edits in ptwiki was similarly declined on 2013 by Deputy Director of WMF at the time on similar grounds: T51860#589243 ptwiki is not first wiki to make such requests and all similar requests have been denied already:

I'm boldly declining this as T214876#4915725 has not been answered, and as "Disabling anonymous editing was seen to violate the inclusivity of the Founding principles" which I assume is even a bigger problem in communities of smaller languages.

Note that declining does not mean that you cannot continue discussing here, but the first step seems to be providing more information about your AbuseFilter rules instead (and potentially improving that first).

Nothing here makes ptwiki an exception, if you wish to be granted an exception, please get a board directive for us.

I don't recall anyone from wiki.pt being forced to ask the "global community" if we could implement the local upload of copyrighted files when it was approved by community decision back in 2009.
As far as I know, it was simply implemented by the devs based on that decision, without any kind of drama, like is happening here.

The possibility to define local EDPs for "Fair Use" etc had been a documented cross-wiki policy since before 2009, according to
https://foundation.wikimedia.org/w/index.php?title=Resolution:Licensing_policy&oldid=20032 . Hence a different situation and not some controversial precedent.

Darwinius added a comment.EditedTue, Sep 8, 6:32 PM

Request of enabling CAPTCHA for IP edits in ptwiki was similarly declined on 2013 by Deputy Director of WMF at the time on similar grounds: T51860#589243 ptwiki is not first wiki to make such requests and all similar requests have been denied already

And now we have the worst of the worlds, with newbies having to solve CAPTCHAs in their first editions, demotivating them, while IPs are free to vandalize at will.

Another very alarming, dangerous and worrisome thing: Anyone editing unregistered at wiki.pt both through the Wikipedia app, and through Visual Editor (mobile or desktop) is not aware in the least that they are revealing their IP to the world. There is no warning, no information, nothing. The person simply saves the edition, and their IP gets revealed without any kind of warning nor consent. You can imagine the kind of (even possibly fatal) danger this kind of thing represent, even to registered editors who log out by accident and do not realize they are logged out when they edit? There have already been documented cases of people persecuted in their workplace and menaced with judicial process for doing controversial editions unregistered at wiki.pt. It's not even theoretic anymore.

As someone wisely noted, the best way to protect people using IPs is to ban the use of IPs.
It is quite unbelievable how this terrible security flaw is still there after almost 20 years of project.

Best,
Paulo

Another very alarming, dangerous and worrisome thing: Anyone editing unregistered at wiki.pt both through the Wikipedia app, and through Visual Editor (mobile or desktop) is not aware in the least that they are revealing their IP to the world. There is no warning, no information, nothing. The person simply saves the edition, and their IP gets revealed without any kind of warning nor consent. You can imagine the kind of (even possibly fatal) danger this kind of thing represent, even to registered editors who log out by accident and do not realize they are logged out when they edit? There have already been documented cases of people persecuted in their workplace and menaced with judicial process for doing controversial editions unregistered at wiki.pt. It's not even theoretic anymore.

The visual editor shows this popup by default:

The Android app also tells this at least in English:

Darwinius added a comment.EditedTue, Sep 8, 6:40 PM

Another very alarming, dangerous and worrisome thing: Anyone editing unregistered at wiki.pt both through the Wikipedia app, and through Visual Editor (mobile or desktop) is not aware in the least that they are revealing their IP to the world. There is no warning, no information, nothing. The person simply saves the edition, and their IP gets revealed without any kind of warning nor consent. You can imagine the kind of (even possibly fatal) danger this kind of thing represent, even to registered editors who log out by accident and do not realize they are logged out when they edit? There have already been documented cases of people persecuted in their workplace and menaced with judicial process for doing controversial editions unregistered at wiki.pt. It's not even theoretic anymore.

The visual editor shows this popup by default:

The Android app also tells this at least in English:

No, it does not. I just tested (again), and nothing of that sort appears. Not in the wikipedia app, not on desktop mode, and not in the mobile mode (which I just tested again 1 minute ago, just to be sure).

[...]

No, it does not. I just tested (again), and nothing of that sort appears. Not in the wikipedia app, not on desktop mode, and not in the mobile mode (which I just tested again 1 minute ago, just to be sure).

I just tested all three myself (and took screenshots visible on my comment), and every method I tried tells it very clearly. Did you try it in a private window (where there aren't any cookies which may remember you dismissing such popups earlier)?

[...]

No, it does not. I just tested (again), and nothing of that sort appears. Not in the wikipedia app, not on desktop mode, and not in the mobile mode (which I just tested again 1 minute ago, just to be sure).

I just tested all three myself (and took screenshots visible on my comment), and every method I tried tells it very clearly. Did you try it in a private window (where there aren't any cookies which may remember you dismissing such popups earlier)?

Yes. The wikipedia app I downloaded and edited: No warning. Desktop mode: experimented in a private window. My edit is there, live - No warning as well. Mobile phone: I'm always logged out there, so that was easy. I just edited, also no warning, at all.

Darwinius added a comment.EditedTue, Sep 8, 6:51 PM

[...]

No, it does not. I just tested (again), and nothing of that sort appears. Not in the Wikipedia app, not on desktop mode, and not in the mobile mode (which I just tested again 1 minute ago, just to be sure).

I just tested all three myself (and took screenshots visible on my comment), and every method I tried tells it very clearly. Did you try it in a private window (where there aren't any cookies which may remember you dismissing such popups earlier)?

I've just sent you an email with some the tests I've been making, they are all linked to my IP, though using different platforms and modes to edit.
I can also post any screenshot that may be useful, though nothing of that sort of what You've shown appeared on any of these 3 situations. Editing by code (which very few IPs use, I suppose) shows a quite discrete warning in pale grey saying I'm using my IP, but not the other 3.

Paulo

Keep in mind the only way to get sysadmins to deploy this is to present an approval from the Board - there is no sense in discussing validity of IP editing in this task.

Please split potentially non-working IP exposure warnings into a separate conversation not in this ticket. Thanks a lot.

Dcljr added a subscriber: Dcljr.EditedTue, Sep 8, 7:27 PM

This is not a "policy" debate. This is about a (still eventual, though probable) community decision.

That's the problem: you see this as a community decision that must be implemented. The sysadmins see this as a problem that cannot be solved in the proposed way. Please focus on solving the problem, not trying to ram through the proposed solution.

You have suggested that several things need to be improved (e.g., the things that have been tried on ptwiki and have not worked). Have you opened any Phabricator tasks about those things? If not, then you're just wasting everyone's time.</harsh>

Darwinius added a comment.EditedTue, Sep 8, 7:46 PM

You have suggested that several things need to be improved (e.g., the things that have been tried on ptwiki and have not worked). Have you opened any Phabricator tasks about those things? If not, then you're just wasting everyone's time.</harsh>

No, I've not. I noticed in the last few days, while exploring how life was for an IP on wiki.pt. I'm a volunteer here, and the time I dedicate to these things is limited. Furthermore, I have not the least idea if those things such the lack of warnings for IPs and CAPTCHA for newbies are by design or are bugs. But I will take some time to open a phabricator task, at least for the lack of warnings, as @Aklapper suggested.

In any case, I do believe I'm entitled to rant or mumble about allowing such egregious security problems as revealing ones IPs to the world - sometimes due to accidental/undetected log out, as has happened to me and a lot of people I know - while being deeply concerned about "foundational principles" that are nothing but a joke or personal essay made by someone back in 2004, that somehow passed into something that is now looked as "official" without having been subject to any kind of approval by any Wikimedia community, at least that I'm aware of.

Best,
Paulo

Tgr added a comment.Tue, Sep 8, 8:34 PM

For background on captchas at registration, see T241921: Fix Wikimedia captchas. It's an unfortunate situation, but there is no easy way to improve it.

Darwinius added a comment.EditedTue, Sep 8, 8:47 PM

For background on captchas at registration, see T241921: Fix Wikimedia captchas. It's an unfortunate situation, but there is no easy way to improve it.

I know about that problem with captchas at registration, which has been preventing blind people from registering their accounts autonomously (why is it not spelt with sound, as many other captchas everywhere? That would allow the blind to register accounts without the support of someone else). But that is not what I'm talking about.

I routinely lead and monitor activities with students which have to act as newbies, as well as new editors that register during edit-a-thons and other focused activities. They always have to struggle with the captcha during their initial editions, which is quite awkward, since as IPs whey would not have to struggle with any kind of similar obstacle - while they face it after registering the account. Of course, this also means that the blind not only need support for registering, but also for their first editions as newbies, since there is no way they can see the captcha, and Wikimedia cahptchas for some reason can't be heard (they do not have a sound /spelt version).

I've no idea why newbies also have to struggle with those additional captchas when they try to edit, while IPs are free to edit at will without any kind of similar obstacle. Is this by design?

Paulo

Tgr added a comment.Tue, Sep 8, 9:10 PM

The captcha conditions for IP editors and non-autoconfirmed editors are identical (inserting external links). Admins can manually confirm new users, that might be a worthwhile thing to do for outreach events. (Likewise, you can ask participants for their preferred username at the start of the event, and create their accounts for them, so they don't have to deal with the captcha.)

Darwinius added a comment.EditedTue, Sep 8, 9:46 PM

The captcha conditions for IP editors and non-autoconfirmed editors are identical (inserting external links). Admins can manually confirm new users, that might be a worthwhile thing to do for outreach events. (Likewise, you can ask participants for their preferred username at the start of the event, and create their accounts for them, so they don't have to deal with the captcha.)

I can't test that without creating an account, but your explanation seems to agree with the cases where the captcha appeared to the newbies (they were creating new articles).

If it's me creating the accounts, they start already confirmed? Or do I still have to confirm them?

Tgr added a comment.Thu, Sep 10, 10:17 PM

If it's me creating the accounts, they start already confirmed? Or do I still have to confirm them?

You still have to do it. (Automating that is not a bad idea; I filed T262621: Add checkbox to account creation form for making the user manually confirmed.)

Tgr renamed this task from Ban IP editions on pt.wiki to Ban IP edits on pt.wiki.Fri, Sep 25, 8:20 PM
Jane023 added a subscriber: Jane023.

I disapprove of the action being requested here (I gave a thumbs down token) but I love this discussion. I love it especially because the elephant in the room is nowhere in the (admittedly very thoughtful) comments. Let me start by suggesting that not all wikipedias are created equal and some are considered more equal than others. On a sliding scale of equality, I think I would begin with the Finnish Wikipedia and end maybe with various failed incubator wikis or that story of the hijacked Wikipedia (sorry can't remember which that was). I think the ptwiki has always fascinated me because the European origin of the language is so far away physically from the most speakers of the language. In a way, it is a breeding ground for social unrest on a global scale against colonial views and antiquated notions of what we like to call "reliable sources". I would love to see a demographic breakdown of the abusive IP edits, but sadly that would probably be against our principles to create. Maybe it has been done on a voluntary basis already and if so I for one would love to read the English summary! Otherwise, maybe this would be a good idea to organize: appoint local contributors per major city to conduct local editor surveys.

Darwinius added a comment.EditedSun, Sep 27, 12:25 PM

In a way, it is a breeding ground for social unrest on a global scale against colonial views and antiquated notions of what we like to call "reliable sources".

We have a number of endemic problems at wiki.pt, but, curiously, what you mention never, ever happened there, as far as I know. Unfortunately, till this day wiki.pt stays populated almost only by Portuguese and Brazilian editors. Brazilian society is not that different from the Portuguese (both are basically mainly European, both have strong influences and inputs from Africa and other parts of the globe). Also, Brazil vs. Portugal is very similar to EUA vs. England. Apart from the indigenous nations and their descendants - which continue to be persecuted in Brazil till this day - what you really have there is the descendants of the actual colonizers and the ones enslaved by them, as well as a lot of other ppl that migrated there after independence of the territory was granted to the settlers (at least this is how ppl generally identify themselves there).

Maybe if Africa was in the game things would be different, but unfortunately their (our, since I live in what is geographically Africa, as well :P but culturally the identity here is European, so it really doesn't count) presence continues to be residual, despite a lot of effort to engage those populations.

Best,
Paulo

If it's me creating the accounts, they start already confirmed? Or do I still have to confirm them?

You still have to do it. (Automating that is not a bad idea; I filed T262621: Add checkbox to account creation form for making the user manually confirmed.)

Thanks! That would be very helpful, indeed. Granting conformation to dozens of students can be a PIA

what you really have there is the descendants of the actual colonizers and the ones enslaved by them, as well as a lot of other ppl that migrated there after independence of the territory was granted to the settlers (at least this is how ppl generally identify themselves there)

Perhaps an analysis of the overlap between the Yoruba and Portuguese wikis might help shed some light on the problem then? If the overwhelming majority of abusers are in the overwhelming majority of readers (which would be a logical conclusion), then perhaps some of the vandalism is shared by both?

Darwinius added a comment.EditedSun, Sep 27, 1:03 PM

what you really have there is the descendants of the actual colonizers and the ones enslaved by them, as well as a lot of other ppl that migrated there after independence of the territory was granted to the settlers (at least this is how ppl generally identify themselves there)

Perhaps an analysis of the overlap between the Yoruba and Portuguese wikis might help shed some light on the problem then? If the overwhelming majority of abusers are in the overwhelming majority of readers (which would be a logical conclusion), then perhaps some of the vandalism is shared by both?

Why Yoruba? I don't think there is any relation between the two wikis. Afro-Brazilian culture has a lot of yoruba related traditions and words, but people there don't speak that language, as far as I know. In any case, I don't think there is any relation at all between that and vandalism. Wiki.pt vandalism comes mostly from a single source, which is very well identified: Educational institutions (and students, at home).

Why Yoruba?

Interesting! I was under the impression that it is one of the official languages of Brazil, which would indeed be very weird if no one spoke it there

Why Yoruba?

Interesting! I was under the impression that it is one of the official languages of Brazil, which would indeed be very weird if no one spoke it there

Brazil only has two official languages, Portuguese and gestural language. Yoruba (or a version of it) is still used as a ritual language in some parts of Brazil, and there are many words that were borrowed from that language, but as far as I know there are no speakers of it over there.

Hi, while this is an interesting conversation, discussing where which languages are spoken doesn't feel directly related to the topic of this ticket.
It would be nice if you could consider taking that conversation to a better suited venue, e.g. on-wiki. Thanks for your understanding!

Hi, while this is an interesting conversation, discussing where which languages are spoken doesn't feel directly related to the topic of this ticket.
It would be nice if you could consider taking that conversation to a better suited venue, e.g. on-wiki. Thanks for your understanding!

the question or comment was (at least originally) about vandalism on wiki.pt, which I suppose is on topic. As I said, Wiki.pt vandalism comes mostly from a single source, which is very well identified: Educational institutions (and students, at home). This bit we know quite well, for years. But I've never seen any efficient toll we could use to deter it, apart from blocking them entirely.