Page MenuHomePhabricator

[Epic] Temporary account block workflow
Closed, ResolvedPublicGoal

Description

Motivation

We want to include options to block temporary accounts from Special:Block.

Spec
  • Administrators will be able to block both individual IPs (as usual) and session names.
  • Once a temporary account is selected, display IP addresses associated with the account below the username field
  • IP Addresses associated to a temp account are not blocked, only the account itself, if the autoblock option is unchecked
  • Ensure the autoblock functionality works similar to how it does for registered accounts (Automatically block the last IP address used by this user, and any subsequent IP addresses they try to edit from, for a period of 1 day)
  • Blocked temp account user sees an appropriate block message
image.png (1×2 px, 334 KB)
image.png (1×2 px, 334 KB)

See Figma for the latest update mockup.

Related Objects

StatusSubtypeAssignedTask
In ProgressNiharika
OpenNiharika
OpenNiharika
ResolvedGoalNiharika
Resolved TThoabala
Resolved AGueyte
Resolved TThoabala
Resolvedkostajh
Resolved TThoabala
ResolvedBUG REPORTTchanders
ResolvedSTran
Resolved TThoabala
ResolvedTchanders
ResolvedFunc
ResolvedBUG REPORTDreamy_Jazz
ResolvedSTran
DeclinedBUG REPORT TThoabala

Event Timeline

Tchanders updated the task description. (Show Details)
  • Administrators will be able to block both individual IPs (as usual) and session names.

This seems to be working out of the box. (There are some things to fix, captured in the other acceptance criteria.)

IP Addresses associated to a temp account are not blocked, only the account itself.

I would expect autoblocking to work the same as a normal account.

IP Addresses associated to a temp account are not blocked, only the account itself.

I would expect autoblocking to work the same as a normal account.

Thanks for pointing this out - I've clarified in the task description, that this is only if the autoblock option is unchecked.

It should still be possible to make autoblocks as before. One point that @Niharika and @Prtksxna have been considering is whether autoblocks for temporary accounts should apply to all the IP addresses the temp account has used in the past, not just the most recent one. (Subsequently-used addresses would still be blocked.)

One point that @Niharika and @Prtksxna have been considering is whether autoblocks for temporary accounts should apply to all the IP addresses the temp account has used in the past, not just the most recent one. (Subsequently-used addresses would still be blocked.)

I expect that would cause a significant amount of collateral for those editing on dynamic IP ranges.

Other options (still with increased collateral potential):

  • limit autoblocks to the IPs used in the prior h hours
  • (IPv6 only) autoblock the /64 of the most recent IP

I would keep autoblocks the same as normal accounts initially. If you want to consider it for a feature after the initial rollout of IP masking, ask Product-Analytics for some analysis on the number of other users that would be impacted by additional autoblocked IP addresses. (I suspect it will need additional data collection since it needs to consider only the initial autoblocks, not all of them.)

AutoblocksImpact
Autoblock most recently used IP1 IP autoblock impacts x other users
Autoblock /64 of most recently used IP (IPv6 only)1 /64 autoblock impacts v other users
Autoblock all IPs used1 + a IP autoblocks impacts u other users
Auto block all IPs used in prior h hours1 + b IP autoblocks impacts t other users

What do the differences between t, u, or v and x look like? (summary stats / graphs)

I would expect a feature request to extend the same to autoblocking for normal account blocks if it were successful for temp accounts.

@JJMC89 Those are good ideas.

autoblocks to the IPs used in the prior h hours

Do you have suggestions for the time period? Last 24 hours?

(IPv6 only) autoblock the /64 of the most recent IP

This suggestion has come up quite a few times - thanks for flagging it here. I can see it being useful for all IPv6 IPs (beyond temporary accounts).

It is also possible for admins to individually block IPs (as admins will have the option to view IP addresses post IP Masking goes into effect) so I am not very worried about not being able to block problematic IPs but reducing collateral damage important.

Niharika renamed this task from [IP Masking] Admin blocks temporary account user to [Epic] Temporary account block workflow.Dec 18 2022, 2:42 AM
Niharika removed a project: Anti-Harassment.
Niharika updated the task description. (Show Details)

Noting that I will create a separate task for autoblock options. It needs community consult before we make a call.

Do you have suggestions for the time period? Last 24 hours?

That might be OK, but it is hard to say without any data on what the collateral might be.

Noting that I will create a separate task for autoblock options. It needs community consult before we make a call.

+1 good idea

Niharika changed the subtype of this task from "Task" to "Goal".Mar 7 2023, 5:14 PM

@Niharika I was about to close this, then noticed you mentioned filing more tasks, so I'll let you confirm when that's done or whether to close.