Background
Currently, users are classified as either anonymous (unregistered) or registered in a number of places, including flags on log entries, flags returned by APIs, filters in the user interface, analytics schemas, and data products such as dashboards and reports.
How should temporary users fit into this? Should they count as anon users? Should they count as registered users? Should they have their own flag?
We should try to decide this once and keep it consistent everywhere.
A previous discussion took place at mw:Talk:User_account_types.
Decision record
Title: Decide a standard approach for classifying temporary, IP and registered users
Authors: Thalia Chan, Daniel Kinzler, Neil Shah-Quinn
Status
- Proposed on 2023-07-28
Decision-making process
- Discussions take place on T337103 and mw:Talk:User_account_types
- A group of stakeholders meet and reach a consensus on the current proposal
- The proposal is shared with the developer community
- Depending on feedback, the proposal is adopted or updated and resubmitted
Stakeholders
- IP Masking program
- Analytics
- API users
- Community software developers
- MediaWiki developers
Context and problem statement
Currently, users are classified as either anonymous (unregistered) or registered in a number of places, including flags on log entries, flags returned by APIs, filters in the user interface, analytics schemas, and data products such as dashboards and reports. How should temporary users fit into this? Should they count as unregistered users? Should they count as registered users? Should they count as neither?
The nature of temporary accounts will change over time. The way they are implemented allows them to behave a lot like registered users (have passwords, email addresses, user groups, etc), but at the point when we deploy much of this behaviour will be "switched off", so they will more closely resemble unregistered users (summarized in mw:User_account_types ). Over time we expect to gradually "switch on" some of these features, to allow them to more closely resemble registered users.
Risks and mitigations
A major risk is that users of the affected APIs and features make assumptions which will now be broken, causing unexpected behaviours. These assumptions will break differently depending on how temporary users are categorized, as tabulated in T337103#8946439.
We can't avoid breaking some assumptions, but we can mitigate the risks by communicating clearly with the community about the new categorisation and broken assumptions.
Options considered
- Categorize temporary users as unregistered users (a.k.a. anonymous users, IP users)
- Categorize temporary users as registered users
- Categorize temporary users in a separate category (neither unregistered nor registered)
Decision
Temporary users should be considered as something separate from unregistered or registered users, because:
- There is no way to categorize temporary users that will preserve all or even almost all existing assumptions
- It's dangerous to treat temporary users as either registered or unregistered, because their capabilities could change significantly in the future
- Temporary users are so paradigm-breaking that we should not try to make the change seamless for API or data consumers. Instead, we want each consumer to stop and think how they want to handle temporary users.
Consequences
Temporary users are considered as separate from registered and unregistered users, and this will be reflected in API flags, RecentChanges filters, and analytics schemas, for example. Downstream features that rely on these are audited by their maintainers and updated if necessary.