Page MenuHomePhabricator
Create Task
Maniphest T342785

Enable mass deletion of pages created by all temporary accounts which were used by an IP address
Closed, ResolvedPublic5 Estimated Story Points
Actions

Assigned To
jsn.sherman
Authored By
Samwalton9-WMF
Jul 26 2023, 3:55 PM
Tags
Referenced Files
F57642659: Screenshot 2024-10-25 at 14.28.08.png
Oct 25 2024, 1:35 PM
F57642674: Screenshot 2024-10-25 at 14.30.37.png
Oct 25 2024, 1:35 PM
F57620006: image.png
Oct 16 2024, 6:14 PM
F57619995: image.png
Oct 16 2024, 6:14 PM
F57617332: image.png
Oct 15 2024, 5:49 PM
F57571811: New.png
Sep 30 2024, 9:35 AM
F57571806: New.png
Sep 30 2024, 9:34 AM
F37150669: Frame 1 (2).png
Jul 26 2023, 4:00 PM
View All 10 Files
Subscribers
1234qwer1234qwer4
Aklapper
ARamirez_WMF
Dreamy_Jazz
GeneralNotability
Izno
Johannnes89
View All 16 Subscribers

Description

User story: As an administrator, I want to delete all pages created by an individual using a single IP address who used multiple temporary accounts, so that I can easily remove bad pages from my Wikimedia project.

Background

T340631: Does Nuke need substantial feature changes to retain current functionality with IP Masking?

When a temporary account is created for a user, a cookie with a 90 day expiration is created, during which time their contributions will be associated with this temporary account. Clearing the cookie will give the user a new temporary account on their next edit, even when they continue editing from the same IP address. Changing IP address will not change the user's temporary account. As such, a temporary account can be associated with multiple IP addresses over its lifespan (T325456).

Nuke is an extension which enables administrators to delete all pages created by a specific user or IP address and/or matching a particular page name pattern. This is used when a user - often a vandal - has created a large number of pages which need to be deleted, saving administrators time compared to deleting them individually. Per T341564, 33% of Nuke deletions target an unregistered user. On many wikis this is as high as 40-50%.

With the introduction of temporary accounts and their per-user cookies, Nuke will actually be more effective against users who do not delete their cookies, as simply changing IP address will not move the user to a new 'account'. However, it also opens up a new attack vector for bad actors on our wikis. Preventing/deleting cookies is considerably easier for most users than cycling IP addresses, especially on a regular cadence or after each edit. It takes a very short amount of time to add Wikipedia to your browser's cookie-blocking list, at which point every edit will come from a new temporary account.

As such, we want to ensure that if a user disables cookies from Wikipedia, or clears them on a regular basis, and they vandalise a project by creating a large number of new pages, Nuke is still able to delete those pages. This will not be effective if the user also cycles their IP address, but this is already true.

Since administrators will need to opt-in to view the IP addresses associated with a temporary account, we should not allow them to use Nuke on an IP address until they have opted-in. This will only cause legacy-IP issues for ~30 days after temporary accounts are deployed, since IP page creations will no longer be in the recentchanges table after then.

Mockups

Figma

Current

Frame 1 (2).png (721×4 px, 124 KB)

New

New.png (1×4 px, 252 KB)

Per T355178, Nuke should display a message to users who attempt to run Nuke on an IP address but have not opted-in to the Temporary Account preference. This message should be available to other tools to use also:

You do not have permission to take this action on IP addresses. To enable this action please opt-in to the 'Temporary account IP reveal' setting in your preferences.

preferences should link to Special:Preferences.

Technical approach

We will use the API created in T354542: Create new Rest API endpoint that takes an IP address and returns temporary accounts that have used that address to do the lookup, provided the user has the relevant permission.

Acceptance criteria

When Temporary Accounts is enabled on a project ...

  • Entering a temporary account name into Special:Nuke should fetch pages created by all temporary accounts used by that IP address.

[] Pages should be listed without explicitly linking them to an IP address or temporary account. (per T342785#10241270 it is OK to display the temporary account name next to the page)

  • In this case the default edit summary should be "Mass deletion of pages added by temporary accounts."
  • The default nuke-tools message should be changed to "This tool allows for mass deletions of pages recently added by a given user or temporary account. Input a username or IP address to get a list of pages to delete, or leave blank for all users. Inputting an IP address will list all pages created by temporary accounts used from that IP address."
  • Where we currently show the nuke-list message, when a temporary account has been filtered on we should instead show a new message: "The following pages were recently created by temporary accounts which were used from the IP address $1. Please select which pages to delete, provide an edit summary, and click 'Delete selected' to initiate page deletion. For privacy reasons, please do not write the IP address in the edit summary.\n\nRedirects are displayed in italics."

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
SpecialNuke: Display username next to pages for temp accountsmediawiki/extensions/Nukemaster+9 -14
SpecialNuke: Don't add actor names WHERE if no names suppliedmediawiki/extensions/Nukemaster+4 -2
Enable temp account lookup by IP addressmediawiki/extensions/Nukemaster+419 -14
build: Add phan config loading for CheckUsermediawiki/extensions/Nukemaster+17 -1
zuul: Add CheckUser as a test and phan dependency of Nukeintegration/configmaster+6 -0
Customize query in gerrit

Related Objects
Search...

Event Timeline

There are a very large number of changes, so older changes are hidden. Show Older Changes
Samwalton9-WMF moved this task from Inbox to Blocked on the Moderator-Tools-Team board.Apr 8 2024, 11:35 AM
Jules78120 subscribed.Apr 13 2024, 6:57 PM
TAdeleye_WMF edited projects, added Trust and Safety Product Team; removed Anti-Harassment-Team.May 14 2024, 4:15 PM
kostajh changed the task status from Open to Stalled.Jul 2 2024, 9:25 AM

Stalled on T354542: Create new Rest API endpoint that takes an IP address and returns temporary accounts that have used that address

Scardenasmolinar subscribed.Jul 17 2024, 7:28 PM
Dreamy_Jazz changed the task status from Stalled to Open.Jul 23 2024, 10:52 AM
Dreamy_Jazz subscribed.

T354542 is just waiting for QA, so this should be unblocked.

Pppery subscribed.Aug 12 2024, 6:56 PM
Scardenasmolinar closed subtask T349577: Update Nuke code to query CheckUser as Resolved.Sep 4 2024, 7:54 PM
kostajh mentioned this in T355178: Add a reusable message to display to users who are unable to take an action due to not being opted in to view IP addresses.Sep 8 2024, 7:25 PM
kostajh updated the task description. (Show Details)
Samwalton9-WMF merged a task: T355178: Add a reusable message to display to users who are unable to take an action due to not being opted in to view IP addresses.Sep 10 2024, 11:33 AM
Samwalton9-WMF updated the task description. (Show Details)
Samwalton9-WMF added a subscriber: KColeman-WMF.
kostajh moved this task from Inbox to Triaged on the Temporary accounts board.Sep 10 2024, 12:46 PM
kostajh closed subtask T354542: Create new Rest API endpoint that takes an IP address and returns temporary accounts that have used that address as Resolved.Sep 15 2024, 5:04 PM
Samwalton9-WMF added a comment.Sep 20 2024, 10:15 AM

We'll aim to work on this in October and have it out before the October 29th temporary account deployment.

Samwalton9-WMF updated the task description. (Show Details)Sep 20 2024, 10:17 AM
Samwalton9-WMF updated the task description. (Show Details)Sep 20 2024, 10:19 AM
Samwalton9-WMF updated the task description. (Show Details)
Samwalton9-WMF updated the task description. (Show Details)Sep 20 2024, 10:22 AM
Samwalton9-WMF updated the task description. (Show Details)Sep 20 2024, 10:25 AM
Samwalton9-WMF updated the task description. (Show Details)Sep 24 2024, 1:18 PM
Samwalton9-WMF updated the task description. (Show Details)Sep 26 2024, 3:04 PM
Samwalton9-WMF updated the task description. (Show Details)Sep 30 2024, 9:34 AM
Samwalton9-WMF updated the task description. (Show Details)
jsn.sherman triaged this task as High priority.Oct 1 2024, 6:04 PM
jsn.sherman moved this task from Blocked to To be estimated on the Moderator-Tools-Team board.
jsn.sherman set the point value for this task to 5.Oct 2 2024, 5:37 PM
Johannnes89 subscribed.Oct 3 2024, 6:35 PM
jsn.sherman claimed this task.Oct 9 2024, 1:21 PM
jsn.sherman edited projects, added Moderator-Tools-Team (Kanban); removed Moderator-Tools-Team.
jsn.sherman changed the task status from Open to In Progress.Oct 10 2024, 4:45 PM
jsn.sherman moved this task from Ready to In Progress on the Moderator-Tools-Team (Kanban) board.
gerritbot added a comment.Oct 11 2024, 6:56 PM

Change #1079564 had a related patch set uploaded (by Jsn.sherman; author: Jsn.sherman):

[mediawiki/extensions/Nuke@master] [WIP]: Enable nuking of temp accounts associated with IP

https://gerrit.wikimedia.org/r/1079564

gerritbot added a project: Patch-For-Review.Oct 11 2024, 6:56 PM
jsn.sherman added a comment.Oct 15 2024, 5:49 PM

Noting that for the moment, my solution varies from the mockups; I'm reusing the check user error page rather than display a message above the form:

image.png (350×685 px, 30 KB)

Also, my "revert reason" does not have punctuation like the mockup, since none of the other reasons include punctuation.

Samwalton9-WMF added a comment.Oct 15 2024, 6:06 PM

Looks good to me!

Samwalton9-WMF added a comment.Oct 15 2024, 6:06 PM
This comment was removed by Samwalton9-WMF.
jsn.sherman moved this task from In Progress to Eng review on the Moderator-Tools-Team (Kanban) board.Oct 15 2024, 11:50 PM
Kgraessle moved this task from Eng review to Reviewed (waiting for changes) on the Moderator-Tools-Team (Kanban) board.Oct 16 2024, 2:42 PM
jsn.sherman added a comment.Oct 16 2024, 2:42 PM

@Samwalton9-WMF product question: I'm currently just putting ip pages and related temp account pages all together and treating them like temp account pages in the list without distinguishing between them. That way existing pages can still be mass deleted along side new temp account pages. Is that okay? Should we amend interface text to make that clear?

jsn.sherman renamed this task from Enable Nuking of pages created by all temporary accounts which were used by an IP address to Enable mass deletion of pages created by all temporary accounts which were used by an IP address.Oct 16 2024, 3:44 PM
Samwalton9-WMF added a comment.Oct 16 2024, 4:35 PM
In T342785#10233873, @jsn.sherman wrote:

@Samwalton9-WMF product question: I'm currently just putting ip pages and related temp account pages all together and treating them like temp account pages in the list without distinguishing between them. That way existing pages can still be mass deleted along side new temp account pages. Is that okay? Should we amend interface text to make that clear?

Yeah I think that's fine - if I understand correctly this is a problem for a maximum of 30 days, while IP-created pages drop out of Recent Changes right?

I suppose this changes a little if we implement T33858: [SPIKE] Investigate using the Revision table instead of Recent Changes for Nuke, to allow deleting older pages [16HRS] but we could worry about this then.

Pppery unsubscribed.Oct 16 2024, 4:37 PM
Kgraessle moved this task from Reviewed (waiting for changes) to Eng review on the Moderator-Tools-Team (Kanban) board.Oct 16 2024, 6:12 PM
jsn.sherman added a comment.EditedOct 16 2024, 6:14 PM

here's what we're looking at right now:

image.png (578×761 px, 51 KB)

image.png (627×761 px, 103 KB)

Note that the list in the second screenshot contains both ip user created pages as well as temp account user created pages.

When we don't have the combination of temp accounts and CheckUser, the current behavior is maintained.

gerritbot added a comment.Oct 17 2024, 11:14 AM

Change #1081107 had a related patch set uploaded (by Kosta Harlan; author: Kosta Harlan):

[integration/config@master] zuul: Add CheckUser as a test and phan dependency of Nuke

https://gerrit.wikimedia.org/r/1081107

gerritbot added a comment.Oct 17 2024, 11:20 AM

Change #1081108 had a related patch set uploaded (by Kosta Harlan; author: Kosta Harlan):

[mediawiki/extensions/Nuke@master] build: Add phan config loading for CheckUser

https://gerrit.wikimedia.org/r/1081108

gerritbot added a comment.Oct 17 2024, 11:30 AM

Change #1081107 merged by jenkins-bot:

[integration/config@master] zuul: Add CheckUser as a test and phan dependency of Nuke

https://gerrit.wikimedia.org/r/1081107

kostajh moved this task from Backlog to Enhancements on the MediaWiki-extensions-Nuke board.Oct 17 2024, 12:19 PM
gerritbot added a comment.Oct 17 2024, 12:52 PM

Change #1081136 had a related patch set uploaded (by Kosta Harlan; author: Kosta Harlan):

[mediawiki/extensions/Nuke@master] SpecialNuke: Fix display of username

https://gerrit.wikimedia.org/r/1081136

gerritbot added a comment.Oct 17 2024, 2:51 PM

Change #1081108 merged by jenkins-bot:

[mediawiki/extensions/Nuke@master] build: Add phan config loading for CheckUser

https://gerrit.wikimedia.org/r/1081108

Kgraessle moved this task from Eng review to Reviewed (waiting for changes) on the Moderator-Tools-Team (Kanban) board.Oct 17 2024, 2:56 PM
ReleaseTaggerBot added a project: MW-1.43-notes (1.43.0-wmf.28; 2024-10-22).Oct 17 2024, 3:00 PM
Kgraessle moved this task from Reviewed (waiting for changes) to Eng review on the Moderator-Tools-Team (Kanban) board.Oct 17 2024, 3:44 PM
kostajh added a comment.Oct 18 2024, 8:47 AM

Pages should be listed without explicitly linking them to an IP address or temporary account.

@Samwalton9-WMF @Niharika I would like to better understand the motivation for this.

If I use Special:Nuke on and input the IP address 1.2.3.4, I will get a list of recent pages created by temporary accounts from that IP address. It is then trivial to visit each page in that list and identify the creator of the page, to identify which temporary account is associated with IP 1.2.3.4. (This is also why we generate a log entry, to indicate that a user has viewed temporary accounts associated with the IP address.)

If we do not display the temporary account name, we do not present critical information to the operator of the tool. For example, if IP address 1.2.3.4 has a single temporary account associated with it, it's pretty obvious that I can move forward with deleting the pages. But if there are dozens of temporary accounts from a busy IP address, then there is a higher risk of collateral damage. If we do not show the temporary account names next to the pages, it is very easy for the operator of Special:Nuke to not notice this.

Another reason to show the username next to the page is so that it's easy to see the block status of the account that created the page.

So in short, the information is obtainable through manually clicking through to each page, and I am not sure why we wouldn't make it easier for the operator of Special:Nuke to see inline, as it would reduce the risk of collateral damage and provide more useful context for anti-abuse work.

Samwalton9-WMF added a comment.Oct 18 2024, 10:08 AM
In T342785#10241014, @kostajh wrote:

Pages should be listed without explicitly linking them to an IP address or temporary account.

@Samwalton9-WMF @Niharika I would like to better understand the motivation for this.

If I use Special:Nuke on and input the IP address 1.2.3.4, I will get a list of recent pages created by temporary accounts from that IP address. It is then trivial to visit each page in that list and identify the creator of the page, to identify which temporary account is associated with IP 1.2.3.4. (This is also why we generate a log entry, to indicate that a user has viewed temporary accounts associated with the IP address.)

If we do not display the temporary account name, we do not present critical information to the operator of the tool. For example, if IP address 1.2.3.4 has a single temporary account associated with it, it's pretty obvious that I can move forward with deleting the pages. But if there are dozens of temporary accounts from a busy IP address, then there is a higher risk of collateral damage. If we do not show the temporary account names next to the pages, it is very easy for the operator of Special:Nuke to not notice this.

Another reason to show the username next to the page is so that it's easy to see the block status of the account that created the page.

So in short, the information is obtainable through manually clicking through to each page, and I am not sure why we wouldn't make it easier for the operator of Special:Nuke to see inline, as it would reduce the risk of collateral damage and provide more useful context for anti-abuse work.

This makes sense to me! I was perhaps being over-cautious with respect to linking IP addresses and temporary accounts.

Johannnes89 added a comment.Oct 19 2024, 6:54 AM

This makes sense to me! I was perhaps being over-cautious with respect to linking IP addresses and temporary accounts.

given that only admins (who qualify for IP Reveal) can access Special:Nuke, I don't think this is an issue – although I wonder if it's ok to link IP and temporary account at Special:Nuke, if the admin didn't agree to the Access to Temporary Account IP Addresses Policy via Special:Preferences.

gerritbot added a comment.Oct 21 2024, 8:31 AM

Change #1079564 merged by jenkins-bot:

[mediawiki/extensions/Nuke@master] Enable temp account lookup by IP address

https://gerrit.wikimedia.org/r/1079564

kostajh added a comment.Oct 21 2024, 8:32 AM
In T342785#10244012, @Johannnes89 wrote:

This makes sense to me! I was perhaps being over-cautious with respect to linking IP addresses and temporary accounts.

given that only admins (who qualify for IP Reveal) can access Special:Nuke, I don't think this is an issue – although I wonder if it's ok to link IP and temporary account at Special:Nuke, if the admin didn't agree to the Access to Temporary Account IP Addresses Policy via Special:Preferences.

The operator of Special:Nuke will be prompted to access the agreement, if they have not already.

kostajh updated the task description. (Show Details)Oct 21 2024, 8:33 AM
kostajh added a project: Trust and Safety Product Sprint (Sprint Cello (Oct 7 - 18)).Oct 21 2024, 1:56 PM
kostajh moved this task from Priority Backlog to Needs QA on the Trust and Safety Product Sprint (Sprint Cello (Oct 7 - 18)) board.

One part of this task is not yet done (seeing usernames next to pages) but the rest can start in QA.

gerritbot added a comment.Oct 21 2024, 2:13 PM

Change #1081983 had a related patch set uploaded (by Kosta Harlan; author: Kosta Harlan):

[mediawiki/extensions/Nuke@master] SpecialNuke: Don't add actor names WHERE if no names supplied

https://gerrit.wikimedia.org/r/1081983

Kgraessle moved this task from Eng review to QA on the Moderator-Tools-Team (Kanban) board.Oct 21 2024, 2:56 PM
gerritbot added a comment.Oct 21 2024, 5:44 PM

Change #1081983 merged by jenkins-bot:

[mediawiki/extensions/Nuke@master] SpecialNuke: Don't add actor names WHERE if no names supplied

https://gerrit.wikimedia.org/r/1081983

Samwalton9-WMF added a comment.EditedOct 25 2024, 1:35 PM

Testing on Test Wiki:

I created a page to be deleted, giving me a temporary account and assigning the page creation to it.

✅ I went to Special:Nuke and entered my IP address, and got a permission error, because I have yet to check the preference in my preferences.
✅ I entered the temporary account name, and was presented with the list of created pages as expected - no permission error.
✅ I enabled the preference, and now searching my IP address displays the created article.

❌ Despite queuing the page for deletion, the page was not actually deleted.

Screenshot 2024-10-25 at 14.30.37.png (366×930 px, 34 KB)

✅ I created another page from a new temporary account (same IP address) and now both pages are correctly listed.

❌ Again, though, no page deletion took place. Putting in a temporary account username and clicking Delete deleted one of the pages almost immediately as expected, but deletion seems not to work when an IP address is entered.

❓ Searching an IP address with no recent page creations displays a note linking to Special:Contributions for the IP address. This doesn't really make sense in the temporary account world, as far as I understand it. Should we de-link this if you searched for an IP address? I suppose it is still relevant while Nuke might be picking up IP created articles (i.e. while temp accounts is newly-deployed)

Screenshot 2024-10-25 at 14.28.08.png (242×728 px, 51 KB)

kostajh edited projects, added Trust and Safety Product Sprint (Sprint Accordion October 28 - November 15); removed Trust and Safety Product Sprint (Sprint Cello (Oct 7 - 18)).Oct 28 2024, 11:05 AM
kostajh moved this task from Priority Backlog to Needs QA on the Trust and Safety Product Sprint (Sprint Accordion October 28 - November 15) board.
Samwalton9-WMF added a comment.Oct 28 2024, 4:32 PM
In T342785#10262479, @Samwalton9-WMF wrote:

❌ Despite queuing the page for deletion, the page was not actually deleted.

Screenshot 2024-10-25 at 14.30.37.png (366×930 px, 34 KB)

❌ Again, though, no page deletion took place. Putting in a temporary account username and clicking Delete deleted one of the pages almost immediately as expected, but deletion seems not to work when an IP address is entered.

I might have been being impatient here - I just tested it again and it worked correctly. Maybe I wasn't waiting long enough in my previous tests.

gerritbot added a comment.Oct 28 2024, 9:28 PM

Change #1081136 merged by jenkins-bot:

[mediawiki/extensions/Nuke@master] SpecialNuke: Display username next to pages for temp accounts

https://gerrit.wikimedia.org/r/1081136

kostajh added a comment.Oct 28 2024, 9:28 PM
In T342785#10268800, @Samwalton9-WMF wrote:
In T342785#10262479, @Samwalton9-WMF wrote:

❌ Despite queuing the page for deletion, the page was not actually deleted.

Screenshot 2024-10-25 at 14.30.37.png (366×930 px, 34 KB)

❌ Again, though, no page deletion took place. Putting in a temporary account username and clicking Delete deleted one of the pages almost immediately as expected, but deletion seems not to work when an IP address is entered.

I might have been being impatient here - I just tested it again and it worked correctly. Maybe I wasn't waiting long enough in my previous tests.

The job queue has been moving slowly the last couple of days (T378385).

Maintenance_bot removed a project: Patch-For-Review.Oct 28 2024, 9:30 PM
ReleaseTaggerBot added a project: MW-1.44-notes (1.44.0-wmf.1; 2024-10-29).Oct 28 2024, 10:00 PM
Samwalton9-WMF added a subscriber: Quiddity.Oct 29 2024, 9:47 AM
In T342785#10270479, @kostajh wrote:
In T342785#10268800, @Samwalton9-WMF wrote:
In T342785#10262479, @Samwalton9-WMF wrote:

❌ Despite queuing the page for deletion, the page was not actually deleted.

Screenshot 2024-10-25 at 14.30.37.png (366×930 px, 34 KB)

❌ Again, though, no page deletion took place. Putting in a temporary account username and clicking Delete deleted one of the pages almost immediately as expected, but deletion seems not to work when an IP address is entered.

I might have been being impatient here - I just tested it again and it worked correctly. Maybe I wasn't waiting long enough in my previous tests.

The job queue has been moving slowly the last couple of days (T378385).

Ah, that could explain it, thanks.

@Quiddity This is the kind of thing I'd like users to know about, but it's wrapped up in the temporary account project, so wouldn't be relevant to most wikis yet. Does it make sense to add this to Tech News?

jsn.sherman added a comment.Oct 29 2024, 5:17 PM

@Samwalton9-WMF could you validate this on enwiki after deployment on 10/31? It should have the aforementioned username display changes by then.

Scardenasmolinar closed this task as Resolved.Oct 30 2024, 5:22 PM
Scardenasmolinar moved this task from QA to Done on the Moderator-Tools-Team (Kanban) board.

We have tested this on test wiki and everything seems to be working as expected. Will move this to Done and resolve it.

Samwalton9-WMF added a comment.Oct 30 2024, 10:26 PM
In T342785#10273875, @jsn.sherman wrote:

@Samwalton9-WMF could you validate this on enwiki after deployment on 10/31? It should have the aforementioned username display changes by then.

I can check that it still works there for IPs and registered users, but temporary accounts are only on certain pilot wikis for now.

Scardenasmolinar added a comment.Oct 30 2024, 11:05 PM

We checked with IPs and temporary accounts and they worked!

dom_walden mentioned this in T376788: Audit extensions and configs that might need testing before minor pilot wikis release.Nov 5 2024, 10:25 AM
Dreamy_Jazz moved this task from Needs QA to Done on the Trust and Safety Product Sprint (Sprint Accordion October 28 - November 15) board.Nov 14 2024, 1:07 PM
kostajh mentioned this in T380364: Improve rollback for Temporary accounts.Dec 6 2024, 12:57 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits