Re-checked on dewiki beta - e.g. of Flow pages - https://de.wikipedia.beta.wmflabs.org/wiki/Wikipedia:Flow_Test or https://de.wikipedia.beta.wmflabs.org/wiki/Flow_test_talk:Abc (Flow extension is not installed on cswiki beta) - the issues mentioned in the task description are still present.

Relevant to this task:

In T341976#9079139, @Tgr wrote:

We talked about whether it's easier to just disallow anonymous editing in Flow. For reference, this is how it looks:

normal	disallowed

It's not super straightforward to do because Flow uses the edit right for permission checks and we can't take that away, but hopefully still fairly straightforward.
Either we can use a permission hook to disallow anon edits to Flow pages, and hope that Flow checks permissions in a way that allows for that; or we can change FlowActions and declare a new flow-edit right.

@Tgr to confirm, if we disallow anonymous editing on Flow boards, Temporary accounts will still be able to post on Flow boards once the Temporary account is created via an edit elsewhere, correct?
That seems to be the case currently: https://de.wikipedia.beta.wmflabs.org/wiki/Thema:Xni4va4cbopwngf2

In T342831#9081856, @KStoller-WMF wrote:

@Tgr to confirm, if we disallow anonymous editing on Flow boards, Temporary accounts will still be able to post on Flow boards once the Temporary account is created via an edit elsewhere, correct?
That seems to be the case currently: https://de.wikipedia.beta.wmflabs.org/wiki/Thema:Xni4va4cbopwngf2

I'm not @Tgr, but yes, that should be the case, as we'd only affect the permissions for anonymous users, not temporary accounts.

This task was discussed in Growth's weekly priority meeting. I mentioned that, if possible, I want to limit the effort we invest in Flow as we want to move projects away from the use of Flow in the future. (Related work: T332022: [Epic] Undeploying StructuredDiscussions (Flow)).

However, before moving forward with a decision, ideally I can get a basic level of effort estimate from engineers on these two approaches:

• Disallowing anonymous editing in Flow. We would want to present an informative error message to logged out / IP editors when they attempt to add a message in Flow.
  • Already supported: Once a temp account is created, then temp accounts can post in Flow discussions, it just can’t be their first edit.
• Fully support temporary account edits in Flow. A logged out user could post in Flow which would trigger the creation of a temporary account. In other words, we support Flow in basically the same way that we are supporting DiscussionTools. T332432: Update DiscussionTools for IP masking

Related discussion happening as part of this task: T346108: [EPIC] IP Masking: StructuredDiscussions (Flow)/LiquidThreads Community discussion

I'll move this task to Triaged for now.

In T342831#9107171, @KStoller-WMF wrote:

This task was discussed in Growth's weekly priority meeting. I mentioned that, if possible, I want to limit the effort we invest in Flow as we want to move projects away from the use of Flow in the future. (Related work: T332022: [Epic] Undeploying StructuredDiscussions (Flow)).

However, before moving forward with a decision, ideally I can get a basic level of effort estimate from engineers on these two approaches:

• Disallowing anonymous editing in Flow. We would want to present an informative error message to logged out / IP editors when they attempt to add a message in Flow.
  • Already supported: Once a temp account is created, then temp accounts can post in Flow discussions, it just can’t be their first edit.

Bumping this, as I think we still need a rough estimate / scope for this.

I would also suggest that we add another variation, which is to disallow temp accounts from using Flow as well. The reason for doing that is to avoid needing further work in related tooling that hooks into Flow changes (especially anti-abuse tooling).

• Fully support temporary account edits in Flow. A logged out user could post in Flow which would trigger the creation of a temporary account. In other words, we support Flow in basically the same way that we are supporting DiscussionTools. T332432: Update DiscussionTools for IP masking

Without having looked closely: is it possible to do something similar to what is implemented in Wikibase, and use TempUserCreator to create the temp account on edit?

I would also suggest that we add another variation, which is to disallow temp accounts from using Flow as well.

If a project is not actively using Flow, we can freeze all flow boards via setting $wgFlowReadOnly instead.

In T342831#9605795, @kostajh wrote:

I would also suggest that we add another variation, which is to disallow temp accounts from using Flow as well. The reason for doing that is to avoid needing further work in related tooling that hooks into Flow changes (especially anti-abuse tooling).

I updated the description to allow for other approaches including what you suggest.

Based on recent community conversations, in which there is general acceptance or support for deprecating Flow, and seeing how limited the usage of Flow is currently, I personally think we should align the Flow deprecation with the rollout of Temporary accounts.

In other words, rather than any remediation work on Flow to accommodate IP Masking, we instead invest in sunsetting the feature. Perhaps the freezing of Flow boards can be one step in that process. Clearly the Temporary accounts project is the higher priority, so we would need to ensure the Flow deprecation work aligned with the Temporary accounts timeline.

That being said, I don't think I'm the final decision maker here, so I'll connect more with Product and Engineering directors to see if there is agreement on that approach.
@kostajh - what are your thoughts on that approach?

In T342831#9609503, @KStoller-WMF wrote:

In T342831#9605795, @kostajh wrote:

I would also suggest that we add another variation, which is to disallow temp accounts from using Flow as well. The reason for doing that is to avoid needing further work in related tooling that hooks into Flow changes (especially anti-abuse tooling).

I updated the description to allow for other approaches including what you suggest.

Based on recent community conversations, in which there is general acceptance or support for deprecating Flow, and seeing how limited the usage of Flow is currently, I personally think we should align the Flow deprecation with the rollout of Temporary accounts.

In other words, rather than any remediation work on Flow to accommodate IP Masking, we instead invest in sunsetting the feature. Perhaps the freezing of Flow boards can be one step in that process. Clearly the Temporary accounts project is the higher priority, so we would need to ensure the Flow deprecation work aligned with the Temporary accounts timeline.

That being said, I don't think I'm the final decision maker here, so I'll connect more with Product and Engineering directors to see if there is agreement on that approach.
@kostajh - what are your thoughts on that approach?

Freezing the Flow boards seems like the easiest option, if communities are OK with that. $wgFlowReadOnly still allows for deleting/undeleting content, though, and that might be an issue in this scenario:

1. Flow boards are in read-only mode
2. Temp accounts feature is enabled
3. Admin deletes an older post from an IP actor

At that point, I think we would encounter an error (T349219: [M] Investigate: Which workflows create an IP actor?). I don't have an idea at the moment on how to deal with that.

In T342831#9618944, @kostajh wrote:

$wgFlowReadOnly still allows for deleting/undeleting content

That would be fairly trivial to disable presumably. With enough warning, we could lock down that feature too. In exceptional cases staff could delete content.

See this commit message for why @Catrope left in "undelete" (and therefore "delete"): https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Flow/+/415514