In some extenuating circumstances, it may be necessary for editor safety to preemptively redact actor details (e.g. username/IP address) from making their way into EventStreams. Some stop-gap measures to address this problem exist, but the cleanest solution is to implement this functionality into Mediawiki, via new extended admin rights.
This task has strong support from the WMF Security and Privacy team.
| Status | Subtype | Assigned | Task | ||
|---|---|---|---|---|---|
| Restricted Task | |||||
| Restricted Task | |||||
| Open | None | T354577 Create Mediawiki "oversightprotect" action that suppresses usernames of all edits of a page |
Going to try and implement this. I'm assuming that this is all meant to be oversight-level suppression, rather than admin-level (unless we want both as options). Questions that will need an answer at some point
to implement this functionality into Mediawiki
Please add the MediaWiki project tag (and review tags/subscribers) so the task can be found
I'm assuming that this is all meant to be oversight-level suppression, rather than admin-level (unless we want both as options).
Correct!
- Should editors be told that their names will be immediately hidden as editors?
Yes — no issues with informing editors that their names will be suppressed.
- Should enabling/disabling this be in the public protection log (if editors are informed before saving then probably) (only a question if the suppression is oversight-level)
Yes — it's best if there's some public accountability if, say, an oversighter is starts suppressing tons of pages.
- Should each edit be logged individually as a revision deletion/suppression action? If not it might be confusing if the edits are later made visible. If yes, under what name - maintenance script?
Yes (not sure what the proper name should be though).
- Should enabling this retroactively apply to all prior edits, or just new ones?
My feeling is that this should just apply to just new edits! That's a soft preference, though — I'm willing to be convinced otherwise if someone has very strong feelings about it.
I think there should be an option - hide previous versions or not. Currently ruwiki's bot hides all revisions, for example - all revisions of Putin's article since 2003.
Yes, but on the other hand the oversighter can easily go and hide those revisions themselves at the same time that they enable this for future revisions
It's not so easy if an article consists of >10000 revisions. Less actions to achieve the final goal is better.
I started a patch but its not a priority for me to be working on this, sorry - if someone else wants to do it I don't mind if you take over my patch. I'm updating the patch when I have time but it'll probably be a few weeks at least
There's no huge rush — we've deployed a short-term fix, but it requires some manual updating from WMF developers on a regular basis. If you can get to this in a few weeks that would be fine.
Will this hide data or suppress it? I think, hiding may be better on many pages, because if we suppress this data, even admins and arbitrators will can't see who did what on protected pages, and this will paralyze administrator actions and even ArbCom decisions. Ruwiki's bot hides this data, not suppresses, but it owner has suppress rights.
Not sure when I'm going to have time for this, if someone else wants to work on it I don't want to block them
thanks for awareness around your capacity, @DannyS712!
@Ottomata flagging you on this, just as an FYI
Maybe I've misunderstood this task, but I can't think of a situation where this would be useful for *all* usernames: English Wikipedia oversighters can suppressdelete pages and that seems sufficient. If protection is needed in tandem with suppression, usually only the last couple of editors need their usernames to be suppressed. If all of the usernames are suppressed on a page, wouldn't that cause issues with attribution?
I highly doubt this would be enabled in enwiki. We are talking about is let's say Russian, Chinese, Arabic, Persian, and some other wikis with very sensitive material. it is already done in several articles in Russian Wikipedia: Here is article of Putin there https://ru.wikipedia.org/w/index.php?title=%D0%9F%D1%83%D1%82%D0%B8%D0%BD,_%D0%92%D0%BB%D0%B0%D0%B4%D0%B8%D0%BC%D0%B8%D1%80_%D0%92%D0%BB%D0%B0%D0%B4%D0%B8%D0%BC%D0%B8%D1%80%D0%BE%D0%B2%D0%B8%D1%87&action=history
@Ladsgroup is correct about this — this is already happening on an ad hoc basis in some cases where there may be concerns about editor safety for sensitive material.
(Per the list in Russian Wikipedia, in more than a thousand pages. A code-based solution would be better at protecting privacy at such a number of pages at large, and would make it easier to revert this action when the political situation in Russia/Belarus changes.)