Page MenuHomePhabricator
Create Task
Maniphest T377138

Request: Prevent editors from making accidental edits from outside their user account
Open, Needs TriagePublicFeature
Actions

Description

Feature summary (what you would like to be able to do and where):

The default visual appearance when you are logged in vs logged out should make it obvious which you are. It's not enough to have something change in the toolbar; nobody notices that. It should be something like a different background color.

Use case(s) (list the steps that you performed to discover that problem, and describe the actual underlying problem which you want to solve. Do not describe only a solution):

Users who normally edit from accounts occasionally get logged out by accident and inadvertently leak their IP addresses because they didn't realize they were logged out until it was too late. T372702 has increased the frequency of this happening but it's not the only cause, I'm aware of several such incidents recently, which required intervention from an oversighter to suppress the leaked IP.

Benefits (why should this be implemented?):

People will be less likely to leak confidential information by accident.

Related Objects

Event Timeline

RoySmith created this task.Oct 14 2024, 1:45 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptOct 14 2024, 1:45 PM
Aklapper added a comment.Oct 15 2024, 7:10 AM

This sounds unrelated to Vector-2022 only?
Folks are free to edit Special:MyPage/common.css to display a different background color when logged in.

Escargot_rouge subscribed.Oct 15 2024, 8:26 AM

With temporary accounts, it should become less of a problem.

RoySmith added a comment.Oct 15 2024, 1:29 PM
In T377138#10227588, @Aklapper wrote:

Folks are free to edit Special:MyPage/common.css to display a different background color when logged in.

That misses the point. To do that, a user needs to 1) Be aware of the problem and 2) Have the knowledge/skills to write custom CSS. That's an exceptionally small sliver of our user base. The goal here is to provide protection to the vast majority of our users, which is why this needs to be something that happens by default.

Aklapper added a comment.Oct 15 2024, 2:01 PM

It doesn't miss the point though for the vast majority of readers who never created an account and don't plan to but suddenly get a different background color (or such)? So I guess this is about making Create account and Log in in the top bar somehow more visible?

RoySmith added a comment.Oct 15 2024, 2:12 PM

I hesitated to mention background color at all because I really didn't want to get into specific implementations. It was just one example of how this might be done, and probably a mistake that I went there at all.

The gist is that if somebody who is logged in gets logged out, it should be immediately obvious to them. A banner of winged rainbow unicorns towing "You've been logged out!" balloons would do the job as well, and that's an implementation suggestion I don't mind making because I'm confident it won't be confused for "how I really think this should be implemented" :-)

Jdlrobson subscribed.Oct 15 2024, 3:20 PM

If the request is to prevent accidental IP editing then a solution should likely be limited to the edit workflow. Any other solution is likely to be confusing. Consider shared computers and long gaps between sessions.

The mobile site has already solved this by providing obvious indications you are logged out when you try to edit or you click the watchstar. I think upstreaming those fixes to desktop workflows would be a better solution here.

Jdlrobson renamed this task from Provide clear visual indication of logged-in vs logged-out status to Request: Prevent editors from making accidental edits from outside their user account.Oct 15 2024, 3:21 PM
Jdlrobson added a project: Editing-team.
DLynch subscribed.Oct 15 2024, 3:44 PM

The desktop site also provides large warnings when you start editing if you're not logged in:

VisualEditor
image.png (476×906 px, 84 KB)
WikiEditor
image.png (392×2 px, 129 KB)

They could technically be more obtrusive, i.e. by being an actual modal that you have to dismiss before you start editing. But I think we're already yelling pretty loudly about your login status in the editing workflow, overall.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits