Page MenuHomePhabricator
Create Task
Maniphest T425857

Apply the checkuser-temporary-account policy/restrictions to all groups.
Closed, DeclinedPublic
Actions

Description

The temporary-account-viewer Group is restricted, but all other Groups with the right don't have the restrictions.

In large projects such as deWiki or enwiki, etc., the requirements are high enough that such a restriction is not strictly necessary. But in smaller projects, the requirements are lower, so a user might be granted this right by becoming an administrator or bureaucrat even though they are not actually authorized to view IP addresses for example, because they have only been a registered user for 100 days or have made only 70 edits.

Event Timeline

WikiBayer created this task.Sat, May 9, 4:10 PM
Johannnes89 subscribed.Sun, May 10, 8:30 PM

I believe that's intentional. While it is possible to get admin permissions with a lower edit count / account age than what's required or TAIV, admins need to go through an RfA process which ensures that there's community trust.

WikiBayer added a comment.Sun, May 10, 8:39 PM

Johannes in small Projekts is this only a discussion.
Example: https://iu.wikipedia.org/wiki/%E1%90%85%E1%90%83%E1%91%AD%E1%90%B1%E1%91%8E%E1%90%8A:%E1%96%83%E1%92%A1%E1%92%8B%E1%96%85

All I would have to do is write a request, and according to the guidelines, I can make the SRP request after 7 days, unless someone objects which is verly unlikely given the lack of active users.

It's that easy in inactive projects.

Bugreporter subscribed.Mon, May 11, 2:15 AM

The potential concern is crats in any wikis can technically grant any user sysop and crat with no discussion at all, and this did happen in some small wikis. We have no technical way to enforce a discussion before granting. Some potential solutions are:

  • Technically prevent granting sysop/crat to user lower than TAIV threshold (while stewards can override). Not a good solution since this means flagging adminbots may often require steward action.
  • Disable access to IP Reveal for sysops and crats lower than TAIV threshold. Stewards can still manually add them to TAIV group. This may require splitting checkuser-temporary-account right.
Johannnes89 added a comment.EditedMon, May 11, 6:14 AM

Small wikis (especially newly created ones) sometimes simply don't have any users with enough edits meeting TAIV – but they might still need admins fighting vandalism and requiring TAIV access. Given that stewards are granting admin permissions via SRP it's unnecessarily bureaucratic to require those admins to also apply for stewards granting them a TAIV exemption. If we don't trust them with TAIV, they shouldn't get admin permissions.

If a wiki is large enough to have their own crats, they should be trusted to make decisions about granting sysop permissions even if that includes TAIV.

Bugreporter added a comment.EditedMon, May 11, 7:59 AM

Some small wiki has crats for historical reason and sometimes it causes a lot of troubles. Before U4C exists many RFCs in Meta concerns potential issues of wiki governance (e.g. a crat becomes de facto dictator of wiki). See also https://meta.wikimedia.org/wiki/Wiki_governance_audit

WikiBayer added a comment.Mon, May 11, 10:15 AM

Johannnes newprojects have users with activity in incubator and stewards can override the restrictions for this user.
New projects use SRP for user permission assignment anyway.

Dreamy_Jazz closed this task as Declined.EditedMon, May 11, 12:05 PM
Dreamy_Jazz subscribed.

The policy is intentional that the edit count and account age requirements are only imposed for users who do not meet access requirements by being in admin, bureaucrat, checkuser, or oversight groups: https://foundation.wikimedia.org/wiki/Policy:Wikimedia_Access_to_Temporary_Account_IP_Addresses_Policy#Local_access

It is assumed that users who have these groups are trusted enough to be given access without imposing additional requirements. If that should change, then a request to modify to change that policy should be made

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits