This is probably a dumb question, but how do we manage it for searching the text of entire articles on Wikipedia in the search bar in the upper right-hand corner if it's so expensive to have any sort of string-searching feature?

Something as simple as a user-enabled time-limited semi-protection of their own talk page would certainly throttle some amount of abuse. A blacklist doesn't really work with LTAs, since they're using multiple accounts.

Given that all types of blocks can be defeated given sufficient technical expertise and determination, tools like the AbuseFilter are indeed more likely to mitigate severe LTA cases. I would also encourage the task force addressing this to consider devoting substantial resources to legal means of mitigating LTA cases. Legal avenues seem far more likely to work than technical ones, especially where we know the identity of the LTA.

@dbarratt Apple disallows fingerprinting that persists when an app is deleted. I suppose it depends on the implementation, but that fingerprinting would reset every time the Wikimedia app was deleted or the phone was reset. In other words, it can be removed by the user, just like a cookie, though perhaps not as easily.

If the Wikipedia mobile app were to do this, it would be de-listed from the Apple Store. Is that really something we're willing to take as collateral damage? There are serious privacy implications to this, and while I appreciate that the WMF Board has asked for this and this isn't staff's fault, the Board should be taken to task for failing to understand privacy at even a basic level.

Agreed. This implementation was a bit of a misfire, as it impacted the workflow of many admins. Please roll this back while we discuss how this could be better implemented, possibly by making it optional with a toggle in preferences, defaulting to off.

This has happened to me several times as well recently. At my home computer, I literally cannot use CommonsHelper anymore, and have been unable to for months. Oddly, when I swapped to a different computer temporarily, it worked for a brief period of time before again popping the "Auth not OK" message and not allowing me to re-authenticate.

This would be massively useful to OTRS agents who are non-admins on Commons, including myself. Any progress?

This has also neutered the massRollback script, which now requires individual confirmation on rollbacking each page. That script is extraordinarily useful when handling sockpuppetry cases, where all edits should be reverted. It's also helpful in worst-case scenarios of a bot gone awry, which can happen occasionally when bots aren't maintained.