== Overview ==
The [[ https://www.mediawiki.org/wiki/Extension:Nuke | Nuke extension ]] enables administrators to delete all pages created in the last 30 days* by a specified user or IP address.
{F37122001}
With the move to IP Masking, a straight transition of functionality in the Nuke extension would simply replace 'IP address' with 'temporary account'. This may, however, be a substantial downgrade in functionality, if users expect to be able to mass-delete pages created from an IP address across multiple temporary accounts. There are a number of open questions about whether a straight transition to temporary accounts is sufficient, or if additional work is required here to maintain expected functionality.
The core question we need to answer is: **Do we need to implement a feature in Nuke whereby administrators can delete pages created by multiple temporary accounts which used the same IP address?**
//*30 days is the Wikimedia production default length of time that revisions are stored in the `recentchanges` table, which this extension uses.//
== Temporary accounts ==
When a temporary account is created for a user, a one-year cookie is created, during which time their contributions will be associated with this temporary account. Clearing the cookie will give the user a new temporary account on their next edit. Changing IP address will //[[ https://www.mediawiki.org/wiki/Help:Temporary_accounts#How_is_the_information_for_a_temporary_account_stored?_How_long_does_a_temporary_account_last? | not ]]// change the user's temporary account. As such, a temporary account can be associated with multiple IP addresses over its lifespan (T325456).
Can Nuke identify and delete pages when the target unregistered user is ...
| | **Currently** | **Future**
| ----- | ----- | -----
| Switching IP address | No | Yes
| Clearing cookies | Yes | No**
| //Both// | //No// | //No//
It's worth noting that with IP masking and the introduction of per-user cookies, tools like Nuke will actually be //more// effective against users who do not delete their cookies.
** This is the case which could be addressed by this ticket - a user clears their cookies but does not change IP address.
== Data ==
* What percentage of Nuke actions are currently taken on unregistered vs registered users?
== Questions ==
* Editors will be able to reveal the IP address of individual temporary accounts, but will they be able to link an IP address to multiple temporary accounts, or is this a CheckUser-level feature as it is for registered accounts?
* How much riskier is it that an individual can cycle temporary accounts on the same IP address by deleting cookies (future behaviour), as compared to cycling IP addresses (current behaviour)?
* Clearing cookies is much easier for a bad actor than cycling IP addresses quickly, though the latter is already being done by some vandals.
* To what degree would administrators see a straight equivalence of IP address to temporary account as a downgrade in functionality?