Change Details

== Overview == The [[ https://www.mediawiki.org/wiki/Extension:Nuke | Nuke extension ]] enables administrators to delete all pages created in the last 30 days* by a specified user or IP address. {F37122001} With the move to IP Masking, a straight transition of functionality in the Nuke extension would simply replace 'IP address' with 'temporary account'. This may, however, be a substantial downgrade in functionality, if users expect to be able to mass-delete pages created from an IP address across multiple temporary accounts. There are a number of open questions about whether a straight transition to temporary accounts is sufficient, or if additional work is required here to maintain expected functionality. The core question we need to answer is: **Do we need to implement a feature in Nuke whereby administrators can delete pages created by multiple temporary accounts which used the same IP address?** //*30 days is the Wikimedia production default length of time that revisions are stored in the `recentchanges` table, which this extension uses.// == Temporary accounts == When a temporary account is created for a user, a one-year cookie is created, during which time their contributions will be associated with this temporary account. Clearing the cookie will give the user a new temporary account on their next edit. Changing IP address will //[[ https://www.mediawiki.org/wiki/Help:Temporary_accounts#How_is_the_information_for_a_temporary_account_stored?_How_long_does_a_temporary_account_last? | not ]]// change the user's temporary account. As such, a temporary account can be associated with multiple IP addresses over its lifespan (T325456). Can Nuke identify and delete pages when the target unregistered user is ... | | **Currently** | **Future** | ----- | ----- | ----- | Switching IP address | No | Yes | Clearing cookies | Yes | No** | //Both// | //No// | //No// It's worth noting that with IP masking and the introduction of per-user cookies, tools like Nuke will actually be //more// effective against users who do not delete their cookies. ** This is the case which could be addressed by this ticket - a user clears their cookies but does not change IP address. == Data == * What percentage of Nuke actions are currently taken on unregistered vs registered users? == Questions == * Editors will be able to reveal the IP address of individual temporary accounts, but will they be able to link an IP address to multiple temporary accounts, or is this a CheckUser-level feature as it is for registered accounts? * How much riskier is it that an individual can cycle temporary accounts on the same IP address by deleting cookies (future behaviour), as compared to cycling IP addresses (current behaviour)? * Clearing cookies is much easier for a bad actor than cycling IP addresses quickly, though the latter is already being done by some vandals. * To what degree would administrators see a straight equivalence of IP address to temporary account as a downgrade in functionality?

== Overview == The [[ https://www.mediawiki.org/wiki/Extension:Nuke | Nuke extension ]] enables administrators to delete all pages created in the last 30 days* by a specified user or IP address. {F37122001} With the move to IP Masking, a straight transition of functionality in the Nuke extension would simply replace 'IP address' with 'temporary account'. This may, however, be a substantial downgrade in functionality, if users expect to be able to mass-delete pages created from an IP address across multiple temporary accounts. There are a number of open questions about whether a straight transition to temporary accounts is sufficient, or if additional work is required here to maintain expected functionality. The core question we need to answer is: **Do we need to implement a feature in Nuke whereby administrators can delete pages created by multiple temporary accounts which used the same IP address?** //*30 days is the Wikimedia production default length of time that revisions are stored in the `recentchanges` table, which this extension uses.// == Temporary accounts == When a temporary account is created for a user, a one-year cookie is created, during which time their contributions will be associated with this temporary account. Clearing the cookie will give the user a new temporary account on their next edit. Changing IP address will //[[ https://www.mediawiki.org/wiki/Help:Temporary_accounts#How_is_the_information_for_a_temporary_account_stored?_How_long_does_a_temporary_account_last? | not ]]// change the user's temporary account. As such, a temporary account can be associated with multiple IP addresses over its lifespan (T325456). Can Nuke identify and delete pages when the target unregistered user is ... | | **Currently** | **Future** | ----- | ----- | ----- | Switching IP address | No | Yes | Clearing cookies | Yes | No** | //Both// | //No// | //No// It's worth noting that with IP masking and the introduction of per-user cookies, tools like Nuke will actually be //more// effective against users who do not delete their cookies. //**This is the case which could be addressed by this ticket - a user clears their cookies but does not change IP address.// == Data == * What percentage of Nuke actions are currently taken on unregistered vs registered users? == Questions == * Editors will be able to reveal the IP address of individual temporary accounts, but will they be able to link an IP address to multiple temporary accounts, or is this a CheckUser-level feature as it is for registered accounts? * How much riskier is it that an individual can cycle temporary accounts on the same IP address by deleting cookies (future behaviour), as compared to cycling IP addresses (current behaviour)? * Clearing cookies is much easier for a bad actor than cycling IP addresses quickly, though the latter is already being done by some vandals. * To what degree would administrators see a straight equivalence of IP address to temporary account as a downgrade in functionality?

== Overview == The [[ https://www.mediawiki.org/wiki/Extension:Nuke | Nuke extension ]] enables administrators to delete all pages created in the last 30 days* by a specified user or IP address. {F37122001} With the move to IP Masking, a straight transition of functionality in the Nuke extension would simply replace 'IP address' with 'temporary account'. This may, however, be a substantial downgrade in functionality, if users expect to be able to mass-delete pages created from an IP address across multiple temporary accounts. There are a number of open questions about whether a straight transition to temporary accounts is sufficient, or if additional work is required here to maintain expected functionality. The core question we need to answer is: **Do we need to implement a feature in Nuke whereby administrators can delete pages created by multiple temporary accounts which used the same IP address?** //*30 days is the Wikimedia production default length of time that revisions are stored in the `recentchanges` table, which this extension uses.// == Temporary accounts == When a temporary account is created for a user, a one-year cookie is created, during which time their contributions will be associated with this temporary account. Clearing the cookie will give the user a new temporary account on their next edit. Changing IP address will //[[ https://www.mediawiki.org/wiki/Help:Temporary_accounts#How_is_the_information_for_a_temporary_account_stored?_How_long_does_a_temporary_account_last? | not ]]// change the user's temporary account. As such, a temporary account can be associated with multiple IP addresses over its lifespan (T325456). Can Nuke identify and delete pages when the target unregistered user is ... | | **Currently** | **Future** | ----- | ----- | ----- | Switching IP address | No | Yes | Clearing cookies | Yes | No** | //Both// | //No// | //No// It's worth noting that with IP masking and the introduction of per-user cookies, tools like Nuke will actually be //more// effective against users who do not delete their cookies. ** //**This is the case which could be addressed by this ticket - a user clears their cookies but does not change IP address.// == Data == * What percentage of Nuke actions are currently taken on unregistered vs registered users? == Questions == * Editors will be able to reveal the IP address of individual temporary accounts, but will they be able to link an IP address to multiple temporary accounts, or is this a CheckUser-level feature as it is for registered accounts? * How much riskier is it that an individual can cycle temporary accounts on the same IP address by deleting cookies (future behaviour), as compared to cycling IP addresses (current behaviour)? * Clearing cookies is much easier for a bad actor than cycling IP addresses quickly, though the latter is already being done by some vandals. * To what degree would administrators see a straight equivalence of IP address to temporary account as a downgrade in functionality?