This card tracks a proposal that's currently part of the Community Wishlist Survey: https://meta.wikimedia.org/wiki/2015_Community_Wishlist_Survey
The Wishlist Survey voting phase lasts until Dec 14th. After the voting has concluded, the top proposals will form the backlog for the Community Tech team to investigate and address.
**Proposal**:
Our blocking tools suck. It is a trivial matter to defeat blocks, and any vandal worth his salt can do it in his sleep. (User:Philippe). Anyone who works a sockpuppet investigation page or is a victim of repeated on-wiki harassment can attest to this. Block evasion doesn't have to be deliberate -- in some parts of the world, users can be assigned a different IP address by their ISP for every edit they make. We effectively have no measures against these users.
The aim here is threefold -- to make it more difficult to evade blocks, make it easier for us to identify and deal with potential sockpuppets as soon as possible-- ideally before they start editing -- and keep collateral damage at a minimum. This proposal has multiple facets:
* Look at other forum/blog/wiki software (e.g. Wordpress, vBulletin) and determine which blocking tools can be feasibly integrated into MediaWiki (not as an extension) subject to the constraints in our privacy policy. Implement them.
* Implement the existing tickets:
-- Sets a blocked user cookie {T5233}
Added 27 November: investigate the use of Evercookie-like and other obnoxious tracking techniques to make the cookie harder to remove, while remaining within our privacy policy.
*Block by user agent only, don't block the underlying IP {T1000070}
* Throttle account creation by user agent {T106930}
* When the account creation throttle is hit, flag all accounts that were created by that user (limit to Checkuser if necessary) {T107651}
* Recursive checkuser {T11858}
* Checkuser watchlist feature {T21796}
* Block by device ID (needs check with WMF Legal first)
* Added 27 November: if an account with a registered email address is blocked with account creation blocked, prevent creation of any new accounts with that email address. (Optional, because we don't require email on registration.)
* Any other suggestions from the community that will help tackle this problem.
Improved blocking tools may be assigned to the Checkuser group initially to get a feel for how much collateral damage they cause. This will ideally reduce the burden of cleaning up after spammers, vandals and long term abusers, reduce the amount of on-wiki harassment of the type referred to in the diff above and will benefit all good faith editors of any MediaWiki installation.
MER-C (talk) 12:06, 8 November 2015 (UTC)