Jump to content

Talk:IP Editing: Privacy Enhancement and Abuse Mitigation/Archives/2021-06

Add topic
From Meta, a Wikimedia project coordination wiki

Update: How masking could work

[edit]

Hey folks, a pretty important update: IP Editing: Privacy Enhancement and Abuse Mitigation#Updates ("10 June 2021") now has a section on how the actual masking and unmasking could work. We look forward to your comments.

I'll include this in Tech News soon, and from there we'll add more channels to let people know it exists. /Johan (WMF) (talk) 10:06, 10 June 2021 (UTC)Reply

The major comment I have about this is that the threshold for partial access/the threshold for granting the user right seems really weird. 1y/500 is a massive mismatch between time and edits (500 edits within a month is entirely reasonable, and within 2 to 3 basically every active editor will have reached it). I think having something like 90d/500 for partial access, and 6m/1000 for the new userrights seems like more logical thresholds.
Then a few questions: A) how will logging/access be implemented exactly? Will users with the new user right for full access have the same preference opt in as others? If this opt is toggled, does the editor then automatically see the IP address, or will it require some kind of button click per time/IP Address you see? Will the log log every time a editor sees a full IP adresss? Asartea Talk (Enwiki Talk (preferred)) 13:33, 10 June 2021 (UTC)Reply
Thank you for your feedback, Asartea! This is not to dig in and try to defend the current thresholds, which are definitely open for discussion, but just to explain the reasoning behind them: we've tried to make it difficult to create new accounts for the purpose of accessing IPs, but not put them so high that we'd take the IP as a tool away from people who use them today. This way, you can't make 500 edits by say digging into categorisation (which you can easily do in a day) and just wait a couple of months.
As for your questions, this is not yet entirely decided. NKohli (WMF), when you're back, do you have any technical comments here? /Johan (WMF) (talk) 17:25, 10 June 2021 (UTC)Reply
Asartea's thresholds sound reasonable to me, if they're going to be global standards. Johan, we certainly have people who work in the field before a year. To give a human example who is active on this discussion, @Blablubbs: while they created their account in 2014, actually started editing exactly a year ago (so imagine an example if they had registered then). They became a full SPI clerk before that year was up, something I assume you're aware that en-wiki doesn't hand out lightly. I think the Community could accept higher standards on the editing side - which might involve good edit counts in different namespaces if you want to go complex, in return for reducing the time Nosebagbear (talk) 18:29, 10 June 2021 (UTC)Reply
@Asartea We have not yet looked into the specific details of how access would be implemented as this is very much in the brainstorming phase. I can share some early ideas. Everyone who obtains access will probably need to opt-in via a preference. This step is important as they would acknowledge they need IP access and agree to not share it to others who don't have access. They will most likely not automatically see full IP address everywhere and there would be an additional step to see it -- but we can show partial IPs by default. But this will probably differ by use case -- like checkusers would need to see all IPs automatically when they are in the checkuser tool. We would likely need to log it when someone sees a full IP. This is similar to how checkuser tool logs exposure of data. -- NKohli (WMF) (talk) 15:05, 11 June 2021 (UTC)Reply
This feels like it is going to be significantly clunky in the example case I gave below, when handling topics that get lots of traffic from the same area. Even a 10-15% delay to the process (assuming that it's not doing something drastic like reloading a page to show it) would be significant when stacked across all work in the sphere Nosebagbear (talk) 15:28, 11 June 2021 (UTC)Reply
This plan seems reasonable to me. The lower edit count requirement will be good for projects with 'less to do' than enwiki. Presumably the access will be global, i.e. having 500 edits on any wiki should allow access to info on all wikis. A broad interpretation of "community process" to grant access seems advisable, for example for enwiki it would be better if this is just a request at WP:PERM left open for a few days and allowing comments, rather than having it be an RfA-like process and requiring the input of ~100-200 editors. ProcrastinatingReader (talk) 16:05, 10 June 2021 (UTC)Reply
I think we envisioned the default as being per wiki, sort of like how almost all other user rights are also assigned per wiki, but with awareness that there needs to be global access for people active in cross-wiki vandalism. /Johan (WMF) (talk) 17:25, 10 June 2021 (UTC)Reply
I concur with ProcrastinatingReader, the overall solution sounds reasonable to me, but thresholds should probably be defined per wiki. --Vituzzu (talk) 17:40, 10 June 2021 (UTC)Reply
@Johan (WMF): A lot of users do cross-wiki anti-vandalism without needing any global perms. For example, you can use Huggle/SWViewer on other wikis as long as you have rollback locally on any wiki, so arguably you won't need to apply for global rollback. Considering this, and the fact that there can be a need to do work on wikis that you're not too active on, I think this automatic privilege should be global, otherwise it may have bad effects especially for small wikis. ProcrastinatingReader (talk) 14:31, 11 June 2021 (UTC)Reply
ProcrastinatingReader: Noted. This is good feedback, thank you. /Johan (WMF) (talk) 14:41, 11 June 2021 (UTC)Reply
So how will people with full access be able to discuss and report IPs to each other? Will there be a private namespace that is invisible to people without IP access for things like anti-vandalism? Is it fair to accuse people in places they can't see? Kusma (talk) 18:13, 10 June 2021 (UTC)Reply
And evidence also needs to be provided to the person on their user talk page if they're blocked, otherwise it becomes impossible for them to appeal in an informed fashion, and, as appealing is so tough, they will often need to see it before being blocked. Nosebagbear (talk) 18:23, 10 June 2021 (UTC)Reply
Nosebagbear: I was about the write a reply here, but to be really sure we're on the same page, can you mention the kind of evidence you're referring to where you'd want to divulge the IP as part of the reason? Of course those situations exists, but I want to make sure I reply to your concerns and not something I've made up. /Johan (WMF) (talk) 20:59, 10 June 2021 (UTC)Reply
So one example that jumps to mind from a fair while back (so, recollection may not be flawless) was someone who realised they could get different IPs (given the slight differences, likely by router resetting) to put multiple "speakers" into the same !vote Nosebagbear (talk) 21:25, 10 June 2021 (UTC)Reply
OK, good example. I'm not trying to argue here, just trying to understand, but why would it be necessary or even very helpful to list the IPs instead of telling the user that, hey, these ten IPs are coming from the same range? I'm just thinking about what I do as a checkuser today (in my volunteer role) with registered accounts, and I never tell them their IPs or other information, I just tell them the connection. /Johan (WMF) (talk) 21:34, 10 June 2021 (UTC)Reply
Kusma: There will also be the mask, the ID assigned to the user, so it will be possible to talk about them in public to let them know that they are accused – sort of like we can talk about registered socks in public without divulging the IP behind the account. But you still raise an interesting question about how to best share this information I'm not sure we have addressed properly yet. Thank you. /Johan (WMF) (talk) 20:59, 10 June 2021 (UTC)Reply
Is the full IP address information still ephemeral? That would be a deal breaker. MER-C (talk) 18:15, 10 June 2021 (UTC)Reply
I'm not entirely sure what you mean by ephemeral here, but after a certain period of time the IP behind a mask would no longer be accessible, similar to how it works for registered accounts. Please let me know if this isn't what you were asking and I'll try to give a better answer. /Johan (WMF) (talk) 20:59, 10 June 2021 (UTC)Reply

I'm not happy about this project, but I could live with this if it was implemented. Would it be possible to see this implemented on a test wiki before it goes live everywhere else? --Rschen7754 05:19, 12 June 2021 (UTC)Reply

That sounds like an excellent suggestion. Ping NKohli (WMF), this is something we should look into as we get closer to actual implementation. /Johan (WMF) (talk) 16:03, 14 June 2021 (UTC)Reply
Definitely! Hosting this somewhere on a demo-instance for people to be able to see and understand the change would be the way to go. I will have more details about this as we get closer to implementation. -- NKohli (WMF) (talk) 21:55, 24 June 2021 (UTC)Reply
@Johan (WMF): & @NKohli (WMF): - as a follow-up to this very logical step, a 2nd stage could be finding a few medium wikis who affirmatively want all of it (and thus would be keen adopters) to try it for 6 weeks (or whatever). Feedback from "when everyone needs to use it" could likely give information and feedback different to those interested enough to experiement on test-wiki or similar Nosebagbear (talk) 20:15, 28 June 2021 (UTC)Reply
Yeah, we typically try to roll out major things like these gradually (ping NKohli (WMF), I assume a gradual rollout was planned here too?). /Johan (WMF) (talk) 22:10, 28 June 2021 (UTC)Reply

Regardless of masking we still need to be able to block IPs and have it stick

[edit]

I don't particularly care who is editing through tor exit nodes and the like but they still need blocking. This is the case even if we outright ban IP editing. Indeed since we will no longer get the hint that there is a bunch of vandalism coming from some random IP the foundation may need to look into providing proxy tracking services.Geni (talk) 15:16, 10 June 2021 (UTC)Reply

This is on our to-do list! We have a couple of things we're looking into here. /Johan (WMF) (talk) 17:25, 10 June 2021 (UTC)Reply
There is also a need to make sure that lines of communication are open with the internet watch foundation. If they take action again it will be harder for editors to spot the IP patterns.Geni (talk) 06:06, 11 June 2021 (UTC)Reply
@Geni Thank you for your comment. We have been getting feedback about proxy tracking from several users on the IP Info talk page. If you want to add something that's not yet captured there, it would be helpful for us during project planning. -- NKohli (WMF) (talk) 15:33, 11 June 2021 (UTC)Reply

"IP address access will be logged so that due scrutiny can be performed if and when needed"

[edit]

Does this mean even users, who has the ability to view full IP addresses, will be forced to unmask every IP separately, by doing some action on every masked IP on page's history? Does this mean even this users, when they open page history, will not see all IP's, like now? It's catastrophe for many inwiki activities, not even anti-vandalism. MBH (talk) 17:44, 10 June 2021 (UTC)Reply

I imagine that every unmasking would have to be logged, or otherwise it would be easy to create a public website that contains all the masks. Kusma (talk) 18:17, 10 June 2021 (UTC)Reply
I'm going to double down on MBH's comment - I had some issues when I saw that. Even if it's just "click/hover" it's going to significantly slow the speed of just looking at a full view history log. It would make in non-workable - this has to be done without any functionality loss and this would be a significant loss. Nosebagbear (talk) 18:20, 10 June 2021 (UTC)Reply
We've been talking about this, but I'll have to get back to you on exactly what would be necessary for logging, legal aspects and so on – we're aware of it, but we didn't want to try to solve every little detail before talking to you about the general plan, because we wanted to be able to adapt to feedback here. But this is partly what we're trying to address by showing the first part of the IP which would not have to be logged and not have to be separately unmasked (edit: I think. NKohli (WMF), please confirm). Since they are typically not identical between different IPs (and if they are for different IPs editing the same article, might be an indication the same person is jumping IPs on a range), this would make at least my patrolling far easier. Let me know if it would not work the same way for you. /Johan (WMF) (talk) 21:07, 10 June 2021 (UTC)Reply
@Johan (WMF): The roughest patrolling I've ever had to do was on the Delhi riots. Unsurprisingly, in that case (but in countless other similar cases) we had LOTS of IPs in similar ranges Nosebagbear (talk) 21:44, 10 June 2021 (UTC)Reply
OK, this is useful contextualisation. Thank you. /Johan (WMF) (talk) 21:52, 10 June 2021 (UTC)Reply
Agree to what @Johan (WMF) said. I tried to also answer this above in my reply to Asartea. @Nosebagbear The case of patrolling during Delhi riots is interesting. Undoubtedly that would be very hard if one was to unmask every IP one by one. Thanks for that example. We'll try to think of ways to address this in a way that doesn't hinder patrolling work.
@MBH you said "It's catastrophe for many inwiki activities, not even anti-vandalism." -- can you please tell me about other activities that will be impacted, beyond anti-vandalism? We were primarily thinking about this being a use case for anti-vandalism so it would be helpful to know what other workflows could be impacted so we do not cause any unintentional effects. Thank you. -- NKohli (WMF) (talk) 15:53, 11 June 2021 (UTC)Reply
NKohli (WMF), one such area is the detection of potential conflicts of interest and/or undisclosed paid editing. There currently exist tools to flag it when, for example, edits about a given country's legislators originate from their legislative body's address range, helping to find instances when the legislator or a staffer are engaged in PR or whitewashing. This change would either break such tools entirely, or at least severely limit their usefulness. Seraphimblade (talk) 18:45, 17 June 2021 (UTC)Reply

10 June 2021 update and its impact on enwiki's Sockpuppet Investigation (SPI) process

[edit]

The SPI process now is carried on in publicly readable pages where incident reporters, SPI clerks, and checkusers all communicate with each other. It's one thing to say that appropriately privileged users will have access to the full IP addresses, but if we must agree not to disclose this information publicly, the entire SPI process will be unable to function. RoySmith (talk) 20:02, 10 June 2021 (UTC)Reply

RoySmith: Thanks for your feedback! I'm reasonably familiar with sockpuppet investigation in general, but not with the English Wikipedia SPI process. Could you briefly walk me through how this would make it unable to function? Especially in how it would differ from dealing with registered accounts, where you'd already wouldn't be able to share the IP, but would publicly rely on talking about the usernames (which here would have the equivalent of the mask, the identity assigned to the unregistered user instead of the IP). Just so I'm understanding the problems we could cause. /Johan (WMF) (talk) 21:14, 10 June 2021 (UTC)Reply
Hm. Move it to a private limited-access wiki, then? Enterprisey (talk) 23:00, 10 June 2021 (UTC)Reply
That would be pretty clunky, no? And the SPI cases have lots of occasional traffic that presumably just wouldn't happen if it was off-wiki Nosebagbear (talk) 23:13, 10 June 2021 (UTC)Reply
From our side we'd definitely prefer to find solutions that wouldn't force processes like these away from the namespaces they inhabit today. /Johan (WMF) (talk) 23:15, 10 June 2021 (UTC)Reply

Enwiki SPI clerk here. A lot of reports that come in are from editors who have been editing in their topic area, see sockpuppetry and then report. Some of these reports come in because in a page with lots of IP edits the LTA is on a distinct and similar range. Furthermore, reporting users often make recommendations about what to do, especially with regards to looking at the block log for an IP (so having a tool to see the block log of an IP from the masked one would be useful but might expose the IP from the block logs though). Furthermore, the archive pages of SPI cases are exceedingly useful for me for identifying IP edits from sockmasters. Having this list of known IPs that a sock master uses gives admins, clerks and editors in general the ability to quickly compare reported IPs range to previously reported IPs. This list then could not be anywhere onwiki as I see no way to hide IPs in wiki text, so we will then either need a private wiki for editors with the rights to see full IP addresses to see previously blocked IPs or some onwiki tool which allows a editable page of IP addresses which is only accessible to those who can view the IP addresses. Perhaps this page could log viewa and hide the tail to those who can't see the full IP address. Although I welcome the extra tools being offered I can see this masking giving LTAs an easier way to evade blocks. I see that the enwiki editors who are active at village pumps want to disallow IP editing due to this IP masking and I would say that my judgement is the overall enwiki community may want this if the tools given Tony outweigh the negatives from making IPs. Dreamy Jazz talk to me | enwiki 11:32, 11 June 2021 (UTC) (copyedited 11:58, 11 June 2021 (UTC))Reply

Thanks for the walk-through, Dreamy Jazz! /Johan (WMF) (talk) 11:48, 11 June 2021 (UTC)Reply
I wonder if there could be some kind of inline show/don't show for IPs at the technical level. Like a special template or "magic word" where I plug in "AnonymousCucumber15" and people with the special ipviewer right will see that resolve to "AnonymousCucumber15/127.0.0.1" (or something like that), so that someone with the appropriate rights can trivially see what I'm talking about without us both having to "talk around" things to avoid disclosing the private information. This does bring up the question of how much people with the ipviewer right can and cannot comment publicly on the information they see; we'll probably want to take inspiration from the CU policy here, but this is something we need to figure out both global and local policy for in advance. For example, can I (as an ipviewer) say on-wiki that AnonymousCucumber15 and IncognitoPickle16 are on the same range or have similar geolocation? (I would say yes, since that is something that even checkusers can say about named accounts). Separately, I'm generally opposed to a cuwiki-lite for ipviewers. GeneralNotability (talk) 18:05, 13 June 2021 (UTC)Reply
That is an interesting proposal GeneralNotability, as at least it would mitigate the SPI-awkward aspect. Nosebagbear (talk) 21:50, 13 June 2021 (UTC)Reply
Thanks for the specific technical suggestion. We'll have to look at it. Yes, you'll need to be able to talk about them in general terms as in "on the same range", of course; as you note, otherwise this would be stricter than the checkuser guidelines and make communication about what is happening and why impossible. /Johan (WMF) (talk) 16:03, 14 June 2021 (UTC)Reply
If the IP Info card were to work on any link to the User or User Talk page, then we could mention User:AnonymousCucumber15 and anyone with the rights would be able to hover (or tap-hold? how would it work on a mouseless touchscreen?) on that to see the detailed IP info. Is that how you picture it, Johan?
On the other hand, a whole-page Unhinde IPs button (that reveals something like “AnonymousCucumber15/127.0.0.1“) would make for easier reading. Perhaps we need both.
Pelagic (talk) 12:58, 1 July 2021 (UTC)Reply
I did some mockups a while ago, but not only am I not a designer, I'm not sure they're a good representation today – it's not decided, anyway, and open for feedback. I'll see if we can get something visual to show how things could (but wouldn't necessarily) work. /Johan (WMF) (talk) 13:22, 1 July 2021 (UTC)Reply
(Ping NKohli (WMF), who'll eventually make the final call on how this will work. /Johan (WMF) (talk) 13:25, 1 July 2021 (UTC))Reply
We've talked and need to straighten out a few things with the Technology department at the Foundation, who will have to handle how much of this works in the background, but we'll get working on visualising things as soon as we can. /Johan (WMF) (talk) 03:59, 2 July 2021 (UTC)Reply

IP viewer right

[edit]

With regards to "Editors who partake in anti-vandalism activities, as vetted by the community, can be granted a right to see IP addresses to continue their work. This could be handled in a similar manner as adminship on our projects. The community approval is important to ensure that only editors who truly need this access can get it. The editors will need to have an account that is at least a year old and have at least 500 edits", there are currently increasingly intense discussions on enwiki regarding both RfA's quantitative standards in the sense of minimum tenure/edit count expectations, and RfA's (as currently set up) ethics as a system of selecting admins at all. I don't see this not wedging a huge and unexpected issue into them. Vaticidalprophet (talk) 02:12, 11 June 2021 (UTC)Reply

  • It probably should be treated the same way that rollback is handled. Otherwise, we're going to be constrained into handling only those who are admins, which is a bad idea, especially as the number of admins dwindle over time. --Rockstone35 (talk) 03:33, 11 June 2021 (UTC)Reply
Eh, I don't think this particular dispute would be likely to exacerbate that discussion - EFM is never viewed in sync with Admin, and this would vastly distinct. And that's assuming that we can't get agreement that WP:PERM by community-selected admins, with a 48-hour hold for community comments, wouldn't be accepted. Nosebagbear (talk) 10:37, 14 June 2021 (UTC)Reply
A right similar in difficulty to obtain as EFM or EFH would be a disaster. ProcSock (talk) 16:19, 14 June 2021 (UTC)Reply
A small request, to make sure everyone can participate: This conversation is currently being fed by links from English Wikipedia, so at the moment it's a lot of English Wikipedians talking to other English Wikipedians, so of course people are using familiar ways to talk about things. But hopefully this changes soon as the technical newsletter is about to go out, and someone from Tagalog Wikipedia, German Wikipedia, Wikidata and so on is probably not familiar with the local English Wikipedia acronyms. /Johan (WMF) (talk) 16:42, 14 June 2021 (UTC)Reply
Or, to phrase it differently: if you have good examples of concerns or your wiki, they might very well be relevant to other wikis, and it's easier to tell and find these if people understand them. (: /Johan (WMF) (talk) 16:48, 14 June 2021 (UTC)Reply
Johan (WMF), I think the concern is that the restriction is too stringent, especially a fixed time, an edit number requirement, and on top of that a "similar manner as adminship". On the English Wikipedia, rights like rollback are genuinely granted on the basis of "You have been around long enough for us to know you're not an idiot, and you have a demonstrated need for it, so here you go." On the other hand, rights like edit filter manager (for non-admins) or template editor are much more strictly reviewed and not given out near as widely. I think the concern here is that we may well prefer to give this out much more like rollback ("You need it, you're not an idiot, here you go.") We certainly would not want to have people go through like anything like a request for adminship for it—if they could pass one of those, they may as well just do that. Nor would we necessarily want people to have to wait for a year; they may have proven themselves well before that point. Seraphimblade (talk) 23:19, 18 June 2021 (UTC)Reply
Noted. Yes, we have talked about the English Wikipedia RfA and RfA-like processes and what they mean for this (it's one of the main reasons why "let's give it to the admins and they should give admin rights to people who need this access – if they are trusted to see this information, they should be trusted with the admin tools" wouldn't work, for example, which would have been a viable solution on a good number of wikis). /Johan (WMF) (talk) 10:43, 21 June 2021 (UTC)Reply
I'm encouraged by the update that this could be as easy to get as, say, extended-confirmed. Like Seraphimblade, I'm concerned that it not be too restricted.
Johan, I think it should be x months and y edits and you tick a box on a form saying that you need IP Viewer and agree to abide by the rules and understand that your actions will be logged. No community approval process.
Even patroller and rollbacker are hard to get on enwiki, the last thing we want is another heavyweight process run by the “no soup for you” brigade. There should of course be some provision for admins to suspend or remove the right, and a community process to get it back if it's been taken away. If some communities really don't want to allow self-enrolment, then perhaps a per-wiki feature flag like “$allowIPViewSelfEnrol”.
Also consider that Wikimedia projects aren't the only users of MediaWiki. Other organisations may want to choose for their installation whether masking is on or off, and whether the right can be self-enrolled &/or assigned by an admin.
Pelagic (talk) 13:51, 1 July 2021 (UTC)Reply
In jawiki, where IP edits are of a relatively higher percentage, this would end up with a disaster. RfA on jawiki is notoriously difficult, and there are only 41 sysops out of 15k active users. Even requests for rollbacker access lapse frequently without objections from any users. With little or no time to spend on yet another new process, jawiki could as well end up with adding the IP viewer right to extended confirmed users. ネイ (talk) 12:04, 15 July 2021 (UTC)Reply
Thank you, ネイ. We want this to work for all wikis, but we definitely want it to work for Japanese Wikipedia. /Johan (WMF) (talk) 14:50, 15 July 2021 (UTC)Reply

This is incredibly shortsighted -- and not getting the attention it should get.

[edit]

I can't help but feel like this is an incredibly shortsighted decision -- and one that will have many unintended consequences. I don't particularly understand why they are making this decision, but at any rate, whenever this does finally formalize (and it sounds like this is going to happen regardless of what the community desires), I predict that it's going to come as quite a shock to the vast majority of the community, especially on enwiki. I sincerely hope that I'm wrong. --Rockstone35 (talk) 03:32, 11 June 2021 (UTC)Reply

I think this is the biggest existential threat that the Wikimedia movement has faced in over a decade, but it's hard to stop lawyers from digging their own graves. Vaticidalprophet (talk) 05:21, 11 June 2021 (UTC)Reply
@Vaticidalprophet: -- oh good, it's not just me who thinks that. Mostly I feel like I'm just watching a train that people on (enwiki at least) are not aware is heading towards them. When this change is implemented, it's going to be very bad. It's also really annoying that the lawyers can't give any good legal argument as to why this is needed. --Rockstone35 (talk) 05:55, 11 June 2021 (UTC)Reply
The Legal department are planning to give an update on their statement, but it's a few weeks away. I can confirm that this a) is happening (it's a legal decision, and those have never been a matter of community consensus), b) it's happening because what can be done and showed with personal information online has changed quite a bit since we implemented this system twenty years ago but c) within the legal frame that is given to us, we can work to find the best solutions based on discussions here and elsewhere. Since this mentions English Wikipedia specifically, we have tried to explain it at length also locally, e.g. w:en:Wikipedia:Wikipedia Signpost/2020-11-01/Op-Ed (also on Diff), and on a number of other wikis, in addition to Tech News, mailing lists and various other venues. But we're planning to reach out far more broadly, too, long before it's actually implemented. /Johan (WMF) (talk) 10:29, 11 June 2021 (UTC)Reply
Jeez, a few weeks, that's brushing 4 months as a turnaround. If the Community failed to respond on that timescale then the WMF would rightly assume that we had no concerns with whatever was being raised in consultation. I do hope they will cover each of the questions raised so far above on this page given that timescale, including the "meta" questions about their statement(s) (and non-statements) thus far Nosebagbear (talk) 10:33, 11 June 2021 (UTC)Reply
You do accept that this change may mean that all IP editing on English Wikipedia will stop though, right? 50.201.228.202 14:12, 11 June 2021 (UTC)Reply
We hope to avoid that, which is why we're very interested in feedback on every step on the way (and are grateful for the comments we are receiving). But if we're doing something for legal reasons – because the privacy landscape around what you can do and can't do on the internet has changed in recent years – we also can't ignore the fact that we have to adapt to that. I assure you this is not a fun project to work on that we're doing because we thought we'd enjoy it. (: /Johan (WMF) (talk) 14:23, 11 June 2021 (UTC)Reply
But on that note: this is not happening tomorrow. There's plenty of time for everyone to see where this is heading – the tools, the changes we make on this based on the feedback here and elsewhere and what is legally possible for us to do and so on. I'm not going to tell people how to react to this, but I would recommend that action is not taken based on a product that isn't finished and is explicitly looking for feedback. /Johan (WMF) (talk) 16:07, 11 June 2021 (UTC)Reply
@Johan (WMF): slightly off topic, but thank you for taking the time to reach out to us, even though we're a bunch of angry people upset about this change. I don't envy your job right now. --Rockstone35 (talk) 23:26, 11 June 2021 (UTC)Reply
Just leaving a quick note (European data protection lawyer here) to say that no, this will not mean that IP editing on Wikipedia will stop. The edit history might just contain a different pseudonym (think of something like "ABC123DEF456" instead of the IP address). It's not the end of the world. And users who need to see the actual IP address of logged-out users (because they're engaged in 'serious' vandal fighting) will still be able to do so. --Gnom (talk) 23:32, 11 June 2021 (UTC)Reply
@Gnom: I think it was meant that in the sense that local communities may block IP editing, rather than the WMF's actions would directly stop them (that would be a very quick change!) Nosebagbear (talk) 00:34, 12 June 2021 (UTC)Reply
But why would local communities (such as English-language Wikipedia) block IP editing? --Gnom (talk) 09:02, 12 June 2021 (UTC)Reply
Because the only reason IP editing works right now is because IP addresses reveal certain information (such as location) which allow for users to detect patterns involving vandalism and trolling. --Rockstone35 (talk) 18:01, 12 June 2021 (UTC)Reply
But we can still reveal the location and other pieces of information. This project is just about hiding the IP address, not the information behind it. --Gnom (talk) 22:47, 13 June 2021 (UTC)Reply
Thank you, Rockstone35, but really, while no one likes people being angry at them, getting long lists of complaints is far better than not discovering the issues in time. We want people to tell us all the reasons they think this will cause problems because while we might not have a magic solution, it gives us a list of things to work on. As long as people keep to m:Meta:Civility (not just for my sake, but also because not doing so will poison the discussion for everyone else), we're just happy to see more comments, because in the end it'll help us at least get a chance to mitigate the potential damage to the patrolling and vandal-fighting process, which is far more important than people agreeing with us. /Johan (WMF) (talk) 17:57, 14 June 2021 (UTC)Reply
@Johan (WMF): Thank you for reaching out here (and on the Signpost; I had not noticed that article), it must be quite frustrating. And a bit futile: we the community don't understand what the legal issue is, other than "some part of our current practice places us in legal jeopardy or is clearly illegal in some jurisdictions that we care about". As long as we don't know what the problem is, it is difficult for us to see what types of mitigation measures counteracting the difficulties masking will cause are ok, and what types are not. "Let's just ban IP editing" is a simple solution that anyone can understand, so it is popular (I am also very sympathetic to it now because it seems preferable to the massive additional complexity proposed here). I'd like to understand why your complex masking and unmasking proposal is better (other than that banning IP editing will mean that we need to triple the size of our checkuser team). Do people on ptwiki not create accounts often enough? Kusma (talk) 09:23, 12 June 2021 (UTC)Reply
I'd be happy to help explain the legal issue (I am a lawyer specialising in online data protection law). --Gnom (talk) 22:47, 13 June 2021 (UTC)Reply
IPs are being masked precisely because they can be used to reveal (very) rough geolocation, ISP, and connection type. If we were to continue making that information available, masking would be unnecessary. --Blablubbs|talk 16:00, 14 June 2021 (UTC)Reply
The Wikimedia Foundation Legal Department will comment soonish, and I’m not a lawyer, but I’d like to remind everyone that this is something that is affected by legal standards, not just our desire to protect our unregistered editors – if it were just the latter, this would not have been "this is coming, and that it’s not negotiable" – we can always talk about our decisions, but we can’t make consensus decisions about legal matters. It's not really up to us to decide what is unnecessary or not from a practical perspective, as there are regulations to take into consideration. /Johan (WMF) (talk) 01:04, 15 June 2021 (UTC)Reply
Kusma: We do understand why this is frustrating! It's important, it messes with one of the very core workflows of the Wikimedia wikis – the very work that allows us to be as open as we are – and we are unable to communicate in detail why we're doing this. Of course people will be upset. I just wanted to stress that this is not something we are doing because we had some idea about improving privacy (though it is important) and didn't realise there would be consequences.
To answer your question, we tried to look into the research done on restricting editing to registered accounts (then on non-Wikimedia wikis, before Portuguese Wikipedia decided to try it out), and are very concerned about the long-term effects on editor recruitment. See Research:Value of IP Editing. This is what I wrote in the Signpost, when they asked for a comment:
Why do IP masking at all, some ask. Why not disable IP editing instead? We’re investing significant time and resources in trying to solve this because we’re convinced that turning off unregistered editing would severely harm the wikis. Benjamin Mako Hill has collected research on the subject. Another researcher told us that if we turn IP editing off, we’ll doomed the wikis to a slow death: not because the content added by the IP edits, but because of the increased threshold to start editing. We can’t do it without harming long-term recruitment. The role unregistered editing plays also varies a lot from wiki to wiki. Compare English and Japanese Wikipedia, for example. The latter wiki has a far higher percentage of IP edits, yet the revert rate for IP edits is a third of what it is on English Wikipedia: 9.5% compared to 27.4%, defined as reverted within 48 hours. And some smaller wikis might suffer greatly even in the shorter term.
I hope that at least explains where we are coming from. /Johan (WMF) (talk) 17:39, 14 June 2021 (UTC)Reply

Three questions

[edit]

Hi Johan,

Three questions:

1) With regard to IPs not being unblocked, you note "This solution will have to be a compromise." - what was being thought here?

2) In a related fashion, we need to confirm that when we switch over, the blocks on the IPs behind a mask will still appear when giving an IP block - otherwise our ascending length blocks on IPs are all going to reset

3) With the information you provide on pt-wiki, that I look forward to reading, will that include workload (instances raised, instances carried out, and sockpuppet registered accounts detected) on the Checkusers. As en-wiki already struggles on CU workload, it's one of the facets that would be critical, especially were a discussion on whether to block all IP editing to be considered and opposed Nosebagbear (talk) 10:41, 14 June 2021 (UTC)Reply

1) That the most privacy-protective measure would, as people have previously pointed out on this talk page, be to start from a blank slate with blocks. But we can't do that, so we have to compromise with what would have been the perfect solution from the privacy perspective.
2) I see no reason why this would change, but it's a good question. NKohli (WMF), can you confirm that this will work? I.e. that you can see previous blocks whenever you block an IP, similar to today, including in the case of an admin not opting in to see the IP behind the mask.
3) I don't have an answer to that right now. I'll ask. (I'm not looking into it myself, but it is happening.) /Johan (WMF) (talk) 16:03, 14 June 2021 (UTC)Reply
To follow up on this, yes we are looking into the number of checkuser requests. /Johan (WMF) (talk) 16:09, 14 June 2021 (UTC)Reply

Reaction to 14 June 2021 update

[edit]

I'd like to discuss this bullet:

  • Editors who partake in anti-vandalism activities, as vetted by the community, can be granted a right to see IP addresses to continue their work. This could be handled in a similar manner as adminship on our projects. The community approval is important to ensure that only editors who truly need this access can get it. The editors will need to have an account that is at least a year old and have at least 500 edits.

I consider this overly inflexible and would instead suggest that Wikivoyage or any other Wiki community be able to grant anyone with Patroller status a right to see IP addresses. And I think we shouldn't be dictated to on how we decide who is trusted to be a Patroller. Ikan Kekek (talk) 17:02, 14 June 2021 (UTC)Reply

Agree with that. My account is only 5 months old, and would that mean that on the other two WMF projects I'm a sysop in mean, I can't see the IP adresses? And considering that I only revert vandalism on the English Wikipedia, not being able to see IP addresses would be difficult. I like Ikan Kekek's plan with Wikivoyage, and I think anyone with patroller status should be able to see IP addresses. SHB2000 (talk | contibs | en.wikivoyage | w:User:SHB2000) 11:45, 15 June 2021 (UTC)Reply
The thresholds can absolutely be discussed, and we really don't want to intrude on your right to handle vandalism the way you think best, which you're better equipped to figure out than the Foundation is. But, similar to how there are some global requirements for how much support you need to become a checkuser, which wikis can't decide to lower, because the Foundation has legal responsibilities towards the information, the Foundation will need to set some limits for who is able to take on this role. We’re taking this conversation into consideration, of course, but we can’t be completely flexible as we also have to consider our legal responsibilities, in addition to the relationship and division of work between the Foundation and the communities.
I realise this is a bit of a non-answer right now, but just to explain why the Foundation doesn't just hand this over to the communities to decide, when the communities are the experts on anti-vandalism work. /Johan (WMF) (talk) 03:14, 17 June 2021 (UTC)Reply
I don't see how one amount of time vs. another would be dictated by law, rather than arbitrary. By contrast, Patroller is a specific status some users are given that indicates that they are trusted to use rollback tools. This specifically and pointedly differentiates them from users who may be of longer standing but are not entrusted with such tools. And this trust is not arbitrary but carefully considered by local admins and subject to revocation by admins in the unlikely event that the users in question proved to actually be untrustworthy. (There has been no such case of revocation of patroller status due to a loss of trust on en.voy, as far as I can remember.) I will stipulate that we usually don't give users Patroller status until they've been registered for more than 6 months, but if 1 year or even 6 months were to be the standard, there should be provisions for exceptions. Ikan Kekek (talk) 08:33, 18 June 2021 (UTC)Reply
It's not (as far as I know – the legal parts are really not my forte, I'm here to build the technical implementation) – which is why we're saying that the thresholds are negotiable and given the feedback I find it unlikely they will remain at our suggestion, which was mainly a starting point. (: As for "can we tie them to [user right]", I'm checking in with the Legal department to understand what implications that would have. /Johan (WMF) (talk) 10:40, 21 June 2021 (UTC)Reply
@Ikan Kekek and Johan (WMF): or at least set it to 6 months. Since it would be impossible for me to handle being the only sysop in two wiki's and not being able to see IP adresses. Or, you could create a new global group called "IP unmaskers" (or something else) and people who's account is less than 12 months old can apply for this role? SHB2000 (talk | contibs | en.wikivoyage | w:User:SHB2000) 22:44, 23 June 2021 (UTC)Reply
Just noting that we're listening to the feedback here and the reason we're replying with an update isn't that we're disagreeing and keeping the suggested limits – which were really mainly discussion starters – as they are, but to consider all the posts here and think them through. But all admins who opted in would see them, so you'd do that anyway – this isn't about keeping this from admins, it's just that there needs to be a process (not necessarily exactly the one we suggested) for this to make sure we don't hand out this information to anyone. /Johan (WMF) (talk) 23:36, 23 June 2021 (UTC)Reply
Not to belittle SHB2000's contributions, but they are a temporary admin in two tiny wikis that have virtually no communities and not much content. One could question if it's even necessary to access full IP addresses there, or if the disruption is of such low level that all you need is the block button. And it seems that it can be easier and faster to get temporary admin rights in small projects than it is to get rollback in the English Wikipedia, for example. If all admins are given the IP access right by default, then getting the access is as easy as spending two months reverting vandalism in a small project and then applying for the temp admin bit. kyykaarme (talk) 10:44, 24 June 2021 (UTC)Reply
Yeah I got denied rollback thrice on enwiki. I've got rollback on four WMF projects (includes the two tiny terrible wikis), and yet, I've done not much vandal patrolling. Another suggestion is probably change the adminship criteria on Steward requests/Permissions/Minimum voting requirements, so that communities with very little contributors hopefully can see the IP's longer. SHB2000 (talk | contibs | en.wikivoyage | w:User:SHB2000) 11:33, 24 June 2021 (UTC)Reply
But what is the need to see full IP addresses in such small wikis? The two projects in question have had just 25 IP edits in the last 30 days (24 & 1). Even if you couldn't see the IPs, you could revert and block when necessary. kyykaarme (talk) 18:01, 24 June 2021 (UTC)Reply
very true SHB2000 (talk | contibs | en.wikivoyage | w:User:SHB2000) 02:14, 25 June 2021 (UTC)Reply
@Kyykaarme: a late update. But I'm expected to become an admin on Wikivoyage on Friday night (UTC). As far as I'd expect, I'm expecting this process to take 1 year? But there's still a shit ton of people on other WMF projects who's account is less than a year old, but are sysops. I'm okay with this, but there needs to be something called a "global ip sighter" which allows an account to see IP's cross wiki. SHB2000 (talk | contibs | en.wikivoyage | w:User:SHB2000) 00:08, 6 July 2021 (UTC)Reply
[edit]

My apologies if these questions have been answered elsewhere; I did not find answers in the FAQ on the content page. I am a checkuser on English Wikipedia editing under a disclosed alternate for security purposes; my main account is User:Ivanvector.

I see that the team preparing these changes is proposing to create a new userright for users to have access to the IP addresses behind a mask. Does Legal have an opinion on whether access to the full IP address associated with a particular username mask constitutes nonpublic personal information as defined by the Confidentiality agreement for nonpublic information, and will users seeking this new userright be required to sign the Access to nonpublic personal data policy or some version of it?

  1. If yes, then will I as a checkuser be able to discuss relationships between registered accounts and their IP addresses with holders of this new userright, as I currently do with other signatories?
  2. If no, then could someone try to explain why we are going to all this trouble for information that we don't consider nonpublic?
  3. In either case, will a checkuser be permitted to disclose connections between registered accounts and unregistered username masks?

Thanks for all the work you've been doing to make sure this monumental change is the right one. PEIsquirrel (talk) 19:01, 14 June 2021 (UTC)Reply

Passing this on to Legal. /Johan (WMF) (talk) 19:16, 14 June 2021 (UTC)Reply
I'd like to echo the thanks above. Although IP masking may cause some problems, having you listen to our comments is very reassuring and helpful. Hopefully once IP masking comes around, I will not miss the ability to see IP addresses on projects I am not active on and also for other users at enwiki to see IP addresses. I'd also like to echo the questions above and it would be useful to get a response to them. Dreamy Jazz talk to me | enwiki 20:35, 14 June 2021 (UTC)Reply
Thanks. I can't promise we will solve everything – some things will be more cumbersome; we hope to offset this by building better tools that will make other parts of the patrolling and anti-vandal workflows easier – and some important questions are still left to be answered. There is a system in place for this and we have to replace it for other reasons than having found a better one. But I want to stress that we do share the concerns, care about the result and really do appreciate everyone listing their concerns, for what it's worth. /Johan (WMF) (talk) 23:07, 14 June 2021 (UTC)Reply
  • Hi @Johan (WMF): I've tried to gather together a reasonably, but almost certainly not-fully, complete list of Legal or Legal-ish (there's a couple of questions where it's not clear whether the block is operational or Legal) questions from the above, excluding those that I think have been either answered directly (very few) or become moot (mainly due to the June 10th update being a big step in the right direction). Others please feel free to add any I've missed.
List of Legal questions to assist checking what has been answered/won't be answered/missed out/unclear/incomplete
  • While legal cannot unilaterally disclose the reasoning because of attorney-client privilege, the WMF – being the client – absolutely can. So if privilege is the argument for being obscure, why doesn't the WMF at least partially waive it or provide a statement itself?
  • Does legal believe that we may currently be open to litigation because of existing laws?
  • If not, why are we citing no specific legislation while also citing privilege to avoid disclosing anything?
  • Is there any current or pending litigation regarding privacy of IPs on Wikimedia projects?
  • Is this being done to avoid future liability because WMF legal believes that laws that might make public disclosure of IPs illegal will be passed?
  • If so, why is the feature not just developed and shelved until such laws potentially come into effect, given the strong opposition by the community?
  • If so, why can we not be more open about what those future liabilities are, given that they are not currently a threat?
  • Has the Board endorsed this decision? If not, what is the most senior level it has been endorsed at?

--

  1. If not showing IP addresses to the general public was a legal requirement, why was this only stated as such after the community clearly opposed this proposal?
  2. Does showing IP addresses to the general public violate the black-letter law in any jurisdiction in which the WMF is subject to the laws of?
    1. If so, which jurisdiction?
    2. If so, which law(s)?
    3. If so, why hasn't IP editing been disabled while this is in process?
    4. If so, why can we still show old IPs?
  3. Does showing IP addresses to the general public violate the interpretation of law in any jurisdiction in which the WMF is subject to the laws of?
    1. If so, which jurisdiction?
    2. If so, which law(s) (has|have) been interpreted that way?
    3. If so, where can that interpretation be found?
    4. If so, is that interpretation final or still subject to appeal?
    5. If so above, why isn't the WMF appealing?
    6. If so, why hasn't IP editing been disabled while this is in process?
  4. Does showing IP addresses to the general public violate the potential interpretation of law in any jurisdiction in which the WMF is subject to the laws of?
    1. If so, which jurisdiction?
    2. If so, which law(s) could be interpreted that way?
    3. If so, how likely is such an interpretation?
    4. If so, why hasn't IP editing been disabled while this is in process?
  5. Does showing IP addresses to the general public violate the WMF's internal policies or requirements?
    1. If so, why are changes to those internal policies or requirements not being considered as a valid response to community consensus against the masking proposal?
  6. Does showing IP addresses to the general public only violate "general expectations" of Internet users?
    1. If so, why is this being treated as a legal requirement?

--

  • Does this mean even users, who has the ability to view full IP addresses, will be forced to unmask every IP separately, by doing some action on every masked IP on page's history?
    • [Ed:] This is somewhat operational and Legal. In effect it's checking if there's a Legal restriction that can't be worked around (say, by recording all IPs the viewer can have seen. To avoid adding every history log an admin ever sees, it could be, say, one click to reveal all IPs on the history page they're viewing, with all added to the log

--

  • Johan, relating to a brief section back on the 26/27th October 2020, you concurred that a large number of our most active RCPers and counter-vandals were under-18. It is likely that a significant number of these would even be under 16. Would these groups still be fine to accept the agreement by ticking-in?

--

  • [Rephrased] - in effect, will a mask count as sufficient detail for a CCBYSA release?

--

  • Given the multitude of clear evidence that this information is used for the effective functioning of Wikimedia, and not all changes can be worked around, surely a clear Legitimate Interest defence for use of this public information (to use GDPR's language) could be made? If not, why not?

Discussion on the English Wikipedia

[edit]

Just an FYI, there is currently a discussion on the English Wikipedia regarding this topic: w:Wikipedia:Village pump (WMF)#IP Masking Update -FASTILY 22:12, 14 June 2021 (UTC)Reply

Requirements

[edit]

To continue interacting with anonymous contributors, whether in a collegiate way or fighting vandals, rank-and-file editors need these abilities:

  1. Communicate with an anonymous editor using a page similar to the existing User talk:123.45.67.89, presumably with an obfuscated replacement for the IP
  2. List contributions from adjacent IPs, especially within a v4 /24 or a v6 /64
  3. Determine whether two contributions are from the same IP, similar IPs or widely differing IPs
  4. Identify a contributor to other editors, especially in a form which an admin can turn into an IP block or range block if appropriate

Does the proposed solution address these needs? Does the WMF have any response yet to last year's questions on Crypto-PAn and IPv6 /64s? Certes (talk) 22:20, 14 June 2021 (UTC)Reply

NKohli (WMF), I think you are better equipped to answer this question. /Johan (WMF) (talk) 23:08, 14 June 2021 (UTC)Reply
Hi @Certes, sorry for the late response. I was on a break the last few days. I'll address your points below:
For #1 We are thinking about the communication aspect - it will likely be similar to what you mentioned, a talk page with the anonymized username instead of the IP. We still have to iron out the details on this with the technology team - mainly how this will work when different editors have different permission/access levels.
For #2 and #3 We are building something called the "nearby editors" or "editor matching" tool which will hopefully be able to surface when two or more anonymous editors behave similarly based on a variety of factors. This is still in the very early brainstorming phases and we are looking for ways to make it work well. Your comments are helpful and I will incorporate them in the designs.
For #4 This is a good point - we have not given this conscious thought. There is more discussion elsewhere on this page about doing this too. I will take your feedback and we will think of ways to address it.
Regarding Crypto-PAn - we are not yet in the implementation phase and so I cannot comment on this right now. We wanted to finalize the plan to do this before deciding on the "how".
Regarding IPv6 /64s - this was also brought up in some other discussions so it sounds like something several people would like us to do. I think it would need an official community consensus before we can do this but nonetheless, we can do it once approved.
Thanks for your feedback. If you have follow-up feedback please don't hesitate to ping me. -- NKohli (WMF) (talk) 22:58, 24 June 2021 (UTC)Reply
Thanks for the response, NKohli (WMF). There was support for improved communication with IPv6 /64s in a Wishlist Survey item, the sole opposition being based on potential breakage due to IP masking. Certes (talk) 23:38, 24 June 2021 (UTC)Reply

Access Agreement - Age

[edit]

Johan, relating to a brief section back on the 26/27th October 2020, you concurred that a large number of our most active RCPers and counter-vandals were under-18. It is likely that a significant number of these would even be under 16. Would these groups still be fine to accept the agreement by ticking-in? Nosebagbear (talk) 23:41, 14 June 2021 (UTC)Reply

Putting this on the list of questions I'm forwarding to Legal. /Johan (WMF) (talk) 23:48, 14 June 2021 (UTC)Reply
@Johan (WMF), + this. A lot of young people may also fake their age in the form - it happens in a lot of documents. I believe that the age limit should be 13 and over wither than 18, as most of the vandal fighters that are competent are over 13, the legal age of majority. Aeschylus (talk) 16:07, 28 June 2021 (UTC)Reply
Not disagreeing, but just to point out that 'age of majority' isn't a clear-cut concept, and in any case varies by jurisdiction. --DoubleGrazing (talk) 10:55, 7 July 2021 (UTC)Reply
de:Volljährigkeit ist ein eher absurdes Kriterium in einem internationalen Zusammenhang. Welche Volljährigkeit? In welchem Land? Wenn das entsprechend der örtlichen Legislative gehandelt werden sollte, dürfen die IP gar nicht maskiert werden, weil dann nur so solche Berechtigungen vergeben werden können. Oder, wenn die Anonymität und Privatsphäre so wichtig wie proklamiert ist, kann es sowas nicht geben, weil niemand weiß wie alt das gegenüber ist und auch nicht wissen darf. Das kling hier mal wieder nach hohlem (US-)Anglozentrismus, also keinem irgendwie tragfähigem Konzept. Grüße vom Sänger ♫(Reden) 12:10, 7 July 2021 (UTC)Reply

Global contributions and other external tools

[edit]

The rough plan satisfies my concerns as far as counter-vandalism. Thank you! My only concern now is with external tools that we rely on. Stewards in particular use GUC and/or XTools to check for collateral damage when blocking an IP or range on a global level. I assume with IPs hidden except from privileged users, you will not be relaying this data to the Toolforge replicas? If you give us some identifier for an IP (such as a temporary account), such that we can query against it, that will suffice for single IPs, but we still need to query for IP ranges. If we can't find a way to do this without replicating the IP data, then we need a MediaWiki solution for global contributions. Stewards cannot be expected to check every wiki before globally blocking.

There may be other tools that are affected, but global contributions is the main one that comes to mind. And again, I think it's probably just IP ranges that are the main issue, as I assume we'll have an identifier for single IPs (whatever the non-privileged users see), and tools can be updated to use that. MusikAnimal talk 00:17, 15 June 2021 (UTC)Reply

Thanks! I don't think we've looked into this yet. /Johan (WMF) (talk) 10:24, 15 June 2021 (UTC)Reply

Will IP range block exemptions still be needed?

[edit]

Right now an IP range block by default blocks both unregistered and registered users. I can understand disallowing account creation from a particular IP range, but I've never understood why existing users that happen to be logging in from the blocked range (for example a cell phone network, or via a proxy when a country blocks access) are also blocked, and need to request an exemption from admins (if they even know that such a thing is possible). Will the new system fix this issue? ArthurPSmith (talk) 12:50, 15 June 2021 (UTC)Reply

I'm not seeing how it would - it's to shield IP addresses, but that wouldn't affect the underlying reasons for rangeblocks, hard blocks, and IPBE. To give an example reason for why a full hardblock (vs account creation block) can be used - it discourages creating gazillions of accounts and then going on a rage with them Nosebagbear (talk) 13:06, 15 June 2021 (UTC)Reply

Losing access to view IP addresses

[edit]

The page talks about being able to view IP addresses by opt-in, but traditionally we have a problem that rights are eternal. Perhaps this should get an auto expiry, where if you have NOT requested IP information for more than 6 months, you automatically lose the right. That's not something someone should run a bot for on each and every wiki if you ask me. —TheDJ (talkcontribs) 14:00, 15 June 2021 (UTC)Reply

Good point, like how we already sometimes treat some rights which have specific and potentially damaging accesses (like checkusers, for example), or how some wikis tend to re-elect most of the people with accesses that could be potentially damaging (admins, 'crats, checkusers, oversighters and so on) on a regular basis. For the opt-in case, you could also just opt in again if you need it. /Johan (WMF) (talk) 14:51, 15 June 2021 (UTC)Reply
Please note that there are plenty of people (like myself) who engage in anti-vandalism sporadically, and for various reasons (work, travel, etc.) often take hiatuses exceeding 6 months. Rabbitflyer (talk) 22:44, 31 August 2021 (UTC)Reply

500 edits one year

[edit]

The criteria of 500 edits and one year in a similar process to adminship is unbalanced. At least on the English language Wikipedia one year's tenure is about the minimum requirement for adminship, though 15 months is probably more common a criteria, whereas 500 edits, especially for a vandalfighter is nowhere close. We have non admin vandalfighters who can clock up 500 edits in a day, or less if they have Huggle or Igloo installed. We have had admins pass with little more than three thousand edits, but those tend to be time consuming edits that build the pedia. My suggestion is that the criteria would need to be the same as for EN:WP:Rollback, once someone has shown they are active in fighting vandalism we will need to get them this right as vandalfighting without it will be greatly undermined. WereSpielChequers (talk) 16:12, 15 June 2021 (UTC)Reply

WereSpielChequers: Thanks for the feedback. While there was some reasoning behind it (see my reply in Talk:IP Editing: Privacy Enhancement and Abuse Mitigation#Update: How masking could work, this was mainly to have a number to start the conversation – it's very much up for discussion. /Johan (WMF) (talk) 16:53, 15 June 2021 (UTC)Reply
There is a lot of admin work required to allocate a new userright. Things will go much more smoothly if this was available from the outset for everyone with either the admin or rollbacker right - on EN Rollback is a very common right for vandalfighters, if slightly obsolete. Pending changes reviewer would be another one where there was a logical fit. If we know that all rollbackers will have this right from the outset then those people who want the change to go smoothly can appoint a bunch of rollbackers in advance. Especially if we can get a list of people who have recently filed AIV reports and are neither admins nor rollbackers. WereSpielChequers (talk) 21:04, 15 June 2021 (UTC)Reply
There a couple of things I need to discuss with others to make sure I'm being honest with the communities when I reply to the various comments on this talk page about assigning these rights, just so you know why I'm replying to other things but not to them. /Johan (WMF) (talk) 20:48, 16 June 2021 (UTC)Reply
@Johan (WMF) and WereSpielChequers: my interpretation of where Johan would like the line to be drawn is a bit hazy (because 1 year/500 edits seems so weird, at least to en-wiki eyes), but assuming the two limits approach each other (time down, edits up) I would be thinking that it'd be higher than the somewhat de facto levels we use for PCR and potentially RB. On the flipside, rollback has been somewhat limited in criticality for a while now, and if this shared criteria it might be viable to propose slightly higher RB criteria Nosebagbear (talk) 21:21, 16 June 2021 (UTC)Reply
On further reflection, if anyone can see the warnings that a masked IP has received, and all the edits other than deleted ones, then I'm not sure if anyone other than admins and checkusers need know more. Admins can see any deleted edits they've made, and that might sometimes justify going to a block rather than a warning. The only reason I can see for wanting to know their real IP address is because an IP range block may be needed. But who gets involved in blocking or unblocking IP ranges? A minority of admins and I suspect checkusers. So is there anyone other than an admin who needs access to real IP? WereSpielChequers (talk) 09:22, 18 June 2021 (UTC)Reply
I also question why most/regular vandal fighters would even need to see IP addresses. In long-term abuse cases it might be enough if experienced users could see a part of the IP and maybe a rough geolocation, but in most vandalism cases even that information is not needed. kyykaarme (talk) 09:17, 29 June 2021 (UTC)Reply
@Kyykaarme: I think an issue with that is you're collating "most/regular vandal fighters" with "most/regular vandal fighter activity". You're absolutely right that the large majority (likely 95%+) of all counter-vandalism edits would not be hit by this, with a few more not being negatively hit were the proposal introduced. The issue is that we don't gather into convenient buckets who just do "regular CV work" and others who do work that necessistates access. Lots of individuals do a bit, and they all need access Nosebagbear (talk) 10:46, 29 June 2021 (UTC)Reply
That's a fair point, and I admit that I'm not familiar with the challenges of vandal fighting in enwiki. I spend most of my time in a midsize wiki where I don't foresee huge problems with IP masking, though I could be wrong in that. I was actually surprised of how easy it would be to get the IP access in the June proposal. A year might seem a long time to newbie editors, but it just means that someone has a hobby of editing a wiki, and it says nothing about who that person is or what their background is (or how old they really are, or what their intentions are). How it is then legally sound to give that person access to "restricted" information is something I don't quite understand. kyykaarme (talk) 14:42, 1 July 2021 (UTC)Reply
@Kyykaarme @Nosebagbear @WereSpielChequers Thanks for the great points, everyone. We have been talking to editors on several different projects and have noticed a similar sentiment - people from smaller projects are okay with IP Masking as they don't indulge in the more advanced vandal fighting workflows that people on larger projects do. -- NKohli (WMF) (talk) 21:11, 2 July 2021 (UTC)Reply

Talkpage for IP addresses

[edit]

Currently every IP editor automatically has a talkpage that can be used to communicate with them, warning vandals but also other communication. It isn't clear from this proposal how those talkpages will exist in the future. The obvious way to do it is to have a table of IP addresses and anonymised talkpages, with only Devs, Admins, Rollbackers and Patrollers having the access to know the link between the anonymised talkpage and the IP address. Of course if each time the same IP returned they were linked to the same anonymised talkpage, then much of our vandalfighting systems would still work. As long as you can check an IP users other edits and know that if you block them for the half dozen edits they have been warned for in the last few hours there are only one or two borderline edits rather than hundreds or thousands of good edits that could in theory come from an IP address that represents a whole university or country; you don't need to know what that address is, any more than most of us need the addresses of registered accounts. But everyone, not just experienced editors, needs to be able to say these two edits were made by the same IP address but these three were made by three different ones. WereSpielChequers (talk) 16:26, 15 June 2021 (UTC)Reply

The plan is to have a talk page connected to the masked ID that will be visible instead of how we show IPs today. I.e. not too different from today. /Johan (WMF) (talk) 16:55, 15 June 2021 (UTC)Reply
Thanks. In the transition, will old talkpages be transposed to the new system, or will all IP vandals be given a cleansheet? If the latter you are creating a lot of work for volunteers. WereSpielChequers (talk) 16:59, 15 June 2021 (UTC)Reply
We've talked about some sort of transition, to not wreak havoc, but how to best do this is one of the many questions we still have to figure out. I don't have a good answer for you yet (but we appreciate all feedback in this area, as well as other areas, of course). /Johan (WMF) (talk) 17:03, 15 June 2021 (UTC)Reply
It would be interesting to run an RFC on this, but I suspect that most of the benefit would come from transposing warnings from the last month or two along with recent short term blocks. An IP that was last blocked two months ago for 31 hours and hasn't been warned since in my view doesn't have to have the history transitioned - IPs that have longer term blocks are another matter. One of the biggies that would help make this a better system than we have now would be a "recently reverted ratio" displayed for admin to see. So an IP that's had 10 out of 12 edits reverted in the last month is a completely different kettle of fish to an IP that's had 100 out of 600 edits reverted in the last month - that's the sort of IP that represents a huge institution and potentially a lot of good edits. The other issue is open proxies, but I might start a new thread on that. WereSpielChequers (talk) 21:17, 15 June 2021 (UTC)Reply

Something to note on this same topic is that there are multiple templates (at least on enwiki) that put the IP address into the text of the IP talk page. For example, en:Template:Welcome-anon-unconstructive substs the IP address right into the first sentence. This brings up two issues for me:

  1. There are "things" across all projects (that template being one example) that pull the page title or the contributor's ID and assume it's an IP address; these will need to be adjusted to accommodate this change. Having seen the amount of ongoing work that's gone into changing "OTRS" to "VRTS" across the system over the last few months, this will not be a trivial undertaking. Depending on what each "thing" is, discussions and consensus could be needed, along with some level of technical expertise to implement any changes. In addition, things will undoubtedly be missed, and things will break.
  2. You can easily wind up with a situation where the user talk page for an anonymous user publicly "outs" their IP address, because the information was placed on the talk page prior to implementation and transition. (Or afterward, if a previously-mentioned "thing" somehow has access to that information and erroneously publishes it.)

Best regards, ‑‑ElHef (Meep?) 20:18, 25 June 2021 (UTC)Reply

Time to stop IP editing and require Login?

[edit]

Wouldn't it be simpler and easier to just require that all editing be logged in? I appreciate that we'd lose lots of new editors, especially the unknown but allegedly large proprtion who start with some IP edits before they create an account. And if it is true that vandals do the minimum necessary to commit vandalism, whereas new editors start with an IP edit but are then lured onto more, blocking IP editing will lose us a disproprtionate number of good edits and make some vandalism a little harder to find. However, simply disabling IP editing is a technically simple exercise if we take that option we should free up some IT resource to tackle our biggest problem - making the mobile interface editor friendly. Or alternatively go for the halfway house of adding a tablet view to the mobile view so we can give a bit more functionality to tablet users. WereSpielChequers (talk) 16:38, 15 June 2021 (UTC)Reply

There are a couple of conversations about this further up on this talk page, the latest one in Talk:IP Editing: Privacy Enhancement and Abuse Mitigation#This is incredibly shortsighted -- and not getting the attention it should get. I hope it can at least explain where we're coming from when we think that doing this the hard way is less disruptive in the long run. /Johan (WMF) (talk) 17:02, 15 June 2021 (UTC)Reply
I used to work in Data Protection. I'm very rusty, but I know enough not to be surprised that we are looking to go down this route. My slightly different take on this is that we already have huge barriers for new editors to overcome if they are from the Smartphone generation, so if the concern is about maintaining our recruitment of new editors, the answer lies in our ratio of readers to editors among PC, tablet and smartphone users. And when you look at our ethnicity skew, finding ways to make Wikipedia editable for people in those African countries that are mainly smartphone internet users is more important than recruiting more PC users. Also this isn't 2014 anymore, we aren't in some sort of death spiral, and if we did see a gentle drop in editing it could take a while for editing to drop back to 2014 levels. Plus we no longer think of the community as like some sort of internet game that has to replace its community every two or three years. We have lots of people, including most of our admins, who have been here well over a decade. Of course there is another option, Wikimedia is based in the US which has notoriously business friendly privacy laws. We could just selectively ban IP editing in countries where the Data Commissioners are getting concerned about the privacy side of IP addresses, those countries plus ones where we don't trust the governments not to track our editors. WereSpielChequers (talk) 22:51, 15 June 2021 (UTC)Reply
I'm not saying you're wrong – certainly mobile editing is crucial to us – but we don't think this is an either/or question. Our assumption is that this would also make it more difficult to recruit smartphone editors. But importantly, recruitment, trends and what role unregistered editing play differ a lot from wiki to wiki: as little as some like the idea of masked IPs, other Wikimedia communities would be incensed if we turned off IP editing. /Johan (WMF) (talk) 20:43, 16 June 2021 (UTC)Reply
Johan (WMF) Sorry for the belated reply. To some extent it is an either/or question. Programming time is limited, and if we did something simple with IP editing such as switching it off, that would mean more time was available to improve mobile editing - even if all we did was add a tablet platform to our mobile and PC platforms with a slightly more editor friendly approach and some of the talkpages etc that are lost to mobile users. Plus if this is ultimately an EU privacy issue, why not block IP editing in EU countries but leave IP editing untouched for IP addresses that geolocate to Africa, Asia the Americas? WereSpielChequers (talk) 11:44, 5 July 2021 (UTC)Reply
WereSpielChequers: I've asked Legal to comment on this specifically in their update. /Johan (WMF) (talk) 12:07, 5 July 2021 (UTC)Reply
Thanks Johan. I look forward to that. WereSpielChequers (talk) 19:50, 5 July 2021 (UTC)Reply
WereSpielChequers, I've been wondering whether we could require IPs to request permission to edit as a specific IP. Maybe even have the permission given by bot, so that it could be nearly immediate, but it would slow the process by a single step for each IP which would mean those with dynamic IPs would have to jump through that hoop every time they opened an editing session, which might make those with dynamic IPs more likely to register an account. It's the dynamic IPs that are really the problem. Valereee (talk) 14:06, 4 July 2021 (UTC)Reply
Are you sure you mean IPs or IP editors? There could be a huge difference especially where we have one IP address for an entire country. I quite like the idea of a cookie based system, you click "I'd like an edit cookie on my machine" and we place a cookie on their machine, and that cookie is subsequently recognised and creates a pseudo identity that the editor can turn into an account. Or we can block if need be. WereSpielChequers (talk) 11:35, 5 July 2021 (UTC)Reply
WereSpielChequers Nice idea, very nice, but even CUs are not allowed to know much more than machine type, user agent, and vague IP geolocation. A cookie would be going a step further - it would certainly identify the mobile device once and for all, but what with the furore over GDPR it's probably unlikely to pass. If they are going to be asked to accept a cookie, they might just as well be asked to register - or go away. Kudpung (talk) 11:48, 5 July 2021 (UTC)Reply
WereSpielChequers, I guess I mean IP editors, yes, although I can't say I'm all that clear on the distinction other than that some IP editors are using dynamic IPs. I had no idea there were countries with a single IP. So whatever I'm saying that's stupid, please make the assumption that you know what I mean better than I do. :) Kudpung, your proposal is acceptable. :) I've had the bizarre experience of trying to deal with meatpuppets from some Hong Kong subreddit (or whatever HKers use) who were all either using dynamic IPs or were moving around so they bounced from IP to IP, and who were refusing to register because of paranoia over China tracking their edits. It was incredibly difficult to deal with. Went on for weeks. We had to semi a couple of talk pages because of the extreme disruptiveness of it. I don't know how we're going to deal with the combination of dynamic IPs plus mobile editing if we don't start requiring something that restricts the ability to edit articles somehow. Valereee (talk) 18:55, 5 July 2021 (UTC)Reply
Hi Valereee. The IP editors are the human beings who edit via IP addresses. Sometimes you get IP addresses that are being shared by a company, library or in one case one of the Gulf states - potentially there could be many IP editors sharing the one IP address. A decade or so back my cable company briefly introduced some censoring software that had the side effect of chenneling all their residential customers through one IP address. You also get IP editors who hop between IP addresses, either deliberately or as a side effect of mobile editing. WereSpielChequers (talk) 19:50, 5 July 2021 (UTC)Reply

What happens to existing IP addresses on edit history and talkpages?

[edit]

What happens to all the IP addresses logged in article history and talkpages? If we continue to have IP editing we need a bridge between the existing system and the replacement, otherwise all warning logs are reset to zero - creating a lot of work for vandalfighters. There's also an issue of attribution. We have hundreds of millions of edits where IP contributors have licensed their edits cc-BY-SA with their IP address as attribution. So if we are going to keep those edits and not revert them, we are obliged to keep the IP addresses in such a way as to give atribution. WereSpielChequers (talk) 16:46, 15 June 2021 (UTC)Reply

Existing IPs will not be masked. /Johan (WMF) (talk) 17:36, 15 June 2021 (UTC)Reply
That surprises me. If we have to treat IP addresses as personal data then we already have a lot of it, with a data retention poicy of keeping it all for ever. Are you sure the lawyers are cool with that? WereSpielChequers (talk) 22:55, 15 June 2021 (UTC)Reply
We have talked about it, so I would be very surprised to be mistaken, but I'm sure Legal will correct me if I'm wrong. /Johan (WMF) (talk) 20:45, 16 June 2021 (UTC)Reply

Handling attribution for future IP address edits

[edit]

If we are going to keep IP editing, my preference is to have their future edits default to CC-SA - at least to the extent that attribution rights are waved by IP editors (if you want attribution of your edits create an account and log in). But if not, you have to create some alternative to an IP address, either that or some legal formula such as these edits are CC-BY-SA but the editor has not given an identity that needs to be attributed. It isn't clear to me how either the current procedures or the new proposal fit our copyright licencing WereSpielChequers (talk) 16:56, 15 June 2021 (UTC)Reply

My understanding is that the mask would count as much as an identifier as e.g. a shared IP would for copyright reasons today, but I'm forwarding this to the Legal Department so they can confirm that this won't be an issue. /Johan (WMF) (talk) 17:08, 15 June 2021 (UTC)Reply

One-page summary for non-English projects

[edit]

I have been following this discussion with great interest, even if with moderate difficulties due to the level of technical English used both at the main page and the talkpage. Would it possible to provide a one-page executive summary of the latest development(s), written in plain English and fair to translate, for the sake of (obviously non-English) projects that will be greatly impacted by this proposal but is underrepresented throughout the consultation? dwadieff 17:36, 15 June 2021 (UTC)Reply

Yes, absolutely. Thank you for the suggestion. /Johan (WMF) (talk) 17:54, 15 June 2021 (UTC)Reply

Open Proxies

[edit]

We currently block millions of IP addresses as "en:Wikipedia:Open proxies", at least we do on EN, I don't know about other projects. Will this continue in the new era, and how will it be affected by masking of IPs? WereSpielChequers (talk) 10:08, 16 June 2021 (UTC)Reply

Thanks for the question. See #Regardless of masking we still need to be able to block IPs and have it stick – we're hoping to build proxy detection into tools we're developing. /Johan (WMF) (talk) 20:35, 16 June 2021 (UTC)Reply
Johan (WMF), one important distinction for proxies and datacenter-type IPs is that we block those proactively rather than reactively, so in order to keep doing what we're doing we will need some way to block a specific IP or IP range, whether or not we can resolve that IP/range to anonymous IDs. I suspect that checkusers will have the same need. GeneralNotability (talk) 02:20, 17 June 2021 (UTC)Reply
GeneralNotability: Ah, sorry, to be more clear: We are not intending to make changes to the possibility of blocking IPs. That would definitely cause a lot of unwanted disruption. /Johan (WMF) (talk) 03:17, 17 June 2021 (UTC)Reply
Johan (WMF), all right, I wasn't certain one way or the other whether that would change - thank you for clarifying! GeneralNotability (talk) 12:51, 17 June 2021 (UTC)Reply
Happy you're asking – that way we can clarify for everyone else too. /Johan (WMF) (talk) 14:50, 17 June 2021 (UTC)Reply

Transparency

[edit]

Lots of projects such as the CongressEdits project use IP addresses to check when powerful groups are editing wikipedia. If you need to have near - checkuser level privileges to view edits by IP, the transparency of edits is dramatically diminished! This proposal seems like it's great for all the political hacks and interns who want to puff up some article without needing to register for an account and become unambigously traceable there.

I for one, strongly oppose this proposal 69.172.145.94 21:10, 18 June 2021 (UTC)Reply

IP editor, depending on exactly what gets exposed to the average user, you probably will not need "checkuser level privileges" - the en:WHOIS information for this Congressional IP, for example, specifically mentions that it's a Congressional IP in the fields that would normally have the name of the ISP. The mockup they presented for the "partial info" view contained the ISP. I concede that we would lose the nice tagging we get from filter 958 though. GeneralNotability (talk) 01:52, 19 June 2021 (UTC)Reply
Speaking of AbuseFilter - NKohli (WMF), I don't see any mention of that on the main page; has any thought been put into how the technical details of IP-hiding will interact with the abuse filter? The ip_in_range function is used in a decent number of LTA-focused enwiki filters. Personally, I'd recommend keeping it and requiring that any filter dealing with IPs be private - for enwiki, at least, the rights that let you view private filters and their hits (edit filter helpers, edit filter managers, and admin) all involve a good deal of vetting, and EFH/EFM for non-admins in particular is quite rare and only given to very trusted editors. GeneralNotability (talk) 01:59, 19 June 2021 (UTC)Reply
@GeneralNotability:, I thought that this would be hidden to users, per the presented mockup - only information such as number of users and overall type of place is provided. Nothing about location or organization or ISP is provided AFAIK. 69.172.145.94 21:30, 22 June 2021 (UTC)Reply
See the IP Editing: Privacy Enhancement and Abuse Mitigation/IP Info feature. /Johan (WMF) (talk) 21:33, 22 June 2021 (UTC)Reply
To qoute the page,
Information and Rights
Information User rights level
Location Admin/CheckUser
ASN Admin/CheckUser
Organization Admin/CheckUser

As seen here, you need CheckUser powers to see critical information like the ISP, Organization and Location. This information is crucial for detecting edits by organizations. BrxBrx (talk) 23:01, 22 June 2021 (UTC)Reply

Ah, sorry, I think I misunderstood the question. But to make this a bit more clear: admin/checkuser doesn't mean "the individual editor must be admin and checkuser", it means all admins. That can probably be clarified. /Johan (WMF) (talk) 23:42, 23 June 2021 (UTC)Reply
Even so, Admin is quite a high level of trust, much higher than needs be for simple information like rough location, organization and ASN? BrxBrx (talk) 02:48, 25 June 2021 (UTC)Reply
Am I confused or does that table not contradict the June update, in which it was suggested that editors with a 1 year experience and 500 edits could be given full access to IP addresses? kyykaarme (talk) 11:18, 26 June 2021 (UTC)Reply
kyykaarme: Let me clarify! The point was that admins would get access, but also give users who are active in this space but have no desire to be admins the necessary tools, or a solution for communities who have put a very high bar for adminship. However, we need some sort of requirements for this group, so that we can show that the IPs aren't available to just about everyone. /Johan (WMF) (talk) 10:35, 28 June 2021 (UTC)Reply
@Johan (WMF): "so that we can show" – to whom? Who is the entity to which you have to prove compliance with some requirements? — Chrisahn (talk) 14:05, 28 June 2021 (UTC)Reply
I hope this will be at least somewhat more clear, if not entirely so, with the coming legal update. /Johan (WMF) (talk) 11:34, 5 July 2021 (UTC)Reply
@Johan (WMF):, you (and with 'you' I mean the entire WMF) have no idea at all what the creation of a new user group entails on en.Wiki - with all the pros and contras. Nor do you know how high the bar is for adminship - and as far as I recall since I started the biggest local research of its kind in 2011, it is not a research the WMF has ever done. A couple of years ago after first going through a string of the obligatory RFC, I created a new user group in an endeavour to improve the quality of patrolling new pages. In next to no time, around 700 or so users had jostled for the advanced user right. The fact is however, the hundreds of daily New Page Reviews are being done by less than 10% of that number, and the backlog is ridiculously high even if it is is somewhat lower than it used to be. I assume, rightly or wrongly, that many of them were simply hat collectors, while others found the task too challenging and/or thankless. Worse still, an alarming number of them have been caught out using the privilege for Black Hat purposes - there's a corrupt cop in every police station. Kudpung (talk) 02:00, 5 July 2021 (UTC)Reply

Enough is enough

[edit]

Firstly, on this page, WMF have been manifestly unfair to their legal team. That may have been without intent, but it is still the case, since attorney-client privilege prohibits the legal team from being able to respond. (Alternatively, their legal team may have said "Hey, make us the bad guys!") So every time that we see a response like Putting this on the list of questions I'm forwarding to Legal. from Johan (WMF), this is essentially sending the question down a black hole. Legal cannot ethically respond; that could literally be a breach of confidentiality that could lead to them being disbarred.

However, attorney-client privilege does not apply to the client, in this case the WMF. They can either permit Legal to respond to things, or do so themselves. So these questions are explicitly and absolutely not intended for a "we forwarded these to Legal" response, as that is by definition a black hole. Rather, I would like a direct response from the current head of the WMF (in the absence of an ED) to each and every one, since they can if they wish answer them, as the client in the attorney-client relationship. I would of course prefer a direct answer to each one (and to a "yes" or "no" question, that would at least start with "yes" or "no"), but at the very minimum, if the answer is "We aren't going to tell you", I would like them to give that response directly and own that. In that instance, they could, as the client, respond, and are choosing not to do so. In no instance should the response be "We can't tell you". You are not bound by professional ethics not to, so yes, you could. If you are choosing not to, say "We won't tell you", not "We can't tell you". You could if you chose to.

For clarity's sake, if the individual reading these questions does not have the authority to answer them, please bump them up to any individual in the WMF who does have the authority to directly address them up to and including the acting ED rather than giving any blowoff yourself.

Questions are as follows:

  1. If not showing IP addresses to the general public was a legal requirement, why was this only stated as such after the community clearly opposed this proposal?
  2. Does showing IP addresses to the general public violate the black-letter law in any jurisdiction in which the WMF is subject to the laws of?
    1. If so, which jurisdiction?
    2. If so, which law(s)?
    3. If so, why hasn't IP editing been disabled while this is in process?
    4. If so, why can we still show old IPs?
  3. Does showing IP addresses to the general public violate the interpretation of law in any jurisdiction in which the WMF is subject to the laws of?
    1. If so, which jurisdiction?
    2. If so, which law(s) (has|have) been interpreted that way?
    3. If so, where can that interpretation be found?
    4. If so, is that interpretation final or still subject to appeal?
    5. If so above, why isn't the WMF appealing?
    6. If so, why hasn't IP editing been disabled while this is in process?
  4. Does showing IP addresses to the general public violate the potential interpretation of law in any jurisdiction in which the WMF is subject to the laws of?
    1. If so, which jurisdiction?
    2. If so, which law(s) could be interpreted that way?
    3. If so, how likely is such an interpretation?
    4. If so, why hasn't IP editing been disabled while this is in process?
  5. Does showing IP addresses to the general public violate the WMF's internal policies or requirements?
    1. If so, why are changes to those internal policies or requirements not being considered as a valid response to community consensus against the masking proposal?
  6. Does showing IP addresses to the general public only violate "general expectations" of Internet users?
    1. If so, why is this being treated as a legal requirement?

Enough is enough. It is time to be clear about exactly what these "legal" requirements are here, because to be quite honest, it at this point seems to be a fig leaf over yet one more instance of "We're doing this whether you like it or not." The community opposed this proposal, and all of a sudden got "Oh it's a LEGAL requirement! But it doesn't break any laws..." (see Q: Is this project the result of a particular law being passed? A: No. Data privacy standards are evolving in many countries and regions around the world, along with user expectations., which leads back to the core question: Is this actually legally REQUIRED, or are there internal standards WMF could amend? It's past time we got an actual answer to that, because I strongly suspect the answer is the second, and you know we'll ask you to do it if that's possible. So time to actually give us the details. Seraphimblade (talk) 05:58, 19 June 2021 (UTC)Reply

It seems like the WMF already did answer it (in the FAQ you quote); the stance seems to be that it doesn't violate any law, but user expectations are changing, and publicly showing entire IPs isn't tenable. (I agree.) Ensuring editor privacy is a reasonable responsibility for the Foundation. Perhaps you'd never get consensus for people to change their workflows voluntarily, so the change would never happen any other way, but that doesn't mean the change isn't the right thing to do. ProcrastinatingReader (talk) 22:10, 20 June 2021 (UTC)Reply
While that may hold up Proc, it doesn't explain the abysmal level of communications and clarity from WMF Legal in the process, with currently just shy of 4 months since a number of questions, including meta-oriented questions that wouldn't be tied to a need to potentially admit liability to anything, were asked. That includes even failing to state specific questions they would not be answering.
We have two primary WMF stakeholders, and the tech team, as indicated by the major improvements in the June 10th update, are engaging nicely. Legal, however, are giving an example of how it's not done. Nosebagbear (talk) 00:58, 21 June 2021 (UTC)Reply
ProcrastinatingReader, well, that's the reason for these questions. If your conjecture is true, this is not actually a legal requirement, and quite frankly if that is so we are being lied to. If we don't want the change, and it is not literally legally mandated, the WMF shouldn't be cramming it down our throats. If it is legally mandated, then the question remains—by what law? If it's only required because of WMF internal policies, and we don't want the change, the answer is "Amend those policies". We already set expectations clearly by displaying to anonymous editors a prominent notice that their contributions will be associated with their IP, and that they may create an account to avoid that, so for them to say "I didn't expect exactly what it told me would happen to actually happen!" would be more than a bit ludicrous. Seraphimblade (talk) 13:46, 21 June 2021 (UTC)Reply
I don't know if a "prominent notice" disclaimer is a legitimate way to disavow all responsibility. If it were, then (for example) surely you could do whatever you want with user data so long as you 'disclosed' it in a long legalese privacy policy that nobody reads. Of course, the GDPR put restrictions on processing such that some things are now unacceptable regardless of what a company's TOS says, for example opt-out marketing emails. But all those didn't suddenly go from ethical to unethical in 2018 (when the GDPR came into force). In a similar manner, much of Google's data processing is criticised but appears to be legal, but it'd be difficult to say Google is a more responsible processor than, say, DuckDuckGo.
The point being that doing the bare minimum required by law isn't really the goal to strive for. Account and user privacy is primarily the WMF's responsibility. Publicly showing the IP address (and all info that entails) of all users, even if they just want to add a comma, is not a reasonable thing to do in 2021. ProcrastinatingReader (talk) 16:58, 22 June 2021 (UTC)Reply
Re. you could do whatever you want with user data so long as you 'disclosed' it in a long legalese privacy policy that nobody reads — isn't that exactly what Facebook and their ilk do? If, dear reader, your instinctual reaction is “but we don't want to be like FB”, well we do at least have a prominent notice which has saved me many times from editing logged-out. Pelagic (talk) 12:31, 1 July 2021 (UTC)Reply
It is, and Facebook is heavily criticised for their attitudes towards data protection, including multiple parliamentary inquiries and EU investigations with
fines[1][2]. Doing 'better than Facebook', or simply evading a fine, is not the bar we should set for ourselves. ProcrastinatingReader (talk) 02:00, 4 July 2021 (UTC)Reply
We're aiming for an update from the Wikimedia Foundation Legal department next week. I'm sure there are will still be things they won't be able to address, but it should contain more information than what's available on the page now. /Johan (WMF) (talk) 00:09, 22 June 2021 (UTC)Reply
Hi @Johan (WMF):, good to hear. As, by including Blablubbs', my own, and Seraphim's above, there's about 30 questions pending (with some, but not a staggering amount of overlap), could you pass on a request to quote and note questions that they specifically refuse to answer. This will help filter going forwards, especially knowing any questions which were missed, which need followups on, and which ones would not be practicable to pursue further (but should be noted as excluded knowledge) Nosebagbear (talk) 13:00, 22 June 2021 (UTC)Reply
I'll pass on the request that they explain what they won't be able to address. /Johan (WMF) (talk) 13:28, 22 June 2021 (UTC)Reply
Johan (WMF), it seems that "next week" has come, and "next week" has gone. What are you "aiming for" at this point? Seraphimblade (talk) 01:22, 3 July 2021 (UTC)Reply
Particularly a concern since the WMF is on general leave next week, so presumably won't be able to respond at that point Nosebagbear (talk) 11:09, 3 July 2021 (UTC)Reply
"next week" has come, and "next week" has gone. Wikipedia editing and reading is 24/7 - in the US and worldwide. Imagine a world where all the volunteer admins, vandalism, New Page, AfC, Pending Changes, and other edit quality patrollers went on leave for a week... Kudpung (talk) 01:18, 5 July 2021 (UTC)Reply
In case anyone reading this is worried about what would happen in case the servers go down, if there's an attack or anything like that: a few of teams on the Foundation are always working, making sure there's coverage on general leave, holidays and so on, those who have to monitor what's happening and immediately act in a crisis. (For others, it might help if time off from work is somewhat concentrated, e.g. so that development isn't hindered by someone on the team being away for unnecessarily long time.) /Johan (WMF) (talk) 14:50, 5 July 2021 (UTC)Reply
My apologies, Seraphimblade. We got stuck trying to clarify some details between the technical team and the Legal department and I was so certain I had said "next couple of weeks". (We were aiming for Wednesday last week, but I thought it was an internal deadline, not something I had said on-wiki, even hedging with "aiming for" knowing that something like this might happen.) The lack of update about this being delayed is entirely my fault, sorry.
There's a tentative date to post this next week in my calendar. I see no reason to believe that wouldn't be correct. /Johan (WMF) (talk) 10:48, 5 July 2021 (UTC)Reply
(As Nosebagbear notes, we'll be slower to respond in general for a few days. /Johan (WMF) (talk) 10:49, 5 July 2021 (UTC))Reply

How is this being proposed unilaterally?

[edit]

Is the WMF completely disconnected from the community? Blocking IPs is listed as a perennial failed proposal, for good reasons. As for this particular proposal, dealing with vandals and disruptive IPs is already hard enough when the IP is immediately visible. Given the absolute dearth of convincing legal arguments, I fail to see what this is achieving, beyond further alienating the WMF from a significant proportion of its community. The most important persons on Wikipedia and related projects are not the WMF or administrators or functionaries. The most important persons are editors.

Given that a significant proportion of IP edits seem legitimate, given that this will have absolutely no effect beyond making dealing with dedicated vandals more difficult, given that a significant proportion of the community seems opposed to this, given that the WMF has no legitimate authority or reason to impose top-down on the community which is responsible for its success, the only response I would expect from the WMF, in light of the opposition on this talk page, is to shed this proposal into the garbage bin of history, and not come back to it. RandomCanadian (talk) 19:15, 21 June 2021 (UTC)Reply

RandomCanadian: Of course the Wikimedia projects are run by the editors, and we really do not want to cause more issues for them, which is why this is long-term project, why we're trying to build tools to offset the issues this will cause and so on. But this isn't something we're working on because the Foundation one day decided that, ah, this probably is a good idea, or because we decided that we know better how to handle unregistered editing. We knew it would cause problems. We knew it would be impopular. We knew it would interfere with one of the processes we really do not want to interfere with.
But we're doing it because the Legal department looked at what's been happening with privacy norms and regulations and came to the conclusion that this is something we have to do. While I absolutely do not want to tell the communities how to run vandal fighting, which they are far better equipped than anyone else, the Foundation has legal responsibilities towards the information we're collecting. And legal decisions have not been decided by consensus even in the Wikimedia movement. The status quo – doing what we've been doing and the external world treating it like it has for the past twenty years or so – isn't an option we have been given. /Johan (WMF) (talk) 19:43, 21 June 2021 (UTC)Reply
@Johan (WMF): Thanks for your reply. I don't see any definitive arguments being given in response to the detailed interrogations in #Enough_is_enough. Is the status quo currently breaching any laws, or not? If yes, please state it so clearly. If not, I understand that we don't want to be reactive, but if there's no evidence of a problem, and if there's no evidence that there will be a problem in the short-to-moderate-term future, don't I don't see what exactly is the point of all of this. RandomCanadian (talk) 19:57, 21 June 2021 (UTC)Reply
Thanks, RandomCanadian. The legal team will post an update soon, which should contain a bit more information than what's currently available. In the meanwhile, we appreciate everyone who is pointing out the issues they foresee, so that we can do our best to mitigate said problems. /Johan (WMF) (talk) 20:23, 21 June 2021 (UTC)Reply
I think, the legal team will never right out admit publicly that something the WMF is currently doing is illegal and for good reason. Doing so could be used against them in court in current or future proceedings. --Count Count (talk) 04:39, 23 June 2021 (UTC)Reply
There are really only two major changes in data protection law in significant jurisdictions in the past few years: the GDPR and the CCPA. Both laws are public and not too complex so one can take their own interpretation, but it's difficult to say that it's actually illegal to publish IPs with consent (I suppose the authorities enforcing the laws could've contacted the WMF with a different interpretation, but that seems far-fetched). There are some other questionable aspects of the WMF's compliance with the data protection laws, though. For example, while the WMF is exempt from COPPA, it doesn't appear to be exempt from Article 8 of the GDPR on the processing of childrens' personal information, and there are no clauses in the WMF's privacy policy relating to this. The handling of personal data by community members (ie CUOS/ArbCom) is also questionable, and the accountability mechanisms (ie the Ombuds Commission) are practically non-existent. I think WMF Legal should put these issues on their agenda while they're at it. ProcrastinatingReader (talk) 18:29, 23 June 2021 (UTC)Reply
It is my understanding that it is an open question if publication and long-term storage of IP addresses associated with edits is legal under the GDPR even if the user agrees to it. For example it is clear that IP addresses are personal data and article 5.1(c) of the GDPR requires that the data collected, stored and processed has to be "limited to what is necessary in relation to the purposes for which they are processed". I think it would be hard for the foundation to argue that storing and publishing full IP addresses of every edit forever is necessary. --Count Count (talk) 05:04, 24 June 2021 (UTC)Reply
I totally agree with RandomCanadian. As someone who does do a little bit of x-wiki stuff, checking their cross wiki stuff is already hard enough, to the point where I don't do much x-wiki vandal patrolling and just not being able to see the IP? Oh my, but surely this needs to wait a year or two (until some accounts are one year old, because I myself was stupid and edited for an IP for 9 months, and there's some other new account vandal fighters on the english wikipedia). Creating an account only takes like 40 seconds, and they get a clear warning when they're about edit as an IP. SHB2000 (talk | contibs | en.wikivoyage | w:User:SHB2000) 22:39, 23 June 2021 (UTC)Reply
@SHB2000: I edited as an IP for years, so feel the "stupid" bit a little. I didn't envision the cross-wiki angle, but it's a valid one. I also note that this can cause difficulties even in non-vandal fighting (ex. talk page discussions). Long, similar IPv6s can already be hard enough to distinguish as is. RandomCanadian (talk) 22:45, 23 June 2021 (UTC)Reply
The only thing I find useful about this is when my neighbour's immature teenagers choose to vandalise wikipedia by using their neighbourhood's IP addresses. (so it's not just me affected). But apart from that, there's more a downside than an upside. SHB2000 (talk | contibs | en.wikivoyage | w:User:SHB2000) 22:47, 23 June 2021 (UTC)Reply
Hey, thanks for the feedback! I'd be very surprised if we couldn't come up with masks that would be easier to read, not more difficult, than IPv6 addresses. To clarify, there will still be an identity. It just won't be the IP. /Johan (WMF) (talk) 23:38, 23 June 2021 (UTC)Reply

We are clearly going to need an RFC on whether the community is going to prohibit masked edits. Staff on this project have been well aware of heavy opposition to masked editing from the beginning, and they should full well have known that this all of this work would likely be rejected and wasted. I find it endlessly frustrating that the Foundation shows no respect for the community, that it is consistently unwilling or unable to constructively discuss such issues with the community, and that it keeps flushing so much labor and money down the toilet on a stream of projects that either cannot be deployed or which are deployed&reversed.

The Foundation can block plain IP edits if that is what it chooses to do, but we can block masked edits if that is what we choose to do. Alsee (talk) 00:16, 27 June 2021 (UTC)Reply

@Alsee: it will likely be "lots of RfCs", as different local communities are going to come down on it in different ways. I don't know if Johan has been reading the en:WP:VPW thread on it, but the the en-wiki Community is clearly leaning that way, though with far fewer participants (many of whom clearly haven't read everything) than the ultimate discussion will have. Because editors don't do all things, I don't know if even amazing tools in one area can compensate for major irksomeness in this area, as appears to be the hoped for effect.
Currently, I'd be inclined to encourage a version of ACTRIAL by enwiki: we give it 3 months after masking is switched on. And if there's any net loss (whether in time or effectiveness) to our efficiency in combatting problematic editors, we block IP editors. Nosebagbear (talk) 00:23, 27 June 2021 (UTC)Reply
Thanks, folks. The resources spent here is no trifle matter, of course, and a relevant concern. But we've had a number of local conversations around different wikis, and there's no unified community reaction to this. My home wiki, for example, has already discussed "do we want to disallow unregistered editing in the face of IP masking?" and decided that, no, we want it to continue. Some other Wikimedia wikis are heavily dependent on IP editing. A good number of editors we have interacted with from English Wikipedia are concerned and we really want to address those concerns, but even should English Wikipedia, for example, eventually be unimpressed by our solutions, this is still something we'd have invested in. But as Nosebagbear is saying, my recommendation would be not to try to form an opinon now with the plans and tools not even fully formed or developed. This is not being turned on next week, or month. /Johan (WMF) (talk) 11:09, 28 June 2021 (UTC)Reply
+ this. The WMF is not really using direct force to do so anymore, though. They are subtly manipulating in their speeches, and are trying to do what they want, disguising it an a "problem". If they want us to be good, whey need to accurately describe the issue, rather than just saying "our legal team requires wo do this". Aeschylus (talk) 20:44, 27 June 2021 (UTC)Reply

This is not going the right way

[edit]

This is not going the right way. There is already a warning to unregistered users. Why ruin anonymous editing? It already gives a clear, bold label stating that their IP addresses will be shown. What's even more, registered users can ask for their IP edits to be suppressed (username only). This is not a good idea, as we will never know what vandals are doing and where they are originating from. What's even worse, forcing of hundreds, potentially thousands, of fairly inexperienced 1-yr old users to sign a form to see IPs is a very poor idea. Vandals and bad-faith users can easily make sleeper accounts and wait the 1-year out, making 500 minor edits. If no one can see IPs, how will we know who is who and what they are up to? Most of the long-term vandals hop proxies, and don't care for their anonymity. If this occurs, a lot of vandal fighters (including me) will likely retire or lose interest. This proposal would likely cause great uproar. This reminds me of Napoleon in Animal Farm. Under the guise of it being required, the ruling authority (in this case, the WMF) gradually deviated more and more from the community under the guise of it being "required" and there being a serious problem that desperately needs to be fixed. We need to know what the exact issue is. Aeschylus (talk) 20:36, 27 June 2021 (UTC)Reply

Hi Aeschylus, thanks for the comment. The Legal department will have a new statement in a couple of weeks. They'll explain some things and talk a bit more about why they can't explain everything in detail, but the point is that the status quo, keeping way the things they are and having the external world react to it the same way they did ten years ago, isn't an option we've been given. Privacy norms have changed, and regulations with them.
Our intention is to give vandal fighters the access they need to the IPs, and the timeframe suggested was just a discussion starter, not what we'll end up with. I do hope you won't lose interest. I'm trying to be as non-Orwellian as I can, but let me assure you that the Foundation has absolutely nothing to gain from doing this for no good reason, or from making vandal-fighting more difficult than we're forced to. If you have problems you think haven't been raised yet, I'd love to hear your specific concerns, to see if there's anything we can do to make sure this doesn't cause extra problems for you. /Johan (WMF) (talk) 11:47, 28 June 2021 (UTC)Reply
@Johan (WMF), okay, but then we will need to geolocate in some cases. How to we know if it is a proxy (which can be blocked anytime), or a colocation host, or a paid editing farm? Knowing paid editing requires geolocation of many cases. Aeschylus (talk) 13:43, 28 June 2021 (UTC)Reply
Aeschylus: We do! People who are active vandal fighters will typically have access to the full IP, just like today. We're also working on helping with location, proxy detection and other features through IP Editing: Privacy Enhancement and Abuse Mitigation/IP Info feature, but that is in addition to this, to surface information that's important in this work in easier ways than what's available today. I'm not sure I'm addressing your concerns. Could you give me an example of a situation where you're worried about the lack of access to information which could cause problems, so I can give you a better answer? /Johan (WMF) (talk) 15:42, 28 June 2021 (UTC)Reply
@Johan (WMF), so once, there was a politician in India named Juned Patel who was being promoted by socks. Some of the socks were IP addresses. To formulate a rangeblock, we needed to see where they geolocated and the possible damage to good-faith users (collateral damage). Aeschylus (talk) 16:04, 28 June 2021 (UTC)Reply
Thanks! Anyone doing a rangeblock (or any kind of block) will be able to opt in to see IPs of unregistered accounts, so this would absolutely not have to go to the checkusers or anything like that. And we're working to find the best way to add the non-admin vandal fighters who could have helped track the IPs as well (thanks everyone for your feedback so far). I'm hoping this situation would work out in pretty much exactly the same way. /Johan (WMF) (talk) 16:10, 28 June 2021 (UTC)Reply
@Johan (WMF): "isn't an option we've been given" – by whom? These words (that you've used multiple times on this page) sound like some powerful entity is giving the WMF "options" (maybe "orders" would be a more appropriate word). If that is the case, we can't let them get away with it. The WMF can't just say "well, we've been told to do this, but we've also been told not to tell you by whom". — Chrisahn (talk) 13:55, 28 June 2021 (UTC)Reply
Chrisahn: I'm told this by the Wikimedia Foundation Legal department, who have been analysing the situation. They will give a more detailed update soon, although there's a fair risk they won't be able to explain everything to everyone's satisfaction. But they will talk about why that's the case, too. /Johan (WMF) (talk) 15:42, 28 June 2021 (UTC)Reply
@Johan (WMF): Who is the "we" in "an option we've been given"? I thought it was the WMF as a whole, but your answer sounds like the "we" might be certain department(s) within the the WMF. Maybe the Legal department gave certain options to other department(s)? Could you clarify a bit further? Thanks! — Chrisahn (talk) 16:00, 28 June 2021 (UTC)Reply
Chrisahn: I'd be happy to! When I say "we", I generally refer to us, as the Wikimedia movement, who have to adapt. The Foundation that has to build the tools, the communities who see their workflows disrupted. I try to avoid getting too much into the internal workings of the Foundation here, because I don't think people should have to understand that to take part of the conversation, but I'll to ty explain. From the Foundation side, there are basically two main parts: the Legal department, who have analysed the situation and come to the conclusion that IPs can't continue to be published, and the Product department, which is tasked with implementing this: finding the best way of masking/unmasking, build tools to try to make handling vandalism and harassment easier and so on. The people in charge of this page and this project are coming from the product side, trying to do what we can to arm the communities with the information and tools they will need within the limits we have, with great help from all the feedback we're getting. The decision to work on masking has been informed by Research:Value of IP Editing and IP Editing: Privacy Enhancement and Abuse Mitigation/Research, as well as conversations with communities who find unregistered editing crucial. If the Product department has an idea we think will be helpful for some reason, that idea can be debated and changed; if the Legal department says that we have to do something, that's something that has do be done. So implementation is very much based on conversations here. As for more information from the Legal department, they will share as much as they can, although it might not satisfy the level of detail some wanted. Expect that update fairly soon. Does that answer your questions for the time being? /Johan (WMF) (talk) 16:50, 28 June 2021 (UTC)Reply

On the chosen scope and existing issues

[edit]

While, in principle, the goals (retain IP editing but protect IP privacy) and the rationale (IP editing became legally murky, but some will not be happy about it going off completely) are both understandable, I cannot shake away the feeling that it is a great shame that such great resources are spent and will be spent on this amount of technical over-engineering and not simpler solutions that will make the registration process itself more appealing and usable for IP editors. It has been known for 14 years that our captcha system makes it impossible for blind users across the projects to register an account, in direct violation of multiple accessibility laws in US, Western Europe and elsewhere. That is not getting fixed instead of this. We are not getting more action towards making our registration process simpler, either (such as, for example, adding email-only registration, improving UI/UX of the form again, etc.), or even any action for making the call for registration to be more urgent for existing IP users (on desktop it is still a small line with an icon that informs someone that they will share their IP with an edit).

Instead, we are getting the over-engineered technical solution that, in practicality, will satisfy or even appease no one, and a bunch of resources will go towards developing something that most certainly will cause the same community disruption and anger that the plain turn-off of IP editing with care towards the issues above would have done. All meanwhile long-standing (legal even!) issues with our registration processes get no attention because of how the scope of this was decided without any discussion beforehand. Frankly, I do not think that this scope definition should have been in Legal’s remit to begin with. stjn[ru] 21:49, 1 July 2021 (UTC)Reply

100% true Carn (talk) 05:05, 2 July 2021 (UTC)Reply
While certainly the WMF should put some effort in to actually working accessibility functions, I can't imagine more than a very small fraction of IP editors chose to utilise IP editing rather than registering due to burdens in that process. Fixing that would be worthwhile, absolutely, but not significantly affect the issue at stake Nosebagbear (talk) 10:54, 2 July 2021 (UTC)Reply
I wasn’t implying that accessibility is the only reason why IP editors are still a thing. I was saying that IP editing is still here both because the signup interface is pretty neglected, as demonstrated by its inaccessibility, and because we are not demonstrating the need for registration clearly enough. stjn[ru] 15:42, 2 July 2021 (UTC)Reply
  • ...because we are not demonstrating the need for registration clearly enough: For six long years the WMF was so convinced that preventing newbie editors from creating new articles would be the death of en.Wiki, they forbade us to do it. When we finally threatened mutiny and said we'd do it locally anyway, they relented and allowed ACTRIAL to take place. It proved without any shadow of a doubt how totally and absolutely wrong the WMF can be with their 'convictions'. There may be some stats being (mis)used that suggest IP editing vis-à-vis trolling and vandalism is a net positive, but that is far removed from any proof that banning IP editing altogether would do much harm. It might mean that the occasional non-registered reader might not correct a typo or bad grammar on the fly but I'm just as convinced that it's time the Wikipedia stopped being the only reader contributive website left in the world that doesn't need a registration. When I was an admin, I used to block a lot of trolls and vandals but I realised that it was just the tip of an iceberg and most of it goes undetected.
    Hold a trial like ACTRIAL and get some real stats that people can work with. Kudpung (talk) 11:54, 3 July 2021 (UTC)Reply
    • Well said, Kudpung. I can't help but think that if this goes ahead we're going to end up with a local proposal to remove IP edit functionality. This change is going to add unnecessary burdens to a volunteer taskforce for no reason other than to satisfy WMF, who are yet to show why this change is required and more important than introducing ways to get and retain new editors, like making the mobile app functional. Anarchyte (talk) 15:32, 3 July 2021 (UTC)Reply
    Such a trial is playing out right now on pt.wiki. Izno (talk) 01:52, 11 July 2021 (UTC)Reply

Another stellar decision by the WMF

[edit]

Way to go. Instead of simply disallowing IP editing, which would solve a whole raft of major problems, you've decided to protect IPs -- including IP vandals and LTAs -- from being tracked by ordinary editors. Anyone now who wishes to vandalize and disrupt WMF projects wpuld be exceedingly stupod to create an account to do so, and will instead simply use IPs to do so. Great work.

Beyond My Ken (talk) 22:06, 4 July 2021 (UTC)Reply

  • I wouldn't worry. If this goes through, I suspect that there will very quickly be a local enwiki consensus to block IP editing completely. Otherwise, there will be chaos. Black Kite (talk) 22:34, 4 July 2021 (UTC)Reply
  • The WMF has freely admitted that no in-depth research has been made regarding anonymous editing; it's entirely probable however that seriously disruptive editing does not come from registered users. It's the easiest thing for mobile device users to change their IP - it changes with every cell or WiFi hotspot. In recent years since the trend to modern mobile devices has exploded, the fight against vandalism and other forms of disallowed editing has increased exponentially. Recent Changes patrollers (on en.Wki) already only touch the tip of the iceberg - there is no way of communicating with anonymous users whose IPs constantly change and there can be no technical solution to address this.
Black Kite is right, there will be chaos. I believe some projects (de.Wiki?) patrol every new edit, but if all articles on en.Wiki were placed on Pending Changes the backlogs for reviewing would be insurmountable. There are 7,635 Pending Changes Reviewers on the English Wikipedia but the user right was accorded arbitrarily many years ago - how many are truly active?
Clearly the logical solution is to ban IP editing altogether - but again, Johan, please let us have some genuine stats and a trial, per Nosebagbear, if need be, or are we still at the WMF's 6-year-long ACTRIAL attitude? The WMF might well have mellowed since then, but with now around 500 employees, institutional memory is seriously diluted. Kudpung (talk) 01:00, 5 July 2021 (UTC)Reply
Hey folks, thanks for the questions. I'll try to adress everything I can answer right now, and make notes of the other questions. There are a a couple of things I'd like to point out. First, we'd do this project even if English Wikipedia were to have no unregistered editing. The nature of unregistered editing differs a lot from wiki to wiki (for some stats on what IP editing looks like across the wikis). Disallowing IP editing would not mean the same thing for all wikis, and for example my home wiki has already had a Village Pump discussion on the topic "would we desire to ban unregistered editing in the face of IP masking?" and concluded that, no, we wouldn't. Second, while we (or rather Benjamin Mako Hill) did compile Research:Value of IP Editing based on everything available at the time – including what has happened on other wikis where unregistered editing has been turned off – we're also looking into what's happening with Portuguese Wikipedia and their current lack of unregistered editing. That will presented long before any IPs are to be masked, which will give us a good opportunity to talk about this actually having look at the initial effects on a major Wikipedia.
Just in case this wasn't clear (maybe it was): anyone will be able to track the unregistered editors, as there will be an identity, the mask. Knowing the specific IP behind it is something that we're working to find a way to give access to those who fight vandals and need it, even if they aren't e.g. administrators. /Johan (WMF) (talk) 10:39, 5 July 2021 (UTC)Reply
Sorry, but the phrasing at IP Editing: Privacy Enhancement and Abuse Mitigation#Data on Portuguese Wikipedia disabling IP edits ("Over the last few months, our team has been collecting data about the repercussions of this move on the general health of the project.") makes it clear that for the WMF banning IP editors being bad is a foregone conclusion. I assume that any WMF-initiated reports about this will be biased accordingly. Instead the Portugese community should be consulted in an onwiki survey, what they think of the ban. --Count Count (talk) 21:33, 8 July 2021 (UTC)Reply
Count Count: We're also very interested in the results! This will give us more information than what we had, which will be useful. I'd be careful to extrapolate this to every wiki, though – we've seen a trajectory for e.g. Wikipedias where they are open to edits as they are young and small and are fighting to grow and get content, and then a bigger focus on protecting existing content as they mature. Portuguese Wikipedia is a big, old Wikipedia. I'm not sure the same results would be true for a wiki trying to become a place where people can find information, as opposed to being such a place already, but trying to improve. But I'm sure people looking at the data will be able to draw better conclusions about that than I can do right now. Anyway, yes, we'll of course take this into account moving forward. /Johan (WMF) (talk) 23:22, 13 July 2021 (UTC)Reply
Pinging @Érico:, who according to this Signpost article actively participated in the discussion on ptwiki: Can you initiate a survey at ptwiki to find out what the community now thinks about the IP editor ban? --Count Count (talk) 21:38, 8 July 2021 (UTC)Reply
@Count Count: We have already did this and the positive assessment of the IP ban was unanimous. In fact, the data is clear in supporting our assessment. Érico (talk) 21:42, 8 July 2021 (UTC)Reply
@Érico: Thank you for the link. I don't know how many here have read it.
In brief, the comments are astoundingly positive towards the IP editing ban. Even the most skeptical of users had to bend to the results of the experiment and the comprehensive stats. More importantly, they all agree that the time used previously to reverse vandalism will now be used for other things. The pt.Wiki may only be a small sample size compared with en.Wiki, the WMF's flagship project. but there's no denying the results. Multiply those by an encyclopedia corpus of a six-fold 6mio articles - need we say more? Kudpung (talk) 22:33, 8 July 2021 (UTC)Reply

Smart Blocking

[edit]

If we are going to mask IP addresses, maybe now would be a good time to improve the way we handle IP editing and blocks of IP addresses. Currently if we block an IP address or range we accept a certain amount of bycatch - perfectly good IP editors caught up in blocks intended for completely different people who just use the same library or internet cafe. If we are going to reconfigure that we could go further - use info such as browser, hardware and so forth to create different masks for different users of the same IP address. Admins and anyone other than checkusers wouldn't need to know what the operating system or browser was, just that there were three different "masks" that all related to the same IP. they could then make a judgment call as to whether the two that weren't blocked were editing differently or sufficiently similar to the blocked mask that they also merited a block. For range blocks in particular this could greatly reduce false positives where we block people for sharing an IP range with a vandal. More details on this idea at en:User:WereSpielChequers/IP_and_OS_blocks WereSpielChequers (talk) 20:08, 5 July 2021 (UTC)Reply

WereSpielChequers it's not just libraries or internet cafés, it's any WiFi hot spot (even in someone else's home, or a neighbour's WiFi - no one uses wired Ethernet connections these days), or more importantly (and dangerously), mobile data providers when mobile devices are on the move. These are not the same kind of connection. IP and/or range blocking these days can have unprecedented collateral damage - another reason to stop IP editing altogether.
Masking IP addresses won't have any effect or benefits at all in the combat against inappropriate editing of Wikipedia. It will just make the job harder, if not almost completely impossible. It would make our Recent Changes patrollers, other vandalism chaasers, and abuse filters totally powerless. These are things that the WMF and their 3rd party research paper authors, not being regular editors, have little or no experience with (naturally echoing the 6-year ACTRIAL saga). Kudpung (talk) 21:52, 8 July 2021 (UTC)Reply
Perhaps fixed IP addresses are generally declining, but no one uses wired Ethernet connections these days? Me, right now — GhostInTheMachine talk to me 20:29, 9 July 2021 (UTC)Reply
Indeed, but we're doing this for legal reasons, not because we decided it would improve patrolling. We have no illusions about this making anyone's life easier. Unfortunately.
(Not that I think it matters, but regarding folks at the Foundation "not being regular editors", I'm an admin and checkuser in my volunteer capacity. The researchers are editors with thousands of Wikipedia edits each.) /Johan (WMF) (talk) 23:42, 13 July 2021 (UTC)Reply
Thanks, WereSpielChequers! We've been thinking about something along these lines, but mainly about using cookies – which could be useful in some ways and have obvious drawbacks. I don't think we've considered if user agents is a viable solution at all. We'll write up with a proposal and see what the communities say. The mask could be just tied to an IP but it's not necessarily the only potential solution just because that's what we've been doing so far. Not tying it just to the IP could also help with how we basically shout at passersby – unregistered editors – by leaving messages on IP talk pages which are later seen by others. /Johan (WMF) (talk) 23:42, 13 July 2021 (UTC)Reply
Thanks Johan, it would be good to look at the data here. I don't know how common it is to have hundreds of bulk purchased machines all use the same IP - such as when a company issues every staff member with the same desktop; or a random assemblage of hardware and operating systems such as you'd get behind the free WiFI in a library. Obviously cookies work better in one scenario and assigning different masks to different user agents works better in another. I suggest that if we come back with options for the community we really need some stats on how this would change things, as well as the technical options. There is also the issue that cookies are easily removed, so perhaps better to think of a cookie as a pseudoidentity that a goodfaith IP user can accept on their machine, and that will persist over multiple changes of IP such as a mobile device might experience. Protecting goodfaith users from being collateral damage rather than enabling us to catch badfaith users. WereSpielChequers (talk) 09:29, 14 July 2021 (UTC)Reply

Third Parties

[edit]

Hi,

I'm glad to see that much more detail has been added but these proposals obviously have a huge impact. Is this something we can expect will come with hardcoded settings forced in a mediawiki update or can we at least have it be fully configurable so we can roll things out as decided by our own teams?

Thanks, RhinosF1 (talk) 19:07, 6 July 2021 (UTC)Reply

Ping NKohli (WMF), I think you're best suited to answer this. /Johan (WMF) (talk) 23:15, 13 July 2021 (UTC)Reply
@RhinosF1 I think the answer is "it depends". For things like minimum edits and how old an account is - there would probably be hardcoded minimum limits but we could potentially have a setting for the maximum that communities could configure. This requires more technical, community and legal brainstorming before I can have a definitive answer on this front. I would like to hear more about your perspective on this. -- NKohli (WMF) (talk) 05:31, 15 July 2021 (UTC)Reply

@NKohli (WMF): Can you ping me on IRC so we can chat? RhinosF1 (talk) 15:04, 15 July 2021 (UTC)Reply

Improved cross wiki blocking

[edit]

Currently we treat the thousand or so Wikis within the Wikimedia community in a somewhat siloed way, get blocked on one wiki and you are usually still free elsewhere. We could get a little more sophisticated than this. We already have various metrics in Huggle, Igloo and the like that highlight some edits as more suspect than others. This project is an opportunity to highlight potential vandalism looking at cross wiki patterns. So an IP that has just been blocked on another Wikimedia wiki might be highlighted for recent changes patrollers to look at on other wikis, especially if they use the same language and or client. Again it would be interesting to see some stats as to how common it was for vandals blocked on one wiki to then vandalise on another, and how much that varied with client and language. WereSpielChequers (talk) 14:32, 14 July 2021 (UTC)Reply

Hong Kong Wikipedia editors take precautions amid fears mainland peers may report users

[edit]

"although the person in question would not have direct access to personal data, such as users’ IP addresses. Such access was revoked from the Chinese edition by the Foundation in 2018 after data was leaked, they said."

[edit]

Hi everyone, there's now an update from the Wikimedia Foundation Legal department at IP Editing: Privacy Enhancement and Abuse Mitigation#Statement from the Wikimedia Foundation Legal department. /Johan (WMF) (talk) 19:27, 16 July 2021 (UTC)Reply

  • There will be an age limit; we have not made a definitive decision about the limit yet, but it’s likely they will need to be at least 16 years old. Additionally, they should be active, established community members in good standing. We’d like to work through what that means with you.: It seems to me that it will involve signing some NDA or documentation. It is a very bad issue, and not a lot of vandalism fighters will even do it. Unfortunately, banning IP-editing outright may seem to be much better than signing any NDA or documentation. -Sleeps-Darkly (talk) 20:21, 16 July 2021 (UTC)Reply
By opting in to this, you will agree to not to publish or generally share the information, yes. It won't be quite the process we have for e.g. checkusers or oversighters. /Johan (WMF) (talk) 20:48, 16 July 2021 (UTC)Reply
In January next year, it will be 16 years since I first registered my account on English Wikipedia. If your account is at least 16 years old, then that maybe also constitutes evidence that you are at least 16 years old. Of course this doesn't help everyone. --Stefan2 (talk) 07:56, 17 July 2021 (UTC)Reply
I can see how this would be a concern, but you wouldn't have to supply proof of your age, so this, at least, shouldn't be a problem for newer edits either. /Johan (WMF) (talk) 08:38, 19 July 2021 (UTC)Reply
  • I disagree with the attribution assessment. CC-BY-SA 3.0 states that you should provide the contributor's name or pseudonym "if supplied" and if a contributor doesn't use an account, I think that this means that no name or pseudonym was supplied, making attribution optional. However, I don't think that the IP address or the text replacing a hidden IP address constitutes a name or a pseudonym for the contributor, so I don't think that the contributor should be attributed under that name. --Stefan2 (talk) 07:56, 17 July 2021 (UTC)Reply
  • Re age limit: This contradicts the earlier statement suggesting that admins would be able to see IP addresses, as many admins are under 16 (or 13, for that matter). (Restricting adminship by age is, of course, not an option under any circumstances.) --Yair rand (talk) 05:21, 2 August 2021 (UTC)Reply

Statement review

[edit]

List of Legal questions to assist checking what has been answered/won't be answered/missed out/unclear/incomplete (My list I made earlier, from Legal Questions section)

I've attempted to clarify whether the questions had been answered (or stated that they weren't going to be answered). Several questions were not answered without an indication that they weren't going to be, and I would like to see that resolved by, say, the end of next week.

If anyone has any disagreements about my summaries, please let me know. Courtesy ping for @Johan (WMF): who posted - I can't ping the person/team who actually wrote it, so please loop them in as well, cheers


  • While legal cannot unilaterally disclose the reasoning because of attorney-client privilege, the WMF – being the client – absolutely can. So if privilege is the argument for being obscure, why doesn't the WMF at least partially waive it or provide a statement itself? - Legal has functionally said it would hurt their defence too much. It was not clarified why they claimed privilege as their reasoning on not answering to start with
  • Does legal believe that we may currently be open to litigation because of existing laws?
  • If not, why are we citing no specific legislation while also citing privilege to avoid disclosing anything? - Indicated as not going to be stated
  • Is there any current or pending litigation regarding privacy of IPs on Wikimedia projects? -No comment given. This logically would not be private, so would state if occurring?
  • Is this being done to avoid future liability because WMF legal believes that laws that might make public disclosure of IPs illegal will be passed? - Not stated
  • If so, why is the feature not just developed and shelved until such laws potentially come into effect, given the strong opposition by the community? - As point above was indicated as not going to be stated, this will fall into that
  • If so, why can we not be more open about what those future liabilities are, given that they are not currently a threat?
  • Has the Board endorsed this decision? If not, what is the most senior level it has been endorsed at? - Not stated, without reason for not stating

--

  1. If not showing IP addresses to the general public was a legal requirement, why was this only stated as such after the community clearly opposed this proposal? - No reason was given by Legal for why they changed their position only after significant Community time had already been spent
  2. Does showing IP addresses to the general public violate the black-letter law in any jurisdiction in which the WMF is subject to the laws of? Indicated as not going to be answered (thus for all sub-questions)
    1. If so, which jurisdiction?
    2. If so, which law(s)?
    3. If so, why hasn't IP editing been disabled while this is in process?
    4. If so, why can we still show old IPs?
  3. Does showing IP addresses to the general public violate the interpretation of law in any jurisdiction in which the WMF is subject to the laws of? Indicated as not going to be stated (thus for all sub-questions)
    1. If so, which jurisdiction?
    2. If so, which law(s) (has|have) been interpreted that way?
    3. If so, where can that interpretation be found?
    4. If so, is that interpretation final or still subject to appeal?
    5. If so above, why isn't the WMF appealing?
    6. If so, why hasn't IP editing been disabled while this is in process?
  4. Does showing IP addresses to the general public violate the potential interpretation of law in any jurisdiction in which the WMF is subject to the laws of? Indicated as not going to be stated (thus for all sub-questions)
    1. If so, which jurisdiction?
    2. If so, which law(s) could be interpreted that way?
    3. If so, how likely is such an interpretation?
    4. If so, why hasn't IP editing been disabled while this is in process?
  5. Does showing IP addresses to the general public violate the WMF's internal policies or requirements? I'm not sure on this - Legal are continuing to provide multiple reasons for their actions, despite that being a bit odd given the severity pushing this
    1. If so, why are changes to those internal policies or requirements not being considered as a valid response to community consensus against the masking proposal? Unclear
  6. Does showing IP addresses to the general public only violate "general expectations" of Internet users? The general tone from both previous comments and this statement suggest that they do feel that is increasingly the case
    1. If so, why is this being treated as a legal requirement? Statements are indicating they have multiple reasons, though if it were only the one above, the direct enforcement still would not make sense

--

  • Does this mean even users, who has the ability to view full IP addresses, will be forced to unmask every IP separately, by doing some action on every masked IP on page's history?
    • [Ed:] This is somewhat operational and Legal. In effect it's checking if there's a Legal restriction that can't be worked around (say, by recording all IPs the viewer can have seen. To avoid adding every history log an admin ever sees, it could be, say, one click to reveal all IPs on the history page they're viewing, with all added to the log - Not answered, and it would have been useful

--

  • Johan, relating to a brief section back on the 26/27th October 2020, you concurred that a large number of our most active RCPers and counter-vandals were under-18. It is likely that a significant number of these would even be under 16. Would these groups still be fine to accept the agreement by ticking-in? Stated as still under consideration, will be at least 16

--

  • [Rephrased] - in effect, will a mask count as sufficient detail for a CCBYSA release? Confirmed as yes

--

  • Given the multitude of clear evidence that this information is used for the effective functioning of Wikimedia, and not all changes can be worked around, surely a clear Legitimate Interest defence for use of this public information (to use GDPR's language) could be made? If not, why not? Not answered

Nosebagbear (talk) 21:14, 16 July 2021 (UTC)Reply


    • As a question I forgot to add, but was a good one (about the CUs) I can't help that either I'm misunderstanding their statement of "the answer is partially yes" is functionally "not really". Obviously CUs who had the userright were always going to be able to talk to other CUs with the userright - that was never in doubt at all, and wasn't what was asked. The question was whether CUs would be able to do IP/non-IP confirmations to any other users who had this userright (but not CU), and that appears to be a straightforward "no". Am I misreading? If not, why was it "partially yes"? Nosebagbear (talk) 21:19, 16 July 2021 (UTC)Reply
They are being looped in.
To clarify (and apologies if I was unclear), lacking data, I personally have no opinion on the likeliness of a number of our patrollers being under the age of 18 (I would be very surprised if it turned out to be the case on my home wiki, but we skew older than the movement in general, so that doesn't mean much) – but I thought it was a very good question either way. /Johan (WMF) (talk) 21:32, 16 July 2021 (UTC)Reply
On that particular one, I'd be okay with 16 as an age - I felt it was reasonably answered, and yes, I suspect that in the early days for most projects it was a significant number, but by now there'll be pretty big variations. We havean appreciable number of general competent anti-vandals under 16 on en-wiki, but likely not too many who would handle the type of stuff that this userright would be needed for Nosebagbear (talk) 21:35, 16 July 2021 (UTC)Reply
  • Johan (WMF), it seems to me that Nosebagbear has an excellent grasp of the situation. Probably plenty of others do too, and he's demonsrating the same concerns that I have and is asking all the right questions. The problem is that we are still not getting all the answers and the recent update to the project page page still appears to be a tad evasive. This is absolutely not a reflection on Johan - more likely he's not getting the answers we want here either. What concerns me most is that while the WMF might be able to implement its IP cloaking technically on all the projects, they seem to be thinking they will be making the rules for any new user rights that will be created. Such user rights - if any - and the criteria for obtaining them, will however surely be created locally by the individual communities. I'll stand corrected if I'm wrong. Kudpung (talk) 05:34, 17 July 2021 (UTC)Reply
@Nosebagbear: Please let me know if I should try to answer your questions (it's kind of weird that I keep 'wielding' my expertise here, but I this is literally what I do for a living). --Gnom (talk) 12:47, 19 July 2021 (UTC)Reply
@Gnom: your CV in this area is certainly better than mine, as well as with better WMF/Wikimedia-insight, but before my most recent job I was also in data compliance (I feel like we may be being drawn to this topic), including handling the GDPR switch-on (and the DPA2018 when they got round to writing it) for a multinational, so I'm reasonably aware of several aspects that *could* be the case. I will gladly read any answers you can give, but I would not want them interpreted to mean that Legal doesn't need to clarify/answer them (except in any case where I have just misinterpreted) themselves. Since something like 40% of my time on this topic was either wasted, when Legal changed their (public) minds on the issue or spent trying to get answers from them on the topic, coupled with a 3.5 month wait for this statement, I would really like Legal to communicate better. Nosebagbear (talk) 13:38, 19 July 2021 (UTC)Reply
  • While we're reviewing the statements, things still don't add up here, and you can't get to 2+2=5 no matter how you talk around it. The FAQ gives a clear "no" to the question of whether this resulted from a specific law's passage, and for purposes here we'll presume that true. IP editing, with IP addresses shown, is still being allowed. Yet the recent statement from Legal states: If we publicly discuss privileged information about what specific arguments might be made, or what risks we think are most likely to result in litigation, that could create a road map by which someone could seek to harm the projects and the communities.
    If that's true, that is contradictory to both the FAQ answer of "no" (if it isn't against any law, there's no risk at all), and to IP editing continuing to be allowed (if there would be some way someone could come after the WMF for it, I hope the members of Legal are not so arrogant as to think they are the only people on Earth who could figure that out, so someone else could figure out the same thing they did, make an IP edit, and then do...well, whatever it is.) If nothing else, the statement from Legal would confirm that they think such a strategy could exist, and that could motivate others to attempt to figure out what it would be. So—something still isn't adding up here, at all. Seraphimblade (talk) 00:31, 20 July 2021 (UTC)Reply
@Seraphimblade: you are yet another highly experienced veteran of Wikipedia to formulate in his own words the same concerns that many of us with a long and administrative experience have expressed on this page. And again, the WMF comments simply just don't add up. In my long and tedious experience with the WMF over many issues of policy and tech developments, things usually don't add up - whether or not the WMF staff claim to have in-depth experience as Wikipedia editors and/or admins or content quality controllers. Kudpung (talk) 05:23, 20 July 2021 (UTC)Reply
@Johan (WMF):, it seems that this recent "statement" has not provided any resolution. Nor did you apparently read what I said, since I explicitly asked you to direct my questions to the acting director of the WMF, and explicitly not to Legal, since I knew they couldn't respond. Are you going to resolve this? Seraphimblade (talk) 08:16, 21 July 2021 (UTC)Reply
Seraphimblade: Sorry, I read your "For clarity's sake, if the individual reading these questions does not have the authority to answer them, please bump them up to any individual in the WMF who does have the authority" as "well, this isn't for me, and Legal sure are the only ones to be able to address these in any way", and figured it was a good list to try to see them address to the extent they could. No one at the Foundation is going to step in and give legal answers which Legal can't provide themselves. I have no higher authority to turn to in legal matters than the Legal department.
(There is no acting ED at the Foundation. There's a group of department heads running the transition to the next ED, whoever that will be, among them the head of the Legal department.) /Johan (WMF) (talk) 10:47, 21 July 2021 (UTC)Reply
@Johan (WMF):, yes, I agree with Kudpung, no one's blaming you. But lawyers have a client, and surely, there is someone at the WMF to whom this legal advice is being provided, and who has heard Legal's complete rationale for this. Who is that? That individual is the one who needs to come here and discuss it, since the client always has the right to waive privilege. Seraphimblade (talk) 14:34, 21 July 2021 (UTC)Reply
Sure, but do they want to get sued. I mean there's two obvious reasons why:
  1. It's a bluff
  2. They are in violation of a law. If they say which one it is publicly (and how) then they're providing information that someone can use to sue them
If it's the second case the WMF obviously can't provide the information. They probably shouldn't even say if it's the case. ProcrastinatingReader (talk) 17:29, 5 August 2021 (UTC)Reply
@Johan (WMF):, The WMF has plenty of lawyers in its 'legal department' who are salaried employees. Unless already a case for litigation, the attorney/client confidentiality does not apply here and is simply being used as a smoke screen. I hate to sound negative, and I don't believe in conspiracy theories, but the more I read, the more I come to thinking that this entire exercise is an in-house contrived issue to give the WMF legal staff something to do to justify their existence. When I joined Wikipedia, the WMF had 6 salaried staff. The number of articles on en.Wiki has increased 6 fold, the WMF now has over 450 staff/contractors (as of April 16, 2021) which is totally disproportionate to the growth and number of the projects. It's hardly surprising that it's so easy for them to pass the buck. Attorney/client confidentiality does not prevent you giving us the name(s) of the lawyer(s) and of the senior staff - who invent the policies - to whom they are reporting. Kudpung (talk) 03:17, 22 July 2021 (UTC)Reply

Is this what IP masking will look like on the English Wikipedia? e.g. https://en.wikipedia.org/wiki/Special:Contributions/152.163.195.xxx (basically go to any article on the English Wikipedia and click sort by oldest contributions to find more). Some1 (talk) 03:01, 30 July 2021 (UTC)Reply

@Some1: we assume it will look something like that, or like this, but it's all gone quiet again from the WMF. Interest is growing on the English Wikipedia to stop IP editing altogether; it would be the easiest solution, and according to the Portuguese Wikipedia, it should work really well. Kudpung (talk) 03:12, 30 July 2021 (UTC)Reply
We'll present the Portuguese Wikipedia report and next steps in that area from our side soon. /Johan (WMF) (talk) 10:19, 30 July 2021 (UTC)Reply
Some1: Not for the general public – they wouldn't see anything of the IP. But vandal fighters would see something more similar to that (or more). /Johan (WMF) (talk) 10:19, 30 July 2021 (UTC)Reply
Thanks for the reply Johan (WMF). Will all the IPs be retroactively masked like the example above (with the last few digits as XXX) but with the newer IPs getting masked differently after implementation? Some1 (talk) 12:38, 30 July 2021 (UTC)Reply
(To be clear, when I say "more", I mean we're planning a user right which would have full access, without the need of checkusers or even admins, so that vandal fighters who need it can have access. See discussions above!)
We're not planning on doing retroactive masking. /Johan (WMF) (talk) 13:00, 30 July 2021 (UTC)Reply
@Johan (WMF):, has it not occured to the people behind this idea that, AFAIK, it's normally up to the local communities to decide what user rights groups they want and the criteria for them, and not the WMF? After all, as in the highly successful Portuguese example, if a Wikipedia project decides to do away with IP editing altogether, they are free to do that too. Kudpung (talk) 22:51, 1 August 2021 (UTC)Reply
Kudpung, user rights and user groups are not the same thing, technically speaking. The WMF would need to create the new user right in question (and maybe add it to the relevant preset groups in our MediaWiki configurations) and local communities could decide from there what user groups they want to have that right. I hope this helps clarify. Best, Vermont (talk) 00:14, 2 August 2021 (UTC)Reply
@Vermont: thanks, but it does not offer a further clarification in this instance - we (the users from the community) are not discussing the MediaWiki's technology of developing it, we're discussing the perceived need. What I said, was to all intents and purposes perfectly clear: the local communities will decide if they want this right, and they will decide their own criteria for granting it. That's not the same as the available granular user rights that come in any forum, e-commerce, or collaborative software development package. Some user rights are developed by the WMF on request of a community and might not even be made available in the core of MediaWiki or as an extension for the use of all the communities. The point being made here is that if a community opts to ban IP editing altogether, they won't need the WMF's 'IP Viewer' anyway. Kudpung (talk) 00:57, 2 August 2021 (UTC)Reply
Kudpung, I'll try to clarify again. If viewing of IPs is to be technically restricted to certain users, those users would need to be in a group that possesses the appropriate user right. Johan was (I assume, given the wording and context) discussing the creation of such a user right that would have access to view IPs. Johan did not mention a user group. Take a look at Special:UserGroupRights and Special:GlobalGroupPermissions. View the groups in the left column, and the rights in the right column. Local communities have the option to change what rights are assigned to what groups, but they cannot create the rights themselves; that needs to be done at the MediaWiki level. Local communities will not have a choice whether they want the right to exist, as it is global; they will, however, have the choice whether they want to apply it to any groups locally. For example, the English Wikipedia has the "suppressredirect" user right (and a handful of others) in it's own user group, "page mover". Many projects want to keep the suppressredirect right to admins only, such as my home wiki, and we do not have that right applied to any groups other than administrators. I hope this helps. Best, Vermont (talk) 01:27, 2 August 2021 (UTC)Reply
@Vermont: I know all this - please take a look again at what I wrote and the link I provided to a user right I created. We're not interested here in the technology, we're only concerned about the principles, need, and legalities. Thanks anyway, it might help others to understand (if indeed they had been thinking about it). Kudpung (talk) 01:32, 2 August 2021 (UTC).Reply
Kudpung: I agree that any unnecessary limits on how the the communities handle the division of labour around anti-vandalism work is bad, but the Foundation has legal responsibilities towards this information (or we wouldn't have this conversation from the beginning). There has always been global limits around processes for access to an IP address when it's not available for the general public – a community can't decide to have a process where unanimous support by ten editors is enough to give someone checkuser access, or to have one checkuser, for example. So looking at the division of work between the Foundation of the communities, this comes into both areas: the communities, who are the experts on anti-vandalism, but also the Foundation, on the legal side. /Johan (WMF) (talk) 11:42, 2 August 2021 (UTC)Reply
It's always been in our Privacy Policy that your IP address is visible. As far as I'm concerned, that's the end of the story. If the WMF fears someone suing over IP addresses, take it to court when it happens. They should lose. Use the lawyers to fight injustice. Instead I just view this as lawyers steering the WMF to give themselves work to bleed extra money. Jason Quinn (talk) 01:15, 2 August 2021 (UTC)Reply
@Jason Quinn: precisely. It's what I said already a few posts further up, though somewhat more boldly: I hate to sound negative, and I don't believe in conspiracy theories, but the more I read, the more I come to thinking that this entire exercise is an in-house contrived issue to give the WMF legal staff something to do to justify their existence. Kudpung (talk) 01:22, 2 August 2021 (UTC)Reply
Jason Quinn: This has been true for a long time, but the regulatory framework around the internet has changed lately and is still in the process of changing (as Legal writes in their update). That privacy policy isn't tested against the same external reality anymore. /Johan (WMF) (talk) 11:42, 2 August 2021 (UTC)Reply