Wikipedia:Edit filter noticeboard
Welcome to the edit filter noticeboard |
---|
Filter 1170 — Pattern modified
Filter 1326 (new) — Actions: showcaptcha,throttle; Flags: enabled,private; Pattern modified
Filter 945 — Actions: throttle; Flags: enabled
Filter 1178 — Actions: warn
Filter 225 — Pattern modified
Filter 1325 (new) — Actions: none; Flags: disabled,public; Pattern modified
This is the edit filter noticeboard, for coordination and discussion of edit filter use and management. If you wish to request an edit filter, please post at Wikipedia:Edit filter/Requested. If you would like to report a false positive, please post at Wikipedia:Edit filter/False positives. Private filters should not be discussed in detail here; please email an edit filter manager if you have specific concerns or questions about the content of hidden filters. There are currently 329 enabled filters and 48 stale filters with no hits in the past 30 days. Filter condition use is ~1033, out of a maximum of 2000. ( ). See also the profiling data and edit filter graphs. |
Index 1, 2, 3, 4, 5, 6, 7, 8, 9, 10 11, 12, 13, 14 |
This page has archives. Sections older than 20 days may be automatically archived by Lowercase sigmabot III. |
RFC - creation of the edit filter helper user right
- The following discussion is an archived record of a request for comment. Please do not modify it. No further edits should be made to this discussion. A summary of the conclusions reached follows.
- Summary:--The proposal to create a new user right called
edit filter helper
, that will allow read only access to private edit filters, (per the criterion laid out at WP:EFH) has garnered consensus. - Details:--
- By a rough count of heads, the RFC has roughly received 4 support votes for every single oppose.That's a quite high standard, of that we can seek, to implement a new policy.
- Most valid oppose votes have opposed the proposal on a two-forked axis of opposition:--
- Opposed to disbundling (Many have even proposed that the probable target candidates venture to RFA):--
- The Edit filter manager right (which even grants write access!) has existed as a separate flag independently for years; without any problems. Also, (this being a highly specialised right), it's unfair for a perfectly suitable candidate (SPI clerks etc.) to miss out because they don't have the overall all-square skill-set required to pass an RfA.It may be also prudential that only a minority of the sysops use the right.Further, granting of the right to aid in cross-wiki anti-sock/vandal efforts is also a proposed benefit and an RfA of this type is a rarity.
- Ease of access and consequential abuse:--
- The phrase
Demonstrated need
seems to tackle the problems of easy granting and/or hat collecting etc.
- The phrase
- Opposed to disbundling (Many have even proposed that the probable target candidates venture to RFA):--
- and thus I believe that the arguments from the opposite camp have been pretty well defended by the proposers of the right.
- Caveats:--
- All that being said, the community and/or the granting administrator are adviced to carefully evaluate the candidates before granting the flag due to the huge fallouts of any misuse.
- Account-secutity-practices et al may be reviewed at a local discussion.
- Signed by Winged Blades of GodricOn leave at 11:30, 12 September 2017 (UTC)
In the section above #revisiting local edit filter helpers group there is local support for creating a new user right called edit filter helper
that will allow read only access to private edit filters. That section is also where all the discussion leading up to this RfC took place. The details of the specific rights included, and the associated processes, are at the new information page Wikipedia:Edit filter helper (WP:EFH). While this RfC is in progress, please do not make significant changes to that page.
If this RfC is successful, a request will be made at Phabricator for the right to be created (an RfC or similar display of community support is a prerequiste for this), and once created Wikipedia:Edit filter helper will be changed from a proposal to an information and process page and updated appropriately. Thryduulf (talk) 14:23, 14 August 2017 (UTC)
Question: Should the user right detailed at Wikipedia:Edit filter helper be created, and the associated processes adopted?
Survey regarding edit filter helper
- Support as initiator. Thryduulf (talk) 14:23, 14 August 2017 (UTC)
- Support. I recognise a small previous discussion on this, but I would prefer the application is extended from 3 days to 4 days, as three days is only a weekend. I also think the recommendation to contact an administrator privately upon removal is a bit awkward, but that's not any real reason not to support. -- zzuuzz (talk) 17:15, 14 August 2017 (UTC)
- Support. I have the editor right, but I only need it (and occasionally at that) to view things. I want to be able to view filters without being able to make accidental edits. Nyttend (talk) 19:09, 14 August 2017 (UTC)
- As an admin you should already have access to these rights without needing to grant yourself the EFM flag. – Train2104 (t • c) 23:02, 14 August 2017 (UTC)
- Correct; abusefilter-view-private is included in the sysop group. Nyttend, you also removed your EFM rights in June ;-) -- Ajraddatz (talk) 23:03, 14 August 2017 (UTC)
- Oops, I forgot :-) All the more reason to have such a user group — it proves that the system can work with a user-rights package that includes view but doesn't include edit, so creating this kind of user rights package shouldn't break anything. Nyttend (talk) 04:52, 15 August 2017 (UTC)
- Correct; abusefilter-view-private is included in the sysop group. Nyttend, you also removed your EFM rights in June ;-) -- Ajraddatz (talk) 23:03, 14 August 2017 (UTC)
- As an admin you should already have access to these rights without needing to grant yourself the EFM flag. – Train2104 (t • c) 23:02, 14 August 2017 (UTC)
- Support - per my comments in the previous discussions. -- Ajraddatz (talk) 23:01, 14 August 2017 (UTC)
- Support per my comments in the workshop. — xaosflux Talk 01:39, 15 August 2017 (UTC)
- Oppose, as the criteria are not well defined. Provision #3 is "At least basic understanding of account security[note 1]" and Provision #4 is "At least basic understanding of regular expressions if the intent is to assist with authoring filters". These aren't defined in the policy page, and is explicitly defined as " There is no formal definition of what constitutes a "basic understanding", but by requesting this right you are asserting that you meet these criteria. ". Until this can be codified, I am opposed to this policy. Nakon 05:00, 15 August 2017 (UTC)
- Support Much needed for SPI clerks, LTA trackers, and sysops from other wikis who want to piggyback off of our filters. I do agree with Nakon though – I argue those two clauses should be removed entirely. They are immeasurable (highly doubt we'll be doing quizzes), and again I feel if they are competent at regex (demonstrated by working at WP:EF/R or mailing list, as explained at WP:EFM), and can be trusted with private logs, they probably can attain full-on edit filter management rights. The primary use case here I think is not for those who want to help with filter details (at least such that it'd require any regex competency), but I understand it could be seen as a stepping stone for those who do. Finally, again, this right as proposed isn't super sensitive, requiring 2FA or anything. I would expect stronger account security for a right that can actually allow you to cause damage. We could bikeshed all day about the requirements for granting, but even as proposed, admins should be able to deduce if a candidate can be trusted, which is all that matters — MusikAnimal talk 16:23, 16 August 2017 (UTC)
- Support and I think the 2 provisions in question should more be admin guidelines for granting rather than requirements, being difficult to codify/quantify otherwise. c.f Rollback expects the user to have a basic understanding of vandalism, which is always left to the judgement of the reviewing admin. CrowCaw 16:52, 16 August 2017 (UTC)
- Support -- There'sNoTime (to explain) 17:04, 17 August 2017 (UTC)
- Support as an active LTA tracker but not admin. ☆ Bri (talk) 17:51, 17 August 2017 (UTC)
- Support as a tool that will help long time vandal fighters identify trends and per prior discussions. -- Dane talk 23:13, 17 August 2017 (UTC)
- Support per above. Clearly beneficial to editors focusing on LTA and SPI. -FASTILY 23:27, 17 August 2017 (UTC)
- Support: I've dealt with many socks and LTAs and this would be beneficial to those who specialize in these areas. —MRD2014 Talk • Edits • Help! 00:19, 18 August 2017 (UTC)
- Support: Useful for LTA and long-term vandal fighters. KGirl (Wanna chat?) 00:43, 18 August 2017 (UTC)
- Support Anything to help the users who are constantly fighting the losing battle against vandalism on en.wikipedia. SparklingPessimist Scream at me! 02:13, 18 August 2017 (UTC)
- Support could be useful. No reason not to have it so long as there is vetting. TonyBallioni (talk) 02:57, 18 August 2017 (UTC)
- Support I'm starting to get a little leery of there being too many user groups, but as per my comments in the workshop this is useful, especially given the danger involved with write access. – Train2104 (t • c) 03:02, 18 August 2017 (UTC)
- Support per SparklingPessimist. Double sharp (talk) 03:08, 18 August 2017 (UTC)
- Support. Will help those who work in these areas but don't qualify for the edit filter manager right. Anarchyte (work | talk) 03:42, 18 August 2017 (UTC)
- Support - will greatly help hopeful users that have been noticing relevant disruption associated with even private filters, i.e. filter 860. A certain EFM knows why I'm referencing that filter. jd22292 (Jalen D. Folf) (talk) 05:24, 18 August 2017 (UTC)
- Support - (first time voting on policy RfC) Taking the time to digest what this would entail but from what I've gathered so far it would help combat vandalism and what are so often described as good-faith edits. Edaham (talk) 07:25, 18 August 2017 (UTC)
- Support. Granting certain editors the ability to view but not edit hidden abuse filters will increase the number of editors available for relevant tasks by making the privilege easier to receive, since it is not as easy to abuse as the full set of rights. Inatan (talk) 10:38, 18 August 2017 (UTC)
- Support. Sure, why not. Edit filters are specialist tools so it doesn't hurt to have its own user-right hierarchy. The proposal has demonstrated the need for such a right, especially regarding admins and edit filter managers from other WMF wikis who want to learn from or contribute to enwiki. Deryck C. 10:42, 18 August 2017 (UTC)
- Support. Per WP:EFH. --Wario-Man (talk) 10:45, 18 August 2017 (UTC)
- Support Would be a great help for vandal fighters. RickinBaltimore (talk) 13:10, 18 August 2017 (UTC)
- Support: As a user involved in using edit filters to combat harassment, this would be useful to me. Funcrunch (talk) 13:54, 18 August 2017 (UTC)
- Strong support: Would really help defeat sockpuppetry and long-term abuse. Luis150902 (talk | contribs) 14:53, 18 August 2017 (UTC)
- Support: A useful improvement to help non-admins assisting with such long-time problems. The read-only limitation should prevent any unintentional damage to the filters' functionality. Note that I am probably a bit biased, as I would request such a user-right for spam-related research (several relevant filters about common spamming patterns are currently private). GermanJoe (talk) 15:36, 18 August 2017 (UTC)
- Support per so many above. This would be very useful for helping to protect the project. — Jeff G. ツ 15:44, 18 August 2017 (UTC)
- Support, I see no harm in this and a lot of potential benefits. Seraphimblade Talk to me 16:08, 18 August 2017 (UTC)
- Support Take me as biased, I'm a non-admin working at SPI. --QEDK (愛 • 海) 17:58, 18 August 2017 (UTC)
- Oppose as the minimum requirements are fixed too low. Private edit filters are a very vulnerable system. If a malicious user wanted access to edit filters, they could just play good vandal fighter or SPI pseudo-clerk for a while and gain access to every edit filter, breaching the secrecy of the whole system. Private edit filters should be on a need-to-know basis for those who wouldn't be trusted with regular edit filter manager or adminship. Esquivalience (talk) 18:10, 18 August 2017 (UTC)
- This is a right that will given on a strictly need-to-use basis. SPI clerks undergo significant vetting (not being modest, I know) and good vandal fighter is not at all enough for EPH. EPHs will not have any write access, which leads me to ask why you'd think there would be serious misuse. --QEDK (愛 • 海) 18:48, 18 August 2017 (UTC)
- Private edit filters generally target specific patterns, and can usually be easily circumvented if the pattern is known to the vandal. A malicious user would not need write access to sabotage them. T. Canens (talk) 03:07, 19 August 2017 (UTC)
- I doubt anyone would find it feasible enough to go through strict vetting, display a demonstrated need for access, just to gain access to regex patterns. The only possibility of abuse here is if people go rogue, and that's plausible everywhere. --QEDK (愛 • 海) 09:53, 20 August 2017 (UTC)
- Wikipedia:Requests for adminship/Pastor Theo - anything is possible, and it looks like with the declining standards it may happen again. Esquivalience (talk) 20:44, 20 August 2017 (UTC)
- I doubt anyone would find it feasible enough to go through strict vetting, display a demonstrated need for access, just to gain access to regex patterns. The only possibility of abuse here is if people go rogue, and that's plausible everywhere. --QEDK (愛 • 海) 09:53, 20 August 2017 (UTC)
- Private edit filters generally target specific patterns, and can usually be easily circumvented if the pattern is known to the vandal. A malicious user would not need write access to sabotage them. T. Canens (talk) 03:07, 19 August 2017 (UTC)
- This is a right that will given on a strictly need-to-use basis. SPI clerks undergo significant vetting (not being modest, I know) and good vandal fighter is not at all enough for EPH. EPHs will not have any write access, which leads me to ask why you'd think there would be serious misuse. --QEDK (愛 • 海) 18:48, 18 August 2017 (UTC)
- Support: Would be useful in the fight against vandalism. FITINDIA 18:36, 18 August 2017 (UTC)
- Question Thryduulf Regarding point 1
Demonstrated need for access (e.g. SPI clerk, involvement with edit filters)
What exactly does this mean? Does it mean that being a vandal fighter, who has knowledge of SAF, has used/patrols SAF to catch vandals and report them, counts as "demonstrated need for access"? L3X1 (distænt write) )evidence( 18:43, 18 August 2017 (UTC)- There is no list of what does or does not count as a demonstrated need, that's up to the people commenting on the application, but if you can't explain why you need to see the details of private edit filters (and most people don't) then you won't be granted the right. Thryduulf (talk) 21:43, 18 August 2017 (UTC)
- Comment - is this just an admission that it's too hard to promote people to sysop these days? Sorry, but I have this concern that we're going to reach the point where nobody without the most spotless record can get through an RfA and so there are thirty different permissions replacing adminship for which people apply individually and the result is less transparency. Blythwood (talk) 19:31, 18 August 2017 (UTC)
- While I understand those concerns, and share them to some degree, the lack of new sysops is not relevant to the need for this right. Edit filters are a very specialised area (most admins don't even know they have edit filter manager rights, and the separate right for that has existed for years) and not everyone working with them wants or needs the other admin tools. This right will also be useful for users who are not active on en.wp but who are working with edit filters on another project (ru wiktionary as a random example) and are here to borrow our knowledge and expertise. Thryduulf (talk) 21:43, 18 August 2017 (UTC)
- Question - In creating this new user group, bearing in mind that it has some degree of the similarities of administration in it, albeit you're not an admin, would users be required to apply for it in a similar way to an RFA? What would be the process for acceptance into the user group / granting of the right? Dane|Geld 00:17, 19 August 2017 (UTC)
- The process for application is detailed at Wikipedia:Edit filter helper#Process for requesting. It's nothing as big as an RFA because this is very specialised tool that requires a demonstrated need for access and technical competence to gain, so there really aren't that many similarities to admins. Thryduulf (talk) 07:45, 19 August 2017 (UTC)
Opposefor now due to the low criteria for granting. Extended confirmed? Way, way too low of a bar. Why don't we just invite the sockmasters in to see the filters aimed to block them? If the criteria for granting (and revoking) is raised, I could support this. But it needs to be much harder for socks to game their way to this right and then go on a vandalism spree. ~ Rob13Talk 03:35, 19 August 2017 (UTC)- @BU Rob13: Only extended confirmed users with no recent sanctions and a demonstrated need for access will get this right, and even then it's only read only so they can't change anything. It would actually be very difficult for a sockmaster to game their way to this right (requiring likely several months minimum of productive working with edit filters or managing to become an SPI clerk (not easy). Thryduulf (talk) 07:45, 19 August 2017 (UTC)
- @Thryduulf: Very, very false. I regularly see sockmasters working their way toward extended confirmed. They do it already to attempt to get past ECP protection. It requires only 500 edits to become extended confirmed, which can be achieved in a couple days of counter-vandalism. Further, you haven't defined demonstrated need rigorously enough. I would assume that counter-vandalism activities related to sockpuppetry would be demonstrated need. The reality is that no-one except those who edit edit filters (or perhaps those who do so on other wikis) really need to see them. Why does an SPI clerk need to see a filter rather than grab an edit filter manager and ask them to take a look? They'd need an edit filter manager anyway if they needed to make any changes. I'm very sympathetic to a use case of allowing edit filter managers from other wikis to view our filters, but I'm seriously worried about how easily this will be granted. Keep in mind that effective standards for user rights at PERM tend to be very low. Often, I see admins grant rights to editors who have no business having them, because they handle rights they do not know much about (see, for instance, the AWB PERM page). I'm very worried about what this vague and relatively low criteria will result in. A sockmaster viewing the filter intended to block their actions can get around it very easily. ~ Rob13Talk 16:02, 19 August 2017 (UTC)
- Just doing counter-vandalism work would not be a demonstrated need for access as you don't need to be able to see the filters to do that, and a new user requesting this right would raise red flags even if it were sufficient - the standard is "demonstrated need" not "it would be helpful" or "I would like". I agree re WP:PERM which is why requests for this very specialised right will be handled on this page (edit filter noticeboard). SPI clerks, AIUI, mainly need access to see the edit filter logs (a right that the software does not separate from viewing the filters themselves) and the spam blacklist logs but MusikAnimal knows more about that aspect than I do. Thryduulf (talk) 16:31, 19 August 2017 (UTC)
- @Thryduulf: Why don't we just give edit filter manager to the SPI clerks? I'm fine with that. As for non-SPI clerks, I'll keep the conversation in the subsection below. ~ Rob13Talk 18:13, 19 August 2017 (UTC)
- "Why don't we just give edit filter manager to the SPI clerks?" because they don't need, or in at least some cases, want write access. Viewing the details of filters and logs, and seeing why a filter was triggered is not the same as writing or modifying a filter. Thryduulf (talk) 18:28, 19 August 2017 (UTC)
- @Thryduulf: Why don't we just give edit filter manager to the SPI clerks? I'm fine with that. As for non-SPI clerks, I'll keep the conversation in the subsection below. ~ Rob13Talk 18:13, 19 August 2017 (UTC)
- Just doing counter-vandalism work would not be a demonstrated need for access as you don't need to be able to see the filters to do that, and a new user requesting this right would raise red flags even if it were sufficient - the standard is "demonstrated need" not "it would be helpful" or "I would like". I agree re WP:PERM which is why requests for this very specialised right will be handled on this page (edit filter noticeboard). SPI clerks, AIUI, mainly need access to see the edit filter logs (a right that the software does not separate from viewing the filters themselves) and the spam blacklist logs but MusikAnimal knows more about that aspect than I do. Thryduulf (talk) 16:31, 19 August 2017 (UTC)
- @Thryduulf: Very, very false. I regularly see sockmasters working their way toward extended confirmed. They do it already to attempt to get past ECP protection. It requires only 500 edits to become extended confirmed, which can be achieved in a couple days of counter-vandalism. Further, you haven't defined demonstrated need rigorously enough. I would assume that counter-vandalism activities related to sockpuppetry would be demonstrated need. The reality is that no-one except those who edit edit filters (or perhaps those who do so on other wikis) really need to see them. Why does an SPI clerk need to see a filter rather than grab an edit filter manager and ask them to take a look? They'd need an edit filter manager anyway if they needed to make any changes. I'm very sympathetic to a use case of allowing edit filter managers from other wikis to view our filters, but I'm seriously worried about how easily this will be granted. Keep in mind that effective standards for user rights at PERM tend to be very low. Often, I see admins grant rights to editors who have no business having them, because they handle rights they do not know much about (see, for instance, the AWB PERM page). I'm very worried about what this vague and relatively low criteria will result in. A sockmaster viewing the filter intended to block their actions can get around it very easily. ~ Rob13Talk 16:02, 19 August 2017 (UTC)
- After further consideration, neutral. What I'd really want to see happen is a decoupling of "view filters" from "view filter logs" and the establishment of an "SPI clerk" user right which allows viewing filter logs (and blocking temporarily for a period not to exceed 72 hours? is that possible with the new temporary blocks?). I'm not convinced by the "I don't want write access". The trust required for write and the trust required for read is the same, so long as we think the applicant is competent to not use the write access if we tell them not to without consulting an experienced filter manager (note that most admins have theoretic access to edit filters but would break the site if they tried using that access...). Still, my concerns are largely addressed by the fact that this won't happen at PERM and will only happen after consensus in a discussion. I anticipate the criteria as written will be raised above "extended confirmed" before this goes live. ~ Rob13Talk 03:27, 20 August 2017 (UTC)
- I don't know the answer to your question about temporary blocks. Decoupling view filters from view filter logs will require a patch to MediaWiki, which is beyond the scope of this discussion and will need to be requested at Phabricator - I have no idea how likely it is to be actioned. Thryduulf (talk) 09:56, 20 August 2017 (UTC)
- (edit conflict) While the idea is novel, yes, but community consensus would surely be against such an userright. Personally, I would never get across adminship/something similar to gain blocking (temporary or not) rights. Also, since non-admin SPI clerks are a handful in number, I do not think people would find it feasible to implement. IMO, giving write-access to EFH wouldn't be a major problem, since the level of trust, as you said, is similar; the only thing holding them back would probably be competency at regex (I myself am very much a rookie at it). --QEDK (愛 • 海) 09:59, 20 August 2017 (UTC)
- @QEDK: Well, competency at regex isn't a problem. All you need to not fuck up with write access is competency to know not to touch the shiny buttons when you don't know what you're doing. We trust hundreds of completely non-technical admins with the ability to grant themselves write access and then use it because we trust they'll know not to. Note that write access is needed to write comments on the filters, which it sounds like this group should probably be able to do. ~ Rob13Talk 20:51, 20 August 2017 (UTC)
- The comments on the filters are for attribution of and explanations regarding changes to the filters or changes to the status of them (e.g. setting/unsetting the filter to disallow matching edits). Edit filter helps will not be making changes to the filters so they will have no need to write filter comments on them. They can of course discuss filters on this page/on the mailing list as appropriate. Thryduulf (talk) 00:38, 21 August 2017 (UTC)
- @QEDK: Well, competency at regex isn't a problem. All you need to not fuck up with write access is competency to know not to touch the shiny buttons when you don't know what you're doing. We trust hundreds of completely non-technical admins with the ability to grant themselves write access and then use it because we trust they'll know not to. Note that write access is needed to write comments on the filters, which it sounds like this group should probably be able to do. ~ Rob13Talk 20:51, 20 August 2017 (UTC)
- (edit conflict) While the idea is novel, yes, but community consensus would surely be against such an userright. Personally, I would never get across adminship/something similar to gain blocking (temporary or not) rights. Also, since non-admin SPI clerks are a handful in number, I do not think people would find it feasible to implement. IMO, giving write-access to EFH wouldn't be a major problem, since the level of trust, as you said, is similar; the only thing holding them back would probably be competency at regex (I myself am very much a rookie at it). --QEDK (愛 • 海) 09:59, 20 August 2017 (UTC)
- I don't know the answer to your question about temporary blocks. Decoupling view filters from view filter logs will require a patch to MediaWiki, which is beyond the scope of this discussion and will need to be requested at Phabricator - I have no idea how likely it is to be actioned. Thryduulf (talk) 09:56, 20 August 2017 (UTC)
- @BU Rob13: Only extended confirmed users with no recent sanctions and a demonstrated need for access will get this right, and even then it's only read only so they can't change anything. It would actually be very difficult for a sockmaster to game their way to this right (requiring likely several months minimum of productive working with edit filters or managing to become an SPI clerk (not easy). Thryduulf (talk) 07:45, 19 August 2017 (UTC)
- Oppose. The level of trust required for this should at least be at the same level of admin, so I don't see the point. If you need this, you might as well stand for admin. -- Tavix (talk) 04:29, 19 August 2017 (UTC)
- @Tavix: Why? It's not like any extended confirmed user will get this - they have to demonstrate a need for it and have no recent relevant blocks or sanctions - and remember that the edit filter manager right (which also gives write access, unlike this will) is also available to non-admins and has been for years without any problems that I'm aware of - indeed the only editor who has abused edit filters in recent years was an administrator (Kww). Thryduulf (talk) 07:45, 19 August 2017 (UTC)
Oppose Great! The community has decided to cherry pick the admin tools. I don't care for the requirements because I'm definitely not putting my trust in non-admins.— JudeccaXIII (talk) 05:18, 19 August 2017 (UTC) (Move to "Support") — JudeccaXIII (talk) 19:44, 22 August 2017 (UTC)- This has nothing to do with cherry picking the admin tools - firstly admins have write access to the edit filters, this will only grant read access. Secondly almost no admins actually do any work with edit filters (~15 of 851). Thirdly, the edit filter manager right (which gives write access) has existed independently of the admin toolkit for years - this is just a subset of that. Thryduulf (talk) 07:45, 19 August 2017 (UTC)
- Thryduulf Question Once an editor is granted this right, I assume (s)he will be able to view the following information: Documentation#Variables. If so, will our actually names associated with our accounts be viewable along with our IPs from all devices we use? — JudeccaXIII (talk) 02:27, 21 August 2017 (UTC)
- @JudeccaXIII: The additional rights do not grant access to additional variables, it simply allows access to view filter configuration that is not hidden, and the logs associated with those filters, and to view the contents of the spamblacklist log. As far as the filters go, it is the same variables that are already used (example logs). — xaosflux Talk 03:44, 21 August 2017 (UTC)
- @JudgeccaXII: I don't fully understand your question, but the only people who can see the IP addresses used by logged-in users are checkusers and developers. The logs for hidden filters are identical in structure and information presented to the logs for public filters. Any filter may be set or unset as private at any time, and changing that status does not alter the content of the log at all. Thryduulf (talk) 09:30, 21 August 2017 (UTC)
- Thryduulf Question Once an editor is granted this right, I assume (s)he will be able to view the following information: Documentation#Variables. If so, will our actually names associated with our accounts be viewable along with our IPs from all devices we use? — JudeccaXIII (talk) 02:27, 21 August 2017 (UTC)
- Support Callanecc (talk • contribs • logs) 11:08, 19 August 2017 (UTC)
- Support. I usually support any process that spread the rights amongst different classes of users, i consider the overall scenario more balanced in this case. And it allows a little bit of cursus honorum too. So, even if there will be some rearrangement in the future of flag architectures, it is good that this functions is not given only to sysops like other ones. In big and variegated community like enwiki it is possible to do it, there should be enough candidate to justify its creation. Maybe we can insert this request for flag in the same watchlists of the procedures of sysops if this gesture reassure or persuade some of the opponents. We could also restrict the flag to only specific classes of users (global patroller, sysops and patrollers on sister platforms, long term autopatrolled users...) for the same reason. In any case, IMHO the core idea is a good one.--Alexmar983 (talk) 12:51, 19 August 2017 (UTC)
- Support, since it looks like a great idea. Enterprisey (talk!) 14:13, 19 August 2017 (UTC)
- Support WP:PERM could be used, and bump up the requirement to 5K edits and 1 year. Not many LTAs get that far. L3X1 (distænt write) )evidence( 15:26, 19 August 2017 (UTC)
- Using WP:PERM was considered and rejected as this is a very specialised right that needs evaluation by people who are actively involved with edit filters, so the requests for the right come here. We want to make as difficult for hat collectors to get as we can, and not having it there will also make it lower profile which is a good thing. Thryduulf (talk) 16:42, 19 August 2017 (UTC)
- Support; and I may be interested in gaining these permissions. groig (talk) 23:05, 19 August 2017 (UTC)
- Support. It makes sense to me that there are users who would make good use of this tool. And I like the idea of granting selected admin-like permissions to non-admins (unbundling!). I've thought about the issue of the wrong users slipping through, and I'm a little bit reassured by the processes for removal of the right. Beyond that, I think it comes down to: don't be foolish about granting the right, and take the granting process seriously. --Tryptofish (talk) 00:14, 20 August 2017 (UTC)
- Oppose: I fail to see the necessity of this proposed user group. Javert2113 (talk) 04:10, 20 August 2017 (UTC)
- Support Creating more specific user rights is a good way of allowing work to be done by people who might not have the overall experience needed to use all admin tools. For example an admin will need to have engaged in Afd, making articles, anti-vandalism, mediation, helping newcomers etc. all while keeping a conflict free record. Whereas this user right could be given to someone who has a track record of dealing with evil minions/vandals/sockpuppets, but may never have engaged in Afd discussions or made many articles. A Guy into Books (talk) 08:49, 20 August 2017 (UTC)
- Oppose Simply not needed in my opinion.--Jasper Deng (talk) 22:24, 20 August 2017 (UTC)
- @Jasper Deng: Why do you think it is not needed? There are quite a few usecases presented in this discussion and in the discussion that occurred prior to the RfC. Thryduulf (talk) 00:38, 21 August 2017 (UTC)
- The use cases can be all accomplished by assignment of the existing EFM right. If they can't be trusted to not abuse that right by modifying filters they aren't knowledgeable about, then they can't be trusted with the right in the first place.--Jasper Deng (talk) 01:12, 21 August 2017 (UTC)
- @Jasper Deng: Why do you think it is not needed? There are quite a few usecases presented in this discussion and in the discussion that occurred prior to the RfC. Thryduulf (talk) 00:38, 21 August 2017 (UTC)
- Oppose. If the user is trusted and experienced enough, give them admin rights. They still don't have to use all the admin rights if they don't want to. No need for a separate permission, anyway. Gestumblindi (talk) 11:06, 21 August 2017 (UTC)
- "Give them admin rights" is easier said than done. Only two people a month (on average) go through RfA. This proposal recognizes that fact and is a lightweight way to have some users, vetted and reviewed, granted the rights without the full RfA process. The proposal is also recognizing that for various reasons, we have more people willing to do some of the work currently restricted to admins, than are willing to go through RfA. ☆ Bri (talk) 18:17, 21 August 2017 (UTC)
- Support - Smokin'🐻 14:37, 21 August 2017 (UTC)
- Support. Will come in handy for SPI clerks and a lot of vandal fighters. RadiX∞ 18:23, 21 August 2017 (UTC)
- @RadiX: To be abundantly clear, "a lot of vandal fighters" will not be getting access to this. That's actually the major reason I initially opposed. This isn't neo-rollback. It's a highly specialized user right that probably would be given to no more than 20 editors total, if even that. ~ Rob13Talk 16:03, 22 August 2017 (UTC)
- Support – I find it very useful to distinguish read access from write access: needs for each, and prerequisite skills are markedly different. — JFG talk 11:51, 22 August 2017 (UTC)
- Support - anything that helps make administrator status less of a big deal is always a good thing in my book. Twitbookspacetube 11:51, 22 August 2017 (UTC)
- Comment moved from the "Discussion" section by Thryduulf (talk) 12:00, 22 August 2017 (UTC)
- Support My main concern was privacy, but my question was answered. Though I still think there are enough user rights already, but if it helps, sure. — JudeccaXIII (talk) 19:44, 22 August 2017 (UTC)
- Reluctant Support. I see this very much as a way of granting a right while avoiding the RfA process, which is simultaneously good and bad. Obviously, RfA has a very high passing bar, and is almost impossible to pass for anyone without a stellar track record, 40 years of experience on WP, and 6 million page creations. The addition of this right to users that have not gone through the RfA process is a good thing, because it avoids that process, but creation of these usergroups for things that have traditionally been admin rights makes adminship even more of a big deal -- it is not. However, with the current state of RfA, I believe that we need to begin exploring alternate avenues to begin granting these rights... Because RfA doesn't look like it's going to change. Keira1996 01:11, 23 August 2017 (UTC)
- Support but careful vetting would be required. jcc (tea and biscuits) 16:12, 23 August 2017 (UTC)
- Oppose, anyone who needs that right should be made an admin. —Kusma (t·c) 09:20, 25 August 2017 (UTC)
- @Kusma: Even people who have not contributed to a single discussion on en.wp but need this to assist with edit filters on another project? What about those people who are doing SPI work and have no interest or experience in closing XfDs or assessing consensus of discussions (required to stand a chance of passing RFA). It's also worth noting that the edit filter manager right, which is much more powerful than this one, has been available to non-admins for years without a problem. Thryduulf (talk) 11:24, 25 August 2017 (UTC)
- All of those people should be admins. It is sad that the sets of skills required to be an admin is so different from that currently optimal to pass RfA, but creating new user rights is the wrong direction in my (probably minority) opinion. —Kusma (t·c) 11:40, 25 August 2017 (UTC)
- @Kusma: I don't think I'm understanding you. Are you saying that people with zero edits on enwiki who do not know our policies but need to view our filters to be able to implement filters on sister projects should be made enwiki admins? This is a common thing that ends with existing edit filter managers emailing with those folks. It would be easier for them to view filters directly. That's the issue. ~ Rob13Talk 00:08, 26 August 2017 (UTC)
- I don't have a problem with zero-edit admins. Compare Wikipedia:Requests for adminship/Lustiger seth. —Kusma (t·c) 20:48, 27 August 2017 (UTC)
- @Kusma: I don't think I'm understanding you. Are you saying that people with zero edits on enwiki who do not know our policies but need to view our filters to be able to implement filters on sister projects should be made enwiki admins? This is a common thing that ends with existing edit filter managers emailing with those folks. It would be easier for them to view filters directly. That's the issue. ~ Rob13Talk 00:08, 26 August 2017 (UTC)
- All of those people should be admins. It is sad that the sets of skills required to be an admin is so different from that currently optimal to pass RfA, but creating new user rights is the wrong direction in my (probably minority) opinion. —Kusma (t·c) 11:40, 25 August 2017 (UTC)
- @Kusma: Even people who have not contributed to a single discussion on en.wp but need this to assist with edit filters on another project? What about those people who are doing SPI work and have no interest or experience in closing XfDs or assessing consensus of discussions (required to stand a chance of passing RFA). It's also worth noting that the edit filter manager right, which is much more powerful than this one, has been available to non-admins for years without a problem. Thryduulf (talk) 11:24, 25 August 2017 (UTC)
- Support I came here from phab, after realizing that I needed the view-rights for suggesting changes to a private filter that's malfunctioning. Such a view-only option would be helpful. Lourdes 12:43, 25 August 2017 (UTC)
- Support - I haven't used edit filters much in SPI work but I certainly see how it's a valuable tool for certain long-term cases. I don't see any risk of damage from allowing more users access to this information. Ivanvector (Talk/Edits) 16:27, 25 August 2017 (UTC)
- Oppose The existence of this right will only invite EFMs to keep private filters that should be made public. Furrykiller (talk) 21:51, 28 August 2017 (UTC)
- @Furrykiller::--That's a pretty bad reason to oppose.Making certain edit-filters visible to everybody is practically impossible since it will, at large defeat their purpose(s).See WP:BEANS.Regards:)Winged Blades of GodricOn leave 11:43, 29 August 2017 (UTC)
- Perhaps I was unclear. Filters that are narrowly targeted at LTA cases are and must remain private if they are to be any use at all. My comment was directed at a few low-risk, easily probed private filters that probably produce a lot of false positives (eg #34). This proposal is obviously going to pass, and I hope that when it does, the EFMs don't use it as an excuse to mark filters as private without a good reason. Furrykiller (talk) 12:10, 29 August 2017 (UTC)
- I don't think this is at all likely - after all they would have been doing it for years now if they were going to. Thryduulf (talk) 20:50, 30 August 2017 (UTC)
- Perhaps I was unclear. Filters that are narrowly targeted at LTA cases are and must remain private if they are to be any use at all. My comment was directed at a few low-risk, easily probed private filters that probably produce a lot of false positives (eg #34). This proposal is obviously going to pass, and I hope that when it does, the EFMs don't use it as an excuse to mark filters as private without a good reason. Furrykiller (talk) 12:10, 29 August 2017 (UTC)
- @Furrykiller::--That's a pretty bad reason to oppose.Making certain edit-filters visible to everybody is practically impossible since it will, at large defeat their purpose(s).See WP:BEANS.Regards:)Winged Blades of GodricOn leave 11:43, 29 August 2017 (UTC)
- Support - There is nothing wrong with giving certain editors this newer right to only view private, hidden edits, especially if editors meet the proposed (or amended) criteria and are trusted to acquire this right. Otherwise, an editor would not deserve this right. Simple as that... I hope. The opponents are opposing this proposal for various reasons neither sufficient nor convincing enough to change my mind about this proposal. BTW, I think publicizing filtered edits would bring more harm than good. --George Ho (talk) 23:11, 28 August 2017 (UTC)
- Comment: Tally so far is 48 support, 8 oppose ☆ Bri (talk) 04:40, 29 August 2017 (UTC)
- Support - Would come in handy for vandal fighters.SshibumXZ (talk) 10:46, 29 August 2017 (UTC)
- Oppose "Demonstrated need" is too vague and subject to creep. Change criteria 1 to "1. Currently-active highly-trusted user that would otherwise qualify for the EFM userright on the English Wikipedia", and, since this is aimed at SPI clerks, add criterion 5: "5. Currently-active SPI clerk or trainee clerk on the English Wikipedia". Then this proposal would have my full support. --Ahecht (TALK
PAGE) 16:10, 29 August 2017 (UTC) - I lean slightly toward opposing since it looks like an unnecessary complication, but I do not fully understand it so I have no strong opinion. However, I do have questions.
- I've been an admin on Wikitravel & then Wikivoyage for about a decade & am an experienced abuse fighter back to the 1990s Usenet spam wars. On WP, though, I'm only an occasional contributor. Would I be eligible for this? If so, what use would it be to me?
- Is it possible this should be done on a cross-wiki basis rather than just WP? Pashley (talk) 20:41, 29 August 2017 (UTC)
- @Pashley: If you have no need for it, and don't see the use for it, then I would say that there's no reason for you to have the permissions. We do have editors who absolutely understand how viewing private filters and logs could help them in our anti-abuse efforts. There is a global group: mw:Abuse filter helpers - obviously it's better to restrict things locally when there isn't a global need. -- zzuuzz (talk) 21:12, 29 August 2017 (UTC)
- Strong oppose Pointless. Without the ability to edit anything, this whole thing is useless. Also, I don't see a need. — Mr. Guye (talk) (contribs) 03:48, 30 August 2017 (UTC)
- Support - the ability to grant it should be restricted to Admins who are also EFMs. Cabayi (talk) 07:20, 30 August 2017 (UTC)
- @Cabay: Slightly pointless as any administrator is able to make themselves and edit filter manager at any time. If you mean that only those administrators who work with edit filters should grant it, then there is no technical method available to enforce that but that is one reason why the requests are to be handled on this page rather than WP:PERM. Thryduulf (talk) 20:50, 30 August 2017 (UTC)
- Strong oppose - If you want to be an edit filter helper than be an admin simple as that. –Davey2010Talk 20:37, 30 August 2017 (UTC)
- @Davey2010: So do you believe that we should remove the edit filter manager right then, given that it is more powerful and available to non-administrators? Thryduulf (talk) 20:50, 30 August 2017 (UTC)
- Absolutely but that's just my personal opinion just the above is my personal opinion .... You can reply and essentially disagree with it but it wont change my mind. –Davey2010Talk 21:06, 30 August 2017 (UTC)
- Oppose unless very selective — On the upside, it would demonstrably be useful for the requests that have come, in the past, from other wikis wanting to copy filters, where someone's an admin "there" and by-federation likely trustworthy enough here to be temporarily granted EFM with the agreement it's read-only. Same goes for those who only requested EFM for read-only yet still demonstrated relative trust here. However, if this is put in action, it should be relatively-guarded rather than hat-collectible (e.g., there should be a good reason: demonstrated prior assistance with crafting/debugging public edit filters, being an SPI clerk, being an admin on another wiki, running an approved bot or bot approved for a trial, etc...). A few reasons for my caution: 1.) Edit filters have been extremely useful/game-changing when it comes to fighting both sockpuppetry and vandalism, in part because it's open-source to the trusted but closed-source to the stupid and idiotic (i.e., people who think disrupting a non-profit and wasting volunteer time is somehow good for anyone / socks). 2.) The vast majority of vandalism fighters don't actually need to see explicitly-private edit filters, lack the requisite technical knowledge to modify or contribute to them, and therefore don't clearly demonstrate a need for the extra tool, which isn't even an actionable extra tool otherwise. 3.) Private edit filters tend to be those that are most useful for monitoring severe, long-term sockpuppetry, particularly from the most dedicated sockpuppeteers—possibly even those who can appear to be vandal fighters just by huggling for a few weeks just to find out how they can evade. Forcing substantial, non-trivial contributions to the community seems a good-enough barrier, however; something that's done with EFMs. 4.) We already have a relatively open-door policy of "if you want details on the private filter, ask." 5.) People who actually do have the technical knowledge and/or one or all of the example prerequisites I mentioned can already get EFM. See the various requests over the years. It's not that difficult for someone to get EFM so long as they demonstrate a moderate level of trust and technical capability, which would logically be required for this right to be enabling for a would-be helper in the first place. --slakr\ talk / 03:04, 1 September 2017 (UTC)
- Pretty much every one of your reasons for caution have been designed into the process - particularly making it difficult for hat collectors, and yes it will be very selective - you only get it if you have a demonstrated need to have it (rather than only refusing if there is a reason to refuse, as some other rights). The reason this is required as well as EFM is that several people who have been given EFM didn't need/want full write access and others who were given EFM when they wouldn't have been if this right were available. Anyone can ask for details of a private filter, but that does not mean the details are given out in public or even given at all in many cases. Thryduulf (talk) 08:39, 1 September 2017 (UTC)
Discussion regarding edit filter helper
- The following people commented in the discussion leading to this RfC: @Ks0stm, Xaosflux, Dane, Samwalton9, DatGuy, MusikAnimal, Train2104, Nyttend, and Ajraddatz:. Thryduulf (talk) 14:24, 14 August 2017 (UTC)
Contrast to the admin right
Edit filter helpers would need to be highly trusted. You need to be highly trusted to be an admin. Admins can see the private edit filter.
What is the need to create this separate right? Is the theory that RfA is too onerous? Do we see there being many people who would get the edit filter helper right who would not make it through a request for adminship?
Yaris678 (talk) 16:58, 18 August 2017 (UTC)
- Yaris678, while it's true that only 15 of the EFMs are not admins, I would argue that their contributions are just as valuable as those of the admins. Some people simply don't want to be admins, and it's not for us to judge whether they should be forced to go into administration simply to get EFM. Plus, I'll note that only 150 admins actually use EFM, demonstrating that even with the bit there aren't that many who have an interest. Why look a gift horse in the mouth? If someone wants to help out, let them. Primefac (talk) 17:23, 18 August 2017 (UTC)
- @Primefac: Actually, it is for us to "judge whether they should be forced to go into administration simply to get EFM." That's what this RfC is about. The community sets policy and access rights, so it really is for us to judge. ···日本穣 · 投稿 · Talk to Nihonjoe · Join WP Japan! 17:39, 18 August 2017 (UTC)
- Nihonjoe, you make a very good point. I meant more in an "as of this point in time" metric, though given the nearly unanimous support for the above proposal, it looks like it would go that way in the future as well. I meant more in the fact that we should not make EFM only accessible to admins because that would be like shooting ourselves in the foot.
- The EFH right was proposed based on a case a few months ago where I requested the right for a user because she was demonstrating a definite need to view the edit filters, but was not comfortable with actually editing them. Her gaining the right came with an "unofficial tban" towards actually editing the filters, which made a few of us realize that trusted users could/should still be able to view them if necessary. Primefac (talk) 17:47, 18 August 2017 (UTC)
- @Primefac: Actually, it is for us to "judge whether they should be forced to go into administration simply to get EFM." That's what this RfC is about. The community sets policy and access rights, so it really is for us to judge. ···日本穣 · 投稿 · Talk to Nihonjoe · Join WP Japan! 17:39, 18 August 2017 (UTC)
Concerns about ease of access to the right
@Tavis, JudeccaZIII, BU Rob13, and Timotheus Canens: and others concerned about it being easy for sockmasters or vandals to get access, it's probably worth noting that the biggest hurdle for getting access to this is the "demonstrated need for access" criterion. The significant majority of people who will benefit from this right will be non-admin SPI clerks, which is a position that requires significant effort to get, it would surprise me if there were more than 2-3 other editors a year who meet the criteria, and some of them will get it by virtue of being an admin on another project - something a sockmaster or vandal is extremely unlikely to be. See Wikipedia:Edit filter noticeboard/Archive 2#Copies of private filters for where a sockmaster (I love bridges) attempted to get access to private filters but failed. New users requesting this rather specialised and almost certainly quite obscure right will be quite a big flag that there might be something to investigate. Thryduulf (talk) 07:59, 19 August 2017 (UTC)
- @JudeccaXIII and Tavix: let's try spelling your names correctly this time. Thryduulf (talk) 08:00, 19 August 2017 (UTC)
- @Thryduulf: What is "demonstrated need"? Is doing counter-vandalism related to sockpuppetry "demonstrated need"? I would assume yes, or I would at least assume other admins would say yes at PERM on occasion. As for your assertion that sockpuppets don't get the bit on other wikis, that is ill-timed, since this literally happened last week. See INeverCry, who got sysop on Commons with a sock and then went on a spree of vandalism. ~ Rob13Talk 16:05, 19 August 2017 (UTC)
- Concerns about abuse of the right and infiltration of privileged toolsets are completely legitimate. (I have also seen evidence that bad actors have tried to infiltrate OTRS.) However it seems a bit circular to say we only trust admins with the tools, but simultaneously say we don't think they are able to determine who is trustworthy enough to receive permissions to use the tools. At some point don't we have to take action with expansion of access, or else remain paralyzed by fear of abuse? ☆ Bri (talk) 16:24, 19 August 2017 (UTC)
- See also my reply above, but WP:PERM is irrelevant as the right is requested and granted here not there, and it can only be granted when there is consensus to do so. Simply doing counter vandalism work is not a demonstrated need as very few people doing counter vandalism work actually do need to have any involvements with the details of the private filters. Even syspos on other wikis still need to have a demonstrated need for access here and any blocks or sanctions on another wiki will be looked at. Thryduulf (talk) 16:37, 19 August 2017 (UTC)
- I agree the requirement of extended confirmed is a bit low. I can think of a handful of users who I would grant this to right now, and they all have tens of thousands of edits and have been around for quite some time. Indeed the position of being an SPI clerk is not easy to attain, and the only other relevant position (aside from non-enwiki admins) is someone who has long been working toward tracking LTAs, like EvergreenFir. Another thing to consider is trusted users who regularly request new filters and amendments at WP:EF/R, targeted towards specific socks. Some of these people I communicate via email since they can't see the logs, so obviously a read-only right would help them. It's all on a case by case basis, and the people here who work on edit filters I think can be trusted to make the right call. Each and every request for this right involves a discussion, after all, not the judgement of a single admin as is the case at WP:PERM. That being said it wouldn't hurt to be more explicit in the granting guideline and raise the bar a bit — MusikAnimal talk 17:17, 19 August 2017 (UTC)
- I'm all for just granting edit filter manager to the non-admins who are regularly requesting new filters/amendments at WP:EF/R and have passed a high threshold of trust. Read-only doesn't help them as much as learning how to actually change filters. If I trust them to read a filter, I trust them to write one. I'm very worried that we're setting a hard threshold too low and this will lead to "well, it's just read access" arguments when a good-faith user seems to vaguely need the right (but not urgently). ~ Rob13Talk 18:12, 19 August 2017 (UTC)
- Not everybody needs or wants write access - not everybody is comfortable with making the changes (especially as even a minor typo can have very significant consequences), and not everybody has the technical skills required to adjust filters but does understand enough to review logs, and get the gist of the regex (for example, me). It's also a good learning tool and a way for people who want edit filter manager to demonstrate competence before being granted write access. Thryduulf (talk) 18:34, 19 August 2017 (UTC)
- Good points. The bar for write permissions however is super high, much higher than what I would expect for read-only, as it should be. If I see a regular at WP:EF/R is competent at regex and is trusted, I would recommend them ask for write access. This is exactly what happened with Crow, who didn't even want write-access but I sort of pushed them into it as I saw they were perfectly capable :) Meanwhile, others at EF/R are more saying the "sock is now doing this so the filter should do this" in plain English, and may have no conception of technical details. These are the people who would benefit from the logs, because currently all they can tell me is "this edit got through", and have no idea if the sock is active, likewise for SPI clerks and LTA trackers who don't work at EF/R. As the filter author, I monitor to make sure there are no obvious false positives, but sometimes I have to defer to the requester via email. These use cases admittedly don't happen often, but if I know I trust someone, and I know they have no desire to edit filters, why not? Obtaining write access for them wouldn't be easy. Read-only I don't think is near admin-level at all. Admins can cause significant damage, this read-only right by itself can cause zero. It's for trusted users who would clearly benefit from it, that simple. I think we have an excellent edit filter management team, and no one is going to hand out the read-only right without sufficient scrutiny — MusikAnimal talk 22:24, 19 August 2017 (UTC)
- Random thoughts on the above: As with any permission, there's never a requirement to grant it, so a new, suspicious, out of nowhere helper suddenly appearing and requesting doesn't bind anyone's hands. I personally might be a bit more judicious with granting to someone who doesn't know regex but knows what they want the filter to do... the logs will tell you if a filter was hit, but they won't tell you why it *wasn't* hit, so you need to be able to sort through the code to make useful suggested corrections. (There's still a few non-hits that I can't figure out why they didn't trip). I agree with {u|BU Rob13}} that we mustn't set the bar too low, and I think that's where the judgement for "demonstrated need" is crucial. Editorial or technical curiosity (even in good faith), or requests focused around one sock or disruption to one article, should not be considered meeting that need, as the requests page is quite viable for that. I suspect that it will become one of those scenarios where you "just know" if a requester is right or wrong for the permission. CrowCaw 17:03, 22 August 2017 (UTC)
- Yes, and there is a fairly large set of long-term, trustworthy editors who don't want to be admins as I've alluded to above. Some of them have even been collated and vetted as part of an organized admin recruiting effort. ☆ Bri (talk) 17:56, 22 August 2017 (UTC)
- If the intent is to have this permission for admins/filter managers on other wikis, SPI clerks and trainee clerks, and people who would qualify for EFM but don't want the ability to edit, why not just limit it to those groups instead of using the vague "demonstrated need"? --Ahecht (TALK
PAGE) 17:36, 29 August 2017 (UTC)
- @Ahect: because that is not the intent. The intent is to restrict it to those who have a need, which includes some (but not all) SPI clerks and admins/edit filter managers on other wikis, but is not limited to them - for example Lourdes would benefit from this right to assist with identifying and debugging a (probably MediaWiki) problem that is affecting at leas one filter (see #Can someone more competent than me take a look). In other words not all SPI clerks etc have a need and not everyone with a need is an SPI clerk/admin on another wiki, etc. Thryduulf (talk) 20:58, 30 August 2017 (UTC)
- Vandals and sockmasters can get around filters through trial and error, which would be much easier to do than making an account, becoming an established editor, becoming active in some area of the project that requires filter viewing, and then requesting this permission. I can understand opposing this because we already have a user group - edit filter managers - that can give people view access, with years of it not being abused to work with. But opposing the new group because a troll could use it to view private filters and save themselves a couple minutes figuring out how to bypass the filter manually, after spending months trying to collect the various prerequisites? Truly ridiculous. -- Ajraddatz (talk) 19:15, 22 August 2017 (UTC)
- I'll also add that the sysop unbundling comments don't make sense here either. If anything, complain about EFM unbundling, and tell any candidates to request the full editing rights instead. -- Ajraddatz (talk) 23:57, 25 August 2017 (UTC)
Concern about "at least a basic understanding" of account security
This needs to be more than just a single sentence. There is a reason why WP:PAGEMOVER#Have a strong password, WP:TPE#Have a strong password and WP:EF#Have a strong password are sections instead of semtences. Anybody with this edit helper privilege should also fully understand and follow personal security practices, have a strong password, and everything else listed on WP:SECURITY. It has been mentioned in the concerns about ease of access discussion, but I'll basically repeat it: a vandal or sockpuppet with this would be able to view the private edit filters designed to combat vandalism. Therefore, a compromised account would also have to be blocked and its privileges removed on grounds of site security. Zzyzx11 (talk) 02:04, 25 August 2017 (UTC)
- I feel this is fully answered elsewhere, but if there is any concern that someone's account security practices are too weak then they wont get the right. This was also brought up in the #revisiting local edit filter helpers group discussion which came before this RfC, which I encourage you to read. There are far easier, and thus far more likely, ways for a vandal to bypass filters. Thryduulf (talk) 11:31, 25 August 2017 (UTC)
- perhaps 2FA should be extended to include this new group? Cabayi (talk) 11:36, 25 August 2017 (UTC)
- This was discussed at #Edit filter helper right - refined proposal. Given the conclusion there that this is not a necessity and the number of people who have already commented in this RfC it will probably better to propose the extension of it to this group separately after the right is created (assuming the RFC is closed as supporting the proposal). I don't know where the best place to make such a proposal would be though. Thryduulf (talk) 11:48, 25 August 2017 (UTC)
- You can turn on 2FA now, without being an admin, by asking on meta. I know because I did it this week. ☆ Bri (talk) 03:16, 26 August 2017 (UTC)
- This was discussed at #Edit filter helper right - refined proposal. Given the conclusion there that this is not a necessity and the number of people who have already commented in this RfC it will probably better to propose the extension of it to this group separately after the right is created (assuming the RFC is closed as supporting the proposal). I don't know where the best place to make such a proposal would be though. Thryduulf (talk) 11:48, 25 August 2017 (UTC)
- perhaps 2FA should be extended to include this new group? Cabayi (talk) 11:36, 25 August 2017 (UTC)
Name
"Edit filter helper" isn't really accurate or descriptive. These people aren't really helping the edit filter managers create filters; if they were, we'd just give them edit filter manager. Can we call this "edit filter viewer" instead? this is far more descriptive and clearly accurate. ~ Rob13Talk 04:15, 5 September 2017 (UTC)
- The name is a bit of a historical oddity. The global group was originally created specifically so people could help design filters globally, while being granted only view access so they had to work with the local admins and abusefilter managers. I have no objection to the local group being called viewers instead, and the global group should probably be changed at some point given its expanded scope now. -- Ajraddatz (talk) 05:20, 5 September 2017 (UTC)
- And note, the proposed local, just like the global, includes spamblacklist viewing as well - I suppose that is still a form of a "filter" but its not from the abusefilter system. Let's make sure to not get hung up on this, we can always localize the name. — xaosflux Talk 12:00, 5 September 2017 (UTC)
- I'm not bothered about the name - I came to this after someone else had originally proposed it and just ran with what they were calling it. If we can change the name locally after the right is created (I don't know) then that's probably the simplest way to go about it, but using the same name as the global group seems like it has less potential to cause confusion when the request is made to the devs on phabricator. Thryduulf (talk) 23:18, 8 September 2017 (UTC)
Filter 869
Unless I'm misreading the filter log, filter 869 (the WP:DAILYMAIL filter) does not seem to actually be warning anyone, which is its entire purpose. And unless I'm misreading the filter, that's because the warning function was never enabled. Assuming I'm right about that, could someone please enable it?
An additional concern, though, is that AFAICT there has never been a proper consensus to treat The Daily Star and The Sun the same way that The Daily Mail is treated. The Mail RfC was seen as meriting a five-editor closing panel, while, unless I'm missing something, the only consensus regarding the Star and Sun was a six-comment exchange among four users at AN. On a personal level, I would tend to agree that the Star and Sun should be banned, but on an administrative level I seriously question whether it is appropriate for an edit filter to do so with so little consensus.
If someone is willing to enable the warning function, I would propose the following text for MediaWiki:Abusefilter-tabloid-warning:
You appear to be adding a link to dailymail.co.uk. Pursuant to a January 2017 Request for Comment, references to The Daily Mail are "generally prohibited, especially when other more reliable sources exist." Please cite a a more reliable source instead. If you cannot find a source other than the Mail, then the assertion in question should not be made at all.
Note: There may be occasional exceptions to this ban (such as when the Mail itself is the topic being discussed), and you should use common sense in this regard. If you do believe that your edit is an exception, then you may submit it by clicking "save changes" again. |
If consensus is that we should retain the Star and Sun filtering as well, I'm happy to redraft. But the lack of a significant consensus to cite makes that challenging, which is why I propose removing them from the filter (for now). — PinkAmpers&(Je vous invite à me parler) 00:23, 27 August 2017 (UTC)
- This filter is new this month, expect it is still being tuned. It is currently in "log only" mode. — xaosflux Talk 00:56, 27 August 2017 (UTC)
- In case anyone's looked at the filter's history and is looking to me for a comment, this is my current take on it. I would say a trawl through the hits to date would be in order to resolve, in particular, the 'sports issue'. It seems other aspects discussed above also need some consideration. So I'll ping @Ritchie333: -- zzuuzz (talk) 16:12, 4 September 2017 (UTC)
- For now, I think keeping an eye on this link and checking the total (now 1,775) gradually reduces. I think that's more important than the filter. Ritchie333 (talk) (cont) 16:18, 4 September 2017 (UTC)
- In case anyone's looked at the filter's history and is looking to me for a comment, this is my current take on it. I would say a trawl through the hits to date would be in order to resolve, in particular, the 'sports issue'. It seems other aspects discussed above also need some consideration. So I'll ping @Ritchie333: -- zzuuzz (talk) 16:12, 4 September 2017 (UTC)
Special:AbuseFilter/684 disallowing
Recent uptick in some vandalism from proxies - no false positives yet but likely to have some. I'm monitoring the log, and will keep it disallowed for the shortest period possible. Any eyes on the log would be appreciated -- There'sNoTime (to explain) 12:58, 30 August 2017 (UTC)
- There have been some (4) false positives, but the abuse is still ongoing - keeping the filter disallowing -- There'sNoTime (to explain) 13:09, 30 August 2017 (UTC)
Filter 877
I plan on setting filter 877 to disallow shortly. I'll keep as much of an eye on the false positives as I can, but feel free to disable it in favour of other remedies if there's any problems. It is no more restrictive than other solutions, and will probably be in place for at least a few weeks. And if anyone has any other ideas... -- zzuuzz (talk) 16:18, 4 September 2017 (UTC)
Need someone smarter than me to figure out this left bracket thing.
I apologize in advance - this side of Wikipedia is emphatically NOT my area. I only know about commas. Please treat me like I'm five.
I'm not sure if an edit filter is even the best way to handle a problem I've been running across, but it might be. I would love to hand this over to someone else.
For a couple of days I've been running across a lot of recent edits which change < into the unicode characters for that symbol (& l t ;). No other text is added or removed. Occasionally & and > are changed as well. Sometimes just a few characters are changed, but sometimes the damage is massive and breaks the page. You can see an example at today's edits on United States federal executive departments, where over sixty characters were changed, which ruined a table.
In the vast majority of these edits, it's the sole edit made by an IP. I haven't seen this done multiple times to the same article. So contacting/banning the user or protecting the article probably won't help.
I'll be glad to provide any additional info (relevant info may also be gleaned from my recent edits - about half of them have been about this, which should be clear from the summaries). Frankly, I'd love to turn this over to someone who will take the next step(s) in figuring this out, rather than telling me what the next step is... as I said, it's not my area, though I'm happy to keep fixing the errors as I find them. Thank you! Jessicapierce (talk) 16:45, 8 September 2017 (UTC)
- Hi @Jessicapierce:, to start with please provide a few different specific diffs. The edit filter can basically: LOG, TAG, WARN, or PREVENT an edit. Assuming these can all be detected - it needs to be determined what the best action to take would be as well (we always would start with LOG to look for false positives as well). — xaosflux Talk 16:58, 8 September 2017 (UTC)
- Sure thing, and thanks for your reply! And I forgot I did a bunch of standard copy editing last night, so this phenomenon is more frequent a bit farther back in my edit history. See Sidama Zone (edit), DNS Certification Authority Authorization (edit), T.Love (edit), Kansanshi mine (edit), Eclipsed (album) (edit). Jessicapierce (talk) 17:13, 8 September 2017 (UTC)
- If you're interested, the cause is probably a broken content filter/proxy at the ISP's end. It seems there's a pattern related either to mobile editing, or to particular networks, examples: 197.156.102.35, 197.156.102.36, 197.156.115.177, 197.156.122.171, 119.30.35.96, 105.166.145.92, 105.166.144.43, 105.166.222.194. And like any broken proxy it also affects logged in users. We could probably adapt or model something on the 'broken proxy' filter (464). -- zzuuzz (talk) 17:28, 8 September 2017 (UTC)
- This would probably be better listed at WP:EFR. I'll drop a request there. -- zzuuzz (talk) 18:06, 8 September 2017 (UTC)
- Thanks very much! Jessicapierce (talk) 20:25, 8 September 2017 (UTC)
- This would probably be better listed at WP:EFR. I'll drop a request there. -- zzuuzz (talk) 18:06, 8 September 2017 (UTC)
- If you're interested, the cause is probably a broken content filter/proxy at the ISP's end. It seems there's a pattern related either to mobile editing, or to particular networks, examples: 197.156.102.35, 197.156.102.36, 197.156.115.177, 197.156.122.171, 119.30.35.96, 105.166.145.92, 105.166.144.43, 105.166.222.194. And like any broken proxy it also affects logged in users. We could probably adapt or model something on the 'broken proxy' filter (464). -- zzuuzz (talk) 17:28, 8 September 2017 (UTC)
- Sure thing, and thanks for your reply! And I forgot I did a bunch of standard copy editing last night, so this phenomenon is more frequent a bit farther back in my edit history. See Sidama Zone (edit), DNS Certification Authority Authorization (edit), T.Love (edit), Kansanshi mine (edit), Eclipsed (album) (edit). Jessicapierce (talk) 17:13, 8 September 2017 (UTC)
Should the logs of private filters be completely hidden?
Non-admin/EFMs cannot view the logs of a private filter when attempting to view them directly (example) -- yet the hits still show up at Special:AbuseLog, meaning you could piece together the log manually. I feel like if we are hiding the logs in one place, we should hide them everywhere. This includes specifying a user (example), or a page. There are some cases I've ran into where the fact that these log entries are public was problematic. For instance, there could be a log-only filter that is used only for observation, and the LTA can see that they are tripping it in their own logs, and will adjust their M.O. accordingly. Also, it'd be nice to make the names of our private filters more descriptive. Currently we have to be intentionally vague as we know they are public. So I created phab:T174862 to change this behaviour and hide the logs entirely.
However I wanted to get input here first, because this would mean that non-admins/EFMs will have no way of knowing a user tripped a private filter at all, much less which one. This may be problematic for users who have encountered a false positive, for example. They'd have to consult an EFM/admin to verify a filter was even hit. Secondly, it could be argued that seeing what private filters a user tripped would be helpful to recent changes patrollers. Normally we only report to WP:AIV if they've been warned sufficiently, but if they have a page full of filter hits maybe that's a sign admin attention is needed.
My thoughts are that private filters should be private, period. The false positive issue might happen every once in awhile, but anyone working at WP:EF/FP who can't see the filter can just defer to someone who can. As for the patrollers, they probably shouldn't take into account any private filters since they can't see what they are for, or know if it was a false positive. Again, some private filters are log-only, used only for observation, and may regularly encounter false positives (which I think is OK).
What do you all think? Is it a good idea to hide the logs of private filters across the board? Would this be controversial enough to warrant an RfC? If we do move forward with this, I think we should be more careful about which filters we do make private. — MusikAnimal talk 23:07, 8 September 2017 (UTC)
- I agree that private should be private in all circumstances. If the edit filter helper RFC passes then any non-admin, non-EFM regularly helping deal with the false positives reported would be able to request that right so they could see the relevant logs. At the phab ticket there is discussion about whether the filter number should be visible (e.g. abuse log would show only "Private filter #123" to those without view access to private logs). I haven't thought very long about that, but my initial thoughts are that it would be unlikely to cause problems in all but extreme edge cases when we'd probably want to take stronger measures against the abuser anyway. Thryduulf (talk) 23:26, 8 September 2017 (UTC)
- Agree too. In the past, despite not having access to viewing private filters, I've been able to access the logs and have wondered about that. With respect to recent change patrollers, the main UAA/BLP vandalism/promotional name/autobiography/link-spam/etc filters (and logs) are public and that's absolutely more than enough (in my opinion). Anyone with an issue with private filter logs can easily refer to an admin active here. No need for an Rfc here and invite public attention to an area that specifically needs to avoid such attention. Lourdes 07:32, 9 September 2017 (UTC)
- As best I can piece this together, you want to make all logs private for the sake of them being named private filters. Is there any indication that the logs are being abused? Will this move prevent abuse? Will there be any benefits here, or perhaps just make it more difficult for non-admins to respond to vandalism? The point of a private filter is - or should be - to hide the code of the filter so that committed vandals need to take an extra 10 seconds to guess their way around the regex. I'm not sure that there would be added benefit here. -- Ajraddatz (talk) 08:32, 9 September 2017 (UTC)
- @Ajraddatz: My theoretical example in the first paragraph is exactly what happened recently. I don't want to go into too many specifics, but it was the log-only private filter that was discovered and this caused problems. Either way, surely you find it odd that I can see the logs at Special:AbuseLog, but not when I try to view the logs of the filter directly? I'd like to at least address that — MusikAnimal talk 17:47, 9 September 2017 (UTC)
- It is odd, but not necessarily bad. I'm concerned with putting more and more technical abilities behind a user group barrier, when there isn't much indication that they've been widely abused. -- Ajraddatz (talk) 18:06, 9 September 2017 (UTC)
- It's not that they've been abused as much as it is that they can announce the filter's existence to the very people we were hiding it from by making it private. There's no real way to quantify how often a savvy vandal has figured out from his filter log that he's hitting a regex. Hiding that log may still not fix every case, but the potential benefit would seem to out-weigh any downsides (see my "concern" section a few paragraphs down). CrowCaw 20:14, 9 September 2017 (UTC)
- It is odd, but not necessarily bad. I'm concerned with putting more and more technical abilities behind a user group barrier, when there isn't much indication that they've been widely abused. -- Ajraddatz (talk) 18:06, 9 September 2017 (UTC)
- @Ajraddatz: My theoretical example in the first paragraph is exactly what happened recently. I don't want to go into too many specifics, but it was the log-only private filter that was discovered and this caused problems. Either way, surely you find it odd that I can see the logs at Special:AbuseLog, but not when I try to view the logs of the filter directly? I'd like to at least address that — MusikAnimal talk 17:47, 9 September 2017 (UTC)
- I'm finding it hard to think of any benefit in hiding a hit to the filter when the filter is set to disallow or warn. The user will always know it has happened. Currently the filter log will display an entry such as "triggered an edit filter, performing the action "edit" on <page name>. Actions taken: Disallow; Filter description: <filter name>" If anything we could just remove the filter name or replace it with the filter number in these cases. This would help, to some extent, with the false positive issue mentioned above. Alongside this there is also the question of whether to show the filter name alongside the number in the list of filters - this is one place where vagueness is useful to hide a filter's purpose. Perhaps the filter's name should also be hidden there, as the number of hits already is. I don't think hiding the logs will be magic pixie dust to solve the problem (or always helpful) where warn/disallow is involved, but I can see some benefit to not showing any hits to private log-only filters. -- zzuuzz (talk) 09:14, 9 September 2017 (UTC)
- Yes, the filter log for non efm's will only say it tripped a log on an edit. If the edit was disallowed, there will be no diff or examine link, so the log isn't saying anything that the blockee doesn't already know (except for possibly why their edit failed). CrowCaw 16:22, 9 September 2017 (UTC)
- Yeah, per above, what prompted this proposal was an incident where the existence of a log-only private filter was discovered at Special:AbuseLog, and the LTA responded accordingly, while other users were overly inquisitive of what the filter was for. You probably know what I'm talking about. We could have been more vague with the filter names, but it sucks that we have to do that. We see "LTA #123" and have to view it to find out what it's about. Either way, I find it odd that while logged out, I can't see the logs of a filter directly, but I can see them at Special:AbuseLog. An inconsistency, to say the least — MusikAnimal talk 17:47, 9 September 2017 (UTC)
- Yes, the filter log for non efm's will only say it tripped a log on an edit. If the edit was disallowed, there will be no diff or examine link, so the log isn't saying anything that the blockee doesn't already know (except for possibly why their edit failed). CrowCaw 16:22, 9 September 2017 (UTC)
- I'm generally in favor, but I have a couple of concerns: First, people caught up in false positives will have no idea why or where to report them. Second, admins patrolling the DatBot listings at AIV may not be able to assess the report properly, which may lead to Thirdly, this may lower the bar of "demonstrated need" for the EFHelper permission, which may not be desirable. CrowCaw 19:01, 9 September 2017 (UTC)
- All messages that are shown with a disallowing filter should include a link to WP:EF/FP. Most FPs happen to new users because most filters target new users, especially those that disallow, so they won't be any more confused than they are now. It'd be the experienced users who might get confused, but again all they need to do is report it and EFMs will have a look. DatBot would have to be granted EFM or edit filter helper (if that happens). All admins can see private filter details and logs, so no worries there — MusikAnimal talk 19:25, 9 September 2017 (UTC)
- Got it, thanks! So this would only prevent private log-only filters from leaking their existence to those being tracked, since disallows would still let the editor know via the FP link, and tag-only filters announce themselves via the tag? This then seems like a fairly harmless addition to me... since you need to be an EFM/admin to see private filters, it seems logical that the logs should also be hidden, especially if no innocent users will be more harmed/restricted/confused by this. CrowCaw 20:10, 9 September 2017 (UTC)
Upper limit to filter numbers?
More out of curiosity than anything else, does the AbuseFilter extension have an upper limit in terms of filter numbers, or would we hit a performance "limit" before we got to any sort of cap? -- There'sNoTime (to explain) 07:21, 11 September 2017 (UTC)
- There is no upper limit on filter numbers that I am aware of or have seen in the code. But any limits to the number of filters would be caused by their run time - the time they add to the process of saving edits. If there were a million filters but they did not impact run time, then there would be no problem. If there was one massive filter that added five seconds to the run time, it wouldn't be good. I can't remember if there is a strict performance limit, but I think there is... someone else will probably know that :-) -- Ajraddatz (talk) 07:27, 11 September 2017 (UTC)
- There's effectively a limit on the number of filters, but not directly. As far as I understand it when an edit gets made it gets checked against every filter, going through each filter's conditions until it his a dead end. If an edit reaches 1000 conditions, the rest are skipped. As such we need to keep the number of filter conditions in check, but not necessarily the number of filters. Sam Walton (talk) 10:56, 11 September 2017 (UTC)
Edit filter helper - implementation
Following the closure of the RfC above with consensus in favour of creating the right, I have:
- Updated the header of WP:EFH from "proposed" to "pending" and added the {{procedural policy}} tag
- Ideally it should have an "information page" tag at the top and "procedural policy" tag in the relevant section, but the information page tags explicitly say they are not policies or guidelines. If anyone knows how to represent this better, please change it.
- Created a request on Phabricator for the group conferring the rights to be created - see Phab:T175684.
Things that should be considered while we are waiting:
- Should Wikipedia talk:Edit filter helper be it's own page or redirect to this noticeboard or redirect to Wikipedia talk:Edit filter (like this noticeboard's talk page does)?
- Should Wikipedia:Edit filter helper be included on any navigation templates and/or have any navigation templates transcluded on it?
If anyone has strong feelings about either of these (I don't) then I don't see a reason not to be bold. Thryduulf (talk) 13:19, 12 September 2017 (UTC)
- I think the talk page should be directed to WT:EF. Instead of being a standalone page, the content could be added under the edit filter managers section of WP:EF. -- Ajraddatz (talk) 17:11, 12 September 2017 (UTC)
- This has gone live, has been tested and is working, including the new non-admin SBL viewing. Localized labels / page directs can be updated as needed. — xaosflux Talk 21:53, 18 September 2017 (UTC)
Publicity of filter 879, filter also affecting accounts
Two things I want to say about this filter:
- Should this filter be private? It seems like it's targeting possible broken proxies, and the "Possible open proxy" filter (464) is private.
- I feel like this filter, since it's titled "Possible broken proxy", shouldn't be affecting accounts. Should it be limited to just IPs (replacing
!"confirmed" in user_groups
withuser_age == 0
)?
—MRD2014 Talk • Edits • Help! 23:40, 12 September 2017 (UTC)
- I think there's no reason for 879 to be private. Malforming edits with a broken proxy is fairly unavoidable - you are either using an IP which breaks articles, or one which doesn't. As far as I can tell there's no one deliberately making these edits, and if someone was trying to avoid the filter that would actually be a good thing. I've been thinking about 464, and am leaning towards thinking it should be also public for the same reasons, but I will add that it is slightly different in that it is more likely to be triggered by some long term abuse cases.[1] My preferred option is to eventually merge the filters and use a custom warning for both. As for edits made by accounts, they are affected exactly the same as the IP addresses they are using,[2][3] but there is some allowance made for the fact that established users are less likely to make these edits. -- zzuuzz (talk) 04:47, 13 September 2017 (UTC)
- I see. The word "proxy" in the description confused me. —MRD2014 Talk • Edits • Help! 12:54, 13 September 2017 (UTC)
Filter 812 didn't disallow edits
Hatebread (contribs) (a non-autoconfirmed user) made 5 edits, each increased page sizes by 2.7 million bytes, and for some reason filter 812 didn't disallow any of them. Is there any reason why? Do filters sometimes miss edits? —MRD2014 Talk • Edits • Help! 00:37, 14 September 2017 (UTC)
- If I had to guess, it was because the edit was commented out? Other than that, I have no idea. Seems to be working properly everywhere else. Primefac (talk) 00:48, 14 September 2017 (UTC)
- It's enabled and hasn't been changed since December 2016. —MRD2014 Talk • Edits • Help! 01:18, 14 September 2017 (UTC)
- Sorry, I meant that the edits themselves were inside of comments. My second comment was regarding the fact that the filter was tripped 2-3 days ago, and about once a week since it was implemented. In other words, "it's working, and this is my only theory why it missed these edits". Though I do notice that they were all "new section" edits - maybe that threw it off? Primefac (talk) 01:22, 14 September 2017 (UTC)
- According to the filter, it doesn't matter what the edit summary says. —MRD2014 Talk • Edits • Help! 02:42, 14 September 2017 (UTC)
- Sorry, I meant that the edits themselves were inside of comments. My second comment was regarding the fact that the filter was tripped 2-3 days ago, and about once a week since it was implemented. In other words, "it's working, and this is my only theory why it missed these edits". Though I do notice that they were all "new section" edits - maybe that threw it off? Primefac (talk) 01:22, 14 September 2017 (UTC)
- It's enabled and hasn't been changed since December 2016. —MRD2014 Talk • Edits • Help! 01:18, 14 September 2017 (UTC)
- Another major AbuseFilter bug...??? It should definitely 100% have stopped this, and indeed I can test the filter against that user at Special:AbuseFilter/test and it matches. I think there was some breaking change that happened a while back, because we've had several filters malfunction, where apparently the variables being read have the wrong values, are for the wrong edits, other weirdness. I'll create a task and propose rolling back the extension to a stable version — MusikAnimal talk 16:30, 14 September 2017 (UTC)
Move Special:AbuseFilter/879 to disallow, or tag?
No false positives since the filter was refined late on September 11. I don't actually understand why this is happening, but it looks like none are good edits. — MusikAnimal talk 17:34, 14 September 2017 (UTC)
- @Zzuuzz: Just now noticing your comment above. What confuses me is the tripped edits don't seem to make any change beyond HTML-encoding those characters, and they're always from the mobile interface. I'll admit I am also confused as to what "proxy" means in this case. Also, I lied, there is a false positive here :( We might could use
rcount
to make sure the before/after are the same — MusikAnimal talk 18:01, 14 September 2017 (UTC)- I'll be honest I don't know exactly what's happening, but I do know we needed to be at least logging it. It did occur to me that it might be a Wikipedia bug, and nearly got around to asking you if CU could help fill in some of the details with the user agent. This doesn't look like deliberate changes - it could be that other changes are being discarded, but here's two interesting edits (possible vandalism or possible browser bug?). There are two distinct mobile networks which repeatedly appear and I don't think that is a coincidence: roughly 197.156/15 and 42.110/15 and I'm sure I've also seen non-mobile interface edits, but that one's probably still on a mobile, per whois. Mobile networks are far more likely to be doing caching or something, but it could be being broken even before that. It's the type of behaviour I expect from a bad PHP proxy. I'm not sure where to head next with the filter - it still looks a bit to liable for me, and I think we'll need in particular to figure out encoding in URLs. Maybe a warning? -- zzuuzz (talk) 18:47, 14 September 2017 (UTC)
- There is a consistency with the UA come to find out... A browser bug sounds more likely, from what I can tell — MusikAnimal talk 19:44, 14 September 2017 (UTC)
- Thanks, that sounds about right. Perhaps I should rename the filter. So I think tagging would be pointless, and disallowing would be a bit harsh at this stage, but that warning should be able to filter out any accidental edits and we'll see what happens? -- zzuuzz (talk) 20:11, 14 September 2017 (UTC)
- I've renamed the filter and set it to warn for the time being, and we'll see what happens eh. -- zzuuzz (talk) 06:30, 16 September 2017 (UTC)
- Thanks, that sounds about right. Perhaps I should rename the filter. So I think tagging would be pointless, and disallowing would be a bit harsh at this stage, but that warning should be able to filter out any accidental edits and we'll see what happens? -- zzuuzz (talk) 20:11, 14 September 2017 (UTC)
- There is a consistency with the UA come to find out... A browser bug sounds more likely, from what I can tell — MusikAnimal talk 19:44, 14 September 2017 (UTC)
- I'll be honest I don't know exactly what's happening, but I do know we needed to be at least logging it. It did occur to me that it might be a Wikipedia bug, and nearly got around to asking you if CU could help fill in some of the details with the user agent. This doesn't look like deliberate changes - it could be that other changes are being discarded, but here's two interesting edits (possible vandalism or possible browser bug?). There are two distinct mobile networks which repeatedly appear and I don't think that is a coincidence: roughly 197.156/15 and 42.110/15 and I'm sure I've also seen non-mobile interface edits, but that one's probably still on a mobile, per whois. Mobile networks are far more likely to be doing caching or something, but it could be being broken even before that. It's the type of behaviour I expect from a bad PHP proxy. I'm not sure where to head next with the filter - it still looks a bit to liable for me, and I think we'll need in particular to figure out encoding in URLs. Maybe a warning? -- zzuuzz (talk) 18:47, 14 September 2017 (UTC)
We built some graphs to monitor Edit filter performance
Hello everyone! As part of our research into improving Edit filter the WMF's Anti-Harassment Tools team has implemented performance tracking to monitor how fast (or slow) the feature is operating. The graphs can be found at https://grafana.wikimedia.org/dashboard/db/mediawiki-abusefilter-profiling. The graph on the left shows the 75th and 99th percentile of runtime, and the other shows the total filters and total conditions run.
Over the next week we'll be adding in some additional reporting for sub-optimal filters. This work can be tracked on Phabricator at T174205.
We're hoping to use this new measuring to make some decisions on how we can make AbuseFilter more performant or if we can raise the condition limit. — Trevor Bolliger, WMF Product Manager 🗨 23:46, 14 September 2017 (UTC)
- Looks good, especially the conditions/limits one! — xaosflux Talk 12:03, 16 September 2017 (UTC)
The autoconfirmed article creation trial has begun. Filter 98 (Creating very short new article) only triggers when a non-autoconfirmed user creates an article less than 150 bytes in size. Now that ACTRIAL has begun, all articles will be created by autoconfirmed users and this filter will not trigger for the duration of the trial (trial ends March 2018). —MRD2014 Talk • Edits • Help! 01:34, 15 September 2017 (UTC)
- There are a bunch of similar filters. Should we just disable them all, or maybe change them to target non-extended confirmed users? Or users with less than say, 50 edits? — MusikAnimal talk 04:03, 15 September 2017 (UTC)
- See T175225 for a phabricator task about a related issue with the page curation filters. We're keeping the old AC filter for now and simply adding the "learner" filter additionally there. I think in this case it would make sense to simply up the definition of new user to be non-extended confirmed. TonyBallioni (talk) 05:52, 15 September 2017 (UTC)
- I've updated 98 to target extended confirmed. The only other filter I could find directly affected by ACTRIAL was Page creation throttle for new users. This one actually disallows if they attempt to create more than 2 pages in a 90-second period. My guess is we don't want this for non-extended confirmed users, as there would seemingly be some legitimate use cases? Maybe target users with less than say, 20 edits? — MusikAnimal talk 03:35, 19 September 2017 (UTC)
Edit filter helper for DatBot
- DatBot (t · th · c · del · cross-wiki · SUL · edit counter · pages created (xtools · sigma) · non-automated edits · BLP edits · undos · manual reverts · rollbacks · logs (blocks · rights · moves) · rfar · spi · cci)
(I believe this is how a request was meant to be. PS to do the 'ends at' thing use {{subst:#time: H:i, j F Y "(UTC)"|+7 days}}
I'd like to get this flag for my bot so it could use the API to report users. Currently, the bot has to use the database, which frequently lags, thus producing stale reports.
- — Preceding unsigned comment added by DatGuy (talk • contribs)
- @DatGuy: This access group doesn't give any access to "report users" - do you mean to "report on" users? Can you provide a link to your existing BRFA? — xaosflux Talk 21:55, 18 September 2017 (UTC)
- @Xaosflux: Sure, here it is. This is the part of the code that isn't very effective: "SELECT SQL_NO_CACHE afl_id, afl_action, afl_namespace, afl_title, afl_user_text, afl_timestamp, afl_filter FROM abuse_filter_log". It basically tries to get into about the attempted edit. If the bot had access to the API, I wouldn't have to force it to use the SQL database, which has replication lag. Dat GuyTalkContribs 22:00, 18 September 2017 (UTC)
- I'm fine with the bot access from a technical level. — xaosflux Talk 22:08, 18 September 2017 (UTC)
- @Xaosflux: Sure, here it is. This is the part of the code that isn't very effective: "SELECT SQL_NO_CACHE afl_id, afl_action, afl_namespace, afl_title, afl_user_text, afl_timestamp, afl_filter FROM abuse_filter_log". It basically tries to get into about the attempted edit. If the bot had access to the API, I wouldn't have to force it to use the SQL database, which has replication lag. Dat GuyTalkContribs 22:00, 18 September 2017 (UTC)
- Note from a practical level, DatGuy does not have this access today so this request should focus on if he qualifies himself. — xaosflux Talk 22:08, 18 September 2017 (UTC)
- Gets my support, as essential to get over this rather problematic technical limitation. No issues with DatGuy either. -- zzuuzz (talk) 05:21, 19 September 2017 (UTC)
- Do you want the flag for yourself as well (e.g. would that help with debugging?) or just for your bot? I have no issue with either but it's best to be clear. Thryduulf (talk) 09:26, 19 September 2017 (UTC)
- @Thryduulf: I originally wanted only my bot to have it, but I believe xaosflux is saying that I should be an EFH for my bot to be one? Unless I misinterpreted it. Dat GuyTalkContribs 09:41, 19 September 2017 (UTC)
- That is completely up to you, my point is that as you have control of the bot credential you will effectively have the access anyway and as bots are extensions of their operators the general review of meeting criteria should be of the operator (for operators that don't already have access). — xaosflux Talk 11:28, 19 September 2017 (UTC)
- Support both EFH for DatGuy and DatBot as I believe bot operators of EFH-bots should themselves have the flag, if only to demonstrate trustworthiness of the operator, as opposed to the implied trustworthiness of the bot -- There'sNoTime (to explain) 11:16, 19 September 2017 (UTC)