Wikipedia talk:Arbitration Committee/Noticeboard: Difference between revisions
→Return of permissions to administrators notice: Replying to AGK (using reply-link) |
→Return of permissions to administrators notice: Fuck Arbcom |
||
Line 113: | Line 113: | ||
*::::::::AGK, {{tq|Administrators '''must''' … Enable two-factor authentication now for improved security}} (my emphasis) is {{em|a direct quote}} from the mass message you've just sent out. ‑ [[User:Iridescent|Iridescent]] 07:33, 4 May 2019 (UTC) |
*::::::::AGK, {{tq|Administrators '''must''' … Enable two-factor authentication now for improved security}} (my emphasis) is {{em|a direct quote}} from the mass message you've just sent out. ‑ [[User:Iridescent|Iridescent]] 07:33, 4 May 2019 (UTC) |
||
*::::::::Who worded and designed this banner, FWIW? [[User:Winged Blades of Godric|<span style="color: red">∯</span><span style="font-family:Verdana"><b style="color:#070">WBG</b></span>]][[User talk:Winged Blades of Godric|<sup><span style="color:#00F">converse</span></sup>]] 07:36, 4 May 2019 (UTC) |
*::::::::Who worded and designed this banner, FWIW? [[User:Winged Blades of Godric|<span style="color: red">∯</span><span style="font-family:Verdana"><b style="color:#070">WBG</b></span>]][[User talk:Winged Blades of Godric|<sup><span style="color:#00F">converse</span></sup>]] 07:36, 4 May 2019 (UTC) |
||
Fuck ArbCom which doesn't even understand their own messages and again give themselves powers they don't have. First it was deletions, then it was mandatory 2FA, inbetween it is loads of evidence of utter incompetence in many of its members (witness the statement by AGK above, but also some of the comments at e.g. the Rama case request). Just crawl into a corner and shut up until the community asks you to do something within your remit, but don't try to rule enwiki as if you have the right and the competence to do so. Or collectively resign. But don't give us any more of this bullshit. [[User:Fram|Fram]] ([[User talk:Fram|talk]]) 07:39, 4 May 2019 (UTC) |
Revision as of 07:39, 4 May 2019
|
1, 2, 3, 4, 5, 6, 7, 8, 9, 10 |
This page has archives. Sections older than 10 days may be automatically archived by Lowercase sigmabot III. |
Motion: India-Pakistan
Motion: Amendment to the standard provision for appeals and modifications (April 2019)
Are these "arbitration enforcement actions alleged to be out of process or against existing policy", considered to be sanctions, page restrictions, or something not covered under WP:Arbitration Committee/Procedures#Appeals by sanctioned editors? Under this amendment, who has standing to appeal a page deletion, or other enforcement action alleged to be out of process or against existing policy? Mojoworker (talk) 02:25, 19 April 2019 (UTC)
- @Mojoworker: I would consider it a page restriction. Since it does not target any particular editor, any editor has standing to appeal. ~ Rob13Talk 03:28, 19 April 2019 (UTC)
Please correct me if I am wrong, but does this change to procedures effectively prevent review of a page deletion as an AE action so long as a discussion at AE by uninvolved editors administrators concludes that the action was within the boundaries of discretion? It appears to me that we now allow:
- Admin X deletes page Y as an action under DS and marks it as an AE action.
- There need not be an AE discussion but presumably it would need to relate to some other action action under DS.
- The page creator or significant contributor (Z, say) may well also have been blocked for a time up to 1 year.
- Opening an appeal to question whether X was authorised to delete Y at AE may be refused for lack of standing with Z blocked. If not, the decision will look at X's discretion and not need to consider whether Y was deletable under policy. If the action is judged to be within X's discretion, the only permissable action would be via ARCA.
- Taken to ARCA, the deletion would still be considered on "allowable discretion" grounds, not on the policy basis for deleting Y. This could languish unresolved for weeks to months.
- If a DRV were opened, an admin following WP:RESTORE could be blocked at AE or be desysopped by case. The same fate could await any admin undeleting even if DRV was unanimous that there was no policy-based justification for deletion except the argument that ARBPOL give ArbCom the right to delete anything whether there is a deletion policy basis or not and that ArbCom DS granted this same discretion to administrators acting in DS areas.
- The only way the policy justification / rationale for a deletion becomes significant is at DRV and that can only be started once AE or ARCA has found that X acted outside allowed discretion and after any appeal to ARCA is completed.
Am I misunderstanding, because this situation looks ridiculous and would justify clarification of ARBPOL about ArbCom's authority to delete and what can be delegate on to admins looking at DS areas and imposing AE sanctions. EdChem (talk) 01:37, 21 April 2019 (UTC)
- I don't entirely understand everything that EdChem has written, but my understanding of the situations regarding page deletion are:
- Admin X deletes page Y as an action under DS and marks it as an AE action.
- The page deletion may be appealed by any editor at AE (after discussion with admin X).
- Discussion at AE may conclude that (i) the deletion was an appropriate action in the circumstances and the page should remain deleted; (ii) the deletion was not an appropriate action in the cirucmstances and should be restored; (iii) the deletion was not an appropriate AE action in the circumstances but it was ok as a normal admin action (this would leave the page deleted but without prejudice to a DRV).
- An admin reverting the deletion:
- without the permission of admin X prior to the conclusion of the AE appeal or after conclusion (i) would be subject to sanction or desysopping in the same way they would be for reverting any other AE action.
- after conclusion (ii) is implementing the consensus of the AE discussion and so acting correctly
- after conclusion (iii) is not reverting an AE action and so policies regarding arbitration enforcement do not apply.
- Whether the creator or significant contributor is blocked I see as completely independent. It should have no bearing on the discussion regarding page deletion, and any discussion about the page deletion should have bearing on any appeal that editor may make.
- Personally, I cannot imagine endorsing the deletion of any page in circumstances not permitted by the speedy deletion policy. Indeed, I would like it explicitly written into policy that under no circumstances may any admin delete any page as an AE action if the speedy deletion policy would not permit that deletion as an ordinary admin action and that deletions contrary to that policy may be grounds for desysopping. Thryduulf (talk) 12:48, 21 April 2019 (UTC)
- I agree with Thryduulf. This is a step too far in the exercise of the powers the community has granted to ArbCom. Admin actions are normally subject to checks and balances in that they may be reversed on the considered judgement of any other admin, and that has worked reasonably well (albeit not perfectly) for most of Wikipedia's existence.
- The reason that AE actions were created was to remove second-mover advantage in the case of blocking certain editors, who would otherwise be unblockable. It was never designed to reinforce first-mover advantage to the extent that it can become a shield to defend abusive or mistaken administrative actions. Taking an action as ArbCom Enforcement should not be taken lightly, for these very reasons, and in order to maintain the necessary checks and balances there must be consequences for admins who misuse or mistakenly use the label of ArbCom enforcement for their actions. Either ArbCom or the community needs to spell out very clearly what areas should not normally (i.e. excepting only IAR) be within the purview of AE actions, and the consequences to admins who persistently display poor judgement in applying AE actions.
- Finally, the community needs to make clear that it retains the final say in making policy. Where an ArbCom procedure conflicts with (or in this case, attempts to override) existing established policy and practice, then ArbCom really ought to be seeking community approval to vary the relevant policy through RfC, not through fiat. --RexxS (talk) 15:08, 21 April 2019 (UTC)
- Thryduulf, your summary lists three possible conclusions at AE:
(i) the deletion was an appropriate action in the circumstances and the page should remain deleted; (ii) the deletion was not an appropriate action in the cirucmstances and should be restored; (iii) the deletion was not an appropriate AE action in the circumstances but it was ok as a normal admin action (this would leave the page deleted but without prejudice to a DRV).
Take a look at the view expressed by current Arb BU Rob13 that beginsI would 'decline this. I think it is within administrator discretion to consider this a violation of WP:POLEMIC.
As I pointed out above, this is not a comment on whether the action was appropriate, it is an argument (common at AE) that the administrator acted within their discretion. It allows unilateral deletion without a consideration of the merits under the deletion policy and it would prevent a DRV (which has already demonstrated a strong consensus that the deletion should be overturned) from even being opened. Take a look at the comment from Timotheus Canens that saysHaving considered the comments at the DRV to the extent they addressed POLEMIC (as opposed to the process issue), and after independently reviewing the page, I cannot say that GoldenRing's interpretation and application of that guideline is outside reasonable admin discretion, and that's all that is needed to sustain a discretionary sanction.
Here is a former Arbitrator stating clearly that sustaining GoldenRing's action and preventing review of deletion under policy by DRV is allowed so long as the action was within admin discretion. Neither Rob's nor TC's conclusions fit under Thryduulf's three possibilities, they fit into "it doesn't matter if a deletion action is appropriate, in line with deletion policy, fitting a CSD criterion, essentially a content ruling, or anything else, so long as it is tangentially connected to a DS area sufficiently to be arguably within admin discretion." Whether all the present members of ArbCom intended to or not, the effect of this procedural modification is to make any action, no matter what it is, protected if it is labelled as an AE action, and that has clear implications for policy. An admin like Bishonen could be desysopped (as was suggested / ?threatened) by GoldenRing and Sandstein) for undoing an AE action where the justification for that action and its basis in policy is questionable, at best, and where the standard community process was being invoked. We now have a situation where review of an alleged AE deletion is only possible by first getting AE, AN, or ArbCom at ARCA to agree to remove the AE protection – only then can a DRV occur. Further, it empowers these venues to skip DRV and make what can be a de facto content ruling. This procedural change allows a deletion to be endorsed as "within discretion" for an individual admin despite no CSD criterion being met and without looking at the merits of deletion, instead only considering the breadth of discretion available. It is, in my view, fatally flawed and must be fixed by the Committee or the community will need to take action under ARBPOL. I can see no reason for allowing AE deletions at all. Such deletions should be regular admin actions under CSD or MfD, etc, and if they can't be so justified, they should not occur. Carving out a power for ArbCom to delete as a non-delegable power for rare cases that Rob has alluded to makes sense to me, however. EdChem (talk) 01:24, 22 April 2019 (UTC)- 1) My position would have been very different if the deletion actually presented a case of what you call a "de facto content ruling" (which neither arbcom nor AE can do). As I noted immediately prior to the sentence you quoted, I do not believe this one does. 2) That AE review generally recognizes admin discretion hardly means it is not considering the merits of the deletion (or block, or topic ban, or whatever). DRV also recognizes closer's discretion, especially for contentious or difficult XfDs, but that doesn't mean that DRV is not reviewing the close on the merits. The merits being the substantive correctness of the deletion, not whether it followed the standard CSD/MfD process. 3) Yes, this means that a handful of borderline pages may be deleted that wouldn't have been otherwise (given how rare AE deletions have been, I think even "a handful" is a generous estimate), but that's no different from every other aspect of the DS system. T. Canens (talk) 02:23, 22 April 2019 (UTC)
- I really think everyone should pay attention to the first sentence of T. Canens just said. Editors keep talking about content with relation to this specific page. This page was not content. It is a wholly reasonable view for the community to reject 100% of AE deletions in mainspace as outside administrator discretion, for instance. I think it's tremendously unhelpful to conflate deleting a userpage being used to store diffs of alleged misconduct with the deletion of encyclopedic content. Those are two extremely different things. The former relates to behavior, which is an area within which ArbCom may act. ~ Rob13Talk 05:57, 22 April 2019 (UTC)
- And EdChem, that is a poor understanding of "administrator discretion". The existing discretionary sanctions procedures prohibit actions that are grossly disproportionate. Merely being in a topic area with DS is not a license for an admin to do whatever they like. It is a license for them to act decisively if the disruption warrants it, with the benefit of the doubt given unless a consensus of admins disagrees with their action. ~ Rob13Talk 05:59, 22 April 2019 (UTC)
- BU Rob13, an admin decided to delete a page (yes, non-article space) as a DS / AE action. There was no consensus that deletions of that type are authorised, and a strong consensus at DRV that they are not. The admin who recommended DRV was told they may face a desysop by two prominent admins at AE. ArbCom took ages to fail to reach consensus that AE deletions are allowed, but added to procedures to further protect AE / DS actions from community action. And you want me to accept that DS is not a license to do whatever an admin can get away with, if not quite whatever they like? You yourself posted at the AE thread arguing that the action was within discretion and thereby protected from DRV by the community, despite knowing that the DRV as concluded the deletion is unjustified. Former Arb TC has argued similarly. I note you did not go against the DRV conclusion that POLEMIC does not apply, instead arguing that GR's view that POLEMIC did apply was within admin discretion ("it is within administrator discretion to consider this a violation of WP:POLEMIC"). Deletions should not be single-admin judgements with no means of community review and endorsable as "within discretion" without necessarily concluding reasonable / correct / supported by consensus. AE has evolved over time to utterly disregard non-admins and to become a law unto itself. ArbCom has failed to check this trend, and in the present case, have taken a step to show just how flawed this area has become. ArbCom could have said that deletions should be guided by policy, in line with CSD etc, quietly accepted and recognised the DRV, and issued a statement that GR had acted in good faith but beyond established bounds. Things would have quietened down, AE could have stumbled on, nothing would have changed. Instead, internal ArbCom disagreements prevented such an approach, and you (collectively) coalesced around a strengthening of AE-related procedure, apparently hoping to avoid future DRVs causing embarrassment to community-unsupported AE deletions. That decision has had consequences, visible here and with Cunard's AN proposals. I hope they go somewhere and AE and ArbCom get reined in a bit. EdChem (talk) 06:58, 22 April 2019 (UTC)
- I'm sorry, BU Rob13, but that's not how AE actions should be working on Wikipedia. If a userpage contains diffs of alleged misconduct, and they are not going to be used soon, then all our precedent shows that they can be deleted, either by CSD#G10 or by MfD. There is no reason whatsoever why such a deletion needs to protected from second-mover advantage. Nor is there any sensible reason why the normal community process of DRV should not be used to review that deletion if challenged. ArbCom has no mandate to alter or override the community's policy and needs to alter course away from attempting to shape policy to suit its fancy. --RexxS (talk) 13:01, 22 April 2019 (UTC)
- And EdChem, that is a poor understanding of "administrator discretion". The existing discretionary sanctions procedures prohibit actions that are grossly disproportionate. Merely being in a topic area with DS is not a license for an admin to do whatever they like. It is a license for them to act decisively if the disruption warrants it, with the benefit of the doubt given unless a consensus of admins disagrees with their action. ~ Rob13Talk 05:59, 22 April 2019 (UTC)
- @EdChem:
this is not a comment on whether the action was appropriate, it is an argument (common at AE) that the administrator acted within their discretion.
If AE decides that the action was within discretion then it has decided that the action was appropriate for the circumstances. I disagree that it was appropriate, but that was the consensus of the discussion. Thryduulf (talk) 09:14, 22 April 2019 (UTC)- Thryduulf, I disagree. "Within discretion" and "appropriate" are not synonyms. "Within discretion" is much closer to "allowed" than it is to "appropriate." An action can be technically permissible while at the same time being unwise and even inappropriate. The AE archives show plenty of cases where an appeal has failed despite multiple admins expressing disagreement with a decision because the decision was deemed as "within discretion"... and let's not even get into the routine disregarding of the opinions of any non-admin editors, who are viewed as irrelevant for determining consensus at AE (much like the DRV is being treated in the present case). AE decisions regularly turn on whether an action is permissible / within discretion without actually addressing whether the decision was wise or appropriate. EdChem (talk) 13:28, 22 April 2019 (UTC)
- The recent amendment hasn't changed existing position or policy; it has simply clarified that if there is concern regarding an ArbCom Enforcement action, that it should first be discussed under AE procedures. The question regarding if a deletion outside of policy is allowable has not been answered as the Committee were unable to reach agreement on that. My own view is that any action within policy done in order to enforce an ArbCom sanction is and should be allowable. So, a mainpage deletion done under G5 to enforce an ArbCom sanction would be allowable. If the article can be deleted under policy it can be deleted under ArbCom protection to prevent it being undeleted in order for it to be discussed in several conflicting places. SilkTork (talk) 18:37, 22 April 2019 (UTC)
- @SilkTork: Claiming that the "amendment hasn't changed existing position or policy" doesn't make it so. It seems abundantly clear that ArbCom has now amended our deletion policies and guidelines to include an additional, compulsory step that requires an administrator's action to first be submitted for determination by other admins alone, whenever an administrator chooses to label a page deletion as an "AE action". That is not "clarification"; that is amendment. In the case of page deletions of any kind, ArbCom has not submitted any grounds for removing either the check of another administrator's judgement, or the scrutiny of the community in general over the action of deletion. You need to make clear to the community what benefit to the encyclopedia accrues from ArbCom's unilateral change to our current policies and practices, and submit your change to the community for its approval. --RexxS (talk) 19:29, 22 April 2019 (UTC)
- What we are seeing here is exactly what I feared. An arbitrary different standard for deletion that has a) a different standard of reasonableness than other deletion and b) excludes the vast majority of the community from reviewing. There is a clear consensus this deletion was outside our policy and you have created a set up to.allow admins to side step it and two fingers to the community. So are you going to think again or are we going to have to take other steps to overturn this? By the way, can we appeal this AS decline to ARCA? Spartaz Humbug! 21:03, 22 April 2019 (UTC)
- @RexxS and Spartaz: Your claim that AE deletions can only be reviewed by admins is not true;
the clear and substantial consensus of ... uninvolved editors at AN
(quote from Wikipedia:Arbitration Committee/Procedures#appeals.note is a permissible method of overturning an AE action. * Pppery * has returned 03:13, 23 April 2019 (UTC)- @Pppery: please see this Arbcom resolution from last week
"All actions designated as arbitration enforcement actions, including those alleged to be out of process or against existing policy, must first be appealed following arbitration enforcement procedures to establish if such enforcement is inappropriate before the action may be reversed or formally discussed at another venue."
and a sitting Arb's statement at the Adminstrator's noticeboard:"Clarity ... What the motion that did pass say is that if there is again a deletion made under authority of ArbCom, the matter needs to come first to AE. The motion was merely clarifying where the discussion should first take place
. At AE only admins can review the question. So I don't think ArbCom shares your interpretation, sadly. And that's why I'm so concerned. --RexxS (talk) 13:28, 23 April 2019 (UTC)- Where do you see that only admins may comment at WP:AE? When I read the giant red instruction box at WP:AE it says "All users are welcome to comment on requests." All users. Every one. Not just admins. --Jayron32 14:57, 23 April 2019 (UTC)
- (1) The decisions at AE are made by admins only, not by consensus among all commentators. Each question has a section "Result of the ..." with the italic print below: "This section is to be edited only by uninvolved administrators. Comments by others will be moved to the sections above". You only have to read the "Results" sections to see clearly how decisions are made. Secondly, and rather more importantly for this issue, how would you expect an ordinary editor to comment on whether the page should be deleted or not, when only admins can see the deleted page? Sure. everybody is welcome to comment, but we're going to ensure that you don't know what you're commenting on, and we'll happily ignore you if you do. That's not my idea of how to do a DRV. --RexxS (talk) 15:12, 23 April 2019 (UTC)
- Well, that's only broadly true because the results of such discussions are implemented by admins; non-admins cannot block someone! Admins base their actions, as always, on the input from users who comment on the discussion. This is exactly like everywhere else that admins implement decisions. Non-admins cannot protect pages which are under discussion at WP:RFPP, they cannot delete articles which are up for discussion at WP:AFD, they cannot block users who are reported at WP:ANEW. This is not a unique thing. That doesn't mean that admins are not supposed to take input from the community in such discussions. Community input from non-admins is explicitly encouraged and requested at WP:AE in exactly the same way it is in all admin-involved processes. You seem to have made this thing a precious thing where it is not. It doesn't have anything particularly special about it; indeed the process you are attempting to change is merely a simple means to avoid splitting discussions among different fora and nothing more; when an AE decision is made, it should be appealed here; but that appeal is open to the input of the community in the exact same way it would be at any other forum. --Jayron32 18:27, 23 April 2019 (UTC)
- It would be nice if you were right about that, but a skim though the history of AE shows that you're not. Community discussion has never influenced decisions at AE. In fact, the process there allows a single admin who decides to impose a block to do so, even when a majority of other admins disagree. The entire setup at AE is not a suitable mechanism for reviewing out-of-process deletions. You still haven't addressed the point about how non-admins are supposed to comment when they can't even see the content that they are commenting on. --RexxS (talk) 18:52, 23 April 2019 (UTC)
- That's also true of deletions by other methods: if an admin deletes anything, non-admins cannot read the page during appeals at WP:DRV. This is true even if it was deleted via AFD, PROD, or CSD processes. You're not making arguments that aren't applicable to other deletions. --Jayron32 12:50, 24 April 2019 (UTC)
- On the contrary, standard practice at DRV is for an uninvolved admin to undelete the page in question so that non-admins can see the content and discuss whether the deletion was correct (the only absolute exceptions being if the page contains copyvios or BLP violations). This ArbCom-created amendment to our practice threatens to de-sysop any admin who carries out standard practice. Now do you understand what the problem is? --RexxS (talk) 13:42, 24 April 2019 (UTC)
- That's also true of deletions by other methods: if an admin deletes anything, non-admins cannot read the page during appeals at WP:DRV. This is true even if it was deleted via AFD, PROD, or CSD processes. You're not making arguments that aren't applicable to other deletions. --Jayron32 12:50, 24 April 2019 (UTC)
- It would be nice if you were right about that, but a skim though the history of AE shows that you're not. Community discussion has never influenced decisions at AE. In fact, the process there allows a single admin who decides to impose a block to do so, even when a majority of other admins disagree. The entire setup at AE is not a suitable mechanism for reviewing out-of-process deletions. You still haven't addressed the point about how non-admins are supposed to comment when they can't even see the content that they are commenting on. --RexxS (talk) 18:52, 23 April 2019 (UTC)
- Well, that's only broadly true because the results of such discussions are implemented by admins; non-admins cannot block someone! Admins base their actions, as always, on the input from users who comment on the discussion. This is exactly like everywhere else that admins implement decisions. Non-admins cannot protect pages which are under discussion at WP:RFPP, they cannot delete articles which are up for discussion at WP:AFD, they cannot block users who are reported at WP:ANEW. This is not a unique thing. That doesn't mean that admins are not supposed to take input from the community in such discussions. Community input from non-admins is explicitly encouraged and requested at WP:AE in exactly the same way it is in all admin-involved processes. You seem to have made this thing a precious thing where it is not. It doesn't have anything particularly special about it; indeed the process you are attempting to change is merely a simple means to avoid splitting discussions among different fora and nothing more; when an AE decision is made, it should be appealed here; but that appeal is open to the input of the community in the exact same way it would be at any other forum. --Jayron32 18:27, 23 April 2019 (UTC)
- (1) The decisions at AE are made by admins only, not by consensus among all commentators. Each question has a section "Result of the ..." with the italic print below: "This section is to be edited only by uninvolved administrators. Comments by others will be moved to the sections above". You only have to read the "Results" sections to see clearly how decisions are made. Secondly, and rather more importantly for this issue, how would you expect an ordinary editor to comment on whether the page should be deleted or not, when only admins can see the deleted page? Sure. everybody is welcome to comment, but we're going to ensure that you don't know what you're commenting on, and we'll happily ignore you if you do. That's not my idea of how to do a DRV. --RexxS (talk) 15:12, 23 April 2019 (UTC)
- @RexxS:
following arbitration enforcement procedures
and "at AE" do not mean the same thing. As I understand it,arbitration enforcement procedures
refers to the Wikipedia:Arbitration_Committee/Procedures#Modifications by administrators (although I would likewise appreciate an arb clarifying), which, as I said earlier, allows appeals at AN in which non-admins' voices count toward the determination of consensus. You are, of course, right that non-admins cannot see the deleted content. * Pppery * has returned 19:12, 23 April 2019 (UTC)- This is correct. Arbitration enforcement actions have always been appealable to AE, AN and ARCA. The motion reinforces that these are the allowed methods of appeal. The choice of venue is up to the appealing user; the only restriction is that once something is appealed to AN, an appeal to AE is unavailable; once something is appealed to ARCA, appeals to AE and AN are then unavailable. The standard of review is different at each. This is set out clearly in WP:Arbitration_Committee/Procedures#appeals.notes and this is hardly the first time it has been pointed out in this whole kerfuffle. GoldenRing (talk) 13:54, 24 April 2019 (UTC)
- Then how do you square that with
"Clarity ... What the motion that did pass say is that if there is again a deletion made under authority of ArbCom, the matter needs to come first to AE. The motion was merely clarifying where the discussion should first take place"
[1]? And you still haven't answered how non-admins can be expected to comment on content that they can't see even if it were to go to AN or ARCA. --RexxS (talk) 15:17, 24 April 2019 (UTC)
- Then how do you square that with
- This is correct. Arbitration enforcement actions have always been appealable to AE, AN and ARCA. The motion reinforces that these are the allowed methods of appeal. The choice of venue is up to the appealing user; the only restriction is that once something is appealed to AN, an appeal to AE is unavailable; once something is appealed to ARCA, appeals to AE and AN are then unavailable. The standard of review is different at each. This is set out clearly in WP:Arbitration_Committee/Procedures#appeals.notes and this is hardly the first time it has been pointed out in this whole kerfuffle. GoldenRing (talk) 13:54, 24 April 2019 (UTC)
- Where do you see that only admins may comment at WP:AE? When I read the giant red instruction box at WP:AE it says "All users are welcome to comment on requests." All users. Every one. Not just admins. --Jayron32 14:57, 23 April 2019 (UTC)
- @Pppery: please see this Arbcom resolution from last week
- @RexxS and Spartaz: Your claim that AE deletions can only be reviewed by admins is not true;
Change to CheckUser team
- Welcome back. —pythoncoder (talk | contribs) 21:23, 29 April 2019 (UTC)
- Nice! ~Swarm~ {sting} 01:14, 30 April 2019 (UTC)
- ”He’s come about the reaping? I don’t think we need any at the moment.... Newyorkbrad (talk) 11:41, 3 May 2019 (UTC)
Thanks! Reaper Eternal (talk) 01:05, 4 May 2019 (UTC)
- Little late to the party, but welcome back Reaper Eternal! . --TheSandDoctor Talk 07:15, 4 May 2019 (UTC)
Return of permissions to administrators notice
I see that this notice to administrators came out so delayed that the arbitration committee notice has already been archived on this noticeboard.
Was this notice (see User talk:Liz#ArbCom 2019 special circular) really necessary? Who came up with this wording? It is one thing to ask administrators or functionaries to be careful with their login and passwords but threatening them with having to have an additional RfA if they don't go for certain types of internet security? That seems like a step too far. There's encouraging change and then there is leveling threats and in this message ArbCom's frustration clearly came through. Liz Read! Talk! 02:50, 4 May 2019 (UTC)
How does the Committee intend to learn "whether the administrator used a strong password on both their Wikipedia account and associated email account"? The passwords are stored hashed and salted. Not even the sysops and developers can recover their plaintext, supposedly. Also, "whether the administrator had reused passwords across Wikipedia or the associated email account and other systems," seems similarly unknowable with any certainty. EllenCT (talk) 03:45, 4 May 2019 (UTC)
- Repeating something that I posted on my own talk page in response to this mass message:
When it comes to 2FA, people need to understand what Mediawiki is offering. Right now, it's not anywhere near state-of-the-art; it was written by a former WMF employee and is now maintained by a mix of staff and volunteers, none of whom are responsible for the long-range development of the extension. The WMF is already taking steps to make it *required* usage without taking any responsibility for it. That's well below the standard any of us should expect for security software. In order for it to be a proper fit for the worldwide, diverse movement it is intended to support, the following steps can and should be taken:
- A WMF department needs to take ownership of the extension, and take responsibility for its ongoing development, improvement, maintenance and user support.
- It needs to be modified so that it stands alone, without any upload of software or use of specific hardware. That is, it shouldn't be dependent on using the right computer or having two pieces of electronics such as a computer and a smartphone.
- The WMF needs to commit resources to ensuring that there is 24/7, easily reached user support. Right now, there is no clear pathway to obtaining support. This becomes increasingly important as more and more users with limited technical proficiency and/or who don't have a personal point of contact high up in the WMF technical support system are pushed to use 2FA. It should be assigned to people who can see a user through the entire process, all the way from communicating with users to resetting passwords/2FA.
- Generation of scratch codes needs to be easy and able to be done without disabling 2FA, as is necessary with the current software. After all, if 2FA is mandatory, the user can't disable it in order to generate new scratch codes.
- It needs to work in a simple and streamlined way for users who do most of their work from phones.
- It needs to be a no-cost solution. Any user should be able to use it anywhere in the world without worrying about hardware costs, software costs, or data/texting/SMS costs. They need to be able to use it on any computer at any time, anywhere, provided they have an internet connection. It needs to not be dependent in any way on mobile phone networks.
These things are all possible. They are, however, entirely dependent on the WMF taking the bull by the horns and redesigning the 2FA system so that it is streamlined, cost-free, easy to use and well-supported. When the WMF has over 100 software developers on staff, and their own Security department is urging the use of 2FA, there's really no excuse not to do this.
And frankly...I don't really see much point in requiring admins to have 2FA when we don't even require them to have a durable email address attached to their account.
If Arbcom is serious about this, then they need to use their influence to get the WMF to do the right thing. This message makes it sound as though Arbcom is requiring that all admins take potentially quite costly steps in order to hold onto their bits. Risker (talk) 03:49, 4 May 2019 (UTC)
- Comment: Previously the mantra was that being an admin was not a big deal and that it was nothing special to be one, but the increasing difficulty of going through RFA and now the suggestion of two-factor authentication are increasingly differentiating being an admin. On top of that some people live in countries where access to Wikimedia projects is already shaky: Turkey and China have had issues with internet blocks. If someone blocks the authentication app on a smartphone, how will a user who doesn't have a VPN on the smartphone authenticate into an admin account? WhisperToMe (talk) 05:29, 4 May 2019 (UTC)
- TOTP (the algorithm which generates the code) does not require a connection. Assuming you can get hold of an app (which is likely) the only other Internet access which may be required is something to make sure your clock is reasonably accurate (which is also likely). Internet access is not required to generate the 2FA code being entered. -- zzuuzz (talk) 05:54, 4 May 2019 (UTC)
- Come on, zzuuzz. One needs to be able to upload software onto some piece of electronic equipment in order to use the "app", which fails #2 above. After all, we already have admins logging in from military bases, libraries, and employer-owned equipment, most of which restrict uploading of software. And you need internet access to log into your account; whether or not 2FA also needs internet connection is immaterial, and many 2FA generators require either internet connection or send an SMS. Risker (talk) 06:39, 4 May 2019 (UTC)
- Any respectable TOTP generator is not going to use SMS or the Internet. My main point, in reply to the main point, is that the Great Firewall makes no difference to 2FA. I'm more than happy to agree that 2FA is not for everyone. -- zzuuzz (talk) 06:49, 4 May 2019 (UTC)
- In which case, why do I have a large spam message purporting to be from Arbcom claiming that
Administrators must … Enable two-factor authentication now for improved security
on my talk page? ‑ Iridescent 07:03, 4 May 2019 (UTC)- I'll leave that for others, as I don't speak for them, nor them for me. I believe someone has already pointed out that the wording may not be ideal. -- zzuuzz (talk) 07:06, 4 May 2019 (UTC)
- It isn't fake news; the message was from ArbCom. Well, the message was sent because while you or I may have secured our accounts, a number of sysops haven't. They reuse passwords from other sites, their passwords are insecure, or they attach the account to email addresses with the same issues. This advice was always obvious to some, but the message is not reaching everyone at an equal rate. Obviously, the message is an attempt to say, in simple words and without legalese, what these sysops need to learn in order for the community to stop wasting time dealing with breached user account security. I think it's overdue. AGK ■ 07:12, 4 May 2019 (UTC)
- And how did Arbcom give themselves the authority to demand this, given that every time mandatory 2FA has ever been discussed (the most recent RFC was only two weeks ago) it's been resoundingly rejected? ‑ Iridescent 07:16, 4 May 2019 (UTC)
- What do you think ArbCom has demanded? You can't mean it demanded sysops enable 2FA, because the motion says no such thing. And while the message advises that as one method of securing an account, it does not make that a requirement in itself. AGK ■ 07:31, 4 May 2019 (UTC)
- AGK,
Administrators must … Enable two-factor authentication now for improved security
(my emphasis) is a direct quote from the mass message you've just sent out. ‑ Iridescent 07:33, 4 May 2019 (UTC) - Who worded and designed this banner, FWIW? ∯WBGconverse 07:36, 4 May 2019 (UTC)
- AGK,
- What do you think ArbCom has demanded? You can't mean it demanded sysops enable 2FA, because the motion says no such thing. And while the message advises that as one method of securing an account, it does not make that a requirement in itself. AGK ■ 07:31, 4 May 2019 (UTC)
- And how did Arbcom give themselves the authority to demand this, given that every time mandatory 2FA has ever been discussed (the most recent RFC was only two weeks ago) it's been resoundingly rejected? ‑ Iridescent 07:16, 4 May 2019 (UTC)
- In which case, why do I have a large spam message purporting to be from Arbcom claiming that
- Any respectable TOTP generator is not going to use SMS or the Internet. My main point, in reply to the main point, is that the Great Firewall makes no difference to 2FA. I'm more than happy to agree that 2FA is not for everyone. -- zzuuzz (talk) 06:49, 4 May 2019 (UTC)
- Come on, zzuuzz. One needs to be able to upload software onto some piece of electronic equipment in order to use the "app", which fails #2 above. After all, we already have admins logging in from military bases, libraries, and employer-owned equipment, most of which restrict uploading of software. And you need internet access to log into your account; whether or not 2FA also needs internet connection is immaterial, and many 2FA generators require either internet connection or send an SMS. Risker (talk) 06:39, 4 May 2019 (UTC)
- TOTP (the algorithm which generates the code) does not require a connection. Assuming you can get hold of an app (which is likely) the only other Internet access which may be required is something to make sure your clock is reasonably accurate (which is also likely). Internet access is not required to generate the 2FA code being entered. -- zzuuzz (talk) 05:54, 4 May 2019 (UTC)
Fuck ArbCom which doesn't even understand their own messages and again give themselves powers they don't have. First it was deletions, then it was mandatory 2FA, inbetween it is loads of evidence of utter incompetence in many of its members (witness the statement by AGK above, but also some of the comments at e.g. the Rama case request). Just crawl into a corner and shut up until the community asks you to do something within your remit, but don't try to rule enwiki as if you have the right and the competence to do so. Or collectively resign. But don't give us any more of this bullshit. Fram (talk) 07:39, 4 May 2019 (UTC)