Wikipedia:Administrators' noticeboard: Difference between revisions

Welcome – post issues of interest to administrators.

Shortcuts WP:AN WP:ANB For urgent incidents and chronic, intractable behavioral problems, use Wikipedia:Administrators' noticeboard/Incidents. If you are new, try the Wikipedia:Teahouse instead. Do not report breaches of personal information on this highly visible page – instead use Wikipedia:Requests for oversight. For administrative backlogs add {{Admin backlog}} to the backlogged page; post here only if urgent. Do not post requests for page protection, deletion requests, or block requests here. Just want an admin? Contact a recently active admin directly. When you start a discussion about an editor, you must leave a notice on their talk page. Pinging is not enough. You may use {{subst:AN-notice}} ~~~~ to do so. Sections inactive for over three days are archived by Lowercase sigmabot III.(archives, search) Start a new discussion

Template:Active editnotice

This page has an administrative backlog that requires the attention of willing administrators. Please replace this notice with {{no admin backlog}} when the backlog is cleared.

"WP:CR" redirects here. You may be looking for Wikipedia:Cleanup resources, Wikipedia:Categorizing redirects, Wikipedia:Copyrights, Wikipedia:Competence is required, Wikipedia:Dispute resolution and Wikipedia:Content removal.

"WP:ANC" redirects here. You may be looking for Wikipedia:Assume no clue.

You may want to increment {{Archive basics}} to |counter= 38 as Wikipedia:Closure requests/Archive 37 is larger than the recommended 150Kb.

Archives

Index no archives yet (create)

This page has archives. Sections older than 6 days may be automatically archived by Lowercase sigmabot III when more than 3 sections are present.

Shortcuts

• WP:CR
• WP:RFCL
• WP:ANRFC

Use the closure requests noticeboard to ask an uninvolved editor to assess, summarize, and formally close a Wikipedia discussion. Do so when consensus appears unclear, it is a contentious issue, or where there are wiki-wide implications (e.g. any change to our policies or guidelines).

Do not list discussions where consensus is clear. If you feel the need to close them, do it yourself.

Move on – do not wait for someone to state the obvious. In some cases, it is appropriate to close a discussion with a clear outcome early to save our time.

Do not post here to rush the closure. Also, only do so when the discussion has stabilised.

On the other hand, if the discussion has much activity and the outcome isn't very obvious, you should let it play out by itself. We want issues to be discussed well. Do not continue the discussion here.

There is no fixed length for a formal request for comment (RfC). Typically 7 days is a minimum, and after 30 days the discussion is ripe for closure. The best way to tell is when there is little or no activity in the discussion, or further activity is unlikely to change its result.

When the discussion is ready to be closed and the outcome is not obvious, you can submit a brief and neutrally worded request for closure.

Be sure to include a link to the discussion itself and the {{Initiated}} template at the beginning of the request. A helper script can make listing discussions easier.

Any uninvolved editor may close most discussions, so long as they are prepared to discuss and justify their closing rationale.

Closing discussions carries responsibility, doubly so if the area is contentious. You should be familiar with all policies and guidelines that could apply to the given discussion (consult your draft closure at the discussions for discussion page if unsure). Be prepared to fully answer questions about the closure or the underlying policies, and to provide advice about where to discuss any remaining concerns that editors may have.

Non-admins can close most discussions. Admins may not overturn your non-admin closures just because you are not an admin, and this should not normally be in itself a problem at closure reviews. Still, there are caveats. You may not close discussions as an unregistered user, or where implementing the closure would call to use tools or edit permissions you do not have access to. Articles for deletion and move discussion processes have more rules for non-admins to follow.

Technical instructions for closers

Please append {{Doing}} to the discussion's entry you are closing so that no one duplicates your effort. When finished, replace it with {{Close}} or {{Done}} and an optional note, and consider sending a {{Ping}} to the editor who placed the request. Where a formal closure is not needed, reply with {{Not done}}. After addressing a request, please mark the {{Initiated}} template with |done=yes. ClueBot III will automatically archive requests marked with {{Already done}}, {{Close}}, {{Done}} {{Not done}}, and {{Resolved}}.

If you want to formally challenge and appeal the closure, do not start the discussion here. Instead follow advice at WP:CLOSECHALLENGE.

Other areas tracking old discussions

• Wikipedia:Requested moves#Elapsed listings
• Wikipedia:Articles for deletion/Old
• Wikipedia:Redirects for discussion
• Wikipedia:Categories for discussion/Awaiting closure
• Wikipedia:Templates for discussion#Old discussions
• Wikipedia:Miscellany for deletion#Old business
• Wikipedia:Proposed mergers/Log
• Wikipedia:Proposed article splits

Administrative discussions

Place new administrative discussions above this line using a level 3 heading

Requests for comment

RfC: Change INFOBOXUSE to recommend the use of infoboxes?

(Initiated 67 days ago on 15 March 2024) Ready to be closed. Charcoal feather (talk) 17:02, 27 April 2024 (UTC)

new closer needed
The following discussion has been closed. Please do not modify it.
Before I try to close this I wanted to see if any editors believed I am WP:INVOLVED. I have no opinions on the broader topic, but I have previously participated in a single RfC on whether a specific article should include an infobox. I don't believe this makes me involved, as my participation was limited and on a very specific question, which is usually insufficient to establish an editor as involved on the broader topic, but given the strength of opinion on various sides I expect that any result will be controversial, so I wanted to raise the question here first. If editors present reasonable objections within the next few days I won't close; otherwise, unless another editor gets to it first, I will do so. BilledMammal (talk) 04:43, 13 May 2024 (UTC) I am involved in the underlying RfC, but my opinion on the issue is not particularly strong and I am putting on my closer hat now. Per WP:INVOLVED, "[i]nvolvement is construed broadly by the community". In the Rod Steiger RfC, you stated: [T]o the best of my knowledge (although I have not been involved in these discussions before) every recent RfC on including an infobox has been successful. From this it is clear that the topic is settled, and insisting on RfC's for every article risks becoming disruptive. Although the underlying RfC was on a very specific question, your statement touches on the broader question of whether editors should be allowed to contest including an infobox in a particular article, a practice that you said risks becoming disruptive because the topic is settled. That makes you involved—construing the term broadly—because answering this RfC in the affirmative would significantly shift the burden against those contesting infoboxes in future discussions. That said, if you can put aside your earlier assessment of consensus and only look at the arguments in this RfC, I don't see an issue with you closing. It wouldn't be a bad idea to disclose this at the RfC itself, and make sure that nobody there has any objections. voorts (talk/contributions) 21:43, 18 May 2024 (UTC) Pinging @BilledMammal. voorts (talk/contributions) 21:45, 18 May 2024 (UTC) if you can put aside your earlier assessment of consensus and only look at the arguments in this RfC, I don't see an issue with you closing; per WP:LOCALCON, I don't see lower level discussions as having any relevance to assessing the consensus of higher level discussions, so I can easily do so - consistent results at a lower level can indicate a WP:IDHT issue, but it can also indicate that a local consensus is out of step with broader community consensus. Either way, additional local discussions are unlikely to be productive, but a broader discussion might be. Per your suggestion I'll leave a note at the RfC, and see if there are objections presented there or here. BilledMammal (talk) 02:37, 21 May 2024 (UTC) I don’t think that !voting in an RfC necessarily equates to being too involved, but in this case, the nature of your !vote in the Steiger RfC was concerning enough to be a red flag. Is it still your contention that “every recent RfC on including an infobox has been successful. From this it is clear that the topic is settled, and insisting on RfC's for every article risks becoming disruptive”? That was wrong (and rather chilling) when you wrote it and is still wrong (and still chilling) now, as the current RfC makes rather clear. - SchroCat (talk) 03:30, 21 May 2024 (UTC) Is it still your contention that “every recent RfC on including an infobox has been successful. From this it is clear that the topic is settled, and insisting on RfC's for every article risks becoming disruptive”? No. I've only skimmed the RfC, but I see that while a majority have been successful a non-trivial number have not been - and the percentage that have not been has increased recently. BilledMammal (talk) 04:13, 21 May 2024 (UTC) Part of my problem is that you said it in the first place. It was incorrect when you first said it and it comes across as an attempt to shut down those who hold a differing opinion. As you're not an Admin, I'm also not sure that you can avoid WP:NACPIT and WP:BADNAC, both of which seem to suggest that controversial or non-obvious discussions are best left to Admins to close. - SchroCat (talk) 06:44, 21 May 2024 (UTC) In general, any concern that WP:IDHT behavior is going on could be seen as an attempt to shut down those who hold a differing opinion. I won't close this discussion, though generally I don't think that raising concerns about conduct make an editor involved regarding content. However, I reject BADNAC as an issue, both here and generally - I won't go into details in this discussion to keep matters on topic, but if you want to discuss please come to my talk page. BilledMammal (talk) 07:53, 21 May 2024 (UTC) There was no IDHT behaviour, which was the huge flaw in your comment. You presumed that "every recent RfC on including an infobox has been successful", which was the flawed basis from which to make a judgement about thinking people were being disruptive. Your opinion that there was IDHT behaviour which was disruptive is digging the hole further: stop digging is my advice, as is your rejection of WP:BADNAC ("(especially where there are several valid outcomes) or likely to be controversial"), but thank you for saying you won't be closing the discussion. - SchroCat (talk) 08:10, 21 May 2024 (UTC)

Talk: Elissa Slotkin#Labor Positions and the 2023 UAW Strike

(Initiated 52 days ago on 30 March 2024) RfC expired, no clear consensus. andrew.robbins (talk) 04:05, 30 April 2024 (UTC)

WP:RSN#RFC:_The_Anti-Defamation_League

(Initiated 45 days ago on 7 April 2024) Three related RFCs in a trench coat. I personally think the consensus is fairly clear here, but it should definitely be an admin close. Loki (talk) 14:07, 6 May 2024 (UTC)

Wikipedia:Requests for comment/Enforcing ECR for article creators

(Initiated 43 days ago on 8 April 2024) Discussion appears to have died down almost a month after this RfC opened. Would like to see a formal close of Q1 and Q2. Awesome Aasim 00:11, 8 May 2024 (UTC)

Talk:Brothers of Italy#RfC on neo-fascism in info box 3 (Effectively option 4 from RfC2)

(Initiated 43 days ago on 8 April 2024) Clear consensus for change but not what to change to. I've handled this RfC very badly imo. User:Alexanderkowal — Preceding undated comment added 11:50, 1 May 2024 (UTC)

 Comment: The RfC tag was removed the same day it was started. This should be closed as a discussion, not an RfC. voorts (talk/contributions) 22:03, 18 May 2024 (UTC)

Talk:Mukokuseki#RfC on using the wording "stereotypically Western characteristics" in the lead

(Initiated 41 days ago on 11 April 2024) ☆SuperNinja2☆ TALK! 09:41, 21 May 2024 (UTC)

See Talk:Mukokuseki#Close Plz 5/21/2024 Orchastrattor (talk) 20:34, 21 May 2024 (UTC)

Talk:Tesla,_Inc.#Rfc_regarding_Tesla's_founders

(Initiated 35 days ago on 17 April 2024) Will an experienced uninvolved editor please assess consensus? There has been a request at DRN now that the RFC has completed activity, but what is needed is formal closure of the RFC. Robert McClenon (talk) 02:36, 20 May 2024 (UTC)

Place new discussions concerning RfCs above this line using a level 3 heading

Deletion discussions

XFD backlog

V	Feb	Mar	Apr	May	Total
CfD	0	0	12	15	27
TfD	0	0	0	5	5
MfD	0	0	0	2	2
FfD	0	0	0	2	2
RfD	0	0	8	40	48
AfD	0	0	0	32	32

Wikipedia:Categories for discussion/Log/2024 April 8#Category:French forts in the United States

(Initiated 60 days ago on 22 March 2024) HouseBlaster (talk · he/him) 20:38, 4 May 2024 (UTC)

 Done by Bibliomaniac15. * Pppery * _{it has begun...} 19:38, 21 May 2024 (UTC)

Wikipedia:Categories for discussion/Log/2024 April 10#Category:19th-century Roman Catholic church buildings in Réunion

(Initiated 59 days ago on 23 March 2024) HouseBlaster (talk · he/him) 13:39, 13 May 2024 (UTC)

 Closed by editor Pppery. P.I. Ellsworth , ed. ^{put'er there} 19:37, 21 May 2024 (UTC)

Wikipedia:Categories for discussion/Log/2024 April 27#Category:Unrecognized tribes in the United States

(Initiated 44 days ago on 7 April 2024) This one has been mentioned in a news outlet, so a close would ideally make sense to the outside world. HouseBlaster (talk · he/him) 13:56, 17 May 2024 (UTC)

Wikipedia:Categories for discussion/Log/2024 April 24#Category:Asian American billionaires

(Initiated 27 days ago on 24 April 2024) HouseBlaster (talk · he/him) 20:38, 4 May 2024 (UTC)

 Done * Pppery * _{it has begun...} 19:55, 21 May 2024 (UTC)

Wikipedia:Miscellany for deletion/Wikipedia:Stress marks in East Slavic words

(Initiated 16 days ago on 6 May 2024) * Pppery * _{it has begun...} 17:30, 19 May 2024 (UTC)

Place new discussions concerning XfDs above this line using a level 3 heading

Other types of closing requests

Template talk:Wikipedia's sister projects#Add Wikifunctions or not?

(Initiated 275 days ago on 20 August 2023) Could an uninvolved admin please determine whether there is a consensus to add Wikifunctions to the Main Page? Thanks. * Pppery * _{it has begun...} 16:28, 19 May 2024 (UTC)

Talk:Maersk Hangzhou#Second merge proposal

(Initiated 118 days ago on 24 January 2024) Merge discussion involving CTOPS that has been open for 2 weeks now. Needs closure. The Weather Event Writer (Talk Page) 04:46, 8 February 2024 (UTC)

@WeatherWriter: I would give it a few days as the discussion is now active with new comments. GoldenBootWizard276 (talk) 00:00, 3 March 2024 (UTC)

As nominator, I support a non consensus closure of this discussion so we can create an RFC to discuss how WP:ONEEVENT applies in this situation. GoldenBootWizard276 (talk) 21:56, 9 March 2024 (UTC)

 Done Charcoal feather (talk) 12:46, 21 May 2024 (UTC)

Talk:1985_Pacific_hurricane_season#Proposed_merge_of_Hurricane_Ignacio_(1985)_into_1985_Pacific_hurricane_season

(Initiated 112 days ago on 30 January 2024) Listing multiple non-unanimous merge discussions from January that have run their course. Noah, AA^Talk 13:50, 15 March 2024 (UTC)

Talk:12 February 2024 Rafah strikes#Merge proposal to Rafah offensive

(Initiated 99 days ago on 13 February 2024) The discussion has been inactive for over a month, with a clear preference against the merge proposal. CarmenEsparzaAmoux (talk) 19:35, 24 April 2024 (UTC)

Talk:Rupert_Sheldrake#Talkpage_"This_article_has_been_mentioned_by_a_media_organization:"_BRD

(Initiated 35 days ago on 16 April 2024) - Discussion on a talkpage template, Last comment 6 days ago, 10 comments, 4 people in discussion. Not unanimous, but perhaps there is consensus-ish or strength of argument-ish closure possible. Gråbergs Gråa Sång (talk) 07:24, 23 April 2024 (UTC)

It doesn't seem to me that there is a consensus here to do anything, with most editors couching their statements as why it might (or might not) be done rather than why it should (or should not). I will opine that I'm not aware there's any precedent to exclude {{Press}} for any reason and that it would be very unusual, but I don't think that's good enough reason to just overrule Hipal. —Compassionate727 ^(T·C) 01:01, 13 May 2024 (UTC)

Talk:Forest_management#Merge_proposal

(Initiated 23 days ago on 28 April 2024) As the proposer I presume I cannot close this. It was started more than a week ago and opinions differed somewhat. Chidgk1 (talk) 13:46, 10 May 2024 (UTC)

 Doing... Goldenarrow9 (talk) 19:48, 21 May 2024 (UTC)

 Done. @Chidgk1: I have added my closing remarks at the talk page and archived the discussion. Hope it seems fair to everyone. Goldenarrow9 (talk) 20:42, 21 May 2024 (UTC)

Wikipedia:Move review/Log/2024 May#Multiple page move of David articles

(Initiated 20 days ago on 1 May 2024) * Pppery * _{it has begun...} 18:13, 19 May 2024 (UTC)

Wikipedia:Deletion review/Log/2024 May 1#Chloe Lewis (figure skater)

(Initiated 20 days ago on 1 May 2024) * Pppery * _{it has begun...} 17:41, 19 May 2024 (UTC)

 Done by Daniel. Extraordinary Writ (talk) 01:38, 22 May 2024 (UTC)

Talk:Press_Your_Luck_scandal#Separate_articles

(Initiated 19 days ago on 2 May 2024) Please review this discussion. --Jax 0677 (talk) 01:42, 11 May 2024 (UTC)

Talk:Agroforestry#Merge_proposal

(Initiated 18 days ago on 3 May 2024) As the proposer I presume I cannot close this. It was started more than a week ago and opinions differed somewhat. Chidgk1 (talk) 13:46, 10 May 2024 (UTC)

Wikipedia:Move review/Log/2024 May#2018–2019 Gaza border protests

(Initiated 12 days ago on 9 May 2024) * Pppery * _{it has begun...} 18:13, 19 May 2024 (UTC)

Place new discussions concerning other types of closing requests above this line using a level 3 heading

Talk:Eurovision Song Contest 2024#New article

(Initiated 10 days ago on 11 May 2024) Split proposal for a new article surrounding an issue under arbitration sanctions - the conflict in the Middle East. Any involved editor closing it will be seen as taking sides, as such an uninvolved third-party admin is needed to close the requested split to prevent tensions on the talk page rising. PicturePerfect666 (talk) 20:52, 21 May 2024 (UTC)

Pages recently put under extended-confirmed protection

Report

Pages recently put under extended confirmed protection (21 out of 7770 total) (Purge) WATCH Page Protected Expiry Type Summary Admin Wokipedia 2024-05-21 23:50 2024-05-23 23:50 edit,move Shenanigan precaution. BD2412 Draft:Zard Patton Ka Bunn 2024-05-21 20:22 2024-11-21 20:22 create Repeatedly recreated: targeted by Nauman335 socks Yamla June 2024 Ukraine peace summit 2024-05-21 18:38 indefinite edit,move Community sanctions enforcement: WP:GS/RUSUKR El C Template:English manga publisher 2024-05-21 18:00 indefinite edit,move High-risk template or module: 2500 transclusions (more info) MusikBot II Draft:S S Karthikeya 2024-05-21 13:27 2025-05-21 13:27 create Repeatedly recreated Yamla Talk:Sexual and gender-based violence in the 2023 Hamas-led attack on Israel 2024-05-21 01:18 2024-05-28 01:18 edit,move Arbitration enforcement ScottishFinnishRadish Draft:Roopsha Dasguupta 2024-05-20 21:26 2029-05-20 21:26 create Repeatedly recreated Yamla Gaza floating pier 2024-05-20 17:36 indefinite edit,move Arbitration enforcement ScottishFinnishRadish Science Bee 2024-05-20 15:26 2027-05-20 15:26 create Repeatedly recreated Rosguill Wikipedia:Golden Diamond Timeless Watch 2024-05-20 06:54 2024-05-23 06:54 create Repeatedly recreated Liz Screams Before Silence 2024-05-20 04:56 indefinite edit,move Contentious topic restriction: per RFPP and ARBPIA Daniel Case Tyson Fury vs Oleksandr Usyk 2024-05-20 03:49 indefinite edit,move Persistent vandalism: per RFPP Daniel Case Atom Eve 2024-05-20 02:53 2024-08-20 02:53 edit,move Persistent sock puppetry NinjaRobotPirate Ebrahim Raisi 2024-05-19 22:02 indefinite edit,move Arbitration enforcement: WP:ARBIRP; upgrade to WP:ECP, 2024 Varzaqan helicopter crash-related; aiming for the short term (remind me) El C 2024 Varzaqan helicopter crash 2024-05-19 21:15 2024-06-19 21:15 edit Contentious topic restriction Ymblanter Koli rebellion and piracy 2024-05-19 21:08 indefinite edit,move Persistent sock puppetry Spicy Khirbet Zanuta 2024-05-19 12:15 indefinite edit,move Contentious topic restriction: WP:A/I/PIA ToBeFree Poppay Ki Wedding 2024-05-18 20:42 2025-05-18 20:42 create Repeatedly recreated: request at WP:RFPP Ymblanter Joseph Sam Williams 2024-05-18 11:59 2024-05-22 11:59 move Persistent sock puppetry; requested at WP:RfPP Robertsky 2024 University of Amsterdam pro-Palestinian campus occupation 2024-05-18 06:32 indefinite edit,move Contentious topic restriction: per RFPP and ARBPIA Daniel Case Edcel Greco Lagman 2024-05-18 03:31 2024-07-18 03:31 edit,move Persistent disruptive editing: Removal of sourced content, per a complaint at WP:ANI EdJohnston

Please help- who tried to break into my account?

Tracked in Phabricator
Task T193769

Please note that receiving one of these notifications does not mean your account was actually compromised or hacked. You may want to review WP:STRONGPASS and WP:SECURITY to ensure you are doing all you can to protect your account, but you do not necessarily need to reset your password. Beeblebrox (talk) 20:53, 3 May 2018 (UTC)

Can you please find out who tried to break into my account? It worries me. I want to see if it was someone in my area or other. Alex of Canada (talk) 17:35, 3 May 2018 (UTC)

@Alex of Canada: Someone tried three times several hours ago to get into mine. It happens; as long as you have a secure password you should be fine. Home Lander (talk) 17:40, 3 May 2018 (UTC)

This just happened to me, too. It's not unusual, I get one or two a month, and about once a year, someone makes a whole lot of login attempts. Make sure you have a unique password for Wikipedia. Use a password manager if you don't already. Use multi-factor authentication. Consider changing your password if you are worried (or especially if it wasn't unique). I already have these set up on my account so I just ignore the warnings when they come in. You asked to find out who tried to break into your account. That information is not generally available, I'm afraid. --Yamla (talk) 17:41, 3 May 2018 (UTC)

My password is secure, but I'm worried it might be a hacker who will find out how to get into anyone eventually. Alex of Canada (talk) 17:48, 3 May 2018 (UTC)

Best case is to use a unique password here (so if they figure out who you are, can't get into anything else, such as your email) and set up extra measures. A WP:Committed identity would be a good start. Home Lander (talk) 17:53, 3 May 2018 (UTC)

That might be a legitimate worry, but it existed before some person or bot tried to brute-force some Wikipedia accounts. Hacking without guessing the password is a whole different proposition. Related stuff at Wikipedia:Village pump (technical)#two-factor authorization and User talk:Winkelvi#Compromised account attempt. ―Mandruss ☎ 17:54, 3 May 2018 (UTC)

Related discussion at VPT (permalink) with some more detailed information. Seems there's a rash of this today. ~ Amory (u • t • c) 18:04, 3 May 2018 (UTC)

Yep. Two threads at the teahouse on this same subject. Beeblebrox (talk) 18:37, 3 May 2018 (UTC)

Just tried and failed with mine. --SarekOfVulcan (talk) 18:43, 3 May 2018 (UTC)

Recommend that all admins set up 2-factor auth. Andrevan@ 18:49, 3 May 2018 (UTC)

Everyone reviewing WP:STRONGPASS and WP:SECURITY couldn’t hurt either. Beeblebrox (talk) 18:50, 3 May 2018 (UTC)

Me, too (in case anyone is keeping track of admin v non-admin attempts). SandyGeorgia (Talk) 18:59, 3 May 2018 (UTC)

Me too. I already asked a question at WP:Village pump (technical)#two-factor authorization. Martinevans123 (talk) 19:02, 3 May 2018 (UTC)

I had this today as well, but I have break-in attempts on a regular basis, with a record of several hundreds per day (not today though).--Ymblanter (talk) 19:15, 3 May 2018 (UTC)

They must like you. Martinevans123 (talk) 19:21, 3 May 2018 (UTC)

Got an attempt today as well. SQL^{Query me!} 19:20, 3 May 2018 (UTC)

Me as well. Question I should probably know the answer to: can a functionary look up the IP addresses behind these bogus login attempts and implement a technical restriction? Ivanvector (^Talk/_Edits) 19:22, 3 May 2018 (UTC)

Technically, yes. Whether it is allowed by the policy I do not know.--Ymblanter (talk) 19:43, 3 May 2018 (UTC)

Well, if there's a way to determine that an IP is being used for abusive login attempts, autoblocking that IP for 24 hours is probably a good security practice. Wouldn't stop them hacking an account probably but then at least they wouldn't be able to edit. If our policies don't support that then we should change our policies. Ivanvector (^Talk/_Edits) 19:55, 3 May 2018 (UTC)

Me too. Natureium (talk) 19:39, 3 May 2018 (UTC)

First Thursday of every May. Coincidence, perhaps. --NeilN ^{talk to me} 19:18, 3 May 2018 (UTC)

I'm probably the only editor right now that hasn't had attempted account hacks ...... Not sure if that's a good sign or a bad one lol. –Davey2010^Talk 19:32, 3 May 2018 (UTC) Inevitable happened. –Davey2010^Talk 22:25, 3 May 2018 (UTC)

Me too, Davey! --Malcolmxl5 (talk) 21:24, 3 May 2018 (UTC)

• I readily admit I am not the most experienced CU, but I am unaware of how we could look up who attempted and failed at logging in. I’ll ask for further input though in case it’s just something I don’t know about. Beeblebrox (talk) 19:50, 3 May 2018 (UTC)

Good point. So all we need to do is all simultaneously set our passwords to "password* for five minutes and simply track 'em down!!? Martinevans123 (talk) 19:56, 3 May 2018 (UTC)

Yeah, it would take far more access (database?) to determine where this is coming from. If that information is even stored. If this isn't a bot driven thing (which it probably is), then a limiter on logins per IP would be nice as well. Arkon (talk) 20:03, 3 May 2018 (UTC)

• I’ve gotten some response form the other functionaries about this, here’s what we’ve got:

• Currently, CU cannot do this
• There is a phabricator thread about notifying the user of the ip of whoever tried to log into their account. It is approved and being worked on but not functional yet
• There is some indication that this is a specifc banned user already familiar to some of the functionaries so it is possible some action will be forthcoming but I’m not sure wat it will be.

Beeblebrox (talk) 20:24, 3 May 2018 (UTC)

@Beeblebrox: There is a way to check it, but it's on Toolforge. The people that have access to it aren't functionaries but more devs I think. There'sNoTime knows more about it. Dat Guy^Talk_Contribs 09:00, 4 May 2018 (UTC)

• Apparently there have been tens of thousands of failed login attempts over the past few hours. Check this out for some idea of the scope. The back office is aware of this and we cn expect a statement from them in the near future. Beeblebrox (talk) 20:33, 3 May 2018 (UTC)

Thanks for clarifying. Martinevans123 (talk) 20:44, 3 May 2018 (UTC)

• Interesting. I got one of those failed login attempt messages too. I changed my password to something stronger and thought nothing else of it until now. – Muboshgu (talk) 20:36, 3 May 2018 (UTC)

• I just got a notification that somebody get into mine too.--Crasstun (talk | contributions) 20:44, 3 May 2018 (UTC)
• Me too, and User:SPECIFICO. We were also both targeted at Wikipedia yesterday by the same editor, but no idea if there's any connection. That editor also knows my anon Facebook and Twitter accounts. Strange. -- BullRangifer (talk) PingMe 20:52, 3 May 2018 (UTC)

User:BullRangifer You posted it here on WP when you were talking with some IP who then posted it on my talk page because he saw me arguing with you. Someone tried to access my WP account too. Factchecker_atyourservice 02:05, 4 May 2018 (UTC)

Thanks for clearing that up. Let's make sure it doesn't spread. I'll seek a revdel. -- BullRangifer (talk) PingMe 03:18, 4 May 2018 (UTC)

• Happened to me this morning. In a way i'm glad it is not an isolated incident.--SamHolt6 (talk) 21:14, 3 May 2018 (UTC)
• It happened to me too at 14:12 UTC today too. L293D (☎ • ✎) 21:32, 3 May 2018 (UTC)
• You may add me to the list of failed hack targets. I have 2FA enabled so I am not overly concerned about my account security. But I am very concerned about what looks like an orchestrated attack on the project. -Ad Orientem (talk) 22:03, 3 May 2018 (UTC)
• For what it's worth, someone (the same person?) tried to break into my account just a few hours ago. Adam9007 (talk) 22:07, 3 May 2018 (UTC)

+1 - I felt like the odd one out so kinda glad someone attempted it , Jokes aside why is there a huge influx of password resettings ? ... It doesn't seem all that productive .... –Davey2010^Talk 22:25, 3 May 2018 (UTC)

• Happened to me 7 hours ago. Silly culprit; if he was targetting editors with any care, Davey2010 and other big-name users here should have been higher on his priority list than me. No one's ever bothered to try to hack my account before. Sideways713 (talk) 22:48, 3 May 2018 (UTC)
• I got that notification as well, 2 hours ago. theinstantmatrix (talk) 22:57, 3 May 2018 (UTC)

Same here, a few hours ago. GoodDay (talk) 23:26, 3 May 2018 (UTC)

• Could this be related to today being World Password Day? ^Falling_Gravity 23:39, 3 May 2018 (UTC)

• Read up above - I heavily doubt it, since the perpetrator is apparently known to the WMF. As an aside, they tried me as well, but my password's only been strengthened since I was an admin, so they didn't get far. —Jeremy v^_^v ^Bori! 23:47, 3 May 2018 (UTC)

Me too, although I'm pretty sure who tried doing it... Am i famous now?💵Money💵emoji💵^Talk 23:46, 3 May 2018 (UTC)

• For the first time ever, I received notification that someone had tried to log into my account today. I am not an admin. This needs to be investigated.Smeat75 (talk) 00:09, 4 May 2018 (UTC)

• Read the thread above. I'm fairly certain the WMF is already on it. —Jeremy v^_^v ^Bori! 00:11, 4 May 2018 (UTC)

• Russians? ^{[FBDB] Atsme📞📧} 02:11, 4 May 2018 (UTC)

I was waiting for someone to say the Russians :) GoodDay (talk) 02:17, 4 May 2018 (UTC)

• Me too. (And yes, I have two-factor authentication.) Heimstern Läufer (talk) 12:41, 4 May 2018 (UTC)

According to this graph of the Wikimedia User Login Attempts, this account hacking attempt has resumed today and is still continuing, as of this writing. There are a lot more "Throttled logins" today than in yesterday's attacks, which now appears to comprise the vast majority of the latest attack wave. (And yes, this LTA/hacker took a swipe at my account yesterday and a couple more times today.) This is getting ridiculous. LightandDark2000 (talk) 23:30, 4 May 2018 (UTC)

I suspect this attack may have something to do with the recent Twitter password leak [1]. Is it possible that someone has got a copy of this "internal log" and has now got a botnet trying to find Wikipedia accounts that match the Twitter ones? (Yes, I got an attempt against my account too, and no, the other QuietOwl on Twitter is not me, I don't use this username anywhere else, or any social networking site, for that matter.) QuietOwl (talk) 02:48, 5 May 2018 (UTC)

Okay, this time, the next attack wave is longer than the first one, and it's still ongoing right now. This can't be a good sign. LightandDark2000 (talk) 06:34, 5 May 2018 (UTC)

A graph depicting the duration and scale of the mass account-breaking attempts in May 2018.

I've added a picture of the graph depicting the mass-cyberattack attempts. I estimate that at least 400,000 accounts may have experienced some attempt to break in. It should be noted that this is the largest account-hacking attempt that Wikimedia has experienced at least in the last 5 years (possibly the largest such attack ever). I also noticed today that the attacks seemed to have stopped. I wonder what happened to the hacker. What's keeping him? ;) LightandDark2000 (talk) 06:22, 6 May 2018 (UTC)

Today, only 30 minutes ago, someone (probably the same hacker) tried to break into my account 3 more times. I guess it must have something with me uploading the picture. Though I already hardened my password 2 more times, so it won't really help them at all. What in the hell is wrong with this person? The WMF seriously needs to block the access for the IP network responsible; at least Globally Rangeblock the IP if it will help. LightandDark2000 (talk) 19:56, 6 May 2018 (UTC)

Oh, God, they're doing it again! This time the attacks are almost entirely "login throttles". Seriously? Someone needs to block off the IP network hosting the attacks, or at least add in some new firewall rules to Wikimedia Foundation computers if this is some kind of offline attack. LightandDark2000 (talk) 10:40, 7 May 2018 (UTC)

What does "login throttled" mean? Natureium (talk) 16:48, 7 May 2018 (UTC)

I have same problem. Someone is trying to hack my account Lado85 (talk) 08:24, 8 May 2018 (UTC)

I have a suggestion (i am not an admin but thought i'd comment). My account hasn't been targeted (yet), but if it ever does, they won't get very far, my password is not even a word or phrase maybe others should follow suit with their password being a "random" combination of letters and numbers. Lavalizard101 (talk) 11:39, 8 May 2018 (UTC)

PSA: Admins should enable two-factor authentication

As an additional security measure, admins and editors with similar permissions can (and should) use Special:Two-factor authentication to prevent account hijacking. Sandstein 21:51, 3 May 2018 (UTC)

• (edit conflict)I would gladly use 2FA (and I was also the subject of a hack attempt) if the code was emailed, in addition to (or instead of) being sent to a mobile number. We have a cell phone but it's usually off, but my email is generally available. I may not be the only admin in a similar situation. Miniapolis 22:51, 3 May 2018 (UTC)
  • The code is not send to the mobile phone, it's locally generated (based on time and a secret key) by an app on the phone. I don't know if it works for your use case, but you don't need to have the phone on (except for the very moment of login) or even online. --Stephan Schulz (talk) 18:51, 7 May 2018 (UTC)
    • Miniapolis YMMV depending on which service you use, but authy has desktop clients for macOS and Windows as well. ~ Amory (u • t • c) 21:16, 7 May 2018 (UTC)
• I really really do not agree, Sandstein. We've had several cases of admins, including technically savvy admins, who have been in despair because they lost their whatsits — I don't remember what they're called — some magic formulas that you need for your account when you have two-factor authentication — and apparently the magic gets lost every time you get a new phone. Ouch. Eventually, after much stress, these people have been rescued through being able to e-mail people who can vouch for them because they recognize the way they talk. (Hello, Jehochman, hope your account is OK these days.) People who habitually edit from internet cafes or library computers, or who have a mischievous twelve-year-old or a hard-drinking sister-in-law around the house, may possibly need the system, but everybody else had much better instead get a really strong password and not use that password anywhere else. In my opinion. Bishonen | talk 22:57, 3 May 2018 (UTC). (PS: And yes, I've had the attempts today and so has Bishzilla. Considering the numbers of people who have, I find it hard to believe WWII editors have been singled out.) Bishonen | talk 23:02, 3 May 2018 (UTC).

You're both right, to some degree. Bish, the magic you're thinking of is a scratch code (I'm not sure if that's what our implementation calls it) and it is just a plain text code that you're supposed to keep somewhere safe, so that if you do lose your authentication device (i.e. get a new phone) then you can use that code to reset your 2FA and re-implement it on your new device. If you lose your password AND your device AND those codes AND nobody can vouch for you, then yeah, you're fucked, but that's a lot of concurrent failures. If I remember right, when you enable 2FA here the codes you need are all displayed on the screen (you scan a QR code and the scratch codes are plain text), not sent by text or emailed or whatever. Maybe that depends on what authenticator you use. Ivanvector (^Talk/_Edits) 23:07, 3 May 2018 (UTC)

• <<ec>>What Bishonen said. Every time I read the instructions my blood runs cold. With the two factor authentication I have w/ my bank and emails, there is a backup and authentication involves sending a request to my phone. The process here sounds dangerously complicated, and the grater risk is that I lose my whatsit.--Dlohcierekim (talk) 23:09, 3 May 2018 (UTC)

Is it true that once you do this there's no going back? I don't want to do something irrevocable. And I have a strong password.--Dlohcierekim (talk)

No, not at all, you can turn it off any time as long as you have access to your account. I get that we're still calling it "beta", but I turned it on the day my RfA closed, and I've never had a problem. Ivanvector (^Talk/_Edits) 23:22, 3 May 2018 (UTC)

Blood-chillingly complicated is right, Dlohcierekim. And it sounds to me like the whole log-in operation, otherwise so smooth, gets much more fiddly with 2FA, every time you do it. That's quite a problem for people with a lot of socks![2] Bishonen | talk 23:30, 3 May 2018 (UTC).

Not by much, no, there's one extra step. The squirrel still gets in just fine. Ivanvector (^Talk/_Edits) 23:49, 3 May 2018 (UTC)

• I use Authy (authy dot com) for my 2FA here. It allows one to use multiple devices as well as back up the seed. There is a slight security hit since more than one device can be used but for me it is worth it to remove the single point of failure. Jbh ^Talk 23:45, 3 May 2018 (UTC)
• I have to say I was intimidated by it at first as I am not super technically minded but once it is set up it is remarkably easy to use, and I made sure I have those scratch codes in a safe place in case I ever need them. Beeblebrox (talk) 00:19, 4 May 2018 (UTC)
• I actually am a techie person, but I do agree that the instructions and setup appear intimidating. But once it is set up, 2FA really is easy to use. Enter your password as usual, then it asks for a number. Open the app on your phone/tablet/whatever, and it displays a number. Type in that number. And as long as you do remember to record the original scratch codes somewhere, the whole thing can always be reset in the event of a disaster. As for login attempts, I've had one rather than the multiple attempts that many are getting - presumably it stopped at the first 2FA challenge. Boing! said Zebedee (talk) 08:55, 4 May 2018 (UTC)
• I use 2FA, but as someone who seems to drop or otherwise break their phone at least once per year, I agree with others that the way 2FA works is a royal pain in the neck. If I'm unable to access my old device, I have to (a) find where I wrote down the scratch codes (b) use one to login & disable 2FA (c) re-enable 2FA with the new device and (d - and this is the worst bit) write down a whole new set of scratch codes. If you've lost your scratch codes, you are basically screwed and are looking at registering a new account and convincing anyone who will listen that the two are connected. Committed identity helps with this - but of course you have to be able to find the file you used to create it. Things that would help with this situation are (a) only generate a new set of scratch codes when a user requests it or when the last one is used, not every time 2FA is enabled, so that at least you don't have to write down a whole new set every time you use one and (b) have some back up way of resetting authentication on the account. The latter would involve the WMF holding some way of getting in touch with you or proving your identity. I guess for people who have identified to the WMF this is already possible; otherwise, of all the websites I use, enwiki is the one where it is hardest to recover your account - and it seems it is often impossible. I thought there was a phab ticket to improve this situation, but I can't find it just now (fun diversion: try searching '2FA' on phab and you'll see how many people have difficulties with it - it seems that at least sometimes it is possible to convince the devs to twiddle bits). GoldenRing (talk) 11:20, 4 May 2018 (UTC)

Been a long time crossing the Bridge of Sighs

• Two factor authentication, as implemented on Wikipedia, is farkakt. Jehochman ^Talk 18:12, 4 May 2018 (UTC)

  gesundheit--Dlohcierekim (talk)

• Regarding losing scratch codes - does no one else use a cloud storage or cloud backup service? --NeilN ^{talk to me} 20:08, 4 May 2018 (UTC)

  negative. I consider nothing in the cloud or otherwise online secure.--Dlohcierekim (talk) 20:09, 4 May 2018 (UTC)

• @Dlohcierekim: Sigh. ^{[citation needed]}... --NeilN ^{talk to me} 20:14, 4 May 2018 (UTC)

Psssst, Neil...be careful not to use too many *sighs* ^{[FBDB] Atsme📞📧} 20:38, 4 May 2018 (UTC)

Hidden Tempo? Is that like a Ford Tempo but with a quieter engine? Martinevans123 (talk) 08:21, 5 May 2018 (UTC)

PSA: Admins might be better off with a long passphrase rather than two-factor authentication

Just so you know, not everyone agrees that 2FA is a magic bullet.

https://www.economist.com/blogs/economist-explains/2017/09/economist-explains-9

https://www.schneier.com/blog/archives/2016/08/nist_is_no_long.html

https://krebsonsecurity.com/2016/09/the-limits-of-sms-for-2-factor-authentication/

https://www.theverge.com/2017/7/10/15946642/two-factor-authentication-online-security-mess

I'm just saying. --Guy Macon (talk) 20:03, 4 May 2018 (UTC)

• Just as a reminder, users with advanced permissions are required by WP:STRONGPASS to have a strong password anyway. 2FA is just another option to strengthen account security. Beeblebrox (talk) 20:08, 4 May 2018 (UTC)

  @Beeblebrox: Personally, I don't understand why the (not particularly strict, IMHO) requirements for privileged users don't apply to all users. Nearly every insignificant forum on the web has stricter password requirements than Wikipedia, for heaven's sake! Gestumblindi (talk) 14:26, 5 May 2018 (UTC)

@Gestumblindi: The reason is simple: consensus was against it when the policy was developed. The reasoning was that it might discourage new users. Beeblebrox (talk) 18:14, 5 May 2018 (UTC)

@Beeblebrox: I remember, but consensus might change. Maybe it's now the time for proposing slightly stricter requirements more similar to those customary anywhere else on the web? I don't get the "it might discourage new users" reasoning - after all, people should be well accustomed to having to use reasonably strong passwords by now. As it is, the password requirements for regular users are extremely and most unusually low, and the requirements for admins are still rather below standard. Gestumblindi (talk) 18:31, 5 May 2018 (UTC)

• Hopefully 20 bytes is enough.--Dlohcierekim (talk) 00:58, 5 May 2018 (UTC)

20 characters is almost certainly enough. A password that meets the requirements set forth in STRONGPASS (8 characters) will be broken by an offline password-guessing program in under a minute.[3][4][5][6][7] --Guy Macon (talk) 01:33, 5 May 2018 (UTC)

Only if the Mediawiki software doesn't throttle login attempts (I'm pretty sure it does, given the "throttled logins" category in the charts above) or the attacker has access to the raw password hashes and the salts (and the passwords are stored using a low number of hash iterations). Even at 1000 guesses per second, 8-characters with one uppercase letter and one digit would take 7000 years to crack. --Ahecht (TALK
PAGE) 16:08, 10 May 2018 (UTC)

• It should be noted that most of those articles are about 2FA using SMS codes, or using such SMS codes as backups for the type of 2FA we have. Neither of which we do for that exact reason. Which is also the reason you are so screwed on this site if you loose your scratch codes AND your phone. However I agree that having a 20 character password that you only use on en.wp is probably more important than having 2FA. But I use 2FA on ALL my accounts wherever I can, and because i use it for so many services, it has stopped being bothersome. —TheDJ (talk • contribs) 09:11, 5 May 2018 (UTC)
• Yup. Make sure it passes the dictionary attack though. rhin0cer0usstransgal4cticdifferential is easier to remember and just as good as 25 characters of random gibberish. ^{cinco de} L3X1 ◊distænt write◊ 13:13, 5 May 2018 (UTC)
  • The passphrase Rhinoceros transgalactic differential. (with the initial capitalization and the ending period) is stronger still. Even better would be "My rhinoceros has a transgalactic differential." -- harder for a computer to crack and easier for a human to remember; just remember that it is a valid sentence using standard English spelling and grammar. Replacing o with 0, a with 4, etc. just makes it harder to remember without adding much in the way of difficulty for a password guessing program. --Guy Macon (talk) 20:26, 5 May 2018 (UTC)

Source on that. The few times I've had to turn my previous laptop into a wireless router (long story), the password was something like "screwoffyoucommiespybastardsthisismygoddamnwifi" or similar full sentences.

Now, it still needs to be multiple words, because single words are not a problem for dictionary attacks. Ian.thomson (talk) 20:55, 5 May 2018 (UTC)

User:Guy Macon: Re A password that meets the requirements set forth in STRONGPASS (8 characters) will be broken by an offline password-guessing program in under a minute. - Does WikiMedia not have, or could they not develop, a system where three (or so) failed attempts to log in to an account, lock the account? For a comparable example, if someone tries to use an ATM card and puts in an incorrect code three times, on the third try the ATM will eat the card. Couldn't WikiMedia have some way of locking an account after three (or X number to be decided) failed attempts at entering the password? --MelanieN (talk) 01:31, 6 May 2018 (UTC)

• So you first lock all the admin accounts, then you go vandalize at will. This would work well. Remember, everything can be gamed, and this plan is game-able in two seconds flat. The reason teh ATM example works is because someone already has your card. Courcelles (talk) 01:36, 6 May 2018 (UTC)

  Actually, I am pretty sure the number of attempts per minute is limited (and not to 10^10), but I do not remember where I have seen this and what the number actually is.--Ymblanter (talk) 07:13, 6 May 2018 (UTC)

I think there is some form of rate limiting although I don't know the details. I'd note a system which completely locks an account after 3 tries requiring some sort of reset is open to abuse since it means people who want to annoy an editor can keep locking their account. Nil Einne (talk) 16:40, 6 May 2018 (UTC)

(If the following is too long for you, just read https://xkcd.com/936/ and https://xkcd.com/538/ ).

Every time I have looked into the nuts and bolts of how the WMF does security, it has always, without fail, turned out that they do it right, so I am not even going to bother finding out how they stop an attacker from either making millions of guesses per second or being able to lock out an admin by trying to make millions of guesses per second. Clearly the WMF developers read the same research papers that I do.

That being said, as explained at Kerckhoffs's principle#Modern-day twist, while doing things like rate limiting are Very Good Things, we are not to rely on them. We are to assume that the attacker knows every byte of information on the WMF servers (and in fact the attacker may actually be someone who has knows every byte of information on the WMF servers -- If a nation-state offered a key WMF employee millions of dollars if he complied and made a credible threat to torture and kill his family if he didn't, there is a 99%+ chance that they would end up knowing every byte of information on the WMF servers.)

The WMF does not store your passphrase anywhere. When you enter it it a cryptographic hash is performed and the result compared with a stored hash. This means that an attacker who knows every byte of information on the WMF servers can perform a high-speed offline passphrase-guessing attack, but cannot simply look up your passphrase and use it to log on. So according to Kerckhoffs's principle, you should choose a passphrase that is easy to remember and hard for a high-speed offline passphrase-guessing program to guess. I will call that that "Macon's principle" so that I don't have to type "choose a passphrase that is easy to remember and hard for a high-speed offline passphrase-guessing program to guess" again and again.

Bad ways to follow Macon's principle

• Passwords instead of passphrases (single words instead of strings of words with spaces between them).
• Random gibberish.
• Short passwords or passphrases. 8 is awful, 16 is marginal, 24 is pretty good, 32 is so good that there is no real point going longer.
• Character substitutions (Example: ch4r4ct3r sub5t|tut10ns)

Good ways to follow Macon's principle

• Use a standard English sentence with proper grammar, spelling, and punctuation.
• Make it longer than 32 characters and have it contain at least three (four is better) longish words plus whatever short words are needed to make it grammatically correct.
• Make sure that sentence has never been entered anywhere on your hard drive (including deleted files) or on the internet. "My Hovercraft Is Full of Eels" is bad because a dictionary that contains every phase used in Monty Python's Flying Circus would find it.[8]
• Make it meaningful, easy to remember, and something that generates a strong mental image.
• Make it meaningful to you, but unguessable by others (don't use your favorite team, first kiss, mother's maiden name, etc.)

An example of a good passphrase that follow Macon's principle would be:

 Sherwood painted his Subaru pink so that it would blend in with his flamingos.

(This assumes that you actually know someone named Sherwood and that he owns a non-pink Subaru. Replace with a name/car from among your acquaintances)

That's 78 characters that nobody in the history of the earth has ever put together in that order until I just wrote it. Typos really stand out (Sherwood paibted his Subaru pink so that it would blend in with the Flamingos) and are easy to correct. The sun will burn out long before the fastest possible passphrase-guessing program completes 0.01% of its search. And yet it would be far easier to remember than the far easier (for a computer) to guess BgJ#XSzk=?sbF@ZT would be. --Guy Macon (talk) 18:16, 6 May 2018 (UTC)

I feel there is some confusion in this thread around password security I'd like to clear up:

• re MelanieN: Guy Macon is referring to an "offline" attack, which is a fancy way of saying how long it would take if the attackers found a way to bypass all rate limiting and had a copy of the password file from WMF's servers. In an "online" attack (When somebody tries to login via Special:userlogin many time), rate limiting does come into play. Currently the rate limit is set to at most 50 in five minutes (Which honestly, is a little on the high side for a short term limit) [Edit: I was reading the wrong page, its actually 5 tries in 5 minutes], and no more than 150 tries in a 2 day period. Long before the hard limit comes into play, there is a soft limit where people need to enter a captcha in order to continue logging in. Of course we also record whenever their is a failed login and may take manual action if it appears an attack is happening.
• re WP:STRONGPASS - the requirement for admin passwords enforced by the system is a minimum requirement, largely aimed (at least in my opinion) to prevent an online attack. People are of course encouraged to use even stronger passwords. The passphrase method Guy Macon mentions is one good way of generating strong passwords. Another popular method is to use a password manager to manage your random passwords for you. In addition to using a strong password, it is vitally important to use a unique password. It is much more common for attackers to get your password from other websites than it is for them to brute-force it.
• re 8 character random password cracked in minutes. I don't think that calculation is correct. If we assume a random 8 character password (And I mean truly random, e.g. generated via dice or a password manager, not randomly chosen by a human as humans are terrible at randomly choosing a password), that's about 4048 bits of entropy. Based on [9] we have about 2301200000 hashes/sec and we're using 128000 rounds PBKDF-sha256. 2^(6*8)*128000/23012100000 ≈ 1565645769 seconds = 49 years. That said, longer passwords are much better, and most people are very bad at picking random passwords. Of course, if your 8 character password is '12345678' it will be cracked in milliseconds. In any case, I'd still highly highly recommend a password longer than 8 characters. BWolff (WMF) (talk) 21:09, 6 May 2018 (UTC)

  My first password was the name of a fictional place. The, a number, then a combination. Now its a 15+ keystroke monster that requires hints. So far, I've stayed ahead in this Red-Queen's race.--Dlohcierekim (talk) 22:29, 6 May 2018 (UTC)

• No, and I don't care what anybody else thinks. "Use a standard English sentence with proper grammar, spelling, and punctuation." assumes there is a "standard English". English spelling, phrases and punctuation tends to vary by country, and often by personal background. Also, not everybody participating on English Wikipedia has English as a first-language. And God forbid anybody's account gets compromised, and they have to not panic long enough to type out the sentence. Not everybody has the same abilities, either technological or mental. I personally have encountered users (plural) who have motor skill limitations, and/or physical limitations, that would make this difficult on them. Not all users have the same level skill or abilities at anything. Please do not make it worse for people struggling already. — Maile (talk) 21:27, 6 May 2018 (UTC)

• I believe that you missed the point. Use what you consider to be a standard English sentence with proper grammar, spelling, and punctuation. If, you, overuse, commas, and, kant, spel, that's fine as long as you do it the same way every time. And if you are better at Spanish, use what you consider to be a standard Spanish sentence with proper grammar, spelling, and punctuation. If you are handicapped in such a way that you cannot type the same thing every time, sorry, but you are hosed on any system that requires a username or password. My advice also doesn't work if you are in a coma or are Amish and not allowed to use a computer. None of this applies to the discussion at hand, which is advising administrators on the English Wikipedia regarding passphrases. None of them are unable to type a standard English sentence the same way every time. --Guy Macon (talk) 07:21, 8 May 2018 (UTC)

The advice to use standard English is usually meant as Don't use abbreviations or misspellings in your password because that doesn't make your password any harder to break. If you are using the, "use a long sentence as a passphrase method", you should spell out your long sentence in whatever way you normally write. The downside to the long sentence method is that it can be difficult to enter such a long thing into a password box (even if you don't have motor skill/physical limitations, but obviously its much harder for people who do have such limitations). For people who have difficulty entering long passwords, probably the best approach is to use a password manager program, which means you don't have to enter the password at all as the program takes care of it for you. Password managers are an approach that I personally would recommend in general as being the easiest way to have a secure password. BWolff (WMF) (talk) 21:54, 6 May 2018 (UTC)

U wot, M8? Standard English ya say? That'd limit me choises, now woulden' it?--Dlohcierekim (talk) 22:33, 6 May 2018 (UTC)

I use a password manager, but I still need to remember the passphrase to get at all the other passwords in the password manager. --Guy Macon (talk) 22:37, 6 May 2018 (UTC)

No need to do the math. Steve Gibson has done it for us. See [ https://www.grc.com/haystack.htm ].

The calculation is done locally, using Javascript, so the password doesn't leave your computer. To be extra safe, try

• HZn?m+jW
• PhBixXL4
• qza7nm3g
• pgupwmxn
• 54606559

as your 8-character test password.

I just generated the above from my atomic decay true random number generator, set to chose from:

• The 95 ASCII printable characters (0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ `~!@#$%^&*()-_=+[{]}\|;:'",<.>/?)
• The 62 ASCII a-z/A-Z/0-9 characters (0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ)
• The 36 ASCII a-z/0-9 characters (0123456789abcdefghijklmnopqrstuvwxyz)
• The 26 ASCII a-z characters (abcdefghijklmnopqrstuvwxyz)
• The 10 ASCII 0-9 characters (0123456789)

BTW, an 8x Nvidia GTX 1080 system is pretty low powered for this. If you want to read the details, see [On the Economics of Offline Password Cracking - Purdue CS].

Key quotes:

"Nevertheless, our analysis suggests that even PBKDF2-SHA256 with 100,000 hash iterations is insufficient to protect a majority a user passwords [from an offline attack]"

"Bonneau and Schechter observed that in 2013, Bitcoin miners were able to perform approximately 2^75 SHA-256 hashes in exchange for bitcoin rewards worth about $257M. Correspondingly, one can estimate the cost of evaluating a SHA-256 hash to be approximately $7 x 10^-15."

Or, we can just skip the math and see what happens when we try "Sherwood painted his Subaru pink so that it would blend in with his flamingos." on the GRC calculator. The time to crack goes from 27.57 seconds to 10.05 million trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion centuries. --Guy Macon (talk) 22:37, 6 May 2018 (UTC)

I feel so inadequate, now. Mine would only take 100 trillion years!--Dlohcierekim (talk) 23:06, 6 May 2018 (UTC)

...and that's only if the attacker is really unlucky. On the average, he will be able to crack your account in a mere 50 trillion years, while I will be sitting back with my 64-character passphrase and 12 million trillion trillion trillion trillion trillion trillion trillion trillion centuries cracking time. Or until someone decides to beat it out of me...[10] --Guy Macon (talk) 08:21, 8 May 2018 (UTC)

@Guy Macon: Thanks for the link to that paper - I hadn't read it before, and their password cracking economic model is quite interesting. However, I'm unsure about the assumption that password crackers have access to ASICs similar to bitcoin miners - ASICs are very costly to develop (hundreds of millions of dollars up front cost). As far as I am aware, nobody has publicly made (let alone publicly sells) such machines, so the adversary would have to be very well funded in order to develop them. ASICs are way out of my knowledge area - but some googling also suggests that password cracking with ASICs might be difficult for a dictionary attack due to bandwidth limitations on transferring candidate passwords to the ASIC (That of course would not apply to a brute force attack), so even if an ASIC was developed its unclear it would be as useful as they are in the bitcoin case. As for the GRC calculator - its very hard to give accurate estimates of password strength as there are many factors and assumptions you have to make. First of all, since it is a generic calculator, it wouldn't take the key stretching we use at wikimedia into account. On the other hand, it was published in 2012 and password crackers have gotten faster since then (e.g. The 8x Nvidia is what I would describe as an "Offline Fast Attack Scenario", and is 10x faster than what the GRC page describes for that strategy). More importantly, that page only describes a brute force attack, where most adversaries would probably try a dictionary attack. For example, the password "dolphin" (Which by some measure is the 347'th most popular password [11]) according to GRC would take 3 months in an online attack scenario, where in reality it would fall in less than a second since its the 347th most popular. Similarly, the GRC page lists 'aaaaaaaaaaaaaaaaaaaa' as being a good password, which I would disagree with. All this however is kind of getting far afield, and I do agree with your advice that longer passwords are better and having a longer password is more important than having a complex password (unless your password is super obvious as that's not good either). BWolff (WMF) (talk) 00:28, 8 May 2018 (UTC)

Thanks! I agree with pretty much everything everything above. The GRC website also agrees (see the "IMPORTANT!!! What this calculator is NOT..." section.) I probably should have talked more about dictionary attacks. My collection of cracking dictionaries is getting big enough that I will likely have to buy a bigger drive to hold them soon. (No, I am not a malicious hacker. Some companies hire me to evaluate their security. Or at least that's the story I am telling now... :) )

Any decent dictionary attack will try "a" "aa", "aaa" up to at least 64 repetitions, and will als try "b", "bb", "bbb", etc. The good news is that if you use two words in that big cracking dictionary separated by a space, the time for an exhaustive search is squared, and with three it is cubed. The example I made up above "Sherwood painted his Subaru pink so that it would blend in with his flamingos." has 14 dictionary words. Even if the dictionary was really tiny (say, 1000 words), that's 10^42 guesses. And such a dictionary is unlikely to contain "Sherwood" (with the capitalization) "Subaru", or "flamingos." (with the trailing period).

Regarding ASICS, the zipfs paper correctly concludes "an attacker who is not willing to pay to fabricate an ASIC could obtain similar performance gains using a field programmable gate array (FPGA)". The really interesting question that the zipfs paper cannot answer is this; how much is it worth to get every password for every Wikipedia user and not have the WMF detect this for a couple of years? Is it worth more or less than the Yahoo or AshleyMadison breaches? Is it worth ordering custom ASICS? Hard to tell.

BWolff (WMF), I have a couple of interesting questions for the WMF.

[1] The zipfs paper says "Many breaches (e.g., Yahoo!, LinkedIn, Dropbox) remained undetected for several years." What would happen if we suddenly found out that a couple of years back someone had cracked every Wikipedia password, from Jimbo down to the huge number of accounts that registered years ago and haven't logged on since? Obviously we tell everyone to pick a new password, but how do we know that the person doing the picking isn't an attacker? I assume that we have a plan in place for this and other unlikely disasters.

[2] Has anyone at the WMF evaluated the zipfs paper's advice about either memory hard algorithms or distributed authentication servers? --Guy Macon (talk) 08:21, 8 May 2018 (UTC)

( ...Sound of Crickets... ) --Guy Macon (talk) 15:12, 10 May 2018 (UTC)

I assume that an attacker as stubborn as this has a lot of resources. Perhaps as much as a nation state or intelligence agency. Don't know motive, but we live in interesting ties. The bottom line is, are there additional steps I/any user can take (20 byte password) to protect my account?-- Dlohcierekim (talk) 16:06, 10 May 2018 (UTC)

It looks like a goal of this particular attacker (who also might be the same person who tried to subscribe en masse to various mailing lists) was not to break in any of the account, but more to create the state of uncertainty so that people start getting worried about the security of their accounts.--Ymblanter (talk) 16:39, 10 May 2018 (UTC)

Re Guy Macon: In the event of a disaster of that type (which I hope never happens) - the most fundamental step would be marking everyone's password "expired" which forces the user to change their pass next login, and notifying everyone to change their password asap. Beyond that would depend on the details of the situation, but if we believed the passwords were floating out there we might for example require people to submit a code emailed to them to prove that the person also controls the email. In regards to memory hard hash functions - last time we evaluated hash functions (and chose pbkdf) was quite a long time ago when the ecosystem of memory hard hash funcs were much newer and less mature than it is now. Its always good to reevaluate choices at regular intervals, perhaps we will consider other hash functions in the future. As for distributed auth servers - it doesnt make sense in our current architecture and would be difficult to implement as things currently stand. There are probably other projects that have a better effort vs value proposisition. As far as the idea goes in general - if you have multiple identical distributed auth servers im not sure how much of an improvement that is since if someone can compromise one they can probably compromise the others (as they are identical). BWolff (WMF) (talk) 22:35, 10 May 2018 (UTC)

Account hacking of World War II editors?

Hello all, something is definitely afoot at the Circle K. I am seeing some reports about people who edit World War II articles having attempts made by someone to access their accounts. User:LargelyRecyclable alerted two other World War II editors of this problem [12] and just this afternoon the Wikipedia system alerted me that someone had tried to log into my account multiple times from a new location. On top of it all, there was a strange occurrence a few weeks ago, where someone impersonating an administrator called my job and asked I be "investigated" for my World War II related work on Wikipedia. User:Kierzek and I are both well known WWII editors and I wonder if others are having these experiences too. I changed my password this afternoon, I would encourage others to do the same if they are being affected by this. The most troublesome thing is that the group making mention of this are all World War II history editors, which is why I brought it up here. If for no other reason, then just to alert the powers-that-be that something is going on. -O.R.^Comms 21:43, 3 May 2018 (UTC)

I can confirm an attempt was made on mine. As mentioned on the linked discussion above, I suspect that Prüm was successfully compromised. I'm not sure when exactly it happened but some of the implications of the comments the account left at ArbCom are very worrisome. That someone called your work is also a very serious issue. This seems to be targeted and possibly related to the ArbCom case. LargelyRecyclable (talk) 21:50, 3 May 2018 (UTC)

This is probably unrelated, as it has been almost five years since I edited anything related to WW II, but I received notice of someone trying to log into my account from another computer today, and someone left a comment on my user talk page in the Arabic Wikipedia, which I have never touched. Donald Albury 21:56, 3 May 2018 (UTC)

See this thread. I don't think is World War II-related, it's someone trying to hack into a great many unrelated accounts. -- Euryalus (talk) 21:59, 3 May 2018 (UTC)

(edit conflict) There's a thread about these hijacking attempts about two sections up. It's been going on all over, all day. It doesn't appear to be targeted at any one group or subgroup that anyone can tell so far. ♠PMC♠ (talk) 22:00, 3 May 2018 (UTC)

(edit conflict)I have not had any issues, so far, but given the current atmosphere, so to speak, I am not surprised. Kierzek (talk) 22:01, 3 May 2018 (UTC)

(edit conflict) It may be a site-wide attempt and not targeted, I've seen similar concerns above. The additional facets of O.R. having his worked called specifically about WWII editing and comments made with the Prum account at ArbCom may be unrelated but I'd still advise additional caution for any editors who've done work in that area. LargelyRecyclable (talk) 22:01, 3 May 2018 (UTC)

Just notified of a failed attempt on my account. Cinderella157 (talk) 22:08, 3 May 2018 (UTC)

I also had a failed attempt, as did another member of WP:Indigenous. Other user is not an admin, both attempts failed. Checking with other admins who did not have attempts made. There may be a pattern with targeting wikiprojects and those who edit in controversial areas. Or it could be random. I lean slightly to the former, but no hard evidence yet. - CorbieV ^☊ ☼ 22:20, 3 May 2018 (UTC)

It's random. I barely edit and I just got a failed attempt. Valeince (talk) 23:04, 3 May 2018 (UTC)

Me too., and I'm not involved in any of the projects mentioned above. It seems to be some kind of wide-ranging attack. Coretheapple (talk) 23:15, 3 May 2018 (UTC)

• Yep, I had an attempt about 9hours ago. I've changed my password, which was decent, to a much stronger one. Blackmane (talk) 23:21, 3 May 2018 (UTC)

Likewise. ♦ J. Johnson (JJ) (talk) 23:22, 3 May 2018 (UTC)

• I just got notified there was a failed attempt to log into my account. — Maile (talk) 23:25, 3 May 2018 (UTC)
• I'm all buy quiescent these days in terms of editing and I got an alert as well. Obviously someone working through a list, though whether it's admins or something else... Tabercil (talk) 23:36, 3 May 2018 (UTC)
• Again, everyone, there were over 70,000 attempted logins per hour for several hours. Basically, they tried to reset the password of everyone. Beeblebrox (talk) 00:09, 4 May 2018 (UTC)
• This also came up at the help desk (where I mentioned that an attempt had been made on my account too), although that discussion has apparently been closed to try to centralize discussion here. The attacks are on far more than just World War II editors. I don't know where Beeblebrox's 70,000 figure is coming from, but I wouldn't doubt it. Master of Time (talk) 00:18, 4 May 2018 (UTC)

The number comes from the WMF. I have been told they are releasing some sort of statement about this soon. [13] Beeblebrox (talk) 00:22, 4 May 2018 (UTC)

Statement from WMF

Just noting here that the Wikimedia Foundation has sent a statement out to the wikimedia-l mailing list: [14]. Mz7 (talk) 00:30, 4 May 2018 (UTC)

Full text of statement

Hello, Many of you may have been receiving emails in the last 24 hours warning you of "Multiple failed attempts to log in" with your account. I wanted to let you know that the Wikimedia Foundation's Security team is aware of the situation, and working with others in the organization on steps to decrease the success of attacks like these. The exact source is not yet known, but it is not originating from our systems. That means it is an external effort to gain unauthorized access to random accounts. These types of efforts are increasingly common for websites of our reach. A vast majority of these attempts have been unsuccessful, and we are reaching out personally to the small number of accounts which we believe have been compromised. While we are constantly looking at improvements to our security systems and processes to offset the impact of malicious efforts such as these, the best method of prevention continues to be the steps each of you take to safeguard your accounts. Because of this, we have taken steps in the past to support things like stronger password requirements,[1] and we continue to encourage everyone to take some routine steps to maintain a secure computer and account. That includes regularly changing your passwords,[2] actively running antivirus software on your systems, and keeping your system software up to date. My team will continue to investigate this incident, and report back if we notice any concerning changes. If you have any questions, please contact the Support and Safety team (susawikimedia.org). John Bennett Director of Security, Wikimedia Foundation

General Advice from a Non-Admin

My advice, both to non-admins who can't use two-factor authentication, and to admins, who can use it, is simply to check your User Contributions regularly and make sure that they are all your own. If so, your account has not been compromised, and if your password is strong, it is not likely to be compromised. Robert McClenon (talk) 01:21, 4 May 2018 (UTC)

This really seems more like a really elaborate troll than a genuine attempt at compromising tens of thousands of accounts. Just look at how much discussion, verging on panic, it has generated. I’m sure whoever made the bot tht did this is very pleased with themselves right now. Beeblebrox (talk) 01:34, 4 May 2018 (UTC)

Should this all be rev-delled under DENY? L3X1 ◊distænt write◊ 02:04, 4 May 2018 (UTC)

(edit conflict)Having a Wikipedia:Committed identity isn't a bad idea if you might ever have to recover your account. Additionally - I believe editors whom are admins on any wikimedia wiki can enable 2FA. SQL^{Query me!} 01:34, 4 May 2018 (UTC)

No, the attempt is likely a serious attempt at gaining credentials. If a hacker logs into User:Example's account, and User:Example reuses their username somewhere else (example@hotmail.com) with the same password, they can be royally screwed. The usurpation of Wikipedia identify is most likely not what they are after and the leaset of your worries if that happens. E.g. if it's a dummy email, no really consequence comes of it. But if you use that email to conduct every day business, your banking, have sensitive information, etc... well the people involved would now have access to that, and use that new information to further acquire other information and credentials. Headbomb {t · c · p · b} 04:09, 4 May 2018 (UTC)

SQL is correct, an editor who is an admin on any wiki can enable/disable 2FA on their account. I've been experiencing attempts to access my account for over a week now and I have enabled 2FA through being an admin at test wiki. -- Dane ^talk 05:31, 4 May 2018 (UTC)

A strong password is the solution. If you are mostly editing from one place (say home) just write on a piece of paper a random combination of characters, 25 characters long (make sure you are not able to memorize it - otherwise make it longer) which contains small and large case letters, numbers and special characters - and possibly even letters of other alphabets if you can reproduce them with your keyboard. This will be your Wikimedia password. Have it written on the paper in a secure place (no chance to lose) and never use it elsewhere, on any other websites.--Ymblanter (talk) 05:47, 4 May 2018 (UTC)

"Mr. Owl—how many flops does it take to get to the Tootsie-Roll™ center of a Tootsie Pop™?" Factchecker_atyourservice 14:46, 4 May 2018 (UTC)

I strongly suspect that whoever is doing this is using a list of passwords leaked from other sites, rather than trying to brute force their way into each account. I doubt they're even trying variations on the password that's on that list. That's why most of us are only getting one failed login attempt and that's it. While it's good to have a strong password anyway, if what I think they're doing is what they're doing, changing the password is the kicker. Ian.thomson (talk) 14:55, 4 May 2018 (UTC)

It looks indeed like yesterday they did not really attempt to break down any accounts, just let know that they exist to the largest possible amount of active user. However, this is not an isolated incident. We had recently two admin accounts broken, apparently because they re-used the passwords from other sites which were in the yahoo leak, or some other massive leak. I mentioned above that I regularly get attempts to break in to my account, sometimes up to several hundreds per day. It is obviously not possible to break a strong password which is not used on any other sites, however, it should be possible to break a weak password or to steal the existing password from elsewhere. 25 characters may be an overkill, but gives pretty much the guarantee - assuming they do not break in physically to one's house and there is no fire.--Ymblanter (talk) 15:08, 4 May 2018 (UTC)

Don't know if anyone mentioned yesterday's twitter breach, but if you used the same password there as here, you should change both quickly.--Dlohcierekim (talk) 15:24, 4 May 2018 (UTC)

My user name and password are unique to this site. --Dlohcierekim (talk) 15:27, 4 May 2018 (UTC)

Here's some handy advice. Lugnuts ^{Fire Walk with Me} 17:14, 4 May 2018 (UTC)

Since everyone is giving advice I may as well chime in. The main reason people don't use strong passwords unique to each account is that it's practically impossible to remember all those passwords. But you can use a password manager to keep track of them and to at least partially automate the process of entering passwords. I use something called KeePass but there are lots of alternatives -- see our List of password managers. Shock Brigade Harvester Boris (talk) 03:18, 5 May 2018 (UTC)

It happened again, two more attempts. If you can find out who, please ban him. Do I have any reason to be nervous, if my password is safe? Alex of Canada (talk) 17:33, 4 May 2018 (UTC)

In a word, no. Primefac (talk) 17:38, 4 May 2018 (UTC)

User:Alex of Canada - I agree with User:Primefac. If your password was and is strong and it hasn't been compromised, you are all right. Just check your User Contributions from time to time. I will comment that the hacker or bot may be hoping to get people to panic and to change their strong passwords to new weaker passwords, but that is only my guess. Robert McClenon (talk) 13:21, 5 May 2018 (UTC)

I will also comment that password regimes that require frequent changes of passwords, and that prohibit the use of a previously used password, are well-meaning but actually make things worse, because they increase the likelihood that the user will need to write down the password. This comment applies both to Wikipedia and to employer or government systems. Robert McClenon (talk) 13:21, 5 May 2018 (UTC)

• 1. MeToo, earlier today. --BrownHairedGirl (talk) • (contribs) 20:03, 4 May 2018 (UTC)

Yes, I got a failed-login warning a couple of days ago, but thought nothing of it at the time: I'm surprised there aren't more brute-force attacks. Perhaps this is where some sort of anti-bot measures might help? -- The Anome (talk) 09:22, 6 May 2018 (UTC)

See Wikipedia:Administrators' noticeboard#PSA: Admins might be better off with a long passphrase rather than two-factor authentication. --Guy Macon (talk) 20:06, 4 May 2018 (UTC)

A wise Owl indeed.--Dlohcierekim (talk) 19:16, 5 May 2018 (UTC)

page break

looks like it's falling off.--Dlohcierekim (talk)

• They're at it again today (I just got an alert that multiple failed attempts had been made to log into my account...). - Tom | Thomas.W ^talk 11:43, 7 May 2018 (UTC)
• I just got notifications for it today again. Got some before this conversation on AN started on the 3rd and some today. Thanks for jinxing it, Dlohcierekim. :) — Moe Epsilon 13:53, 7 May 2018 (UTC)
• They took the weekend off?-- Dlohcierekim (talk) 14:41, 7 May 2018 (UTC)
• Two attempts on mine just now. --Masem (t) 14:45, 7 May 2018 (UTC)
• I just got a notice that there have been multiple failed attempts to log into my account from a new device. The other day it was just one attempt. This is getting worse and I don't like it. Someone may be trying to steal my bank account or credit card information this way. Something had better be done to stop this or WP will lose editors including me. I feel like deleting my account and all my information right now. It isn't worth taking the risk.Smeat75 (talk) 15:32, 7 May 2018 (UTC)

  @Smeat75: Which would make your account more susceptible to hijack. Change your password here to something stronger. If it is the same as your password anywhere else, change your elsewhere password at once to something different. Get a committed identity hash. If you have not done so already, enable email. -- Dlohcierekim (talk) 16:37, 7 May 2018 (UTC)

  How would someone get your bank information through your wikipedia account? Natureium (talk) 16:41, 7 May 2018 (UTC)

  Password reuse. Banks should be much more secure, but theoretically the attack vector first tries to find a working username/password combination on one site. If they get that, they then use it on a more interesting site (bank, turbotax, whatever). Again, there's no evidence that any of this has been the least bit successful, and this is all just speculation at this point. ~ Amory (u • t • c) 17:32, 7 May 2018 (UTC)

Suggestion for alleviating panic

I'm in for the firs time in almost a week and was surprised to see that someone had made an attempt on my account. It was a few moments before I found this thread, and in light of that I'd like to suggest running a message through the message delivery system to all accounts on Wikipedia advising them of the situation so that our editor base gets caught up on this as soon as possible. Those who have email enabled (like me) should see the email alert in the inbox along with the section header, while those like me coming in late to the party will have the talk page message notice here and will (hopefully) check there first to get caught up. In this way we can get out ahead of this and circle the wagons, such as it were, before editors panic and act before thinking. TomStar81 (Talk) 14:17, 7 May 2018 (UTC)

• I suggest everyone get a committed identity hash string (read this first, and then get the string here), to be able to get their account back in case someone manages to take over the account (just to clarify things: getting a committed identity here does not require revealing your real life identity to anyone, you're as anonymous after getting the hash string as you were before getting it...). - Tom | Thomas.W ^talk 14:36, 7 May 2018 (UTC)

  @TomStar81: Great idea. I almost suggested it, but did not know how or where.-- Dlohcierekim (talk) 14:42, 7 May 2018 (UTC)

  Yes, anyone who has not done so already needs to get a committed identity & a really strong password, and enable email.-- Dlohcierekim (talk) 14:44, 7 May 2018 (UTC)

  And I strongly suggest laagering.-- Dlohcierekim (talk) 14:47, 7 May 2018 (UTC)

  I just tweaked my password for the sake of safety. As for the message, i'd propose something like this:

---

• Annnnd, was said login successful?-- Dlohcierekim (talk) 16:50, 7 May 2018 (UTC)

== Attempted Hacking of Wikipedia Accounts==

On or about May 4th, 2018, the Wikimedia foundation noted a massive cyberattack against the English Wikipedia with the apparent goal of locating users utializing weak passwords in order to compromise the accounts. Steps are currently being taken to track down the origin of the attack, but as a precaution all Wikipedia users with a registered account are being asked to review their accounts and passwords in order to ensure that your account does not end up compromised. Measures editors are advised to take include the following:

Choose a strong password

Ideally, a strong password is a password that uses a combination of symbols, numbers, and capital and lower case letters. Users are required to provided a minimum 8-letter password, but a longer password is viewed as more secure and passwords with letters, symbol, and number combinations are shown to stronger than simple words or phrases. Additionally, users should refrain from picking out simple passwords easily guessed (such as abcd1234 or password).

Obtain a Committed Identity Hashstring

A Committed Identity Hashstring is a security measure that allows users to type words, phrases, and other information which when put through a hash are scrambled, resulting in an unreadable line of random letters and numbers. The only person who would know what the unscrambled letters and numbers translate to would be you, thus ensuring that you could reclaim you account if it is compromised. More information about this measure can be found here, and users wishing to implement this security option may do so here.

Enable Two-Factor Authentication

Two factor authentication was added as an additional security measures for certain high privileged Wikipedia accounts - most notable, those who possess admin rights. Enabling this will make it that much harder for unauthorized persons to gain access to your Wikipedia account.

Enable E-mail notifications

Users who possess registered accounts on Wikipedia have the option of enabling email notifications for talk page messages, which may be useful for helping you to spot and stop attempts on your account as well as for keeping up to date with developments as this incident progresses.

For more information on the series of events, and to consolidate the discussions on this matter, see Wikipedia:Administrators'_noticeboard#Please_help-_who_tried_to_break_into_my_account? and its subsequent threads.

---

Of course, I'm open to adding or subtracting information as needed; just as long as we get the word out it should help our situation. TomStar81 (Talk) 15:19, 7 May 2018 (UTC)

• Strongly Object @TomStar81: sending a mass message to "all accounts" is a huge waste of job resources, especially as most accounts are dormant. If we want this to get to a large number of editors, using the logged-in user sitenotice would be preferable IMHO. — xaosflux ^Talk 15:26, 7 May 2018 (UTC)
  • @Xaosflux: Mass message is the only messaging system I was familiar with; if there is another or better system, then by all means use that instead. The important thing is that we get the word out. Keep in mind too that, as I noted above, I'm coming into this days after the fact - for all I know this could have long since been resolved (though judging from above I don't think that to be the case) which would mean the whole point of the message is now...useless. In any event, handle it how you judge it should be handled. As for me, I've got to be off to work here soon so I'll likely be unavailable for a few hours. I leave my suggestion in the board's capable hands, and trust that the best course of action will present itself and be implemented as consensus wills. TomStar81 (Talk) 15:32, 7 May 2018 (UTC)
    • For anyone following, I'm referring to MediaWiki:Sitenotice - this would put a banner on the top of the web page for logged in users. It would not send them emails or triggert notification. — xaosflux ^Talk 15:36, 7 May 2018 (UTC)
      • Oh, ok. I take it back; I am familiar with this sort of messaging, I just didn't know what it was called - at least no properly. That would probably work best, all things considered. TomStar81 (Talk) 15:40, 7 May 2018 (UTC)

• Likewise oppose this, as well as a sitemessage or watchlist notice. A great many users appear to be targeted (I have thus far received no notifications and am starting to feel left out!) but unless I'm mistaken there has been no evidence of any success on the part of the attacker. A reminder to use strong passwords is always worthwhile, and maybe worth considering via sitemessage/watchlist once this has subsided, but I don't see the utility in alarming a great many people when by all accounts everything is working just fine. ~ Amory (u • t • c) 15:41, 7 May 2018 (UTC)

• The only accounts that have been compromised in the last couple of years were the ones that re-used compromised passwords with other sites. There is really no need for mass messages or sitenotices here. The same best security practices apply today as they did a year ago - have a strong password, and if you're particularly concerned you can include other measures like 2FA (or committed identity, but honestly I have no idea how that works and can't find any read-able guide to it on here). -- Ajraddatz (talk) 16:03, 7 May 2018 (UTC)

@Ajraddatz: I too was unsure, but know i have it--> WP:Committed identity.

@TomStar81: as of this morning it had resumed.-- Dlohcierekim (talk) 16:33, 7 May 2018 (UTC)

In favor of any notification system that would let users know about this so they can take appropriate action.-- Dlohcierekim (talk) 16:43, 7 May 2018 (UTC)

Thanks - that page puts it very clearly. Seems like a sensible measure indeed, speaking as one of the people who coordinates the return of compromised accounts to their owners. -- Ajraddatz (talk) 16:46, 7 May 2018 (UTC)

• I would also note that in the discussions that led up to the current password policy, the notion that you must use a combination of upper and lowercase, symbol, and numbers to have a strong password was strongly rejected by the community. Beeblebrox (talk) 17:53, 7 May 2018 (UTC)

Hi everyone. While the attacker continues to try and login at a very high rate, we are currently blocking his/her login attempts. At this time, there is no need to panic or do anything. We of course always encourage all users to use a strong password. BWolff (WMF) (talk) —Preceding undated comment added 18:10, 7 May 2018 (UTC)

• Having finally had the chance to start logging back in, I find all this...oi vey. Anyway, relevant to the above, I'll note that "require 2FA" is an absolute non-starter for other reasons: there are those of us who do not have smartphones and/or cell service at our computing locations at all. - The Bushranger _{One ping only} 08:37, 8 May 2018 (UTC)

  @The Bushranger: FWIW, you can run a TOTP on a computer. While it doesn't prevent an attack the compromises that one computer as well - it will remote attacks. — xaosflux ^Talk 11:51, 8 May 2018 (UTC)

Policy based RfC

An RfC of probable interest is published at Wikipedia talk:Appealing a block#RfC about appealing a block and Wikipedia "standard offer". Notification is proper here; the top page invoking the name. Thank you and please act accordingly.--John Cline (talk) 17:08, 10 May 2018 (UTC)

Spam on my talk page

Good evening, is this the right page to ask for help from an admin? An anon user twice wrote bad things on my talk page without a reason. He's a dynamin IP who attacks me on many wikis, but nobody seems to care and nobody stops him. May you protect my page from further vandalisms? 95.253.203.9 (talk) 14:24, 11 May 2018 (UTC)

I see nothing derogatory or offensive about the messages being left by the other IP. Am I missing something? Primefac (talk) 14:29, 11 May 2018 (UTC)

Perhaps not "derogatory or offensive", but strange all the same. It's a message in Italian saying that the IP has been blocked on it.wiki (which is indeed true), but while it's similar to our {{anonblock}}, it seems to be a bit more personalized than the normal templates.

Google Translate

To you who are reading this message: on it.wikipedia the IP of your company network has been blocked for 6 months because of the use that one of your employees has made of it. If you are a colleague and not the manager, please let him know. The person who made you block the network is probably a new hired for less than a year and relatively young, I think it will be easy to trace his identity but this is your business, I have only made aware even if I sincerely would like that you get it. You can see the block log, the contributions for which it was blocked and the discussions on your personal page going with this same IP on it.wikipedia. Greetings to all and good work.

I'm not sure what the purpose of this is, but I don't think it's grounds for protection. ansh666 18:21, 11 May 2018 (UTC)

So you think my page doesn't need a protection? He's using that page to attack me. He actually doesn't want to communicate with me. How can't this be enough to help me? Just because he isn't rude? He simply found that I went once on this wiki, and he thinks he's allowed to persecute me like he did on italian wiki. 95.253.203.9 (talk) 14:21, 15 May 2018 (UTC)

If you've done nothing wrong on enwiki, then you won't be blocked. It's as simple as that. If the IP continues to add harassing notes to your talk page, then something could probably be done, but it looks like since this thread was opened there have been no further edits to your talk page. Primefac (talk) 14:25, 15 May 2018 (UTC)

RfC Announce: Criteria for granting IP block exemption

What criteria should an administrator use when granting IPBE to editors?

Wikipedia talk:IP block exemption#RfC: Criteria for granting IP block exemption

--Guy Macon (talk) 16:55, 11 May 2018 (UTC)

Freyjadour

I just deleted a group of images on the Commons uploaded by Freyjadour as unambiguous copyvios about which Freyjadour misrepresented authorship (see Commons:Deletion requests/Files uploaded by Freyjadour) Freyjadour is now reuploading certain of those images here (e.g., File:Julia Montes LA Fil Am Expo 2011.png and File:Julia Montes Walang Hanggan Tour 2012.png) with the same bogus authorship/Flickr-washing claims. This was done yesterday as well, File:Julia Montes Doble Kara Press Conference August 2015.png was uploaded here after it was deleted (by another admin) per Commons:Deletion requests/File:Julia Montes Doble Kara Press Conference 2015.png. This seems to require attention above merely nominating these files for deletion. Note also Freyjadour was previously blocked on en.wiki for copyvios, albeit in November 2014. Эlcobbola _talk 17:35, 11 May 2018 (UTC)

c:Commons:Administrators' noticeboard/User problems#Freyjadour

I vote global lock. User seems to be productive editing articles. Could their upload privileges be taken away? Alexis Jazz (talk) 18:18, 11 May 2018 (UTC)

I checked the commons deleted images - they were identical to the new ones here, so deleted and user warned. It's a waste of time for them to upload here as they will soon get tagged for move to commons and then it all goes wrong. Ronhjones  ^(Talk) 22:10, 11 May 2018 (UTC)

User socking as unroutable IP address 127.0.0.1.

• Max4142 (talk · contribs · deleted contribs · logs · target logs · block log · list user · global contribs · central auth · Google)
• (127.0.0.1) (talk · contribs · deleted contribs · logs · target logs · block log · list user · global contribs · central auth · Google) fixed. Primefac (talk) 16:07, 13 May 2018 (UTC)
• Wikipedia:Sockpuppet investigations/Max4142

Bavarian developer ZenJu,[15][16] who is the author of FreeFileSync,[17] keeps trying to the page using various socks to hide the fact that FreeFileSync ships with bundled malware, but despite repeated requests refuses to cite any sources other than his own webpage at freefilesync.org.

Now he has somehow figured out how to post as unroutable IP address 127.0.0.1.[18] I have filed an SPI and am requesting a checkuser to see if this sheds light on how he managed to do that.

Please note that as I have documented at Talk:FreeFileSync#Virustotal wierdness the FreeFileSync website sends a smaller, malware-free file to online virus scanners and a larger, malware-infected file to anyone who downloads the installer. This makes it difficultly to determine exactly which malware he is currently including, but my OR indicates that he has switched from OpenCandy to FusionCore -- malware that installs other malware that it gets from a website (and the website keeps changing as the old ones get shut down). Alas, I cannot find a source other than my OR, so I cannot update the page to say that OpenCandy has been replaced with FusionCore. --Guy Macon (talk) 15:53, 13 May 2018 (UTC)

Looking at [19],I see that other have managed to do this. Why isn't this IP permanently blocked on all projects? --Guy Macon (talk) 16:01, 13 May 2018 (UTC)

Guy Macon, the contribs you linked to are not from an IP, it's a user. I've also updated the OP's links. Primefac (talk) 16:07, 13 May 2018 (UTC)

AH! Somehow missed the parenthesis. That's rather embarrassing. Funny how the eye tricks you. Can we block it as being a deceptive username? --Guy Macon (talk) 16:26, 13 May 2018 (UTC)

@Guy Macon: if this were a new editor, I'd probably go for a username block, but as they have been established (Special:CentralAuth/(127.0.0.1)) on multiple projects for years, no. — xaosflux ^Talk 16:39, 13 May 2018 (UTC)

Possibly worth mentioning that 127.0.0.1 (in fact any 127.*.*.* address) is not a real-world IP address that could be used to edit Wikipedia anyway. It's what's known as a "localhost" address and just loops back to your own computer if you try to use it. You can use it, for example, for running a server on your own computer which you can access regardless of your real-world IP address (and without even being connected to the internet or to a router). Boing! said Zebedee (talk) 08:33, 15 May 2018 (UTC)

Im theory 127.0.0.1 is technically prevented by the MediaWiki software, but it has edited in the past: Special:Contributions/127.0.0.1. Checkusers still occasionally see people editing from the 10/8 private network. Here's a fun pro-tip: When you look at a user's contributions, look at the link to their userpage. For accounts it's a red or blue link, and for IP addresses it's grey text. -- zzuuzz ^(talk) 09:22, 15 May 2018 (UTC)

I don't suppose it'd be worth requesting a "this IP should never edit" message for non-routable/RFC 1918 IPs through the MW software perhaps? Richard⁰⁶¹² 09:33, 15 May 2018 (UTC)

This was implemented-ish in February 2017 [20] -- zzuuzz ^(talk) 09:44, 15 May 2018 (UTC)

Seems a decent solution. Richard⁰⁶¹² 10:27, 15 May 2018 (UTC)

This is a user account, not an IP ;-) ~Oshwah~^{(talk) (contribs)} 20:19, 15 May 2018 (UTC)

Day late and a dollar short, Oshwah... Primefac (talk) 21:15, 15 May 2018 (UTC)

I figured that I was ;-). I got sidetracked and wasn't able to finish reading through the discussion, but also thought that adding the comment wasn't a bad idea just in case. ~Oshwah~^{(talk) (contribs)} 21:17, 15 May 2018 (UTC)

Wikidata Infoboxes RfC closure request

Since the ANRFC request hasn't attracted much attention and this is quite an important, complex, and controversial RfC, requesting an admin, hopefully three, to fully assess and close RfC on the use of Wikidata in infoboxes. Galobtter (pingó mió) 13:48, 14 May 2018 (UTC)

I agree with a closure by a committee of three uninvolved editors. --Dirk Beetstra ^{T C} 14:13, 14 May 2018 (UTC)

It seems problematic to me that we cannot find candidates to close this... I mean, i understand why people are hesitant and that many of the familiar faces are in the discussion themselves, but somehow, we have to close this right. suggestions ? —TheDJ (talk • contribs) 07:46, 16 May 2018 (UTC)

I don't regularly patrol ANRFC, though I probably should... but don't take a lack of closure as automatic "hesitation" on anyone's part. Sometimes big discussions just are a hurdle to get stuck into. Primefac (talk) 13:18, 16 May 2018 (UTC)

Next cryptocurrency topicban

Ladislav Mecir (talk · contribs · deleted contribs · logs · filter log · block user · block log)

• edit count
• related: Shiftchange TBAN

Shiftchange's comrade, Ladislav Mecir, is the next cryptoadvocate for your consideration.

Per their editcount they have ~8.700 edits; ~8,300 of them in the last four years, almost entirely focused on crytocurrencies. Here are their top edits:

• 2,565 Bitcoin
• 564 Blockchain
• 429 Legality of bitcoin by country or territory
• 286 Cryptocurrency
• 279 Bitcoin Cash
• 207 Rebol
• 184 Bitcoin scalability problem
• 168 History of bitcoin
• 103 Satoshi Nakamoto

On the talk page

What brings us here today is this comment on Talk:Bitcoin Cash: Bcash is not a derogatory term. As said by the sources, it is a failed rebranding attempt. Having failed to rebrand Bitcoin Cash to Bcash in case of the Bitstamp and Bitfinex exchanges or to convince wallet providers or significantly many journalists to push their agenda, the proponents of the rebranding are now trying to use the Wikipedia for the purpose. While it is not in their power to use the Wikipedia to rebrand Bitcoin Cash, they are at least trying to pretend that the failed Bcash rebranding has got the same notability as the original and widely used Bitcoin Cash name. which they have restored twice, despite my warning to them at their talk page, first here with the doubling-down-on-the-crazy edit note rv., this is confirmed by the cited sources and again here.

There is of course no source on the Talk page or in the article, that says that "proponents ...are now trying to use the Wikipedia for the purpose".

(The alt name, "BCash", for the crytpocurrency, is something that its advocates find actually insulting. Vehemently so. Shiftchange for example, had !voted at the Rfc on mentioning BCash" in the lead as follows: Oppose Its a derogatory slur used against Bitcoin Cash for the purpose of propaganda. Its not a description or common name. No software developers or exchanges refer to it that way.)

The comment above was an addendum to Ladislav Mecir's earlier !vote, here (sorry, that is four diffs separated by some diffs from others) which is too long to copy here, but makes the same argument as Shiftchange, albeit "supported" by citations. I use the scare quotes because their summary of what those sources say is often not supported by the source cited.

Their comment in another RfC on the talk page about about removing a blatant POV testimonial section sticks out like a source thumb among the "deletes".

at the article

• This recent diff series is typical. Looking through that, they added"
  • tabloidy ref (Independent) with a passing, postive mention, to the first sentence, added this ref, linked to a section with "good news" about Bitcoin Cash, added some more unsourced content to a section that was unsourced, etc. and then reverted to keep it when it was removed.

• before then, added this source to the first sentence, with "bad news" about Bitcoin.

• before that, added a big bolus of badly sourced content about "wallets" (the software where you keep your cryptocurency).

and there is plenty more. This person is an advocate who is not here to build an encyclopedia. Jytdog (talk) 03:46, 15 May 2018 (UTC)

"Shiftchange's comrade, Ladislav Mecir"—note this edit proving the claim is unfounded. Ladislav Mecir (talk) 04:00, 15 May 2018 (UTC)

"comrade" in the sense of editing promotionally and aggressively in favor of Bitcoin Cash. This is not even a little ambiguous. Being aware that Shiftchange was worse than you is no sign that you see how badly you are editing and behaving. Jytdog (talk) 04:21, 15 May 2018 (UTC)

Jytdog wrote: "The alt name, BCash, for the crytpocurrency, is something that its advocates find actually insulting."—Note that in my comment cited above I actually wrote that "Bcash is not a derogatory term."

Here Jytdog wrote: "The comment you made here ... amounted to personal attacks on other editors."—There are several reasons why this is unfounded:

• Here is an edit made by Jytdog claiming that there have been attempts to recruit users with specific viewpoints to edit the article.
• There have been attempts by proponents of said specific viewpoints such as this, this and many others, actually leading to page protection.
• In my response to Jytdog's claim at my talk page, I also wrote:
  • Let's consider a Wikipedian XY that is not a proponent of rebranding of the Bitcoin Cash to Bcash. Then, maybe surprisingly for you, the comment I made, speaking about "proponents of the rebranding" does not concern XY at all. Thus, logically, it could not amount to "personal attack" on her.
  • Now let's consider a Wikipedian XZ that is a proponent of rebranding of the Bitcoin Cash to Bcash. Then, maybe surprisingly for you, the comment I made is not a personal attack on her either, since it just claims that XZ wants to claim that the Bcash name is at least as notable as the Bitcoin Cash name, which is exactly what the "proponent of rebranding" implies.

Jytdog should be more careful when accusing anybody of wrongdoing and deleting their comment based on unfounded accusations. Ladislav Mecir (talk) 05:12, 15 May 2018 (UTC)

Thanks for your help here. I will leave it to others to evaluate your rhetoric and respond.Jytdog (talk) 05:15, 15 May 2018 (UTC)

Jytdog wrote: "Their comment in another RfC on the talk page about about removing a blatant POV testimonial section sticks out like a source thumb among the "deletes"." - note that I just made a comment not claiming that the section should be kept, but claiming that the contents of the section does not correspond to its title. If that is a reason why I am a "Shiftchange's comrade" remains to be judged by somebody else than Jytdog, as it looks. Ladislav Mecir (talk) 05:21, 15 May 2018 (UTC)

Jytdog wrote: "almost entirely focused on crytocurrencies"—note that, e.g. the statistics of the Cox's theorem page mentions my authorship to be 3'677 bytes and my authorship of the Bayesian probability article to be 2'865 bytes. Ladislav Mecir (talk) 10:16, 15 May 2018 (UTC)

• I'll just note that I've noticed Ladislav Mecir trying to own a page or dominating discussion on a talk page, see e.g. Talk:Cryptocurrency#Controversial in cryptocurrency articles. I suspect that many of the articles noted at the top of this thread would fit into that class of articles being owned or dominated by LM. Smallbones_(smalltalk) 17:02, 15 May 2018 (UTC)
• Support topic ban for any WP:SPA focused on cryptocurrency. It's exactly like creationism, climate change denial or homeopathy. These are quasi-religious cultists and the wider Wikipedia community lacks the time and the patience to continue to argue with them. Guy (Help!) 17:49, 15 May 2018 (UTC)
• Oppose lots of areas have WP:SPA editors, that's no reason to enact a TBAN here. If you really feel that is necessary, let's invoke General Sanctions in the area first. I do agree with the comment at [21] that the Bitcoin/Bitcoin Cash feud has spilled onto Wikipedia, based on my own editing experience and the diffs in this thread. power~enwiki (π, ν) 18:03, 15 May 2018 (UTC)

Yeah, it is, because the SPAs have an absolutely homogeneous agenda, promoting crypto. SPA religious editors may be from different sects, but SPA crypto editors are almost all members of the crypto cult. Guy (Help!) 18:45, 15 May 2018 (UTC)

It's not quite homogeneous; the specific dispute here is that certain Bitcoin Cash supporters feel that is the one true Bitcoin, and opponents feel that it's some form of scam. A lot of the other crypto-currencies have no wide-spread interest, importance, or significance, and are edited merely by people who stand to profit from promoting them. Those articles are overwhelmed with promotional material from "the trade-press" (as a charitable description of what others would simply call "unreliable sources" and "blogs", i.e [22]). power~enwiki (π, ν) 19:14, 15 May 2018 (UTC)

User:power~enwiki this is not a content dispute, and no, it is a not a binary thing. Generally for each one of these currencies there are fierce advocates for it, and most everybody else (inside the crypto-communities and outside) looks at the currency/project with some interest, or perhaps some skepticism, or maybe doesn't look at all and is just bored by the whole thing. There are a few of these currencies that have been outright scams. I haven't read anything that said that Bitcoin Cash is illegit or a scam per se.

The issue here is the behavior of this advocate, as it has been for each other advocate I have brought here. The issue is the advocacy.

You know as well as I do that that Wikipedia is always vulnerable to activists, due to our open nature. This vulnerability sharpens, if there are online communities of activists. This vulnerability sharpens to the point of bloody hell, when there are online activists with financial interests in their object of advocacy. There is almost nobody involved in the online communities around these cryptocurrencies, who doesn't hold the currency and believe that they are going to change the world through the technology. This is like (not exactly like, but like) some kind of prosperity religion thing, and it is all happening online.

Wikipedia is not an extension of the blogosphere -- not a place for people to come here and preach their currency-religion and state their paranoias like they are facts. LM's statement of "fact" (on which they have by now not just doubled down, but quintupled down) that the proponents of the rebranding are now trying to use the Wikipedia for the purpose is not a statement of fact but rather an expression of the paranoia of the Bitcoin Cash community. He has no self-insight into how unacceptable that statement is, here in WP.

This is a symptom of the underlying approach to WP. Fortmit.

I'll add that our content about each one of these currencies is going to be paltry and slim in the eyes of these people. WP is a lagging indicator of notability by design; we are not going to have the level of detail they want for a long long time, if ever; we are not going to track the roller coaster of valuations as the coin markets gyrate. Not what we do here. Not what WP is for. These crytocurrency people do not understand this. Jytdog (talk) 19:46, 15 May 2018 (UTC)

I still think you're reading too much into the specific diff of the proponents of the rebranding are now trying to use the Wikipedia for the purpose. I take it to simply mean that there is POV-pushing in this area (which everyone agrees is happening), and not an accusation of canvassing. There's definitely some biased editing here by Ladislav, if General Sanctions were in place and he had been warned about them, I would support sanctions. I don't currently feel they are necessary. power~enwiki (π, ν) 19:55, 15 May 2018 (UTC)

It is a direct claim about what other people are actually doing here in WP. Reading it as anything else is reading against its very plain meaning. I get it that Bitcoin Cash advocates in their reddit forums are all paranoid. Edit warring to retain that level of paranoid attack on other editors here in WP - to revert with an edit note that this is confirmed by the cited sources is just... bizarre. There are no cited sources that say that people are coming to Wikipedia to try to rebrand the currency. None. This is paranoid crap that Ladovic obviously cannot restrain himself from. So we need to restrain him. Jytdog (talk) 03:56, 16 May 2018 (UTC)

I'm pretty sure that Mecir's comment about being sourced was in regard to the "Bcash is not a derogatory term. As said by the sources, it is a failed rebranding attempt." rather than any other claim. - Bilby (talk) 05:57, 16 May 2018 (UTC)

That is obvious. And that is not why the comment was removed. Which is also obvious. The edit note was a twisting nonresponse to what was (and still is) problematic. Jytdog (talk) 08:09, 16 May 2018 (UTC)

• Support TBAN and support general sanctions for cryptocurrency per Guy and Power. We are currently getting flooded with crap about crypto, and I think this editor is being disruptive, but I don't think Jytdog and Guy should have to get a topic ban discussion going every time we need one. Let's streamline dealing with the stuff, please. TonyBallioni (talk) 19:05, 15 May 2018 (UTC)
• No comment on the topic ban, but I agree that cryptocurrencies should be under discretionary sanctions. I'll make a formal proposal below. MER-C 20:18, 15 May 2018 (UTC)
• Oppose For a topic ban I'd want to see ongoing disruption that haven't been managed via other means. I can;t see any other means having been tried, but then I can't see evidence of long term disruption - after years of editing on these topics, no ANI threads about the editor (noting that there was one in 2014 which briefly included discussion about his editing, but that was a) 4 years ago, and b) not the focus of the discussion), a clean block log, no history of 3RR violations, and going through his talk page for the last two years I can find no formal warnings, with the occasional concerns seemingly met with discussion and at times compromise or agreement. There may be more elsewhere, but it isn't obvious, and hasn't been presented here. What has been presented here is enough to say that a warning is appropriate, but jumping to a topic ban for a few recent edits of varying quality is a big step. With all that said, if we end up with general sanctions, then all editors would be aware of the limits for their behaviour, so stepping out of line could reasonably warrant tbans for anyone, and that would be fair enough. - Bilby (talk) 12:53, 16 May 2018 (UTC)

General sanctions proposal

Should the community authorize standard discretionary sanctions for all pages related to blockchain and cryptocurrencies, broadly construed?

• Support as proposer. Most of the major articles in this topic area have been semi-protected (many by myself) due to the torrent of promotionalism and still it does not stop. It's like binary options and forex all over again, but with added, overt, criminality. The Bitcoin Cash/Core feud just makes things worse. MER-C 20:18, 15 May 2018 (UTC)
• Support per my above comments. power~enwiki (π, ν) 20:21, 15 May 2018 (UTC)
• yes please Jytdog (talk) 20:41, 15 May 2018 (UTC)
• Support per above. TonyBallioni (talk) 20:46, 15 May 2018 (UTC)
• Support The cryptocurrency topic area is rife with promotionalism and POV pushing. Cullen³²⁸ Let's discuss it 21:22, 15 May 2018 (UTC)
• Support To try and make the area less toxic with the promotional, POV-pushing editing. Courcelles (talk) 21:27, 15 May 2018 (UTC)
• Support partially per my query below. There is a huge amount of promotion and straight-out advertising going on in cryptocurrency articles. I find it incredibly difficult to edit these articles - in many cases I know I'll be reverted by an "article owner" - so editing would only be a case of making a WP:Point. I know what you're thinking "Smallbones is afraid to edit here?" Yes, I've worked in some incredibly difficult areas, e.g. binary options and retail forex, but cryptocurrencies take the cake.

The main problems I see are:

• the use of unreliable "trade press" sources as almost the whole source material. These sources are almost always cheerleaders
• promotionalism and advertising
• article ownership
• COI editing on the article page (Note that cryptocurrency owners are specifically mentioned in WP:COI as having a COI on the ccurencies they own).

Smallbones_(smalltalk) 22:55, 15 May 2018 (UTC)

• Support per supporters. Gråbergs Gråa Sång (talk) 08:07, 16 May 2018 (UTC)
• Support The problems within this area have been building for some time. Doc James (talk · contribs · email) 16:15, 16 May 2018 (UTC)

query

• i know we (the community) can govern ourselves as we wish, but is there precedent for us to place DS? The formal DS are an arbcom thing per WP:ACDS, enforceable at AE as well by passing admins, etc. I am going to support in any case :). Jytdog (talk) 20:41, 15 May 2018 (UTC)
  • WP:General sanctions is the correct term here. power~enwiki (π, ν) 20:44, 15 May 2018 (UTC)
  • Yes, the Syrian Civil War, South Asian castes, and a few others have general community authorized discretionary sanctions (and they are both general sanctions and discretionary sanctions). TonyBallioni (talk) 20:46, 15 May 2018 (UTC)
• I'm tossing up whether to post notifications on Wikipedia talk:WikiProject Numismatics/Cryptocurrency task force, Talk:Cryptocurrency, Talk:Blockchain, Talk:Bitcoin and Talk:Bitcoin Cash. I'm only vaguely familiar with the procedure involved in imposing general sanctions -- is notification necessary? Or will it be counterproductive? MER-C 20:55, 15 May 2018 (UTC)
  • After thinking about it, I've handed out the notifications. MER-C 16:36, 16 May 2018 (UTC)
• I'm generally unfamiliar with community sanctions as well. Perhaps somebody more experienced with them can best describe how this works. I'll ping @DGG: - if he can't explain it, he'll know somebody who can.

I did quickly skim through one case of a community sanction. It looks like the closer decides on the final wording of the sanction. The discussion lasted 9 days at ANI, and there were 10-20 !votes. I need to know more about the mechanics than this however.

My input on the question of sanctioning here will be heavily influenced by the facts concerning bans on cryptocurrency ads on other major internet platforms. I've written this up in the Initial coin offering article about 6 weeks ago. We can leave out Jimbo's opinion for the purposes of this discussion. And just because much of the rest of the internet is banning these guys, is not, in itself, a reason for banning them here. But I do think that it shows there is a huge potential problem and that folks who have noticed problems here are not making them up out of whole cloth. Everything written here about ICOs also applies to cryptocurrencies in general.

Facebook has banned ICO and cryptocurrency advertisements on its platform stating that many of them were "not currently operating in good faith."^[1] Google and Twitter have also banned ICO and cryptocurrency advertisements.^[2]

Snapchat, LinkedIn and MailChimp all have limited companies from marketing ICOs via their platforms.^[3] Jimmy Wales, founder of Wikipedia, stated in 2017 that "there are a lot of these initial coin offerings which are in my opinion are absolute scams and people should be very wary of things that are going on in that area."^[4]

Chinese internet platforms Baidu, Tencent, and Weibo have also prohibited ICO advertisements. The Japanese platform Line and the Russian platform Yandex have similar prohibitions.^[5]

Smallbones_(smalltalk) 22:22, 15 May 2018 (UTC)

References

1. Matsakis, Louise (January 30, 2018). "Cryptocurrency scams are just straight-up trolling at this point". Wired. Retrieved April 2, 2018.
2. Weinglass, Simona (March 28, 2018). "European Union bans binary options, strictly regulates CFDs". Times of Israel. Retrieved April 2, 2018.
3. French, Jordan (April 2, 2018). "3 Key Factors Behind Bitcoin's Current Slide". theStreet.com. Retrieved April 2, 2018.
4. Bercetche, Joumanna (October 5, 2017). "ICOs — the hottest craze in cryptocurrencies — is an 'absolute scam,' Wikipedia Founder Jimmy Wales says". CNBC. Retrieved 2018-04-02.
5. Wilson, Thomas (March 28, 2018). "Twitter and LinkedIn ban cryptocurrency adverts – leaving regulators behind". Independent. Reuters. Retrieved April 3, 2018.

FWIW, the entire sanctions "system" is in my opinion an accumulation of confusing half-thought out and erratically-enforced procedures. I have never used it as an admin, and try to avoid sanction discussions as an arb. I suggest you do here whatever seems reasonable. If I were doing it over, I might like a rarely used remedy: one comment per talk page per day per person. It could be enforced easily by just removing anything beyond that. DGG ( talk ) 01:25, 16 May 2018 (UTC)

• Comment: If these are community authorized sanctions then the decision must be made by the community. Either move this discussion to ANI or a village pump and add a central notification advertising it (preferably both). --NeilN ^{talk to me} 18:24, 16 May 2018 (UTC)
  • AN is the correct venue. See Wikipedia:General_sanctions#Community_sanctions. This is the community's main noticeboard for dealing with administrative issues, issuing bans, and determining sanctions. A simple discussion here is all that is required by policy, and ANI would be the absolute worst place to move it. TonyBallioni (talk) 21:23, 16 May 2018 (UTC)

Datetime picker for Special:Block

Hello all,

The Anti-Harassment Tools team made improvements to Special:Block to have a calendar as datetime selector to choose a specific day and hour in the future as expire time. The new feature was first available on the de.wp, meta, and mediawiki.org on 05/03/18. For more information see Improvement of the way the time of a block is determined - from a discussion on de.WP or (phab:T132220) Questions? or want to give feedback. Leave a message on Wikipedia Talk:Community health initiative on English Wikipedia/Blocking tools and improvements, on Phabricator, or by email. SPoore (WMF), Trust & Safety, Community health initiative (talk) 20:26, 15 May 2018 (UTC)

The problematic behaviour of this user

I have opened this thread to report the incorrect behaviour of the user Wddan. Previously, there have already been contrasts with this user primarily due to his changes that violated every principle of a neutral point of view or consensus. He doesn't accept any changes he doesn't like and tries to remove them as they were "vandalism". Even after the discussion ( https://en.wikipedia.org/w/index.php?title=Wikipedia:Administrators%27_noticeboard/Incidents&oldid=838673865#FrankCesco26,_umpteenth_wave_of_disruptive_POV_edits ) he had with other users as a result of his report to me, asking for a final solution to block me permanently because I made changes not to his liking, did not change his problematic attitudes, even if under the firm advice of other users and administrators.

Even if he started to use the discussion pages, in the meantime he has reverted multiple times my contributions^{[1] [2] [3] [4] [5] [6] [7]}, he has insulted me by calling my explanations about my contributions "really stupid" with the purpose of discrediting me^[8], and he completely changed several pages like this ^[9], so as to remove parts that were not to his liking and trying to hide it.^[10]

I'm sick of his behaviour that has been annoying me for a year and doesn't allow me to peacefully contribute to this free and impartial encyclopedia.

I tag other contributors that have participated in the discussion about his report to me: @Tarage, Dlohcierekim, Canterbury Tail, and Yoshi24517: . FrankCesco26 (talk) 12:15, 16 May 2018 (UTC)

1. https://en.wikipedia.org/w/index.php?title=Religion_in_Germany&type=revision&diff=841342437&oldid=841340267
2. https://en.wikipedia.org/w/index.php?title=Religion_in_Germany&type=revision&diff=841463747&oldid=841459939
3. https://en.wikipedia.org/w/index.php?title=Religion_in_the_United_Kingdom&type=revision&diff=841342313&oldid=841235804
4. https://en.wikipedia.org/w/index.php?title=Religion_in_the_United_Kingdom&type=revision&diff=841396253&oldid=841365181
5. https://en.wikipedia.org/w/index.php?title=Religion_in_France&type=revision&diff=841342216&oldid=841236176
6. https://en.wikipedia.org/w/index.php?title=Religion_in_France&type=revision&diff=841395925&oldid=841365239
7. https://en.wikipedia.org/w/index.php?title=Religion_in_Germany&diff=prev&oldid=841531999
8. https://en.wikipedia.org/w/index.php?title=Talk:Religion_in_Germany&oldid=841527397#Is_there_the_need_to_specify_the_sample_and_the_questions_of_a_survey_in_the_text_body_of_the_article?
9. https://en.wikipedia.org/w/index.php?title=Religion_in_Germany&type=revision&diff=841471490&oldid=841176499
10. https://en.wikipedia.org/w/index.php?title=Religion_in_Germany&type=revision&diff=841527182&oldid=841471490

---

This report is groundless.

• The linked reverts (1, 2, 3, 4, 5, 6) are reverts just in the first case, while in the second case I changed the style of presenting the content (in note rather than in the text), as there is an open discussion (opened by me) about how that type of content should be presented. And I based my edits upon WP policies which are cited in that discussion. In 10, which is part of the same case, I did not "hide" anything controversial.
• 7 is not a revert but I integrated the changes made by FrankCesco26.
• 9 has nothing controversial.
• In 8 the term "stupid" does not refer to FrankCesco26, and is within a larger context of messages in which the subject is the way of presenting a type of content. The full message is "It's really stupid to report the questions of the survey; it's not encyclopedic content, also considering that most of those minor surveys are already given more emphasis than they deserve. This is turning the articles into lists of statistics, against the policies of WP:NOTSTATSBOOK and WP:NOTMANUAL. I am fully convinced of this. But let's see how other editors have to say about this: Nillurcheier, Iryna Harpy, JimRenge." (If I wanted to report FrankCesco26 on the same grounds, I would have used this edit on 27 april in which he called my edit "silly speculation".)

At the same time, FrankCesco26 has made false accusations against my latest edits, for which I opened a discussion here, and his editing behaviour is not consistent throughout different articles. In some articles he pushed for the removal of the same type of content which in other articles or in the same articles he insisted to add (in the linked cases, additional pie charts), against consensus. He claims that he wants to "peacefully" contribute to a "free and impartial" encyclopedia, but his edits are not impartial at all.

Since he has summoned users involved in the previous case (limiting to users who were not involved in the past cases regarding FrankCesco26 and who expressed their opinion against me), let me do the same: Boing! said Zebedee, EdJohnston and Thinker78 (who was involved in the discussion about religion in the United Kingdom).--Wddan (talk) 12:50, 16 May 2018 (UTC)

---

Your behaviour is not acceptable, you remove all of the well-sourced contributions that I make indiscriminately, the most serious thing is that you did that while was an open discussion and you had no consensus to do that. Afterwards, you started making countless sudden changes by drastically changing the content of the whole article, imposing statements without sources and without having the consensus of any other contributor. In the midst of these changes, you've removed a lot of my contributions that were not ok with your impartial point of view, that I menaged to reintroduce afterwars^[1]. This is the behaviour of a problematic user that still has not understood, after a year and several blocks and strict advices, how to properly act in a free Wikipedia, where also other people can contribute to the articles.

Also, this report is against you, and you failed to persuade people about your assumptions about my impartiality in a previous discussion that I advice everyone to see ( https://en.wikipedia.org/w/index.php?title=Wikipedia:Administrators%27_noticeboard/Incidents&oldid=838673865#FrankCesco26,_umpteenth_wave_of_disruptive_POV_edits ) FrankCesco26 (talk) 13:20, 16 May 2018 (UTC)

1. https://en.wikipedia.org/w/index.php?title=Religion_in_Germany&type=revision&diff=841527182&oldid=841471490

---

Condensing bickering between the two parties

This is utterly false, especially the claim that "afterwards, you started making countless sudden changes by drastically changing the content of the whole article, imposing statements without sources and without having the consensus of any other contributor". I improved the content of the article making many small style edits, removing unsourced phrases with long-standing "citation needed" tags, and replacing duplicate sources (for instance REMID and FOWID, which I unified throughout the article). I have nothing to hide, my edits are all there, and all the relevant changes were specified in the edits summaries. In the linked edit it was you who removed phrases, while I later integrated my edits with yours. As you see, the latest revision contains the phrase about the DDR that you added. Regarding the claim that "the most serious thing is that you did that while was an open discussion and you had no consensus to do": It was me who opened all discussions, in all relevant articles' talk pages, over the last weeks (see for instance Talk:Religion in Germany, Talk:Religion in the United Kingdom). Regarding the claim that I do not know "how to properly act in a free Wikipedia, where also other people can contribute to the articles", you should read What Wikipedia is not, especially that Wikipedia is not an indiscriminate collection of information.--Wddan (talk) 13:25, 16 May 2018 (UTC) Specifying your last action, the linked edit is a your hasty revert that reintroduced the unsourced and biased paragraph that I tried to make impartial. Along your "small" edits that drastically changed all the article towards a POV way, you inexplicably removed the pie chart of a survey I had introduced in the article with the consensus, and you again hidden the methodology that you didn't like of the survey you like. This was not clear or specified as you assumed. You don't accept other people's contributions, and this is not fair nor acceptable. FrankCesco26 (talk) 13:47, 16 May 2018 (UTC) It is false. It was you who removed the pie chart. Probably you did it accidentally and thought that it was me who did it. You are making false accusations, as I wrote here. And when I "hid" the methodology in the note where its should stay according to policies, I specified it in the edit summary: "This is how this type of information, utterly unencyclopedic for Wikipedia, which is not a statistical manual, should be presented in the article.".--Wddan (talk) 13:56, 16 May 2018 (UTC) When I'm wrong I admit it, I didn't notice it; but this doesn't mean that you are right in removing everything you don't like. Regarding this case from the too many, it is only a mere assumption that important information about the survey like the wording that you don't like because it reveal that your own impartial thoughts that you are trying to make universal in the article by dramatically completely changing it without seeking for consensus, are instead only related to somewhat statistical. The neutrality of Wikipedia is strained by your bad behaviour. FrankCesco26 (talk) 14:19, 16 May 2018 (UTC) Now half of your accusations have collapsed. Regarding the rest, I made grammar corrections, I changed Zs to Ss to conform with British English style, I removed phrases with long-standing "citation needed" tags, I unified REMID and FOWID sources throughout the article, I substituted two newspaper articles with a better academic source about the same subject, I changed the position of some paragraphs, I grouped some sentences to make a paragraph, I changed the style of the census table keeping the same content, I added some content, I removed the confusionary external links. There is nothing controversial about these edits, anyone can check. In the middle of my edits there are a series of edits by user PericlesofAthens.--Wddan (talk) 14:29, 16 May 2018 (UTC) That's what you say, but everyone can check the article and see that along your small edits there are biased rephrasings of entire sections that were accepted by every contributor until your edits, for example this paragraph I was trying to make impartial again after your edits but that you have reverted[1], again attacking the contributor in the summary of the edit and removing once again the edits you don't like. FrankCesco26 (talk) 14:51, 16 May 2018 (UTC) False, as demonstrated above. I integrated the edits of both. I have nothing more to say. This discussion is becoming tedious as you keep repeating again and again false accusations against any evidence.--Wddan (talk) 15:21, 16 May 2018 (UTC) Let the administrators decide if the facts of your antisocial behaviour pointed out by me are false as hastily repeated by you as if it were a valid counter argument. FrankCesco26 (talk) 15:25, 16 May 2018 (UTC) You can't accuse me of "antisociality": I always engaged in discussions in the last weeks. You have construed a false case based on a removal that you made by yourself (I assume that it was made untentionally...), and on a small rephrasing which is neutral and based on facts contained in the article itself. The problematic user is not me.--Wddan (talk) 16:09, 16 May 2018 (UTC) And do not modify my argumentations.--Wddan (talk) 16:16, 16 May 2018 (UTC) You use the talk pages only because you have been stricly adviced to do that[2], but in the meantime you mess up entire pages with no consensus, do reverts of edits you don't like and remove a lot of content replacing it with biased and bad sourced content of your alike; so it's like you don't use it. The edit (that I've already admitted that was my fault) was not the single reason this report exist, it's all your behavior that is problematic and you have continued your agenda of biased and unconsensual edits for over one year. That is not how Wikipedia and its talk pages work. FrankCesco26 (talk) 16:42, 16 May 2018 (UTC) "in the meantime you mess up entire pages". This is FALSE. "do reverts of edits you don't like and remove a lot of content replacing it with biased and bad sourced content of your alike". This is FALSE too. You are telling LIES trying to present me in bad light, and this slander has to stop! I have always added good-quality content, and users who know me know this. By contrast, it is YOU who have been involved in cases of controversial editing patterns in the past (case 1, case 2). For this reason I ask the intervention of users with whom I have collaborated for long time and who know me (and know your controversial editing history), including Iryna Harpy, Nillurcheier, JimRenge.--Wddan (talk) 17:09, 16 May 2018 (UTC) I'm not telling lies, your edits are there, I've just reported the things as they are. This discussion is not about me, but it's about you; I've learned from my past errors, and in the last time you've reported me you've failed. I can't say the same for you. FrankCesco26 (talk) 17:23, 16 May 2018 (UTC) References https://en.wikipedia.org/w/index.php?title=Religion_in_Germany&type=revision&diff=841531999&oldid=841527182 https://en.wikipedia.org/w/index.php?title=Wikipedia:Administrators%27_noticeboard/Incidents&oldid=838673865#FrankCesco26,_umpteenth_wave_of_disruptive_POV_edits

• I've hidden the arguing between the two of you, as you've clearly both made your points. Please cease posting here (unless directly asked to provide comment) and allow the administrators to look into this matter. Primefac (talk) 17:25, 16 May 2018 (UTC)
  • Primefac: Please note that within the hidden discussion between me and FC26 there have been some important developments, especially the fact that half of his accusation collapsed at the evidence that the removal of some content was made by he himself (whether intentionally or unintentionally).--Wddan (talk) 17:35, 16 May 2018 (UTC)

I collapsed the content, I didn't remove it, mainly because it was taking up an inordinate amount of space. It's still there for review, and we are perfectly capable of making our own judgements of both of your sets of responses. Primefac (talk) 17:51, 16 May 2018 (UTC)

• (after edit conflict) FrankCesco26, please stop canvassing on user talk pages...and both of you please stop pinging editors and be patient. I'm tempted to hat this discussion and echo Primefac's comment above.
  — Berean Hunter (talk) 17:27, 16 May 2018 (UTC)
• FrankCesco26, with part of your original complaint here being explained as misunderstanding, what are you exactly asking of the admins? What policies or guidelines has Wddan violated? (need diffs as clear evidence) It appears that you may have lost your patience in dealing with them but I'm not seeing anything other than you calling their behavior unacceptable.
  — Berean Hunter (talk) 18:15, 16 May 2018 (UTC)

That misunderstanding is only a small part of wrong behaviours implemented by the Wddan user, but it has obviously been emphasized trying to shift the focus on different things. I do not accept that Wddan reverts all my contributions just because they go against his WP:POV, he also did countless reverts within 24 hours of sourced content just because he did not like it. He also upsets entire pages of Wikipedia concerning religion to adapt them to his way of thinking, obviously without even thinking to talk pages of consensus. This goes against the principles of Wikipedia to adopt a neutral point of view in writing articles. All the differences can be found in the original paragraph of the report.

I have already tried to deal with him in the past, but after a year in which he hasn't made the slightest effort to change his way of coping with the Wikipedia policy, I'm fed up of all of this. I'm not asking for a "definitive solution" as my opponent said he hopes for me, but please do something, he still has to mess up several Wikipedia articles without consensus nor a neutral point of view in his agenda, after several blocks and advices by many contributors. FrankCesco26 (talk) 19:18, 16 May 2018 (UTC)

Jesus Christ... You know what I'm seeing? I'm seeing two, yes two editors who blindly push forward changes without even attempting to get consensus on talk pages. While I am encouraged to see that you two are actually USING said talk pages, they're... painful to read. All it is is bickering and back and forth. I don't see much of any engagement from any other editors. In short, you two are moving WAY too fast. The edit flow should be edit, revert, discuss. If you two disagree, wait for someone else to step in and say something. Start an RFC. But for cripes sake, SLOW DOWN. Spamming edits through is not the way to go here. You two are hyper fixated on the topic of religion in countries, and if you don't slow down and actually get consensus for these edits, you will very quickly find yourselves topic banned from them. Here's what I'd like to see. Go edit something else. Something completely unrelated to religion. Let things calm down. --Tarage (talk) 18:20, 16 May 2018 (UTC)

I would hope so, but I wouldn't imagine the quantity of article he would mess up without me reviewing his edits. FrankCesco26 (talk) 19:18, 16 May 2018 (UTC)

Thaaaaaaaaaaaaaaaaat line of thought is not okay. Neither of you should be reviewing each other's edits. You are really close to needing an IBan and that would not be pleasant for either of you. Stop it. --Tarage (talk) 19:44, 16 May 2018 (UTC)

Other editors have asked us to stop discussing here, but I see FrankCesco26 keeping playing the victim and claiming against any fact that I "mess up" articles and he "can't let" me doing so. I consider the latter to be a WP:PA, since I am very careful in my edits, I don't "mess up" anything and other editors can witness this. It is clear that with "to mess up" he means making improvement that he doesn't like.--Wddan (talk) 19:45, 16 May 2018 (UTC)

There is not improvement when there aren't sources or consensus, maybe I was a bit impulsive, but the substance is that the articles can't gain from unsourced and unconsensual edits. FrankCesco26 (talk) 20:36, 16 May 2018 (UTC)

I never edit without sources and against consensus (where there is a consensus).--Wddan (talk) 21:04, 16 May 2018 (UTC)

Tban proosal

Further propose that before posting here, users drink at least 8oz of iced coffee.-- Dlohcierekim (talk) 20:55, 16 May 2018 (UTC)

When I see this kind of bickering it is, in my opinion, best to simply separate the editors from both the area of conflict and each other. The attitude expressed by FrankCesco26("I wouldn't imagine the quantity of article he would mess up without me reviewing his edits") is completely unacceptable. I would suggest that both editors take 30 or 60 days off from the topic of religion and edit elsewhere. This will give them both a chance to show they are capable of interacting with other editors in a collaborative and constructive manner while, hopefully, allowing them time to gain a bit of perspective re each other. It would be best if they both agree to do this and stay away from each other during that time voluntarily but if not we should explore formal sanctions — I would suggest a 60 day WP:TBAN on religion for both and an indefinite WP:IBAN between the two of them. Jbh ^Talk 20:33, 16 May 2018 (UTC)

For me a tempban of religion articles on both it's fine, it will be a good summer. I am so tired of this.FrankCesco26 (talk) 20:37, 16 May 2018 (UTC)

Jbhunley: I invite again to check my edits. There is nothing problematic in my editing style: I don't "mess up" articles, and I don't deserve to be involved in this topic ban. I would support an interaction ban for me, but not an indefinite one, since it would be impossible to avoid all interactions with FrankCesco26, since we have been editing the very same articles.--Wddan (talk) 21:04, 16 May 2018 (UTC)

Go. Edit. Something. Else. --Tarage (talk) 21:14, 16 May 2018 (UTC)

multiple (edit conflict) Sorry, but we have all our own interests and I have no other interests in Wikipedia apart from these "religion in..." articles with statistics.--Wddan (talk) 21:25, 16 May 2018 (UTC)

Then you don't belong on Wikipedia. If you can't find anything else to contribute to, you might as well pack it in right now. --Tarage (talk) 21:31, 16 May 2018 (UTC)

(edit conflict) At this point it is your attitude, as demonstrated by your behavior in this thread, that is the problem. My experience when I see editors going at each other like you two are is that both have contributed to the problem and if both are not able to take some time away from the area of conflict and each other then, rather than short time outs, we will rapidly end up discussing indefinite blocks for disruption. Jbh ^Talk 21:20, 16 May 2018 (UTC)

@Wddan: <ec> Stop. We are not continuing this arguing. We are not continuing this debate. The problem is your interactions. -- Dlohcierekim (talk) 21:23, 16 May 2018 (UTC)

Wait a minute. Apart for the outcome of the topic ban below, I have been repeatedly accused of "messing up" articles. I consider this to be a personal attack, since I am proud of my good edits to those articles, which are very accurate in style, neutral and well-sourced in content. I am very irritated by that judgement, which is based on non-neutral bias, and I expect that it is verified and confirmed that my edits are good.--Wddan (talk) 21:50, 16 May 2018 (UTC)

Propose 60 day topic ban from religious topics, broadly construed, for both editors Go edit something else, away from each other. --Tarage (talk) 20:46, 16 May 2018 (UTC)

• Support It's summer here in Florida, and I need less heat and more light. Really, the unseemly bickering above is dismal- dismal!-- Dlohcierekim (talk) 20:50, 16 May 2018 (UTC)
• Support I am very tired of all of this, I got to enjoy this summer. FrankCesco26 (talk) 20:52, 16 May 2018 (UTC)
• Support Take a two month vacation to reflect on collaboration instead of confrontation. Cullen³²⁸ Let's discuss it 21:13, 16 May 2018 (UTC)
• Support per my comment above. Jbh ^Talk 21:20, 16 May 2018 (UTC)
• multiple (edit conflict) Neutral — I can't say that I am tired of editing articles, since I have not even finished to improve "Religion in Germany", due to the long discussion of today. I think that I do not deserve a TBAN since I was thrown here on the base of a false pretext. A TBAN would result in no editing for two months for me, since I have few other interests (in Wikipedia). However, I can't oppose consensus, if consensus will form for a TBAN for both. I am also not sure that we, the involved parts, are entitled to vote here.--Wddan (talk) 21:26, 16 May 2018 (UTC)

Wrong answer. You are admitting that you are a single purpose account, and one causing problems at that. I guarantee you that if you edit nothing while topic banned and then come back and cause the same problems as you have here, you WILL be blocked. Fix your attitude now. --Tarage (talk) 21:32, 16 May 2018 (UTC)

That I have a niche interest does not mean that I edit in a non-neutral way.--Wddan (talk) 21:40, 16 May 2018 (UTC)

Frankly I don't care. You are causing problems in the space you are editing. I have told you multiple times to edit something else. You are refusing. Being a problem editor(Which you are, don't pretend you are innocent, multiple people have told you this) and refusing to edit outside of the area you are causing problems WILL get you blocked. Period. --Tarage (talk) 21:47, 16 May 2018 (UTC)

(edit conflict) @Tarage: everyone contributes in their own way and should be able to without being chastised by others. The issue is disruption, not editing focus. Please also consider that when dealing with editors in conflict that there is a considerable difference between being direct and being aggressive. Cheers. Jbh ^Talk 21:51, 16 May 2018 (UTC)

No need to ping me. The problem is I'm running out of patience with this editor. Look at their talk page: It's full of people telling them they are being problematic and refusing to listen. When being faced with a topic ban, saying "Well I'm just gonna not edit till it expires and then go back to what I was doing" is not what I want to hear. That screams IDHT. Sometimes being aggressive is the only way to get through to someone just how much trouble they are currently in. --Tarage (talk) 21:57, 16 May 2018 (UTC)