Wikipedia talk:IP block exemption

From Wikipedia, the free encyclopedia
Jump to: navigation, search
Peacedove.svg The project page associated with this talk page is an official policy on Wikipedia. Policies have wide acceptance among editors and are considered a standard for all users to follow. Please review policy editing recommendations before making any substantive change to this page. Always remember to keep cool when editing, and don't panic.

Archives:

  • /Archive 1 - policy creation up to enabling of IPEXEMPT, May 2008.
  • /Archive 2 - Pages archived between May 2008 to -


Abuse potential and possible split[edit]

It seems to me that this usergroup is really about two different needs, one for avoiding hard blocks of regular IPs or IP ranges (relatively common), implemented by ipblockexempt, and one for avoiding tor blocks (needed for editors in China for example), implemented by torunblocked. The second one is much more sensitive and open to abuse, according to the page and to those comments, however two checkusers agreed that it wasn't that sensitive. It's clear that admins are not allowed to edit through tor (proxyunbannable has no use on WMF wikis, see Mr.Z-man's comments and here). My point is, is this really open to significant abuse, and should we be concerned that some editors in the high risk template editor usergroup have IP block exemption ? If it is that sensitive, wouldn't it be more appropriate to split this usergroup into two : IP block exemption with ipblockexempt and Tor block exemption with torunblocked ? This would also likely reduce confusion and ease maintenance. Cenarium (talk) 22:46, 12 November 2014 (UTC)

On one level a split makes sense, but I'd like to raise a few issues in answer to your questions. Admins are able, both technically and in policy, to add themselves to the IPBE group if they have a need. This effectively allows them to grant themselves only torunblocked. Related to this is that I suspect the lack of concern you're hearing from checkusers is because accounts can be quickly blocked and banned. A user is highly unlikely to have a collection of IPBE accounts due to the scarcity of the flag. This and other issues make it a high cost vandal vector, usually cheap for us to deal with.
A split will create a new list of users who specifically use Tor. I suspect users of Tor as well as checkusers/admins who have granted it may not like that. From another perspective, while it may be good for monitoring Tor users, it does not cover all users granted IPBE to use anonymous proxies. Many users find Tor slow and inconvenient and prefer to use VPNs or open proxies. In my experience the famous Tor user behind China's firewall is largely a myth (there was one once). Furthermore, not all users granted IPBE because they are affected by Tor blocks are actually using Tor. They need torunblocked because they are collateral. Lastly, ipblockexempt is a technical licence to use and abuse proxies anyway. We ultimately have to trust the user with flags to stick by policy, or start removing things from them. All in all, I think this leaves me unconvinced about the need for change, only the need for discretion and vigilance. -- zzuuzz (talk) 19:54, 13 November 2014 (UTC)
It's pretty rare to see IPBE abused. If an account with IPBE starts vandalizing, then you can find and revert the vandalism like any other account. It can let users avoid IP blocks, yes, but any dedicated vandal who understands how Wikipedia works could just use a proxy instead (or a mobile IP range, blarg). Rather than being more restrictive in giving it out, as might happen with multiple groups, it might be better to be less restrictive and give it to users in good standing who want some privacy. Ajraddatz (Talk) 07:31, 21 February 2016 (UTC)

Less restrictive IPBE requirements for editors in good standing[edit]

This topic needs to be discussed again, as some editors in good standing are being unduly affected by the current rules.

For example, there is mention of exemptions for people with "restrictive firewalls", but I suggest it be strengthened to include other similar issues like ISPs that insist on breaking connectivity. I've had issues that affect my ability to edit, which I won't go into at length here, and regularly use a VPN service to fix them. More over, many people feel it is increasingly necessary to use VPN and similar services to prevent data collection (spying) by ISPs and other agents.

For editors in good standing I see no reason why they should not be able to request and maintain an exemption indefinitely. Editors who have been registered for a long time and made many unproblematic edits over the years should be supported when they find they have connectivity issues or feel the need to enforce privacy/security.

There are two issues that need to be addressed, based on the results of the previous debate.

1. What is "good standing", or more precisely what should the requirements for an editor seeking such an exemption be? Could some kind of trial period be implemented?

2. Personal preference alone should be enough, if the editor does not abuse the exemption. Users who hold certain values, such as the value of privacy, or who have no choice but to use an abusive ISP, should not be penalized. I think there would need to be a very good reason to deny such users an exemption.

I hope we can find a way forwards. At the moment I am only able to edit Wikipedia from work on on mobile, not at home, due to this issue. ゼーロ (talk) 10:36, 19 February 2016 (UTC)

IPBE requirements should absolutely be less restrictive. This business of checking accounts requesting it and re-checking them at random times to see if they still need it is, to me anyway, quite strange (though not necessarily wrong). An editor in good standing should be able to edit. If they say that they can't, then this should be rationale enough to grant them an exemption so that they can continue. The two main arguments against handing these flags out are a) hat collecting and b) abuse. A) if the editor wants to feel special by gaining some minor right on an internet website, then they will find ways to do that anyway - this shouldn't be a significant concern, as it is clearly a vast minority of cases. B) Any abuse of the IPBE flag is still visible. Very visible. CheckUser can (and should) be used to investigate requests for exemption from users who have engaged in patterns of disruptive behaviour, if the flag isn't denied to them outright. But being a bit liberal with assigning it means that more people who are subject to blocks which did not target them intentionally are allowed to get back to editing, or users who want more privacy can get that, and these both clearly fit within the mission statement of the Foundation and the five pillars here ("Wikipedia is free content that anyone can use, edit, and distribute"). Ajraddatz (Talk) 07:37, 21 February 2016 (UTC)
I concur. As long as I'm an editor in good standing, what difference does it make if I have IPBE but don't currently need it? With the proliferation of WiFi hotspots and and the fact I don't have an internet cell phone, I don't know where I'll be denied access, and shouldn't be inconvenienced by an unexpected IP block. In addition, I don't like the idea of some random admin running a check user on a bunch of editors without serious cause or prior notice. Wikipedia is not the US Federal government, and shouldn't be acting like it. - BilCat (talk) 07:57, 21 February 2016 (UTC)
I agree with all that, and would just add that I actually do need an exemption. I'm currently using my neighbour's WiFi (with permission) to edit from my phone, because my home broadband connection is unusable. ゼーロ (talk) 10:28, 21 February 2016 (UTC)

I think it should be given to any user in good standing who claims a need. However I also think that any CU should be able to remove it if they find that it is interfering with an actual investigation. I don't think it should be removed unless it is interfering with a checkuser investigation. Really who cares if a good user uses a bad IP? HighInBC 17:08, 23 February 2016 (UTC)

Technical question: what is the mechanism whereby IPBE interferes with an investigation and removing IPBE fixes the problem? --Guy Macon (talk) 18:02, 23 February 2016 (UTC)
I suppose if a CU checks a user as part of an investigation and find that they cannot check their IP because they are using blocked proxies it would be a good reason to remove the right. Particularly if there is no record of a proper IP being used. HighInBC 05:33, 24 February 2016 (UTC)
The how concept of differentiating between a "proper IP" and a VPN endpoint / Tor exit node is flawed. IP addresses are a blunt tool and many people wish to obfuscate their use of one for perfectly legitimate reasons. Consider that if an IP address is at all useful to some random admin doing an investigation, there are good reasons to avoid it being traceable to yourself (that have nothing to do with WP). ゼーロ (talk) 12:01, 24 February 2016 (UTC)
We don't let admins look at IPs. Only checkusers. Our checkuser policy allows for this sort of checking and determination. There is no right to obfuscate your IP here, just a privilege we allow some people for special circumstances. As it stands it can be taken away simply if there is evidence it is not being used, I am suggesting it be taken away only if there is any evidence it is being misused. HighInBC 16:47, 24 February 2016 (UTC)
I agree. Re: "As it stands it can be taken away simply if there is evidence it is not being used", please see Wikipedia talk:IP block exemption#Removal without warning or discussion, where I clearly show that "not being used" does not equal "not needed". --Guy Macon (talk) 18:11, 24 February 2016 (UTC)
I appreciate what you are trying to say HighInBC, but I don't have an IP address. The one I use at home, that I can't edit WP properly from, is shared and seems to change often. Sometimes sites think I am outside the country and won't let me access services for a few days until it changes again. The whole concept is flawed. ゼーロ (talk) 17:03, 25 February 2016 (UTC)
You do have an IP address, even if it changes often and is shared with other users it can still be seen as a residential IP and not a proxy. In my scenario your changing home IP would be related to an ISP and would be seen as a legitimate set of IPs, as opposed to a proxy server or commercial public IP. HighInBC 16:44, 9 March 2016 (UTC)

What makes IPBE extraordinary?[edit]

I read through the past discussions on this page and I still don't quite get it.

  • What makes IPBE so dangerous that it cannot be retained by trusted members of the community who have at some point needed it?
  • Is it the fact that it allows editing through Tor? If so, would it make sense to unbundle ipblock-exempt and torunblocked?
  • If the issue is that lots of people having IPBE would make checkuser difficult, perhaps it should still be granted only if absolutely needed, but why does it make sense to take it away from people?
  • Would a compromised account with IPBE be significantly more dangerous (or difficult to detect) than a compromised account without it?

If the main reason is just "people who don't need a user right shouldn't have it", then I think the reaction to the recent IPBE review shows that the advantages may be outweighed by the social costs. wctaiwan (talk) 00:41, 22 February 2016 (UTC)

What about the social costs of allowing the number of IPBE users to slowly grow forever (it makes the rest of us wonder why we don't have that right)? Procedures like WP:OWN tell us that our feelings aren't as important as fitting in, and there is no reason people should have IPBE unless it is needed. Johnuniq (talk) 02:04, 22 February 2016 (UTC)
WP:OWN isn't scripture, and there is social cost to not doing it. If you want people to contribute, it makes sense to help them so do. I'm now unable to edit from home, so my contributions are heavily reduced.
To address the issues raised by wctaiwan, I think separating out Tor blocks is likely to be problematic, because people can run Tor exit nodes through VPN services. Some VPN services use the same servers to host Tor exit nodes too. To me the more interesting question is why do we block registered users who have been active for a number of years from using Tor? The goal is to block spam and vandalism, not to block Tor.
I agree that taking exemptions away from people makes no sense, unless there is some specific abuse it is dealing with. ゼーロ (talk) 09:15, 22 February 2016 (UTC)

Removal without warning or discussion[edit]

I am a bit concerned about removals of IPBE with no warning or discussion on the user's talk page. I have IPBE because when I am in China I usually work under a consulting contract that specifies that I must access the Internet is through Tails and Tor (I do consulting work work in the toy industry, where industrial espionage is a real problem). I also use Tails and Tor here in California if I am accessing the Internet through a corporate network at a remote jobsite. I often end up waiting around for someone at the remote site so have plenty of time to edit Wikipedia.

The thing is, I might go nine months without needing IPBE (thus meeting the "editor has access to Wikipedia through a non-firewalled IP address" criteria for removal) then suddenly need it very badly. I don't see how a checkuser alone would reveal this, and I don't want some admin to remove the right without first discussing it with me and giving me a chance to explain my situation.

Note: I hereby give my full permission to anyone to run a checkuser on me and reveal the results for any reason or for no reason at all other than going on an ordinarily unjustified fishing expedition. I don't care who knows my IP, and I have nothing to hide from anyone on Wikipedia. Also, I cannot be possibly be outed, because Guy Macon is the real, legal name I was born with. The WMF has proof of my identity on file. --Guy Macon (talk) 23:16, 22 February 2016 (UTC)

(...Sound of Crickets...) --Guy Macon (talk) 01:54, 25 February 2016 (UTC)
There's obviously a range of views on the best way to manage this right. Why not start an actual RfC about it? Opabinia regalis (talk) 02:11, 25 February 2016 (UTC)
^ This sounds like a great idea. Might as well get people together to make a decision, rather than arguing back and forth about it. I'd be glad to help set it up, if needed. Ajraddatz (Talk) 05:30, 25 February 2016 (UTC)
Please do that. ゼーロ (talk) 17:05, 25 February 2016 (UTC)
Sounds like a plan! I'm pretty busy until after the weekend though, so I'll set it up sometime next week unless someone else has before then. Ajraddatz (Talk) 03:22, 26 February 2016 (UTC)

Less restrictive IPBE RFC[edit]

let someone else have a try I guess

The following discussion is closed. Please do not modify it. Subsequent comments should be made on the appropriate discussion page. No further edits should be made to this discussion.

Should the IP Block Exempt permission requirements be loosened to be generally given to established editors in good standing upon reasonable request

For the purposes of this RFC :

  • Established editors shall be taken to mean 6 month/500 edits (unless some other consensus definition evolves below)
    • Could be given to editors who don't meet this restriction if they can show some heightened cause.
  • reasonable request shall be taken to mean security (VPN), privacy, travel or other reasonably articulated concerns
  • The request can be refused (or revoked) if there there is reasonable cause or for suspicion of misuse

For additional context see Wikipedia:Administrators'_noticeboard#IPBE_-_IP_block_exemption_removals


Survey[edit]

  • Support Use of VPN while on public wifi is a universal recommendation from security and IT professionals. By restricting users from using VPNs we are placing them directly in harms way. For almost an insignificantly small benefit to the wiki. Support giving on demand to any established account (perhaps make it part of the Gamergate super-auto-confirmed permission?). Given on reasonable request to any account. Revocable with cause or reasonable suspicion of abuse. Gaijin42 (talk) 21:03, 26 February 2016 (UTC)
  • Support in spirit, but per the comments below, this is a very vague proposal. Beeblebrox (talk) 22:14, 26 February 2016 (UTC)
  • Oppose I was given IPBE just the other day thanks to a ne'er-do-well at my current location abusing multiple accounts. My situation is why the permission exists. If IPBE threatens our CU capabilities then I don't think it's worth giving anyone (even me) this permission. We've seen how our "trusted users" can get embroiled in content disputes, POV pushing, and edit warring. Chris Troutman (talk) 02:20, 27 February 2016 (UTC)

Threaded Discussion[edit]

  • Unless you want a series of RfCs to determine exactly how the requirements should be loosened, you may wish to include your specific changes in the body of your proposal. BethNaught (talk) 21:11, 26 February 2016 (UTC)
BethNaught that is a risk, but for two reasons I think I should keep it the same. 1) adding in ideas risks POV creeping into the RFC which could invalidate it. 2) Its a waste of time to get into minutia if overall support is going to fail. Gaijin42 (talk) 21:28, 26 February 2016 (UTC)
You'll be able to see if it is generally supported by making a proposal that clearly outlines what changes should be made. This is nothing more than a survey; I think a substantive proposal would be better here. Ajraddatz (Talk) 22:17, 26 February 2016 (UTC)
I don't think your POV concern makes much sense. A proposal for a change is by its very nature a reflection of a particular point of view. This isn't an article we're talking about here, and people would almost certainly find it easier to form an opinion if something more concrete was proposed. Rushing ahead with an RFC that is not fully formed rarely yields usable results. (See my essay on the subject for more details.) Beeblebrox (talk) 22:20, 26 February 2016 (UTC)
  • I suggested an RfC above, but what I had in mind was something much more structured. As written this is more or less an invitation to continue the sort of diffuse commentary in the previous sections, but with an RfC tag on it; no consensus for a specific policy change is going to emerge from such a broad question. I'd suggest withdrawing this for now and working with the others who suggested above that they were interested to develop a substantive proposal. Opabinia regalis (talk) 22:22, 26 February 2016 (UTC)
  • I concur with those that say this should be more structured. wctaiwan (talk) 22:32, 26 February 2016 (UTC)

Per the comments above I have restructured the RFC to give a specific proposal. @Wctaiwan, Opabinia regalis, Beeblebrox, Ajraddatz, and BethNaught:Gaijin42 (talk) 22:36, 26 February 2016 (UTC)

  • As I understand it, the reason the restrictions are tight right now is that if a user editing through VPN or other anonymizing proxy commits sock puppetry, it would be very difficult for a CheckUser investigation to produce conclusive results. I understand that the intention of this proposal is to only affect established, trusted editors, but a certain threshold of edits and tenure is not necessarily indicative of trustworthiness, and then again, we have seen established editors commit sock puppetry before, and get caught because of CheckUser. Thus, wouldn't loosening the policy in the manner proposed allow users to more easily sockpuppet without detection? Mz7 (talk) 23:43, 26 February 2016 (UTC)
  • Thanks Gaijin42, but I still think the best way forward is to withdraw this for now and re-start later with a more developed proposal. IMO the best approach would start by working with other interested editors who understand the technical background to produce specific recommendations on how the policy should be changed and why. Opabinia regalis (talk) 02:18, 27 February 2016 (UTC)

The discussion above is closed. Please do not modify it. Subsequent comments should be made on the appropriate discussion page. No further edits should be made to this discussion.

Proposals for RfC[edit]

Let's decide on the proposed questions for an RfC. I suggest:

1. All editors should get an IP block exemption after being registered for six months and having made >10 edits without sanction during that time. Editors may also request an early exemption.

2. Exemptions shall only be removed in cases where there is abuse.

Discussion: The purpose of IP blocks is to stop spam and vandalism. Unfortunately, they are a blunt tool that cause a lot of collateral damage and work for administrators. They are also anti-privacy and discriminatory against editors from areas where exemptions are necessary. Such editors essentially have to beg to be allowed to edit, and then keep editing regularly from a blocked IP range or have their exemption removed and go back to begging. The process for evaluating eligibility can also include an unwarranted invasion of privacy.

A better solution would be to simply grant all editors an exemption by default once they become established, which I define (somewhat arbitrarily) as being registered for six months and having made at least 10 edits without sanction for spamming etc. That should be more than enough to deter spammers and vandals, who would have to expend significant energy improving Wikipedia and wait six months before being able to vandalize anything. Users who need an exemption from day one can apply for a special exemption.

Following on from this, it makes sense that the only reason to remove an exemption is as a sanction for bad behaviour.

Please comment on the questions. This isn't the RfC, we are just trying to make a concrete proposal that can be implemented from a technical point of view and which is likely to address any major concerns (i.e. stand a chance of being accepted). ゼーロ (talk) 09:48, 29 February 2016 (UTC)

I think that is far too aggressive. It would be trivial for sock farms to create accounts that meet that requirement en-masse, wait for them to activate, and then CU would become worthless. If its going to be automatic, I would think something more like the GamerGate restriction would be better (500 edits, 6 months?). I'd say it should be on request, granted unless suspicious, except with the reduced requirements, that might be too heavy of a workload.Gaijin42 (talk) 14:29, 29 February 2016 (UTC)
Agree with Gaijin. There's no way that's going to work. (10 edits, is that a typo?)
I suggest something along the lines of:
  • IPBE may be granted on request to experienced editors who are affected by hard blocks or who otherwise describe a reasonable use for the right. Administrators should consult with a checkuser if they are uncertain about a particular request.
  • Editors who hold this right should be aware that the index of suspicion for sockpuppetry or other misbehavior may be higher for IPBE holders than for other users, and they may be checkusered when reasonable suspicion arises.
  • IPBE may be removed when:
  1. The holder of the right requests its removal.
  2. The account is inactive for more than a year.
  3. Reasonable suspicion of misuse substantiated by checkuser evidence has arisen.
  4. The user has been banned or has otherwise been subject to sanctions that are incompatible with the level of trust needed to retain the right.
It can't be automatic - that's too easily gamed - and while I personally think we should be much less restrictive with this right, there is a real danger of inadvertently turning it into a "trusted user flag", which would cause all kinds of unpleasantness in the event that it needed to be removed from an established user for whatever reason. But the evidence Mike V posted in his audit is that 269 cases turned up a single, disputed incident of misuse, which suggests that it's reasonable to be less strict with this. Opabinia regalis (talk) 18:18, 29 February 2016 (UTC)
Opabinia regalis's suggestions are much more in line with what I am thinking, but I do think it would be better to give a (non exclusive) list of examples about what might be "reasonable use". Is just general desire to use VPNs for security/privacy sufficient? Occasional travel to China? etc. Gaijin42 (talk) 18:43, 29 February 2016 (UTC)
  • That seems reasonable to me, though I'd still like a checkuser (or someone else who is knowledgeable on this) to explain what it is the current strict guidelines are intended to protect against. It'd really help in reaching a better informed decision. wctaiwan (talk) 19:21, 29 February 2016 (UTC)
  • The current guidelines are partly designed to prevent one user building up a 'good hand' account, which cannot be connected by normal means to the primary account. If a user only uses anonymising proxies, they are basically checkuser-proof (any admin doing this would certainly raise more than an eyebrow). We have seen whole admin accounts created using this method before. IPBE also allows users to log in to override an IP block intended for them, which would otherwise have been anonymous. -- zzuuzz (talk) 20:13, 29 February 2016 (UTC)
  • How effective are these measures? And how are they balanced against the needs of other editors? ゼーロ (talk) 10:29, 1 March 2016 (UTC)
I like Opabinia regalis (talk · contribs)'s suggestion, especially when it comes to removal of the right. IPBE shouldn't be automatic, and should still be held by people that have a use for it. CheckUser should also be used to investigate cases where disruption is possible, given the appropriate rationale for doing so. Wctaiwan (talk · contribs) the basic argument is that it lets users sockpuppet without detection, since you could run an account with IPBE on an open proxy, and another on your main IP. The argument against this is that it is possible anyway using mobile ranges, and ultimately the behavioural evidence will be telling. Ajraddatz (Talk) 20:10, 29 February 2016 (UTC)
I suppose, on rereading, that should also say something like "Editors who discover that they no longer need IPBE are encouraged to request removal of the right." and "IPBE may also be removed at the direction of the Arbitration Committee." (Not to power-grab, but I can imagine cases where removing is warranted but no other details should be made public.)
As for Tor et al, there's a proposal floating around somewhere that the torunblocked right should be granted separately from general IPBE. I think that's a bad idea, in part because it would give snoops a handy list of users we've judged to have "extraordinary" circumstances. Personally I think we are being bad free-culture citizens by being so fussy about what are otherwise reasonably common personal-security measures (recommended by the EFF, even). We should just say something like "Tor, other proxies, VPNs, and similar services are frequent sources of abuse. IPBE holders who use such services are warned that their account might come under checkuser investigation, in which case IP addresses recently used by their account may be revealed to a checkuser. In some cases the account may be blocked if it is not possible to rule it out as a source of abuse. Be careful; we're not your mother."
That said, what would be more likely to actually get a reasonable proposal passed would be giving simple examples like "a need to edit through a firewall, even if the need arises only intermittently". Opabinia regalis (talk) 20:48, 29 February 2016 (UTC)
My personal reason is "Desire to use VPN for security while on hotel/airport/starbucks public wifi as recommended by virtually every security expert on the planet." (I can provide sources for the recommendation if needed). The reading I have done over the last few days suggests to me that the TOR right is separate right now. But I agree with Opabinia regalis's concern that that gives people an easy to use list. Are there such things as secret rights that aren't visible to regular users or admins? Gaijin42 (talk) 20:53, 29 February 2016 (UTC)
They haven't been separated yet; see Special:ListGroupRights. I agree that occasional use is still justification for the flag, and that makes unwarranted CheckUsers on accounts with the flag even more concerning (since the CU is then seeing the proxy and their main IPs). As an aside, I also support keeping IPBE and torunblocked together, since they are generally used for the same thing and it's easier to manage then. Ajraddatz (Talk) 20:58, 29 February 2016 (UTC)
Ajraddatz Ah, I was ambiguously referring to the split between the lower level "ipblock-exempt" and "torunblocked" permissions. Although we don't give normal users one without the other, the admins and bots all get ipbe but not torunblocked currently. (That would let you currently find admins who are in a sensitive location maybe? since they would explicitly be in the IPBE group to get tor, even through they already got the ipblock-exempt permission from being an admin?) Gaijin42 (talk) 21:10, 29 February 2016 (UTC)
I'd like to see the requirement for a "good reason" removed, because privacy and security are good reasons for all editors. As others have pointed out VPN use in particular is considered pretty much mandatory when using public networks, and when using private ones by many security experts. ゼーロ (talk) 10:36, 1 March 2016 (UTC)

New proposal, based on feedback[edit]

1. Editors may also request a IP block / Tor exemption without needing to provide a detailed reason, as privacy & security are considered valid reasons for anyone.

2. Exemptions shall only be removed in cases where there is abuse.

Are these more acceptable? ゼーロ (talk) 10:44, 1 March 2016 (UTC)

I think this is still too broad. You are jumping from basically completely restricted, to completely unrestricted. There is a happy medium. Making it too broad will cause heavy socking disruption
I think we should require a reason, but give guidelines that privacy and security are valid reasons. I think that we should still have some time/edit guidelines as well. For users who meet those guidelines the right should probably be granted absent other issues. If they do not meet those guidelines, additional scrutiny and or justification may be needed as the discretion of the grantor. (This is similar to the restrictions that we place on AWB Wikipedia:AutoWikiBrowser#.281.29_Register, or Rollback Wikipedia:Rollback#Requesting_rollback_rights). AWB and rollback have much less potential for long term disruption. We should not be making ipbe easier to get than these.
For number 2, "Shall, abuse" is too strong. especially as a jump from where we are now where it is removed by default. Perhaps removed (or request rejected) when there is reasonable suspicion of misuse.
Also, the right may need to be temporarily removed during the course of an investigation in which the person is presumed innocent, just to reduce the noise/question of unrelated users. Once this right is in general use, VPN/Tor collisions are going to become more likely and they may need to temporarily shut things down to identify the culprit. The right should be restored to those uninvolved afterwards tho. Gaijin42 (talk) 13:47, 1 March 2016 (UTC)
I don't see the point of requiring a reason if the reason can be "privacy/security", because anyone making sock puppet accounts will just say that. Socking should not take away every user's right to privacy and security.
As for "shall, abuse", the problem with softening it to mere suspicion is that once the block is removed it may be difficult for the user to challenge the accusation. It's also open to abuse. I don't see a problem with requiring there to be the usual level of investigation and oversight for sanctioning users. ゼーロ (talk) 15:35, 1 March 2016 (UTC)
The proposal won't pass without more broad grounds for removal. It should be removed for general inactivity as well, and I would be OK with routine audits that ask users if they still need it (without mass CheckUsering a bunch of trusted accounts) Ajraddatz (Talk) 18:18, 1 March 2016 (UTC)
By inactivity, do you mean of the account as a whole (regardless of if the IPBE right is being exercised or not)?Gaijin42 (talk) 18:22, 1 March 2016 (UTC)
Yeah. The one year timeframe mentioned above makes sense. Routine asking audits can also help to remove it from those who no longer need the exemption, but are still active. Ajraddatz (Talk) 18:24, 1 March 2016 (UTC)
The "one year" from my earlier post is arbitrary, but it's true that IPBE could make it difficult to detect a compromised account, and thus increase the potential damage from compromise, so there should be a mechanism for removing it from inactive accounts that could be compromised without the owner noticing.
One reason to ask for a reason is to prevent the use of this user right as a general "trusted user" label, which will make it more difficult to keep track of and will cause a lot of drama when the right is removed, regardless of circumstances. I do like the idea of "auditing" by routine mass message. As for #2 above, I think the best we can do is offer a standard along the lines of "reasonable suspicion of abuse" - the whole point is that actually making use of the IPBE right makes it more difficult to demonstrate abuse with the degree of certainty #2 seems to be seeking. Opabinia regalis (talk) 21:39, 1 March 2016 (UTC)
Auditing via email sounds good, perhaps with some alternate behaviour if the email address on the account changes. If there is to be a hard time limit, there should a warning email a month before so people can access their account to extend the deadline. The removal without warning is an issue for a lot of people.
To reiterate, the main issue for me is that "privacy/security" are considered valid reasons. I need the exemption to edit from home in any case, but when when on mobile etc. I'd prefer to use a VPN for privacy and security. ゼーロ (talk) 09:37, 2 March 2016 (UTC)
You already have a fairly high level of privacy and security... by having an account, and thus ensuring that your IP records are only accessible to a very small group of trusted users under a restrictive policy (i.e. checkusers). (They're also available to anyone monitoring your network traffic, but IPBE doesn't help with that either.) Given that the reason the checkuser mechanism exists is abuse prevention, I don't see it as appropriate to give it out to anyone who asks if they can edit just fine without it. (In particular, VPNs that are not open proxies should work without IPBE?) In the future the community may decide to allow editing through Tor, but let's take this one step at a time. wctaiwan (talk) 18:24, 2 March 2016 (UTC)
Wctaiwan Corporate VPNs will likely work, but most of the for-pay VPNs are blocked as open proxy (though they do not actually meet that definition) For example, the one I use is TorGuard, which is completely blocked. Gaijin42 (talk) 19:02, 2 March 2016 (UTC)
It's not so much privacy from WP admins, as privacy from ISP level spying and government spying. It wouldn't be the first time that access to certain Wikipedia pages is used against someone. There is also the issue of ISPs monitoring for targeted advertising and "content control". Many mobile ISPs do keyword filtering, for example. More over, everyone has a basic human right to privacy, and some people need to use a VPN to block ISP level interference like advert injection. I think it's important to see VPN use as like having a firewall or anti-virus. ゼーロ (talk) 09:09, 3 March 2016 (UTC)
Comment: On WP:AN, Risker mentioned previous audits ("Having participated in one or two similar audits over the years..."). On the current AN page the term "IPBE" is mentioned more than 100 times, "block exemption" 15 times. In the 279 AN archives the term "IPBE" appears only 32 times in 20 archives, "block exemption" less than 50 times in 34 archives. These previous audits apparently didn't cause (many) problems, and I don't think the policy has changed much since then? Seems to me the current problem is caused not so much by the policy, but by an admin making wrong decisions (note that LouisAlain is still blocked for supposedly using a web host, despite all evidence suggesting his IP is a freebox modem) and based on an overly strict interpretation of the policy. Prevalence 15:21, 2 March 2016 (UTC)
That's why I'm keen to re-word the policy in a more permissive way, where the default action is to allow and keep exemptions in place unless there is some specific reason to remove them. ゼーロ (talk) 09:11, 3 March 2016 (UTC)

Moving forward[edit]

It seems that there is general support for something like what Opabinia regalis proposed. (At least one person thinks it's still too restrictive, but this doesn't preclude an even less restrictive policy later.) @Ajraddatz: since you previously said you'd be willing to set up an RfC, would you be interested in starting one based on the proposal at some point? Thanks. wctaiwan (talk) 19:45, 3 March 2016 (UTC)

Yes, I would. I'd like to wait a few days though - After getting non-answers from the local CU team here, I've asked the ombudsman commission to look into the practice of mass-checking as part of IPBE audits, and I want to make sure that the new policy reflects their interpretation of how CU can be used in those cases. It may be that my own interpretation is off, and mass checking is OK, and if so that should be included in the policy somewhere - or totally removed if it is not acceptable. Ajraddatz (Talk) 21:24, 3 March 2016 (UTC)
Alright. Thanks for the follow up. wctaiwan (talk) 23:25, 3 March 2016 (UTC)
Good idea, thanks Ajraddatz. Opabinia regalis (talk) 00:23, 4 March 2016 (UTC)

Okay then. Am I interpreting this correctly if I propose:

1. Privacy and security are valid reasons to request an exemption.

2. Exemptions shall be removed if there is reasonable suspicion of abuse, or if the user does not indicate they wish to retain it in response to a regular email. The email would be sent once a year. In cases where abuse is suspected, care should be taken to avoid preventing the user from participating in discussion of the issue.

Is that what had had in mind? ゼーロ (talk) 11:55, 7 March 2016 (UTC)

This sounds better than what we have now. Though I would like to hear from CUs as they are going to be the most affected by this. HighInBC 16:46, 9 March 2016 (UTC)
That is essentially what I am thinking it will be. An expansion of the "valid rationale" section to include privacy/security for users who are obviously trusted to not abuse it, at the discretion of the granting admin, and perhaps with an edit count / account age requirement. It should also include that periodic use of proxies, etc is a legitimate use for requesting the flag: One need not be using the flag constantly to retain it, only have a continuing need for it.
In terms of removal, auditing is allowed and encouraged, but should be done by contacting users through their talk page or email and asking if they still need the flag. If there is any suspicion of disruption, then the user may be checked to prevent disruption to the project. (Depending on the result of the OC deliberations, checks may be permitted in general to help checkusers determine the continued need for the right, but should still be done in consultation with the user).
I too would like to hear from local CUs on this. My own experience with the right is on the global scale, usually dealing with cases of obvious cross-wiki vandalism and rarely the kind of in-depth sockpuppetry that happens here. And when that does happen, they always seem to be editing from the same mobile ranges as half the admins on the project. I've tried to ask about this on AN, but I fear my comment was misinterpreted as badgering over the actions taken, when I'm actually not concerned with what happened, just on how to best move forward here. Ajraddatz (talk) 08:32, 10 March 2016 (UTC)
I've been following this, but have been reluctant to comment. With a case being before the Ombuds, a group who have been known to mess up their reviews of CU usage, I feel urged to tread even more lightly. Ajraddatz, specifically your request posed to me in private really did seem like your were concerned with what happened vs. moving forward, and I don't think it's hard to see that. So I have not commented.
I get that stewards have a more stricter view of policy use in general, and that IAR, as far as I am aware is non-existant on a global scale. Being the biggest wiki, and the most targetted wiki, things that work on a global scale, do not work locally and vice versa. I can't count on two sets of hands (aka 20 cases) the amount of cases that I've dealt with users with advanced rights and "trusted users" violating the sockpuppetry policy in significant ways. That's just off the top of my head, and i'm only one checkuser.
If I look to the proposal, and "privacy" and "security" are the only words someone has to drop and they are given IPBE, then we've lost the battle to combat sockpuppetry already. We've had administrators on this project give out IPBE 1) When the user is affected by a block...but they don't provide any details about the block 2) Haphazardly to "trusted users" with less than 1k edits and a couple of weeks on the project. With the amount of abuse we have on this project, those are very dangerous things. When IPBE is granted it gives the user the ability to edit via proxy, and we never know their original location via Checkuser once that data drops off the map for more than we can check back. So when a sockpuppetry case comes up with their name in it, checkuser is utterly useless to combat sockpuppetry and it dives down to behaviour. Behavior is a lot harder to prove, and your mileage varies by administrator. That is why checkusers don't accept privacy and security as valid reasons without more details, and likelihood of issues arriving if they don't use a proxy. -- Amanda (aka DQ) 02:32, 11 March 2016 (UTC)
My objection to this is that the current level of strictness seems highly excessive considering that there's no evidence IPBE is being actively misused, or that lowering the requirements somewhat would change that. I don't think we should necessarily grant it to people who have been around only for a few months, but is it really better to err so far on the side of caution when it comes to well-established members of the community just to mitigate an utterly minuscule risk that they would sock? To me it's doing more harm than good. wctaiwan (talk) 03:08, 11 March 2016 (UTC)
The problem with this view is that IPBE is a social right versus a tool, as it should be viewed. The reason that it's granted is so that the user is able to continue editing, which is a right of Wikipedia. If it's not needed any longer, then why does it need to remain? We can discuss removal/retaining methods (which I think would benefit from a discussion) in another discussion. More well established users sock than I feel your aware of. While it's a small percentage, if it's something that can be prevented by removing an unneeded IPBE, then why not do that? -- Amanda (aka DQ) 07:04, 11 March 2016 (UTC)
If we want to just let this be used all over (which I oppose) then perhaps it could be bundled to the soon-to-be created usergroup for 500edits+30days (tentatively named extendedconfirmed). — xaosflux Talk 00:34, 12 March 2016 (UTC)
While technically possible, I agree that adding it to the new usergroup would be a bad idea. Ajraddatz (talk) 20:29, 12 March 2016 (UTC)
The main objection is that it creates a burden for the user. I've had to apply twice for an exemption now, due to premature expiry. It just happens that the VPN service I use, which I have to use to edit from home, isn't blocked by WP at the moment. Eventually someone might notice it's shared and add it to the list, and I'll have to explain the whole thing a third time. I really don't think automatic revocation is going to have a significant effect, compared to the burden it creates and accounting for the fact that it can be removed if abuse is detected. The issue is basically that if someone stops editing for a few months or their endpoint switches to a non-blocked address for a while they end up having to re-apply, wasting everyone's time. ゼーロ (talk) 09:44, 11 March 2016 (UTC)
Thanks for the reply. I do apologize if it seems like I'm here to beat a horse or pillory Mike V in particular. Regardless of what you may think, I assure you that isn't the aim. My question to you in PM was more directed at the rationale behind the practice of mass checking, to see if there was historical context or discussion around the justification for it, but I understand why you wouldn't want to reveal that. As was my question on WP:AN. Unfortunately, with non-answers from both venues, the OC was the next step for me to take. I didn't want to move forward with a proposal without understanding the local context behind the actions, and the local justification for them - to some extent, that still hasn't happened. m:Ignore all rules is a thing, though not really a policy, and in general you are right that we take a more restrictive approach to using tools - especially with privacy considerations. That is one of the reasons why I was asking around locally, because I know that attitudes here could be different, though I wanted to see how those attitudes stood up with the global policy surrounding the use of the rights.
It's interesting (and useful to know) that so much abuse of multiple accounts comes from trusted users, and if that is a real problem, then it's definitely something to consider when suggesting any changes to the policy. Ajraddatz (talk) 03:12, 11 March 2016 (UTC)
In the standing of global policy, I feel the checking of accounts is justified by "and to limit disruption of the project. It must be used only to prevent damage". We are preventing damage by checking to see if the block is still needed. As for the method of mass checking, I think we can make efforts to contact people first before using the tool. If no response is garnered from that, and there are recent edits, I'd then run the CU, else I would remove the flag for inactivity. If they still claim there are active blocks, i'd make a cursory check to verify the story at hand. If they don't need it, then they don't need it. That minimizes the impact on privacy.
Also the local Arbitration Committee is able to handle abuse/improper of priviliges complaints. Would your concerns not also fit within the local policy on checkuser use? Cause the committee does deal with the granting and removal of tools. But maybe that's the confusion with the m:CheckUser policy. It says local wikis should investigate first, and gives them the option to remove the bit, but then says all complaints of infringement go to the OC. -- Amanda (aka DQ) 07:04, 11 March 2016 (UTC)
That justification does make sense, if it is being used selectively rather than applied to anyone holding the IPBE flag - it seems counter-intuitive to say on the one hand that users with IPBE are trusted to not be disruptive, but on the other to say that having the IPBE flag is justification for being checked at any time. But what you suggest, with using it as part rather than the basis for the audit, makes sense. Removing CheckUser from the equation altogether is also obviously not an option, since it would remove any evidence-based handling of IPBE cases. Contacting people beforehand should also minimize the fallout, since there is less of a shock factor for it, and people who still need it can explain why before rather than after. This sounds like a good basis for an RfC, at least with regards to the removal of the flag. Per your last comment, I'm not sure about allowing broad access to it, though some privacy-related cases could be legitimate.
My concerns would fit within the local policy, which must be no less restrictive than the global one. Arbcom might have been a better route to go through for this for me, especially since I am looking for the local experience with these practices and what impact a change would have. You're right that there is a bit lot of jurisdictional overlap, mainly because most projects don't have a local arbcom, and not all local arbcoms handle CU/OS investigations. I guess what I was mainly going for was the OC's role in investigating local compliance with global policies, as per the opening paragraph here. If some sort of workable proposal comes out of this, then there is no need for them to get involved. Thanks for engaging in a conversation - that's what I wanted the whole time, and again I am sorry if it didn't seem that way. That's on me. Ajraddatz (talk) 07:32, 11 March 2016 (UTC)
Re "1. Privacy and security are valid reasons to request an exemption.", I just can't get around the problem that this lets anyone who is willing to say the magic words would get IPBE. I think something like this would be better: "has to convince an administrator that IPBE is needed. The admin may grant the user right based solely on a desire for privacy and security, but this should involve a conversation with the user to determine whether they understand in what way IPBE does and does not increase privacy and security, and should be balanced against the user's history (new accounts and accounts that have multiple blocks or complaints would be less likely to get IPBE, accounts in good standing with years of experience, few blocks/complaints and many edits, and which show knowledge and a willingness to follow our policies would be less likely to get IPBE.)" That's rather long and wordy and certainly could be condensed, but you get the idea.
Re: "2. Exemptions shall be removed if there is reasonable suspicion of abuse, or if the user does not indicate they wish to retain it in response to a regular email. The email would be sent once a year. In cases where abuse is suspected, care should be taken to avoid preventing the user from participating in discussion of the issue." This seems like a no-brainer. There should be a central page that anyone can watch that will indicate who hasn't responded after, say, a month. --Guy Macon (talk) 03:53, 12 March 2016 (UTC)
I think something like this certainly needs to be done. I do agree that it shouldn't be automatic, but that it should be much more readily granted to editors in good standing, and that a simple desire for privacy and security is sufficient reason for requesting IPBE to use a VPN connection or the like. I use a VPN on my phone and often on my computer, and certainly always if I'll be editing from a public location. That's not an indicator of malicious intent, it's just good security and privacy practice. I broadly agree with Obabinia above that we aren't being very good Internet citizens by actively discouraging the use of such privacy measures, and that we should make it reasonably straightforward for good-faith editors to do so. Seraphimblade Talk to me 00:13, 13 March 2016 (UTC)
  • I'm going to state the obvious here. The most logical reason to explain why we aren't seeing significant abuse of IPBE is because it is not handed out like candy. People actually have to ask for it and explain their reasoning, and they have to have an editing history that is sufficiently positive to justify the risk involved. I strongly discourage dropping that level of expectation. "Security or privacy" - well, hell. We regularly get people wanting to open up the project to the entire Tor network because someone they know and like uses Tor (I'm not kidding, it comes up at least once or twice a year from WMF staffers, not to mention others.) All of these suggestions and desires come from people who don't deal with the messes that are caused. I don't mind the idea of dropping regular screening checks. Any significant loosening of requirements wwill have a net result of a lot more hardblocked VPNs (with good reason, since they're being used for otherwise-uncontrollable vandalism), and probably the removal of IPBE from those who use those VPNs because we can't tell them from the trolls. Keep that in mind, too. Risker (talk) 00:50, 13 March 2016 (UTC)
How would you feel about allowing long time users in good standing to request an exemption for VPN use, and adding the email polling before removal? That seems like it wouldn't create an undue burden, and in fact might lessen the burden somewhat. I'm on my third exemption now, and every time it requires wasting my time and an admin's time to set up again. ゼーロ (talk) 13:15, 14 March 2016 (UTC)

How about this wording?

1. Users with good standing (many sustained good edits over a considerable period of time) may request exemption on privacy/security grounds, without need for further justification? 2. Before removing an exemption, the account owner should be emailed and allowed to request an automatic extension simply by replying.

ゼーロ (talk) 16:16, 14 March 2016 (UTC)

I'm not so sure if that's a good idea. The idea of an editor in "good standing" has never been solidified by the community. Some administrators have high standards and expect thousands of edits with months of editing, while others only require a handful of good faith edits and a couple of weeks on the project. The ambiguity also allows users to cherry pick which admin(s) they'd like to ask so they can receive a favorable response. I'm not a fan of granting it carte blanche to anyone that says it's for "privacy/security reasons". As Risker pointed out, sometimes these "security" reasons are really just editors are using an anonymizing service in a different country so they can access a different Netflix catalog. They simply don't want to turn it off while editing. We should have some form of confirmation that there is a legitimate need, whether this is through CU or discussion with the functionary team. The automatic renewal via email poses another issue. As I've noted in my original post in February, most users had it removed because they were no longer affected by a hard block. If a user is no longer affected by a hard block, it doesn't make sense to extend the permission. As for users that are using for exceptional circumstances, we should determine if the reason for granting it is still in play. Some users are no longer editing from an area of concern and occasionally, others have been misleading with their request. With a user right that does have the ability to be misused (as noted by DQ above), we shouldn't keep it enabled on just their word alone. Mike VTalk 21:24, 14 March 2016 (UTC)
Can you see any way to facilitate or at least reduce the burden on users who either choose to use or require a VPN service? ゼーロ (talk) 09:47, 15 March 2016 (UTC)

As no-one seems to have anything else to add, I suggest starting the RFC with the questions above. Any objections? ゼーロ (talk) 11:02, 17 March 2016 (UTC)

We are close, but I would like to see and comment on the exact wording that is going to go into the RfC first. Right now I am not sure whether you are proposing that a talk page notice (possibly asking for an email reply) would be used to see if I still need IPBE (this is the usual method) or whether for some reason it has to be by email. I would also like to confirm that the "desire for privacy or security is enough" question is a wholly separate question and not bundled with some other question. --Guy Macon (talk) 14:06, 17 March 2016 (UTC)
Okay, how about two separate questions then:
1. Before expiry of IPBE a notice will be placed on the user's talk page, with an opportunity to request extension there. Extension should normally be given upon request.
2. Users with good standing (judged by the admin, based on having made a positive contribution over a considerable period of time) may requset an exemption on privacy/security grounds, without the need for further justification.
It makes sense to use the talk page. ゼーロ (talk) 14:37, 17 March 2016 (UTC)
I like it. --Guy Macon (talk) 14:41, 17 March 2016 (UTC)
#1 seems reasonable to me, as well. This is basically how desysopping and removal of Crat rights for inactivity already works, so a warning message, say, 1–2 weeks before removal seems perfectly acceptable. Not sure about #2, as I'm generally against the granting of any rights "in perpetuity". --IJBall (contribstalk) 19:48, 19 March 2016 (UTC)

CUs Giveth, CUs Taketh Away[edit]

Out of curiosity, would it make it easier to follow policy if CheckUsers were the only ones who could add and remove the permission?They're the ones that have the information anyway, and administrators need to consult them... It would also provide a barrier from admins self-applying it so they can use Tor and reduce conflict. I don't know, what do people think? Kharkiv07 (T) 14:46, 17 March 2016 (UTC)

Since admins place ip blocks (including rangeblocks) they should be able to resolve collateral damage with IPBE. — xaosflux Talk 14:51, 17 March 2016 (UTC)

RfC: Proposed expiry notice for users with an active IPBE[edit]

There is consensus to require notification of users before removing their IPBE, with extensions typically being granted if a credible case for need can be made. (non-admin closure) ~ RobTalk 06:11, 18 May 2016 (UTC)

The following discussion is closed. Please do not modify it. Subsequent comments should be made on the appropriate discussion page. No further edits should be made to this discussion.

Before expiry of IPBE a notice will be placed on the user's talk page, with an opportunity to request extension there. Extension should normally be given upon request. ゼーロ (talk) 14:53, 21 March 2016 (UTC)

  • Support this addition. As I discussed above, this change will ensure that the person with IPBE has a say in whether they keep it, and gives the CheckUser/admin investigating some additional context of why they have the rights and might still need them. Ajraddatz (talk) 00:00, 23 March 2016 (UTC)
I would also like to point out the problems with maintaining an "abuse mentality". As someone who very often deals with global vandalism and sockpuppetry, I understand how easy it is to see bad faith behind every action, and to overstate the potential for abuse associated with certain abilities. But we need to balance that out with reality. Wikipedia is a site where everyone can edit, and that is going to lead to some abuse by nature. But that doesn't mean it will lead to only abuse, nor that we should base all of our actions around preventing any potential for it. The vast majority of IPBE flags are held in good faith and not abused, and we need to find a balance between mitigating potential harm and allowing people to still contribute in tricky situations and with respect for their privacy. As I've said before here, this compromise of creating a conversation between the investigator and investigated accomplishes this balance - and I agree that the flag should generally be retained unless there is a good reason why it shouldn't be. Ajraddatz (talk) 22:09, 27 March 2016 (UTC)
  • Support this change. It should reduce the workload for admins by not having to re-evaluate IPBEs so often, and accommodate people who move around or take a break from editing so sometimes don't need the exemption for a time. I don't see any real down sides, except that it will require some small amount of work to implement. ゼーロ (talk) 09:04, 23 March 2016 (UTC)
  • support, although recommend tweaking the wording slightly to ask a question in the RFC "Should the IPBE policy be changed to..." etc Gaijin42 (talk) 15:03, 23 March 2016 (UTC)
  • I have to oppose as it's written. I'm particularly concerned that "extensions should normally be given upon request". If a user doesn't have a valid need for the right or is no longer affected by a hard block, why should they still keep it? At that point, it simply becomes hat collecting. Just to be clear, I'm not opposed to having a discussion with the user involved. I just don't think we should default to enabling the right simply because they object to its removal. Mike VTalk 19:06, 23 March 2016 (UTC)
  • How about replacing "Extension should normally be given upon request" with something like "Extension should be given according to administrator discretion, with a bias towards assuming that someone who says that he still needs IPBE is telling the truth"? --Guy Macon (talk) 19:33, 23 March 2016 (UTC)
  • Unless the user in question has the templateeditor, reviewer, rollback, filemover, and all the online course or whatever they are rights then I don't think hat collecting should be the main concern. What if the proposal were re-worded to say something like "While conducting IPBE audits, CheckUsers should first contact the user in question through email or on their talk page, and give them an opportunity to justify continued use of the IPBE flag. Should the user provide a compelling rationale, then their IPBE access can remain at the discretion of the user conducting the audit." To me, this represents a middle ground, where the auditor and audited have a conversation, rather than either unilateral action or indefinite access by default. Ajraddatz (talk) 19:34, 23 March 2016 (UTC)
Hrm, I agree with the premise of a conversation, but "compelling rationale" and "discretion of the auditor" seem to leave us exactly where we are right now, unless we do a second RFC to define what compelling rationale is. I think the presumption should be to leave it, if the user says they want it, but if the admin can justify why it should be removed anyway. If admin "Pike X" chose to run an audit, whats to stop him from deciding everyone's reason isn't good enough? Gaijin42 (talk) 20:14, 23 March 2016 (UTC)
Well, we'd probably need another discussion. The problem is that all of the people involved in the auditing process now see IPBE as something which can be abused, because of the few cases where it has been. The users with IPBE see it as something to allow them to edit normally. The fact that this change forces a conversation to happen is, to me, the most important point, so that both sides engage and see the perspective of the other. While it does leave a lot up to the admin/CU doing the audit, this is going to happen no matter what the policy is (and if admin/CU discretion is not allowed per proposal, then the proposal will never pass). Ajraddatz (talk) 20:26, 23 March 2016 (UTC)
I absolutely think it should be discretion. But I think it should be discretion where the default answer is "keep, unless..." instead of "if you can't convince me that you meet an undefined criteria, I'm going to remove it". Gaijin42 (talk) 20:30, 23 March 2016 (UTC)
I wrote it that way on the premise that if the exemption was once given then someone must have looked at it, and now it's more a question of just avoiding the situation outlined in the discussions above where someone stops editing for a few months or temporarily edits from somewhere that the block isn't needed. I've fallen victim to this myself. ゼーロ (talk) 09:27, 24 March 2016 (UTC)
Mike V, I'm glad you're “not opposed to having a discussion with the user involved”, but I've experienced first-hand what that “discussion” with you looks like, and it's just not good enough. --Babelfisch (talk) 19:15, 25 March 2016 (UTC)
  • Support – This is basically just the suggestion #1 immediately above this RfC, without the problematic #2. I assume the existing policy allowing CheckUsers to remove the right if it is abused (without a notice requirement) still stands. All in all, this strikes me as a fair approach to this. --IJBall (contribstalk) 22:42, 23 March 2016 (UTC)
  • Comment: If a hard rangeblock is placed and this is the solution for allowing an editor to continue, then the expiration or removal of the rangeblock warrants the removal of IPBE - why would a notice period be needed? — xaosflux Talk 00:38, 24 March 2016 (UTC)
    In case there are other reasons behind them using the hardblocked IP. If it is a proxy so they can edit through government firewalls or just maintain privacy, then they might be able to inform the admin in question during that discussion. I fail to see how having that discussion is in any way unreasonable. If there is no reason for them to still have it, then it's just a quick message and reply, and then the flag can be removed. If there is a bigger reason, then the conversation can reveal that to the admin in question and they can move forward in a collaborative way. Ajraddatz (talk) 01:28, 24 March 2016 (UTC)
  • Comment As I have explained before, I may go many months not needing IPBE (because I am working from my home here in California) then suddenly need it very badly (because I am working on-site in China and am contractually required to only access the internet through Tails (operating system) and Tor (anonymity network).) I can easily convince an admin that I need IPBE, but if it is removed without notice I may very well be left with no way to log on to Wikipedia and make my case. --Guy Macon (talk) 21:32, 24 March 2016 (UTC)
  • So of course noone is obligating you to edit, and it does seem a bit of a stretch that your contract includes what you do with your own personal computers on your own personal time....; not to say that you can't legitimately have a use for this. — xaosflux Talk 22:10, 24 March 2016 (UTC)
  • True, not editing is always an option. Feel free to request that your account be blocked to show us all how desirable you think that option is... I do engineering and product design in the toy industry where the industrial espionage make many governments look like amateurs. My standard contract requires that while I am in China all internet access -- at the factory or in my hotel room, accessing design documents, editing Wikipedia, or looking at xkcd -- be through Tails and Tor. --Guy Macon (talk) 22:42, 24 March 2016 (UTC)
  • Note, I did leave that you have a legitimate use. This is an overall tricky subject, and these discussions are getting long - if the community decides that this is something that just anyone can have - then why make them ask in the first place, just bundle it the soon to be created extendedconfirmed access and let it be. — xaosflux Talk 00:33, 25 March 2016 (UTC)
  • You make a good point. It is tricky. Given that IPBE makes sockpuppet investigations difficult, there really is a good case for limiting it to those who can at least make a reasonable argument that they actually need it. --Guy Macon (talk) 01:17, 25 March 2016 (UTC)
  • SupportThis really shouldn't happen again. Remember: “Assuming good faith (AGF) is a fundamental principle on Wikipedia.” (WP:AG). There is no point of blocking users who are not guilty of vandalism. --Babelfisch (talk) 19:15, 25 March 2016 (UTC)
  • Question: How can we word our policies so that things like this are forbidden while retaining the absolutely vital administrator's discretion in cases where there is an actual reason for removal? I really don't like the fact that WP:AGF was ignored and a 12-year veteran editor with a clean block log was required to prove to a functionary that he isn't telling a lie about going to China every time he makes a trip. Also see: Wikipedia talk:Blocking policy/Archive 10#IPBE. --Guy Macon (talk) 21:45, 26 March 2016 (UTC)
That's why I phrased it "Extension should normally be given upon request." In other words, simply asking for an extension when notified should normally result in an extension, unless there is some overriding reason. The theory is that the initial decision involved checking and should be enough, unless there is some actual reason to remove it beyond "you didn't use it recently enough when I randomly happened to be looking." ゼーロ (talk) 23:29, 26 March 2016 (UTC)
  • Comment. I don't understand why we would default to giving extensions when they're not necessary. If you need it, then I can see how an extension would be warranted. But if you're just requesting it because you think you might need it again some day, then you shouldn't have the right automatically renewed. NinjaRobotPirate (talk) 04:42, 27 March 2016 (UTC)
  • What if my particular "I might need it again some day" is a 95%+ chance that I will need it very badly some time in the next three years? As an established and trusted user, shouldn't it be my call whether I will need it or not? Having the admin bit is a lot more dangerous than having IPBE, but what happens every time someone suggests that admins be required to periodically prove that they still need the tools? It gets shot down in flames is what happens. --Guy Macon (talk) 04:54, 27 March 2016 (UTC)
  • My thinking is that if you were granted it once then a check was done and you have not done anything to warrant removing it, so give the benefit of the doubt. Since editors rarely turn evil it seems like it would mostly reduce the burden of re-requesting and re-checking while only marginally increasing instances of abuse, if at all. ゼーロ (talk) 21:47, 27 March 2016 (UTC)
  • For the 99% of IPBE cases, where the editor in question is a good-faith contributor, then there should be no harm in keeping a flag that only has intermittent use. This is a site that anyone can edit, and anyone should be able to edit; if people want to edit while they are in China on business trips, then we shouldn't be forcing them to run through hoops every time. Ajraddatz (talk) 22:09, 27 March 2016 (UTC)
  • Support, this should at least help prevent the mess that led to this becoming an issue. And someone who's already been entrusted with it and is not misusing it should be able to say "Yes, I still need it" and be taken at their word. Seraphimblade Talk to me 07:59, 27 March 2016 (UTC)
  • Support. If the user has had the IPBE for some time and there is no sign of abuse while editing with it, then it's only polite to check with the user rather than removing the block with no warning. I'm sure someone can soon draw up a simple template for such a case. I don't see the rush to rapidly withdraw IPBE without warning. Ronhjones  (Talk) 22:26, 27 March 2016 (UTC)

I think it's time to close this RfC, since no-one has commented for well over a month. Any admins about to look at it? ゼーロ (talk) 07:50, 4 May 2016 (UTC)


The discussion above is closed. Please do not modify it. Subsequent comments should be made on the appropriate discussion page. No further edits should be made to this discussion.

Freedom and the equality of proxified users[edit]

"Requesting an IP address block exemption, because of the equality of status." According to your given information in "/wiki/Wikipedia:About" and in your Terms of Use: "Allowing anyone to edit Wikipedia means that it is more easily vandalized or susceptible to unchecked information, which requires removal." and: "Empower and Engage people around the world to collect and develop educational content and either publish it under a free license or dedicate it to the public domain", you are allowing ANYONE to edit Wikipedia and it would seem that you asked people world wide for getting involved, which does not apply to people who cannot edit Wikipedia by using Proxy that shelter themselves from attacks by any authorities (such as those that attempting on somebody's life or seeking somebody's freedom, eg.).
So, where do we go from here? Isn't it contradicting itself, to exclude those individuals who have an tremendous demand for support like that??
Greetings from Greece. — Preceding unsigned comment added by 212.38.166.23 (talk) 22:10, 16 April 2016 (UTC)

I agree. People who have to or want to use proxies/TOR/VPNs for whatever reason are second class citizens on Wikipedia. I understand the argument that there is a lot of abuse from people using those services, but I also find the lack of will to even try to accommodate people who can't show an immediate and dire need a bit disappointing. ゼーロ (talk) 14:12, 18 April 2016 (UTC)
Can confirm. People with privacy needs or wants are treated as second class citizens here. The folks at the Tor project have never been happy with the situation on Wikipedia, and I can't say I am either. Zell Faze (talk) 18:32, 24 May 2016 (UTC)

RfC: Grant exemptions to users in good standing on request[edit]

NO CONSENSUS, POLICY UNCHANGED:

A change to IPBE policy proposed would allow admins to grant IPBE to users in "good standing". Current policy is that the exemption is granted to accounts affected by IP blocks intended to prevent vandalism or disruption. Comments in support included that a change would bring it more in line with global exemptions (where there is no set policy), that it allows users who normally use the Internet behind a VPN/proxy for privacy to continue to do so under its protection, etc. Comments that expressed concern mentioned that the RfC statement itself was indistinct in guidance, that the "loose definition of 'good standing'" may vary from admin to admin, that the right contains too much potential for abuse for "good standing" to be enough of a reason.

It's apparent that arguments both in support and opposition are grounded, and there was no rough consensus that arose from the discussion. A simple count of the !votes, if I got it correct, yields 17 in support and 21 in oppose (a 44.7% overall support), which is not considered enough to justify a policy change.

Permissions are typically granted when the editor has expressed a clear need, and are usually not done in anticipation or simply in good standing. There are suggestions that the wording in the current policy can be adjusted or softened, which is potentially an avenue worth pursuing. But that was not in the scope of this RfC.

Hence, the onus is on editors who wish to remain anonymous with IPBE to clearly explain why their circumstance is "highly exceptional". Requests by users in good standing should contain a valid explanation for exemption, such as being block-affected. (non-admin closure) — Andy W. (talk ·ctb) 05:28, 9 July 2016 (UTC)

The following discussion is closed. Please do not modify it. Subsequent comments should be made on the appropriate discussion page. No further edits should be made to this discussion.

Users with good standing (judged by the admin, based on having made a positive contribution over a considerable period of time) may requset an exemption on privacy/security grounds, without the need for further justification. ゼーロ (talk) 15:50, 23 May 2016 (UTC)

  • Support Privacy and security are extremely valuable to many editors, and if they have shown good standing over a long period of time and are unlikely to abuse the facility I see little reason to not grant them the opportunity to contribute without compromising their privacy and safety. ゼーロ (talk) 15:52, 23 May 2016 (UTC)
  • Support per Katakana-Zero. Gaijin42 (talk) 15:55, 23 May 2016 (UTC)
  • Oppose due to the possibility of an account becoming compromised. As with any other user right, a need should be demonstrated. If we require "need" for something like rollback, we should obviously require "need" for an IP block exemption. ~ RobTalk 15:56, 23 May 2016 (UTC)
If an account is obviously compromised, indef block them and roll back their edits. It's not hard. Ritchie333 (talk) (cont) 10:14, 1 July 2016 (UTC)
  • Oppose I dislike the idea of using a loose definition of "good standing". Some admins might have high expectations and others might have a very low threshold for granting. We have more concrete standards for template editor, auto patrolled, autowikibrowser, etc. For something as important as IPBE, any proposal should have a more detailed criteria than just simply admin discretion. Also, I don't believe administrators are equipped to determine if a user is in good standing for IPBE. For instance, they would be unaware if the--re was ongoing sockpuppetry, XfD fraud, good hand/bad hand editing, block evasion, etc. By granting IPBE for privacy reasons with no justification, you're essentially granting it to whoever requests it. IPBE is a right that is open to abuse and it would be wise to exercise caution in granting it. Mike VTalk 04:44, 24 May 2016 (UTC)
Pictogram voting info.svg Note: As this is a proposal that would significantly change the IPBE policy, I have place notifications on the Administrators' Noticeboard and the central discussion template. Mike VTalk 04:44, 24 May 2016 (UTC)
  • Oppose This proposal lacks any nuance. I think an iterative improvement process would be better than superseding the policy with what is essentially handing it out like candy. HighInBC 04:50, 24 May 2016 (UTC)
  • Oppose All user rights should show a need for them. Further justification beyond "I want it" should be required. --Majora (talk) 05:00, 24 May 2016 (UTC)
  • Oppose - for a major user right like this, we need a better criterion than some admin thinking the user is in "good standing". עוד מישהו Od Mishehu 05:05, 24 May 2016 (UTC)
  • Oppose Any proposal should start with a clear statement of why the proposed change should be made, and how it would help the encyclopedia. Currently, it sounds like a suggestion that hat-collecting should be made easy. Which editor has needed this right, and has been denied it? Johnuniq (talk) 05:11, 24 May 2016 (UTC)
  • Comment I've said previously that we are way too precious about IPBE. The actual observed rate of abuse from this source seems to be low to nonexistent. And to respond to Rob's point, this is the only user right for which "need" even makes any sense; it is possible to need IPBE to edit at all, but nobody actually needs rollback or whatever. That's just a sort of social fiction. However, as written this proposal is too vague to provide meaningful guidance. On the one hand, it invites frivolous requests (oh hey, a new hat!) and could raise the risk of abuse to unacceptable levels. On the other hand, it also shifts the balance from judgment of the requesting individual's private circumstances to judgment of their on-wiki persona. This may well lead people to be too restrictive, since "good standing" is poorly defined; we'd see requests rejected over a six-month-old edit-warring block, a tendency to get fighty on noticeboards, or other minor misbehaviors that the community generally tolerates and that have only fanciful connections to potential IPBE abuse. Opabinia regalis (talk) 05:48, 24 May 2016 (UTC)
  • Question What specifically constitutes 'in good standing' for the purposes of this proposal? SQLQuery me! 06:15, 24 May 2016 (UTC)
It's difficult to define that exactly. I think it has to come down to judgement, just like judgement is used for various other things (granting an exemption on other grounds, various investigations, arbitration etc.) Otherwise we are in danger of assuming bad faith about everyone and putting worry and the effort of doing a cursory investigation over people's privacy and security. ゼーロ (talk) 10:38, 24 May 2016 (UTC)
  • Oppose I suspect this is an attempt to rollback the recent IPBE revocation that several administrators and check users worked on a few months ago. Part of having the IPBE is so that that good faith editors who are unfortunately caught in the friendly fire of having to lock down a range of IPs that have been repeatedly disruptive (blocked on multiple IP addresses). Editors who have true need of this permission will be able to use the already established process (which includes UTRS and running a checkuser) to verify that they are eligible rather than "in good standing". Hasteur (talk) 12:29, 24 May 2016 (UTC)
  • Support. It will bring it more in line with the practice of granting the global IP exemptions. Ruslik_Zero 12:49, 24 May 2016 (UTC)
  • weak support I'd prefer that a reason should be given, but with a presumption of IPBE being granted to users in good standing unless there is evidence that the reason given is irrelevant or false. Certainly once an IPBE is granted it should not be revoked without at least one of (a) clear evidence of misuse of IPBE (not unrelated poor conduct), (b) a long term block of the user, (c) exactly zero edits and logged actions for at least six months or (d) an explicit statement from the user that it is no longer needed. If an IBPE is removed for reasons c or d it should be automatically regranted on request if they remain in good standing. Thryduulf (talk) 14:20, 24 May 2016 (UTC)
  • Oppose - This is purely an "as needed" usergroup, not some trophy to collect. Reaper Eternal (talk) 14:33, 24 May 2016 (UTC)
  • Oppose on grounds that this lacks specifics. What is "good standing", and is a request just "I'd like to have it"? I would, however, support an RfC which clarifies that a desire for privacy and security is a sufficient reason to request IPBE. I edit from public places with some frequency, and to do so without using a VPN is utterly insane. It doesn't affect me in any case, since admins by default have IPBE, but the same privilege should be available to other users who don't want to edit on an easily compromised public or shared connection without taking reasonable precautions. Seraphimblade Talk to me 14:47, 24 May 2016 (UTC)
  • Oppose Users in good standing can be given IPBE per a demonstrated need. If they don't need it, there is nothing to gain from giving it out. --Jayron32 15:31, 24 May 2016 (UTC)
  • Support Having tried a few times to get an IP Block exemption myself so that I can edit with Tor or one of my VPNs, I have found that the current process is overly complicated and usually leads nowhere. You seem to need to be in some sort of immediate danger or something and can't just be someone who cares about their general privacy. By changing the policy in this way, people who feel like they need or want that sort of privacy protection could do so. For me it is so inconvenient to have to turn off my VPN or use a non-Tor browser to edit Wikipedia, that I often don't bother to make fixes to articles when I am using my privacy enhancing tools. We lose contributions this way. I'm not sure how many, but it is definitely a non-zero number. Zell Faze (talk) 18:30, 24 May 2016 (UTC)
  • Support - if people want to be more anonymous by editing through proxy or TOR, and are obviously not vandals, then there should be no blocks to them doing so. To be brutally honest: what harm does it cause if some people "collect" this flag? I would say that the potential for good use of it well outweighs the non-existent downsides for people who obtain it and then don't use it. Ajraddatz (talk) 18:48, 24 May 2016 (UTC)
    • Even if there's no harm from the wider distribution of the right, there's still a high potential for social harm in asking admins to render public judgments on something as vague as "good standing". Opabinia regalis (talk) 20:23, 24 May 2016 (UTC)
      • I assume you mean social harm in the form of debates over whether or not a user meets the vague criteria of "good standing", and that is a fair point. The proposal could be reworded to have some specific metrics to judge that on, and obviously IAR would exist for other cases as needed. I personally prefer vague wordings, because those can encompass more cases without needing to invoke IAR, and it prevents increased bureaucratization of the project. In my experience on Wikidata and at the global level, we have very few actual policies with set criteria. There is no policy for assigning a global IP block exemption, for example. Instead, we need to perform actions with sufficient justification that should we be questioned on them, there is no issue with either defending or overturning the action. Here though, there is definitely a different "political climate" for lack of a better phrase, and perhaps that type of broad wording doesn't work as well here. Ajraddatz (talk) 21:19, 24 May 2016 (UTC)
  • Oppose I have no problem loosening the IPBE requirements just a little bit so more people can demonstrate need, but this is way too vague to garner my support. Katietalk 19:40, 24 May 2016 (UTC)
  • Support - It used to be a lot easier to grant. Wikipedia is an easy place to abuse, having IPBE so difficult to get hasn't stopped sockpuppetry nor caused a reduction in vandalism, etc. People overestimate what it does. If we really give a damn about letting people edit anonymously (something the Foundation seems to think is important) then we need to loosen our grip on IPBE for editors as long as they have significant experience with no behavioral issues, subject to community review at WP:AN for revocation. If you don't want it treated like a trophy, don't make it so hard to get. Dennis Brown - 23:06, 24 May 2016 (UTC)
  • Support. There are many cases when IPBE can be useful/necessary for users. Sincerely, Marksomnian. (talk) —Preceding undated comment added 15:43, 25 May 2016 (UTC)
  • Oppose; (also see below in the other RfC) the primary issue isn't random new users acquiring IPBE, but existing users using it to hide behind a proxy so that they can not be matched against bad hand accounts. As for stating that there is little to no extant abuse of the right, that's pretty much meaningless: by definition the right allows evasion of detection of abuse so we couldn't know. Thus, limit the right to users we (a) trust enough to not sock and (b) when they actually need it. — Coren (talk) 15:20, 26 May 2016 (UTC)
    A note: If the security provided by a registered account over SSL is not sufficient to protect you from harm, then IPBE will not help you beyond giving you a vague sense of false security - it's not a magic "make me anonymous" bullet, all it does is allow you to add one level of indirection and obfuscate your source IP from Wikipedia by editing through proxies (and TOR) which we have otherwise blocked because of existing, extensive abuse. If there is an attacker after you with resources sufficient to do traffic analysis or identify you despite being hidden behind an account, then that extra step is not going to give you any substantial added security, period.

    I'm not saying people do not have legitimate desire for extra privacy and protection - I'm saying IPBE provides neither of those things. — Coren (talk) 15:29, 26 May 2016 (UTC)

  • Oppose, mainly because if we did this, then 99% of the time you wouldn't need IPBE. That makes this user right totally unnecessary. But IPBE should still be given to users who have to edit through proxies or blocked IPs for some reason. Kylo, Rey, & Finn Consortium (formerly epicgenius) (talk) 19:41, 26 May 2016 (UTC)
  • Oppose: No more hats. All that granting IPBE liberally will do is lead more users to place "This user has IP block exempt rights on the English Wikipedia" userboxes and topicons. — Esquivalience (talk) 23:35, 30 May 2016 (UTC)
  • Support - We can ban IP users from blocks, but once you've signed in, then you necessarily have a traceable history tied with you, specifically. If your specific history is good, why not allow the user to use a DNS anonymizing service? You're no longer anonymous by logging in. Note: I use a DNS for all my traffic through my home network, as I've recently been concerned with privacy. To edit wikipedia from home, I must specifically disable my DNS for a short period, which is a hassle, and defeats my desire to keep my traffic habits out of government bulk data collection lists. There's no reason to maintain the block for logged-in known good users. Fieari (talk) 02:34, 31 May 2016 (UTC)
    I do not see any connection between IPBE and DNS, or indeed between Wikipedia and DNS. The reason for having a history of IP activity is to defend against abuse, and the reason for not wanting an IPBE free-for-all is to defend against abuse from sleeper accounts. Johnuniq (talk) 04:06, 31 May 2016 (UTC)
  • Oppose - My impression is that the current rules are mostly what Coren says above: "Thus, limit the right to users we (a) trust enough to not sock and (b) when they actually need it." At one time I thought we were too fussy about IPBE, but the actual requests for IPBE that I have seen myself were nearly always unpersuasive. Often they were from people with only a few edits saying that their work was being interrupted by a rangeblock. It was typically hard to get any useful information out of them. (I can't cite examples since I didn't make notes of any of these discussions). Under the proposal we are voting on, I assume that the plan is to give those people IPBE anyway. In the above list of comments, I don't see any supports from checkusers. EdJohnston (talk) 03:44, 31 May 2016 (UTC)
  • Oppose I don't exactly understand. Maybe the editor who started this RfC would like to reason with me? --QEDK (T C) 19:28, 31 May 2016 (UTC)
    • @QEDK: My understanding is that the supporters would like any editor to be able to access the site from TOR or similar proxy services to protect their anonymity. There are some legitimate use cases where this is potentially needed (living in countries where contributing to certain articles could result in legal issues, for instance), but they'd like to be able to do that without explaining why they need the user right beyond generic privacy/security issues. ~ RobTalk 19:37, 31 May 2016 (UTC)
  • Oppose We don't need another usergroup, and even with an overseeing admin, could still be ripe for abuse...TJH2018talk 14:00, 1 June 2016 (UTC)
  • Support I have been keeping notes with others on this idea at meta:Grants:IdeaLab/Partnership between Wikimedia community and Tor community. A large number of people have a need for IP block exemption and currently, there is no viable process for granting it to the people who need it. Yawnbox wrote a note on this at "Wikipedia continues to violate my privacy" and I think this is a common sentiment and experience among people who have sincere and pressing reasons to keep their IP addresses private. The talk about the potential of abuse for this is ill-informed, especially considering that there are lots of good ways to minimize abuse potential. Granting "IP block exemption", for example, does not necessarily mean that the user is unknown to the Wikipedia community; one very good way to grant it might be to do so on the basis of recommendations from Wikipedians who know the user or vet them in some way, and vouch for the safety of granting the right to the account. I am not suggesting that the permission be granted without discrimination but there definitely needs to be a sure path for granting it. The currently system for granting it is illogical and discriminatory because it is not standard and arbitrary. Blue Rasberry (talk) 15:48, 2 June 2016 (UTC)
  • Comment/Suggestion Why not just add the ipblock-exempt right into a number of advanced permission groups (rollbacker, autopatrolled, reviewer). If a user is in good standing enough to have additional rights they are in good standing enough to be exempt from IPBlocks. Music1201 talk 05:18, 5 June 2016 (UTC)
    Because reviewer is given out like candy. Rollbacker is only a small step up from candy. And you don't even have to personally ask for autopatrolled to get it assigned to your account. Someone else can ask for it for you. Besides, what do any of those things have to do with editing through a hard blocked IP? --Majora (talk) 05:28, 5 June 2016 (UTC)
  • Oppose sock magnet. - jc37 05:32, 5 June 2016 (UTC)
  • Support assuming the bar for "good standing" was at least at the bar of 500 edits, no socking in the last 2 years, and some other reasonable things to cut down on sock problems. Hobit (talk) 11:02, 6 June 2016 (UTC)

Question: Sorry, the bot sent me. I don't get this question. Are you saying certain users will be allowed to commit wrongdoing and be exempt from getting blocked? Doesn't that happen anyway with admins and Arbs who have the same political persuasion as the editor committing the offense? SW3 5DL (talk)

  • Absolutely not. All this is proposing is that if a user is in good standing they have the option to request and IP block exemption on the grounds of increased privacy and security (typically because they are a VPN or TOR user). At the moment merely pointing out that your government/ISP/employer is monitoring you is not enough to get an exemption, you have to be actually blocked from editing. ゼーロ (talk) 08:23, 9 June 2016 (UTC)
    • Ah, very good. In that case, I support. SW3 5DL (talk) 01:07, 10 June 2016 (UTC)
  • Support - per explanation by ゼーロ SW3 5DL (talk) 01:07, 10 June 2016 (UTC)
  • Strong support of devolving IPBE to admin discretion in general, because few people have fixed IPs these days. My argument has got nothing to do with Tor or proxies. An increasing number of our editors have rotating IPs because mobile internet is becoming prevalent. Granting ipblockexempt to editors in good standing will pre-emptively minimise WP:collateral damage upon a trusted editor which in turn affects editor retention. As an admin who was regularly beset by collateral damage before I got adminship, I feel very strongly on this issue. Deryck C. 11:52, 10 June 2016 (UTC)
  • Oppose per Hasteur. I also see no evidence for Bluerasberry's assertions, either. I was a victim of what Deryck Chan (above) calls "collateral damage". I submitted a request, right was given, and editing continued. I had the right revoked once I moved elsewhere. The current system works. I have doubts about the desires of those wanting a change. Chris Troutman (talk) 18:16, 12 June 2016 (UTC)
  • Support There is some potential for abuse, and we may want to explore additional tools for reducing that risk, but as a starting point, I think we should be more liberal in granting IPBE. Monty845 21:21, 12 June 2016 (UTC)
  • Oppose I don't buy the privacy argument - yes, it may obscure your IP from Wikipedia, but this may cause other issues which I'm not going to go into here in public. Additionally, this really only protects your IP address from a small group of users, and the ops team, who don't use it unless they really really have to (eg. lawsuits). I'm just not seeing how a VPN or tor helps protect privacy on this site - if it bothers you so much, why not just configure the client to not proxy en.wiki traffic while editing? Mdann52 (talk) 15:13, 22 June 2016 (UTC)
    • It protects users from their ISPs spying on them, as well as government agencies. For example, the UK is trying to introduce legislation that would require ISPs to monitor all users in detail, beyond what it already requires in terms of data retention. Using a VPN protects the users from this intrusion. ゼーロ (talk) 07:23, 23 June 2016 (UTC)
      • Erm, under the law, people who provide VPN's are also classed as ISPs (AFAIK), so no, this won't help with that. Mdann52 (talk) 09:04, 1 July 2016 (UTC)
        • That's why you VPN to outside the jurisdiction.  — SMcCandlish ¢ ≽ʌⱷ҅ʌ≼  16:49, 2 July 2016 (UTC)

Comment Currently I can only edit this page from work because an IP block has banned my home IP address, so apologies if my responses are a bit slow. I think this illustrates why this change is needed. I'm now in the position where I have reviewing editors saying I can edit on mobile or during my lunch break at work so it's fine, or that it's just too bad with the implication that the block is more important than allowing an editor to participate and improve Wikipedia. ゼーロ (talk) 07:54, 29 June 2016 (UTC)

  • Support Blocks are cheap, and collateral damage harms the project. If ゼーロ can't make good faith edits and has to file about 4 unblock requests, we have a problem. Nobody has defined "good standing", but I'm going to put a finger in the air and say "would not get an RfA closed as SNOW / NOTNOW" (and not for any other reason) would a suitable yardstick. Ritchie333 (talk) (cont) 10:11, 1 July 2016 (UTC)
  • Oppose: Support, with the same sorts of caveats/restrictions as Hobit, et al.  — SMcCandlish ¢ ≽ʌⱷ҅ʌ≼  16:49, 2 July 2016 (UTC)
  • Support - there are any number of reasons for wanting to use a proxy server on the Internet now, from using the internet at an unsecured point to concerns about government surveillance. (Personally, I use a VPN at home for almost everything except Wikipedia now, although personally I've never bothered to apply for this right.) So giving a reason is superfluous: after all, I could just say "I use the internet at coffee shops" and it would be hard to dispute that short of running a CU on my account and examining the IPs. These decisions should be made on the user's contribution record not on their stated reason. Blythwood (talk) 05:22, 4 July 2016 (UTC)

The discussion above is closed. Please do not modify it. Subsequent comments should be made on the appropriate discussion page. No further edits should be made to this discussion.

RfC: Automatically grant IPBE to users by proof of work alone[edit]

WP:SNOW. Mdann52 (talk) 15:10, 22 June 2016 (UTC)

The following discussion is closed. Please do not modify it. Subsequent comments should be made on the appropriate discussion page. No further edits should be made to this discussion.

Proposal: WP:IPBE shall be granted, for any given language wiki on WP/EN:

  1. with sufficient scope to permit Tor and VPN use (e.g. local IPBE),
  2. automatically (to the extent wikimedia admin software allows — preferably requiring zero user action, or on a bot-automated "click here to get your IPBE" type basis if not), and
  3. to any user who demonstrates any one of the following proofs of work:
    1. an edit history of sufficient length to show that the user is most likely acting in good faith, i.e. not a WP:ILLEGIT violator (e.g. ≥10 substantive edits over the course of ≥1 month)
    2. human effort sufficient to dissuade sockpuppetry (e.g. emailing stewards such that they would notice if multiple requests are from the same human or from a bot)
    3. computational effort sufficient to dissuade sockpuppetry (e.g. Javascript cryptographic task demonstrating ≥4 hours of computational time on an average home computer).

Any IPBE expiration shall be renewed on the same basis.

In particular, as a change to current policy, IPBE shall not require any justification, showing of special need, unusual circumstances, etc. To the extent possible, curtailed only by actual needs to prevent sockpuppetry or automation, IPBE shall be given presumptively, just like HTTPS. Sai ¿? 18:30, 24 May 2016 (UTC)

[edited proposal w/ strikeout & italics per below Sai ¿? 10:49, 25 May 2016 (UTC)]

Qualification: If computational proof work is not adequate alone (e.g. because of botnet or Amazon spot instances), it could be altered to e.g. require periodic CAPTCHAs, or otherwise alter the proof of work to require actual work by an individual human. The first two portions are, in any case, the more important factors. The computational proof of work is solely intended to permit users to prove good faith as a bootstrapping mechanism, e.g. if they cannot send unmonitored email to begin with.

Another method of this — though it lacks the "do it at home" factor I intend — would be to grant IPBE in return for a payment to Wikipedia of some reasonable amount of Bitcoin. Sai ¿? 19:02, 24 May 2016 (UTC)

Discussion[edit]

Justification:

  1. Privacy is a right, not a privilege. Currently, state actors are engaging in widespread dragnet surveillance of essentially everyone who uses the Internet, or everyone who does so in a way that originates from or goes through that country. This includes, for instance, the United States, United Kingdom, China, and Iran. Therefore, Tor and VPN should be considered presumptive necessities, not exceptional cases.
  2. Tor and VPN software is already a very high barrier to people who are under surveillance or restrictive Internet access, whether they are being targeted personally or as part of a dragnet. Wikipedia should not have a policy that further chills this.
  3. Requiring a user to disclose any unusual circumstances harms their privacy. Users who need privacy must not be required to give it up as the price of securing it, especially given the presumption of all communications being made in the context of an actively attacking state actor. This causes very serious — potentially lethal — risks to users in certain regimes or with certain privacy concerns. See talk below for many examples.
  4. Everything talked about in 32C3: What is the value of anonymous communication? (slides, Tor Project blog post on the problem, Tor Project blog post on the study, video)

Disclosure: I have an IPBE, for the reasons described above, as well as for particularized reasons disclosed over PGP to three administrators. This edit was itself made over a VPN requiring IPBE. Sai ¿? 18:44, 24 May 2016 (UTC)

  • I think you are underestimating how much effort the sort of person who would abuse IPBE would be will to go through. HighInBC 18:33, 24 May 2016 (UTC)
    • And you might be over-estimating how much effort someone who doesn't want to abuse IPBE would go through. I mean Jesus, four hours. I am homeless. I don't have four hours to let my computer sit and do work just so I can use a VPN or Tor. That is insane. I want to protect my privacy, but finding four hours where I can sit somewhere like that without the police being called is not always doable for everyone. Zell Faze (talk) 18:37, 24 May 2016 (UTC)
      • I think the standard should include demonstrating a need for IPBE. VPNs are exactly what long term sock puppets use to avoid being detected, that is why those IPs are blocked. People use them to run two long term accounts and to evade checkuser scrutiny, they use them to circumvent community bans. HighInBC 19:26, 24 May 2016 (UTC)
        • I strongly disagree with the premise that IPBE is "need" on any personalized basis. The one and only concern restricting blanket IPBE is controlling abuse.
        Therefore, all that needs to be shown is either that someone is non-abusive, or that they have invested enough effort into the request that it would deter [[WP::ILLEGIT]] spam accounts.
        There is no justification whatsoever, AFAICT, for requiring an individual user to show a *personal* need for privacy; it's a universal right, not a privilege for a select few. (If you disagree, please explain — as distinct from the very different, non-individualized concern of curtailing bulk account creation. Blocks can still of course be made on a per-user basis, IPBE or no.) Sai ¿? 11:16, 25 May 2016 (UTC)
        • You can't always tell if someone is abusive, some people are sneaky. If they are using VPNs then you can't tell if they are a second account helping out their first, you can't tell if they are someone evading a block. Other than the autoconfirm rights no other user right we give out without the person demonstrating a need for it first, so I don't see why this should be any different. Range blocks become useless if we let just anyone request an exemption. HighInBC 13:15, 25 May 2016 (UTC)
      • The inherent contradiction in how we think about "need" for IPBE is that we currently ask people who specifically express privacy and security concerns to reveal information about their situation in order to demonstrate "need". That makes no real sense. What we don't have is a clear sense, in quantitative terms, of what the actual risks are in being less restrictive. Opabinia regalis (talk) 20:40, 24 May 2016 (UTC)
  • This is an interesting idea, but there's too much disparity in people's access to, and ability to use, computational resources for computational makework to be a solution. If I get one sock for every four CPU-hours I can make a whole sock town. For the kind of proof of work that involves investment of actual human time, we already have a pretty good proxy measure for that, usually located at Special:Contributions. Opabinia regalis (talk) 20:40, 24 May 2016 (UTC)
    • 1. This isn't an opposition to the first two methods I stated. Contributions is the first one of them. ;-)
2. Please see the qualification I gave re making computational proof of work require human interaction. For instance, a half hour of CAPTCHAs is probably more than enough.
3. New users can't rely on contributions (obviously), and if they are in particularly repressive regimes, they have a boostrapping problem for being able to contact anyone. The computational prong is purely meant to address this aspect of the problem.
4. One could, for instance, put some sort of "probation" flag on new IPBE users, merely to ensure they're not a botfarm or other [[WP::ILLEGIT]]. Sai ¿? 11:16, 25 May 2016 (UTC)
  • Do you mean to apply this to "every" wiki, or just to enwiki? Because if your goal is to bypass general torblocks everywhere, you will need to bring this up on meta:; enwiki only has jurisdiction over this project. — xaosflux Talk 21:02, 24 May 2016 (UTC)
    • I was not aware of that. I have edited the proposal to apply only to enwiki. I do intend it to apply everywhere, but let's start here for now. Sai ¿? 11:16, 25 May 2016 (UTC)
  • Oppose and speedily close because (a) we have no jurisdiction to apply this on other language projects even if there were consensus for it; (b) there is another RfC immediately above this one with a similar but less extreme question, and that one isn't even finding consensus, and; (c) the proposed bar of 10 edits is absurdly low and would allow any banned/blocked editor to go to their local library, make 10 edits, wait a month, and then access Wikipedia from a VPN indefinitely. ~ RobTalk 21:22, 24 May 2016 (UTC)
    • None of these are reasons for a speedy close. It looks like some thought went into this and the proposer makes very good points worth discussing. Dismissing their efforts with a 'speedy close' !vote is frankly offensive. Izkala (talk) 22:38, 24 May 2016 (UTC)
      • The reality is that it's unhelpful to have multiple RfCs going on at the same time on the same issue. It never ends well. I invite the proposer to resubmit this RfC if the above one passes (since this one has no chance of passing if the above does not), but right now, it's a net negative to bringing clarity on the community's consensus for how we apply IPBE. ~ RobTalk 23:43, 24 May 2016 (UTC)
        • (a) Edited proposal, per above. (b) is not relevant IMHO, and much of the opposition to the other RfC is from its vagueness and arbitrary discretion to admins, which mine does not have. (c) is an "e.g." only. Feel free to propose some other (objective) metric for "established good faith user". :-) Sai ¿? 11:16, 25 May 2016 (UTC)
  • Strong oppose You seem to underestimate the ease as which 10 substantive edits in one month can be made. And the very idea that this should be granted in return for Bitcoin is highly insulting to everything Wikipedia stands for. Even if that was just a one off suggestion that alone should be grounds to oppose this RfC. Also, speed close this as the less radical RfC is still ongoing. --Majora (talk) 22:18, 24 May 2016 (UTC)
    • 1. See my comments above re Rob13's (c).
2. I specifically said Bitcoin for a reason. Namely, it is a proof of work (in the technical sense) that is agnostic to the computing resources available to a given person. ("Proof of burn" is another method, but is both harder to implement and pointlessly wastes funds that might as well go to support WP — which might include, eg, any increased cost of monitoring IPBE accounts for abuse due to the increase in their total number.) Its purpose is to prevent gaming the system en masse by people with more computing resources or a botfarm at their disposal.
Another method to do so, which I also listed in the qualification, is to integrate repeated CAPTCHAs into the computational proof of work.
3. "I'm insulted" is not an argument against "this is a proven method for cryptographic computational proof of work". Sai ¿? 11:16, 25 May 2016 (UTC)
I am not "insulted" but I will say that asking users to pay to edit Wikipedia is a non-starter. Not going to happen, bitcoin or otherwise. HighInBC 13:16, 25 May 2016 (UTC)
        • You are already asking them to pay — with their time. That is fundamentally what the first two auto-accept criteria in my proposal are: proof of work, one way or another.
        In any case, the 3rd criterion of my proposal is severable from the other two. It is intended only to address a narrow issue bootstrapping issue for people who are under heavy surveillance. Opposing it is not the same as opposing the rest. Sai ¿? 14:21, 25 May 2016 (UTC)


  • Oppose - While the whole plan is convoluted and generates too much admin work, the idea that we grant bits based on money paid in is offense enough to oppose without further comment. I would suggest closing early based on that one item. Dennis Brown - 23:48, 24 May 2016 (UTC)
    • See my comments above. Sai ¿? 11:16, 25 May 2016 (UTC)
  • Strongly support I have been in the situation of having to divulge details of my personal situation when applying for an IPBE, and have been the victim of state mass surveillance. Privacy is a human right under the European Convention on Human Rights, and more over there is a strong moral and social case to be made for supporting it. I appreciate that it isn't free and creates work, but it's worth it. Perhaps the suggestion is imperfect, but I think it is a good start and can be refined later, rather than doing nothing and making no progress on this issue. ゼーロ (talk) 08:41, 25 May 2016 (UTC)
  • Oppose For the same reason above: If a user has a demonstrated need, they can be given it upon request. --Jayron32 11:39, 25 May 2016 (UTC)
  • Strongly Oppose Putting such prescriptive guidelines on what must be done to gain the privilege only will cause more editors to actually seek it and destroy the purpose of the permission. Administrator discretion (in consultation with the community for consensus) is the best way. I oppose any attempt to weaken these absent a strong and compelling case for a user being caught in a IP range block. Hasteur (talk) 11:45, 25 May 2016 (UTC)
    (a) In your view, how is "purpose of the permission" somehow harmed by more people having it? To me,"this will cause more editors to actually seek (IPBE) and (thereby?) destroy the purpose of the permission" is as nonsensical as "the purpose of freedom of speech is harmed if more people are allowed to speak". I am hoping you mean something different, as I do not wish to mischaracterize your views. (b) How do you address the justifications I gave above explaining why no personalized exception should be made in the current climate of presumptive mass surveillance? Sai ¿? 11:53, 25 May 2016 (UTC)
  • oppose While I am a huge advocate for VPN on Wiki, and think the right should be much more broadly granted, these restrictions are much too broad and would lead to sock-armageddon. If based on number of edits, the number would need to be vastly greater (perhaps something like extended confirmed user) Gaijin42 (talk) 12:52, 25 May 2016 (UTC)
    • There are currently ~20,586 extendedconfirmed editors adding ipblock-exempt and/or torunblocked would be trivial from a technical point of view, but community consensus may vastly differ. — xaosflux Talk 13:08, 25 May 2016 (UTC)
  • Oppose To clarify my oppose from earlier, I believe the criteria for 'demonstrated need' could be loosened somewhat and I'd be in favor of that. Not sure what it would look like, but this isn't it. We have prolific sockmasters who are extended confirmed already, and this proposal encourages them. No way. Katietalk 14:21, 25 May 2016 (UTC)
  • Oppose, too high of a risk of disruptive activity. Restrictions need to be reviewed by competent parties (admins, checkusers, etc.) before exemption to technical blocks are granted. There are definitely valid uses of anonymizing technologies, but they must first be reviewed before being granted. Nakon 04:05, 26 May 2016 (UTC)
  • Oppose For the concerns I and others have brought up. HighInBC 14:39, 26 May 2016 (UTC)
  • Oppose; the primary issue isn't random new users acquiring IPBE, but existing users using it to hide behind a proxy so that they can not be matched against bad hand accounts. And yes, I've seen this. Often enough that it's a concern. IPBE is exactly what it is named: an exception. Intended for users we know well enough to trust with being able to circumvent our primary protection against socking when they need it. This requires human judgment, not an automated process. — Coren (talk) 15:11, 26 May 2016 (UTC)
  • Oppose, because this could lead to abuse of the user right, i.e. for sockpuppetry from a blocked IP address to that user account. Kylo, Rey, & Finn Consortium (formerly epicgenius) (talk) 19:43, 26 May 2016 (UTC)
  • @Coren: When was the last time you saw it? Just curious, I've seen it once in the last 2-3 years. NativeForeigner Talk 23:19, 26 May 2016 (UTC)
    • @NativeForeigner: Has to have been some time ago; it was while double checking another CU's finding. I think I saw it thrice or so   which is a fairly small number in absolute terms but when matching this against the also small number of editors with the right is significant. Also, that the barrier of entry is relatively high (in particular, because people who sock wouldn't want to be checkusered in the process of applying) helps. Reducing that barrier is an invitation to sock, IMO. — Coren (talk) 01:54, 29 May 2016 (UTC)
      • An invitation to sock, or a means of better treating the people who want to legitimately contribute to our site? I've always found it pretty easy to figure out when an account is abusing IPBE: 1. behavioural evidence, 2. editing from only a blocked IP which is blocked as an open proxy. Thanks to mobile ranges, checking accounts which are trying to dodge IP bans is a nightmare anyway. Of course there is the potential for more abuse by lowering the barrier, and I don't support this particular proposal because I still think that some sort of "need" should be demonstrated. But we can't just focus on the abuse - the edit button being available to anyone causes more abuse than anything else combined, and no rangeblock or checkuser can fix that. So let's embrace our openness, rather than being needlessly restrictive to prevent against hypothetical abuse. Ajraddatz (talk) 07:48, 29 May 2016 (UTC)
  • Oppose as too complicated and if I needed IPBE, I would prefer to make a direct request rather than run some program that takes longer than a compilation of the Linux kernel. Esquivalience (talk) 21:17, 31 May 2016 (UTC)
  • Oppose as too complicated, not relevant and unlikely to solve whatever problem it is trying to solve. Thryduulf (talk) 22:29, 16 June 2016 (UTC)

The discussion above is closed. Please do not modify it. Subsequent comments should be made on the appropriate discussion page. No further edits should be made to this discussion.