Create Task
Maniphest T17294

Allow globally blocking of accounts
Open, MediumPublicFeature
Actions

Assigned To
Dreamy_Jazz
Authored By
Pathoschild
Aug 24 2008, 9:45 PM
Tags
Referenced Files
F37754144: 图片.png
Sep 23 2023, 2:48 PM
F5201: caldiff
Nov 21 2014, 10:21 PM
Subscribers
94rain
Aklapper
alaa
Aldnonymous
AllUsernamesArePicked
ashley
Bawolff
View All 77 Subscribers
Tokens
"Burninate" token, awarded by Sj."Hungry Hippo" token, awarded by laodongvieclam."Like" token, awarded by ToBeFree."Love" token, awarded by Honischboy."Like" token, awarded by Vituzzu."Like" token, awarded by Liuxinyu970226."Like" token, awarded by EddieGP."Doubloon" token, awarded by Nemo_bis."Like" token, awarded by TerraCodes."Like" token, awarded by Luke081515.

Description

Accounts cannot currently be blocked globally, so that stewards must lock users out of their accounts to stop them. This leads to a range of challenges:

  1. Locks are opaque and confusing: they did not initially give an error message -- from the user's perspective, their session simply disappears and their password no longer works. This makes locks impossible to appeal or understand for users, which exacerbates the situation of false-positives.
    • It would be beneficial to let stewards block accounts, with an appropriate you've-been-blocked message when they try to edit or create/unify local accounts. [NB: this may be improving as of 2023]
  2. A global block can be locally disabled if needed, or time-limited (we can workaround it with something like this, but this is currently not used in practice).
    • Here is a case that could use a short-time global block (instead of a global lock).
  3. Global locks were designed for troublemakers that aren't usually worth a second chance, such as spammers, LTA sockpuppets, globally banned users and the like. However, they are also the only global recourse for less severe cases like blocking non-VOA users ( example ), so appeals may be expected.
    • Having a Meta user talk page open allows blocks to be discussed on Meta; not possible for locked users

This is also useful for the Temporary accounts project, as locking a temporary account would mean that the user will just create a new temporary account on their next edit. By globally blocking them, it prevents edits without logging them out.

Details

Reference
bz15294
SubjectRepoBranchLines +/-
Allow blocking global accountsmediawiki/extensions/GlobalBlockingmaster+976 -198
Zuul: [mediawiki/extensions/GlobalBlocking] Enable 'extension-codehealth'integration/configmaster+1 -0
Customize query in gerrit

Related Objects
Search...

StatusSubtypeAssignedTask
Restricted Task
 OpenNoneT294511 2021 Security Team wikireplicas audit
 StalledNoneT284948 Raw IPs of logged-out users disclosed in wiki-replicas
 In ProgressNiharikaT324492 Temporary accounts - MVP
 OpenNoneT326816 Update features for temporary accounts
 OpenNoneT355286 [Epic] Globally blocking a temporary account should prevent further account creations
 OpenNoneT368949 Implement global autoblocks from global user blocks
 OpenNoneT19929 CentralAuth account locks should trigger global autoblocks
 DuplicateNoneT340275 Allow GlobalBlocking to block temporary accounts
 OpenFeatureDreamy_JazzT17294 Allow globally blocking of accounts
 ResolvedDreamy_JazzT356990 GlobalBlocking extension has poor test coverage
 OpenNoneT358777 Rename messages with the '-new' suffix to remove this suffix
 OpenNoneT358776 Remove old versions of GlobalBlocking i18n messages
 OpenNoneT358773 Remove the global accounts block configuration flag
 OpenDreamy_JazzT356924 Deploy global account blocks to WMF wikis
 ResolvedDreamy_JazzT356926 Add support to block global accounts using the globalblock API
 ResolvedDreamy_JazzT356929 Allow SpecialRemoveGlobalBlock to remove a global block on an account
 ResolvedDreamy_JazzT356931 Support modifying the status of global blocks on accounts using Special:GlobalBlockStatus
 ResolvedDreamy_JazzT356932 Allow Special:GlobalBlockList to show global blocks for accounts
 ResolvedDreamy_JazzT359584 Provide action links on Special:Log for global block entries
 ResolvedDreamy_JazzT356934 Allow a user to perform global blocks on accounts using Special:GlobalBlock
 ResolvedBUG REPORTDreamy_JazzT366352 The "Locally block anonymous users only" checkbox is not properly disabled when it is made visible
 ResolvedDreamy_JazzT356935 The 'globalblocks' API should support listing global blocks for accounts
 ResolvedTchandersT360516 Periodically remove orphaned global_block_whitelist entries
 ResolvedDreamy_JazzT360621 Test and make improvements to the fixGlobalBlockWhitelist.php script
 ResolvedDreamy_JazzT366386 Update GlobalBlockingHooks to support global account blocks
 ResolvedDreamy_JazzT356936 Update GlobalBlocking services to support global block on accounts
 ResolvedDreamy_JazzT358150 Update the GlobalBlockLocalStatusLookup and GlobalBlockLocalStatusManager services to support blocking accounts
 ResolvedDreamy_JazzT358157 Update the GlobalBlockManager service to support global blocks on accounts
 ResolvedDreamy_JazzT358155 Update GlobalBlockLookup service to support global blocks on accounts
 ResolvedDreamy_JazzT356876 Add a column to store central ID in globalblocks and global_block_whitelist tables
 ResolvedMarosteguiT356987 Add gb_target_central_id to the globalblocks table on the centralauth DB
 ResolvedMarosteguiT356988 Add gbw_target_central_id to global_block_whitelist table on WMF wikis
 ResolvedDreamy_JazzT359091 Create GlobalBlockLocalStatusManager service
 ResolvedDreamy_JazzT358865 Use non-legacy log parameters for log entries for global blocking and unblocking
 ResolvedDreamy_JazzT358725 Update the GlobalBlockingLinkBuilder service for global account blocks
 ResolvedDreamy_JazzT356923 Create a configuration value to control whether global account blocks are enabled
 ResolvedDreamy_JazzT356925 Update or duplicate GlobalBlocking messages to allow staged deployment of blocking accounts
 ResolvedDreamy_JazzT357385 Refactor the GlobalBlocking utility class into services
 ResolvedDreamy_JazzT357399 Create GlobalBlockingConnectionProvider
 ResolvedDreamy_JazzT357443 Create GlobalBlockingBlockPurger service
 ResolvedDreamy_JazzT357506 Create GlobalBlockLocalStatusLookup service
 ResolvedDreamy_JazzT357675 Create GlobalBlockLookup service
 ResolvedDreamy_JazzT357925 Create the GlobalBlockManager service
 ResolvedDreamy_JazzT366921 GlobalBlockingHooks::onSpecialPasswordResetOnSubmit is never called
 ResolvedUrbanecmT367647 Review global blocks from a Steward perspective
 ResolvedBUG REPORTDreamy_JazzT369799 Special:GlobalBlockList shows "IP address" as label for target field when global account blocks are enabled
 ResolvedDreamy_JazzT369705 Override globalblocking-blockedtext-user and globalblocking-blockedtext-on-user to include appeal information
 OpenDreamy_JazzT332401 Remove old block error messages from GlobalBlocking extension
 ResolvedDreamy_JazzT356922 Deprecate unnecessary GlobalBlocking hooks
 ResolvedBUG REPORTDreamy_JazzT370417 GlobalBlocking messages on WMF wikis need updating for global account blocks

Event Timeline

There are a very large number of changes, so older changes are hidden. Show Older Changes
Dreamy_Jazz removed a subtask: T356923: Create a configuration value to control whether global account blocks are enabled.Feb 7 2024, 10:18 PM
Dreamy_Jazz removed a subtask: T356922: Deprecate unnecessary GlobalBlocking hooks.
Dreamy_Jazz added a parent task: T340275: Allow GlobalBlocking to block temporary accounts.Feb 7 2024, 10:32 PM
Dreamy_Jazz mentioned this in T356990: GlobalBlocking extension has poor test coverage.Feb 8 2024, 12:06 PM
Dreamy_Jazz added a subtask: T356990: GlobalBlocking extension has poor test coverage.
Sj added a comment.Feb 8 2024, 9:07 PM

@Dreamy_Jazz thank you for working through this. Do you need feedback on some of those comments from one of the stewards requesting this?

kostajh closed subtask T356876: Add a column to store central ID in globalblocks and global_block_whitelist tables as Resolved.Feb 9 2024, 7:27 AM
Dreamy_Jazz added a comment.Feb 9 2024, 1:59 PM
In T17294#9527056, @Sj wrote:

@Dreamy_Jazz thank you for working through this. Do you need feedback on some of those comments from one of the stewards requesting this?

It would be useful to know how much of a use-case there is for allowing local wikis to disable a global block on an account.

Bugreporter added a comment.EditedFeb 9 2024, 2:35 PM
In T17294#9528943, @Dreamy_Jazz wrote:
In T17294#9527056, @Sj wrote:

@Dreamy_Jazz thank you for working through this. Do you need feedback on some of those comments from one of the stewards requesting this?

It would be useful to know how much of a use-case there is for allowing local wikis to disable a global block on an account.

Personally I think not allowing global blocks be disabled locally breaks wikis' self-governance, although this is already the case of global locks. Once we start applying global blocks to temporary users, unblocking temporary users locally is similar to disabling global IP blocks locally currently.

Another thing to consider is how will we use global account blocks vs global locks. There are current no community-approved policy for any of them, but as I said multiple time previously, we need one and the current status quo sucks (I have no idea what a proper global lock policy should be, though the next comment provided some ideas). For global account block usage only, there are three options:

  1. The most conservative usage and the one closest the status quo is only using global account blocks for temporary accounts and still use global locks for regular users. Then global account blocks are similar to global IP blocks, which can be locally disabled. I will oppose this opinion.
  2. What I support is the second option: global locks should only be used by globally banned users and socks; compromised users; deceased users; users with improper name without constructive edits - these are cases not supposed to be overrided (i.e. disabled) by local wikis. For cross-wiki vandalism or spam only users, and potentially disruptive socks of global blocked users, we may issue a indefinite global block; for ongoing disruptive user that is not VOA/SOA, we issue a short-time global block (or potentially indefinite if we exhausted short-term one, but in this case a global ban may be considered). Global blocks may be locally disabled. For non-ongoing issues that are not VOA/SOA and do not warrant a formal global ban (example one that meets the current de facto practice of global lock), I will suggest neither global block nor lock and they should be handled by local community.
  3. Tgr suggests to eliminate global locks completely, fully replacing them with global blocks. To prevent compromised users from exploiting accounts, we need T222281: Add a way to prevent user from log in and disable a users session when blocking; to enforce global bans, we need T355385: Allow marking global blocks not disablable by local wiki.
Dreamy_Jazz added a comment.EditedFeb 9 2024, 2:45 PM

Thanks for the comments.

Based on these comments, I will proceed with making it possible to disable global account blocks on a local wiki. If this is something that is rejected by the community, then a configuration to disable this ability can be added.

Also this task allows globally blocking accounts and temporary accounts. Would it be useful to add configuration to control whether global blocks can be placed on registered users? My thinking is that this would make it possible to enforce the first option on WMF wikis if the community rejects the idea of global blocks for registered/named accounts.

Bugreporter added a comment.EditedFeb 9 2024, 2:58 PM

My proposed simple guide: (THIS IS NOT THE CURRENT DE FACTO GUIDELINE!)

  1. Are user one of the following cases: globally banned users and socks; compromised users; deceased users; users with improper name (suppressable, or obviously suggest a LTA or vandal) without constructive edits? Yes: globally lock them - local wikis should not opt out.
  2. Are they vandalism or spam only users, or user with no significant constructive edits? Yes: Indefinitely globally block them (though I am not against a global lock).
  3. Are they sockpuppets (note this point does NOT apply to master accounts)? Yes:
  4. Are they currently making disruption (after appropriate local blocks, if there is not an emergency), and currently or previously causing issues in multiple wikis (for sockpuppeter, we only consider activity of master account - i.e. how master account is abusive - in this point, since we have the previous point to handle socks; however, for abusers with no obvious main account, we can treat all accounts as socks and apply #3 to them)? Yes:
    • 4a: Did we exhausted short-term global blocks (up to one year), or there are apparently long-term abusive pattern? Yes: Indefinitely global block them, though a global ban may be considered.
    • 4b: No: Issue a short-term global block.
  5. If none of #1-#4 meet, then it is not a good case of global block or lock. Let local community handle the issue. (Note currently global locks are used in #1-#4 as well as cases meeting none of them, which in my opinion neither global lock nor global block is appropriate.)

(in a nutshell: we need global block of named users and this describes its use cases)

Bugreporter added a comment.Feb 9 2024, 3:07 PM
In T17294#9529162, @Dreamy_Jazz wrote:

Thanks for the comments.

Based on these comments, I will proceed with making it possible to disable global account blocks on a local wiki. If this is something that is rejected by the community, then a configuration to disable this ability can be added.

One way is disabling this ability by configuration like $wgAllowDisablingGlobalAccountBlock, another way is to introduce a new user right (i.e. split the current globalblock-whitelist to two rights) that may be granted to nobody.

Also this task allows globally blocking accounts and temporary accounts. Would it be useful to add configuration to control whether global blocks can be placed on registered users? My thinking is that this would make it possible to enforce the first option on WMF wikis if the community rejects the idea of global blocks for registered/named accounts.

Note: Global blocks on named users is the original purpose of this task since when this task is filed in 2008 temporary account is far from exists. Also in 2017 there is a community discussion: https://meta.wikimedia.org/wiki/Community_Wishlist_Survey_2017/Admins_and_stewards/Extend_global_blocks_to_named_accounts

Tgr updated Other Assignee, added: Dreamy_Jazz; removed: Tgr.Feb 9 2024, 11:16 PM
Dreamy_Jazz added a subtask: T357629: Update Extension:GlobalBlocking database table subpages.Feb 15 2024, 1:18 PM
Dreamy_Jazz mentioned this in T124607: Create a special page for mass global (un)block IP addresses.Feb 15 2024, 4:42 PM
Vermont added a comment.Feb 15 2024, 5:25 PM
In T17294#9528943, @Dreamy_Jazz wrote:
In T17294#9527056, @Sj wrote:

@Dreamy_Jazz thank you for working through this. Do you need feedback on some of those comments from one of the stewards requesting this?

It would be useful to know how much of a use-case there is for allowing local wikis to disable a global block on an account.

This is the point :P

The reason I/we want global blocks is for the relatively few cases where a user is engaging in cross-wiki abuse, yet there are projects where they contribute constructively without issue (and where the project would like that to continue). I don't expect this to replace global locks, just allow more options for handling cross-project conduct moderation.

Vermont added a comment.Feb 15 2024, 5:29 PM
In T17294#9529206, @Bugreporter wrote:

My proposed simple guide...

I do not believe your proposed process for global conduct moderation is relevant to this ticket, and it can create some confusion for the people working on this about the ask (from stewards) for global blocks.

Dreamy_Jazz closed subtask T357629: Update Extension:GlobalBlocking database table subpages as Resolved.Feb 16 2024, 2:48 PM
Dreamy_Jazz added a parent task: T355286: [Epic] Globally blocking a temporary account should prevent further account creations.Feb 19 2024, 10:59 PM
Dreamy_Jazz merged a task: T340275: Allow GlobalBlocking to block temporary accounts.
Dreamy_Jazz added subscribers: Niharika, taavi, Urbanecm_WMF.
Restricted Application removed a subscriber: Urbanecm. · View Herald TranscriptFeb 19 2024, 11:01 PM
Bugreporter added a comment.Feb 20 2024, 3:15 AM

Blocks of expired temporary accounts make no sense (but admins may tend to use indefinite block for VOA) and they will inflate the database and confuse users. So some proposed ideas:

  • Prevent blocks of temporary accounts for more than the lifetime (one year in Wikimedia wikis)
  • Prevent blocks of already expired temporary accounts
  • Automatically purge blocks of temporary accounts upon expiration
Snaevar subscribed.Feb 20 2024, 10:14 AM
In T17294#9556621, @Bugreporter wrote:

Blocks of expired temporary accounts make no sense (but admins may tend to use indefinite block for VOA) and they will inflate the database and confuse users. So some proposed ideas:

  • Prevent blocks of temporary accounts for more than the lifetime (one year in Wikimedia wikis)
  • Prevent blocks of already expired temporary accounts
  • Automatically purge blocks of temporary accounts upon expiration

Admins that block expired accounts should get an message saying that the block will not have any effect and they should use an IP ban instead. Non-technical admins probably will not know what to do with expired temporary accounts. There is of course the point that the block might not be necessary, due to the high risk of the blocking user not being active, but the admin should decide that, not the software.

Dreamy_Jazz added a comment.EditedFeb 20 2024, 10:34 AM
In T17294#9556621, @Bugreporter wrote:

Blocks of expired temporary accounts make no sense (but admins may tend to use indefinite block for VOA) and they will inflate the database and confuse users. So some proposed ideas:

I personally don't see a need to expire blocks. However, I'm also probably not the final decision maker on this. My points below are from a technical feasibility point of view.

  • Prevent blocks of temporary accounts for more than the lifetime (one year in Wikimedia wikis)

The expiry may decrease and/or increase, so limiting the length of blocks could cause these temporary accounts to be unblocked before they are expired.

  • Prevent blocks of already expired temporary accounts

This may be possible. However, the expiration of temporary accounts does not apply immediately after the account becomes older than X days because the expireTemporaryAccounts.php maintenance script is used to expire temporary accounts. This means that on WMF wikis the expiration will likely not occur until at least a few hours after expiration is expected by the config. This makes it difficult for the software to determine for sure whether a temporary account has expired.

  • Automatically purge blocks of temporary accounts upon expiration

This is possible by extending the existing expireTemporaryAccounts.php maintenance script to provide a way for GlobalBlocking extension to perform custom actions related to temporary accounts. However, I would argue that at this point there isn't much need to expire blocks and this could cause confusion as:

  • Removing the global block would mean it no longer appears to be blocked and currently there isn't a message indicating that a temporary account has expired which would replace this
  • Blocks that are on the local wiki do not expire like this.
Bugreporter added a comment.Feb 20 2024, 11:13 AM

This makes it difficult for the software to determine for sure whether a temporary account has expired.

We expire a temporary account by removing its session token, so we can check whether the account is expired by checking whether they has a valid token.

Dreamy_Jazz added a comment.EditedFeb 20 2024, 11:23 AM
In T17294#9558424, @Bugreporter wrote:

This makes it difficult for the software to determine for sure whether a temporary account has expired.

We expire a temporary account by removing its session token, so we can check whether the account is expired by checking whether they has a valid token.

I can't see an easy way to check that the CentralAuth auth token has been changed, considering that it isn't unset and instead set to a new random token in CentralAuthUser::resetAuthToken by the script that expires the temporary accounts.

Source: https://gerrit.wikimedia.org/g/mediawiki/extensions/CentralAuth/+/c8a607f3ced7990131dbc358f07d83c9d8a6d81b/includes/User/CentralAuthUser.php#2962

Bugreporter added a comment.EditedFeb 20 2024, 11:29 AM

So a potential solution is to introduce a CentralAuthUser::removeAuthToken that removes the token completely (we did something similar for system users).

Dreamy_Jazz added a comment.Feb 20 2024, 11:34 AM
In T17294#9558482, @Bugreporter wrote:

So a potential solution is to introduce a CentralAuthUser::removeAuthToken that removes the token completely (we did something similar for system users).

I agree that is a potential solution.

Bugreporter added a comment.Feb 20 2024, 12:10 PM
In T17294#9558482, @Bugreporter wrote:

So a potential solution is to introduce a CentralAuthUser::removeAuthToken that removes the token completely (we did something similar for system users).

cf T352823: Split user table to multiple tables which proposes:

  • Introduce seperate tables for local user password, email and token
  • Remove all local password, email and tokens (and prevent inserting new ones) in favor of CentralAuth
  • Introduce table for user password, email and token in CentralAuth

So to remove/reset a token we only need to remove one row. (For regular users, logging in with password will generate a new token, but it would be impossible for temporary accounts).

Bugreporter mentioned this in T352823: Split user table to multiple tables.Feb 20 2024, 12:19 PM
Tgr added a comment.Feb 20 2024, 4:58 PM

The blocking thing seems to me like a solution in search of a problem, but it might be useful to indicate that a temporary account has expired (this could apply to plenty of other situations like someone trying to edit the talk page).

In fact maybe we could make the script block the temporary account when it expires, that's a state already understood by all kinds of tooling (and e.g. a warning is already implemented when trying to message the user). It also works regardless of what authentication extension you use, while checking if the session has been invalidated would have to be implemented separately for all authentication extensions.

Bugreporter added a comment.Feb 20 2024, 6:17 PM

Why I want to say so are:

  • For the database perspective moot blocks may clutter the database, though I am not sure how large the problem is (there may be more locked spambots than blocked temporary accounts).
  • For user perspective they may also clutter block list. Also I am not sure whether it is a big problem.
  • Admins may try to block already expired temporary accounts, so we should let admin know that such block will have no effect.

So I only present an idea we can discuss and consider, not fully support it.

In my opinion it may be a problem when other users try to communiate to expired temporary accounts, since they will notice nobody. This should be another task (and MediaWiki currently does not have a native way to denote user should not receive talk page message, which can be used by Twinkle and other 3rd party tools. On the other hand, other users or even the user itself may stalk (i.e. watch) the talk page of former temporary account, though I do not know how often this will happen.

In fact maybe we could make the script block the temporary account when it expires, that's a state already understood by all kinds of tooling (and e.g. a warning is already implemented when trying to message the user).

Note: Blocking does not complete revoke access of one account, nor is it permanent (where expiring temporary accounts would be).

Bugreporter mentioned this in T358030: denote whether temporary accounts is expired.Feb 20 2024, 6:25 PM
Tgr added a comment.Feb 20 2024, 10:27 PM
In T17294#9560358, @Tgr wrote:

In fact maybe we could make the script block the temporary account when it expires

Or rather just apply a system block based on registration date.

Dreamy_Jazz removed projects: Patch-Needs-Improvement, MediaWiki-extensions-CentralAuth.Feb 21 2024, 3:18 PM
JEumerus added a comment.Feb 21 2024, 3:47 PM
In T17294#9547674, @Vermont wrote:
In T17294#9528943, @Dreamy_Jazz wrote:
In T17294#9527056, @Sj wrote:

@Dreamy_Jazz thank you for working through this. Do you need feedback on some of those comments from one of the stewards requesting this?

It would be useful to know how much of a use-case there is for allowing local wikis to disable a global block on an account.

This is the point :P

The reason I/we want global blocks is for the relatively few cases where a user is engaging in cross-wiki abuse, yet there are projects where they contribute constructively without issue (and where the project would like that to continue). I don't expect this to replace global locks, just allow more options for handling cross-project conduct moderation.

One wonders how that interacts with WMF global bans or other situations where we really do not want local projects to opt out of a global b/lock

Johannnes89 added a comment.Feb 21 2024, 5:28 PM
In T17294#9563885, @JEumerus wrote: (...)

One wonders how that interacts with WMF global bans or other situations where we really do not want local projects to opt out of a global b/lock

Global bans are enforced per global lock which does not offer an opt out option. This is won't change with the proposed feature. Global blocks offer an opt out option via Special:GlobalBlockWhitelist but are currently only available for IPs. If global blocking of accounts becomes available it won't be used for globally banned users.

Bugreporter added a comment.Feb 21 2024, 6:25 PM
In T17294#9564494, @Johannnes89 wrote:
In T17294#9563885, @JEumerus wrote: (...)

One wonders how that interacts with WMF global bans or other situations where we really do not want local projects to opt out of a global b/lock

Global bans are enforced per global lock which does not offer an opt out option. This is won't change with the proposed feature. Global blocks offer an opt out option via Special:GlobalBlockWhitelist but are currently only available for IPs. If global blocking of accounts becomes available it won't be used for globally banned users.

Yes this is what I proposed (global locks are kept as-is), though Tgr suggest to eliminate global locks completely (replacing with global blocks), and in such case we need both T222281: Add a way to prevent user from log in and disable a users session when blocking and T355385: Allow marking global blocks not disablable by local wiki.

Dreamy_Jazz removed a subtask: T356876: Add a column to store central ID in globalblocks and global_block_whitelist tables.Feb 21 2024, 10:56 PM
Dreamy_Jazz removed a subtask: T357629: Update Extension:GlobalBlocking database table subpages.
Tchanders added subscribers: Madalina, Tchanders.Feb 22 2024, 4:02 PM

Trust and Safety Product Team are taking this on as part of the Temporary accounts work. The main goal is T355286, which requires updating GlobalBlocking to block temporary accounts, which is most sensibly done by allowing blocking all registered accounts (it's no extra work and it's desired).

We'll scope this particular task to doing bringing global blocks for registered/temp users on a par with global blocks for IP addresses.

Adding @Madalina as the product manager on this.

Other useful ideas have been shared in the discussion above, and these should be filed and discussed as separate tasks:

  • global autoblocks (T355286)
  • figuring out how blocks/global blocks work with expired temp accounts
  • making account creation block configurable
  • making email block configurable
Titore subscribed.Feb 24 2024, 9:16 PM
gerritbot added a comment.Feb 27 2024, 10:42 AM

Change 1006886 had a related patch set uploaded (by Dreamy Jazz; author: Dreamy Jazz):

[integration/config@master] Enable 'extension-codehealth' for GlobalBlocking

https://gerrit.wikimedia.org/r/1006886

gerritbot added a project: Patch-For-Review.Feb 27 2024, 10:42 AM
gerritbot added a comment.Feb 27 2024, 1:53 PM

Change 1006886 merged by jenkins-bot:

[integration/config@master] Zuul: [mediawiki/extensions/GlobalBlocking] Enable 'extension-codehealth'

https://gerrit.wikimedia.org/r/1006886

Maintenance_bot removed a project: Patch-For-Review.Feb 27 2024, 2:31 PM
Dreamy_Jazz added a subtask: T358773: Remove the global accounts block configuration flag.Feb 29 2024, 3:43 PM
Dreamy_Jazz added a subtask: T358777: Rename messages with the '-new' suffix to remove this suffix.Feb 29 2024, 3:54 PM
Dreamy_Jazz removed a subtask: T358773: Remove the global accounts block configuration flag.
Tgr added a comment.Mar 4 2024, 9:13 PM
In T17294#9560358, @Tgr wrote:

In fact maybe we could make the script block the temporary account when it expires, that's a state already understood by all kinds of tooling (and e.g. a warning is already implemented when trying to message the user). It also works regardless of what authentication extension you use, while checking if the session has been invalidated would have to be implemented separately for all authentication extensions.

In T17294#9561677, @Tgr wrote:

Or rather just apply a system block based on registration date.

Filed as T359064: Represent temporary account expiry with system blocks.

Tgr mentioned this in T359116: Split up CentralAuth into smaller extensions.Mar 4 2024, 10:10 PM
Bugreporter mentioned this in T338384: CentralAuth locks should disable linked Phabricator account.Mar 5 2024, 7:36 PM
Dreamy_Jazz mentioned this in T229155: userinfo should show global blocks.Mar 27 2024, 12:08 PM
Tchanders added a subscriber: Ladsgroup.May 13 2024, 3:36 PM
Tchanders moved this task from Backlog to Create/update essential tools/anti-abuse management on the Temporary accounts board.Jun 4 2024, 3:20 PM
Tchanders edited projects, added Temporary accounts (Create/update essential tools/anti-abuse management); removed Temporary accounts.
Urbanecm mentioned this in T367647: Review global blocks from a Steward perspective.Jun 15 2024, 10:42 PM
gerritbot added a comment.Tue, Jun 25, 12:02 PM

Change #791800 abandoned by Dreamy Jazz:

[mediawiki/extensions/GlobalBlocking@master] Allow blocking global accounts

Reason:

Has been split into separate patches large scale refactors, so this patch is no longer necessary.

https://gerrit.wikimedia.org/r/791800

Dreamy_Jazz closed subtask T356990: GlobalBlocking extension has poor test coverage as Resolved.Tue, Jun 25, 12:32 PM
larissagaulia moved this task from Current Sprint to Radar on the MediaWiki-Platform-Team board.Tue, Jun 25, 3:31 PM
larissagaulia edited projects, added MediaWiki-Platform-Team (Radar); removed MediaWiki-Platform-Team.
Dreamy_Jazz claimed this task.Fri, Jun 28, 9:42 AM
Dreamy_Jazz added a project: User-notice.
Dreamy_Jazz updated Other Assignee, added: Skizzerz; removed: Dreamy_Jazz.
Dreamy_Jazz changed the subtype of this task from "Task" to "Feature Request".
Dreamy_Jazz added a subscriber: Skizzerz.
Dreamy_Jazz renamed this task from Allow blocking of global accounts to Allow globally blocking of accounts.Fri, Jun 28, 9:46 AM
Dreamy_Jazz updated the task description. (Show Details)
Dreamy_Jazz added a comment.Fri, Jun 28, 10:15 AM

I propose that this be added to User-notice because this will have a large impact for the Wikimedia Stewards and will affect how users request that accounts be prevented from editing globally.

The exact deployment date of this feature to Wikimedia wikis is not decided at the moment. However, it will likely be at least a few weeks away.

Quiddity moved this task from To Triage to Not ready to announce on the User-notice board.Fri, Jun 28, 4:47 PM
Tchanders mentioned this in T368949: Implement global autoblocks from global user blocks.Mon, Jul 1, 4:49 PM
Tchanders edited parent tasks, added: T368949: Implement global autoblocks from global user blocks; removed: T355286: [Epic] Globally blocking a temporary account should prevent further account creations.Mon, Jul 1, 4:51 PM
Tchanders edited projects, added Temporary accounts (Blockers to pilot wiki deployment); removed Temporary accounts (Create/update essential tools/anti-abuse management).Thu, Jul 4, 5:49 PM
Dreamy_Jazz added a comment.Wed, Jul 10, 8:24 AM

Deployment date to WMF wikis will be 18th of July.

Dreamy_Jazz moved this task from Not ready to announce to Announce in next Tech/News on the User-notice board.Wed, Jul 10, 8:52 AM
Dreamy_Jazz added a comment.Wed, Jul 10, 8:54 AM

I would like for this to be in Tech news for the week of the 22nd of July.

Dreamy_Jazz moved this task from Announce in next Tech/News to Not ready to announce on the User-notice board.Wed, Jul 10, 8:55 AM
Xaosflux added a comment.Wed, Jul 10, 9:30 AM

The documentation is a bit light onwiki still, perhaps a bit more attention would be useful. For example, if global account blocks are or are not bypassable with the local GlobalBlockWhitelist

Dreamy_Jazz added a comment.EditedWed, Jul 10, 9:35 AM
In T17294#9968450, @Xaosflux wrote:

The documentation is a bit light onwiki still, perhaps a bit more attention would be useful. For example, if global account blocks are or are not bypassable with the local GlobalBlockWhitelist

Yes they are. Is this not covered by https://meta.wikimedia.org/wiki/Global_blocks#Local_unblocking? I updated it to remove the mention of "IP", so that it reads for any global block.

Dreamy_Jazz added a comment.EditedWed, Jul 10, 9:37 AM

Also if there are any other documentation pages than https://www.mediawiki.org/wiki/Extension:GlobalBlocking, https://meta.wikimedia.org/wiki/Global_blocks, https://meta.wikimedia.org/wiki/Global_locks, and https://meta.wikimedia.org/wiki/Global_blocks/FAQ that need updating, if you could detail these that would be useful. Thanks.

Bugreporter added a comment.Wed, Jul 10, 10:00 AM

https://meta.wikimedia.org/wiki/Global_blocks
A global ban should be discussed in its own RFC and mentioned widely on meta, and on all communities where the user is active in the local language. Notice should be given, at a minimum, wherever local bans are discussed – or on the village pump if no local process exists

Global bans should still be enforced via locks, since we do not expect local communities to override them.

As I said at T17294#9529206, cases that locks should still be used once global blocks are available are:

  • WMF or community global banned users and socks
  • compromised users
  • deceased users
  • users with improper name (suppressable, or obviously suggest a LTA or vandal) without constructive edits
Dreamy_Jazz added a comment.EditedWed, Jul 10, 10:12 AM
In T17294#9968510, @Bugreporter wrote:

https://meta.wikimedia.org/wiki/Global_blocks
A global ban should be discussed in its own RFC and mentioned widely on meta, and on all communities where the user is active in the local language. Notice should be given, at a minimum, wherever local bans are discussed – or on the village pump if no local process exists

Global bans should still be enforced via locks, since we do not expect local communities to override them.

As I said at T17294#9529206, cases that locks should still be used once global blocks are available are:

  • WMF or community global banned users and socks
  • compromised users
  • deceased users
  • users with improper name (suppressable, or obviously suggest a LTA or vandal) without constructive edits

Just noting that the section was there before my edits. I will edit that section now.

I would also note that it is planned to move global locking into the GlobalBlocking extension in T359116, and as part of this it may be decided to replace all existing global locks with global blocks that disable login and cannot be disabled locally.

AllUsernamesArePicked subscribed.Wed, Jul 10, 10:59 AM
Bugreporter mentioned this in T369706: Add a way to prevent user from log in and disable a users session when global blocking a user.Wed, Jul 10, 11:46 AM
Dreamy_Jazz closed subtask T369705: Override globalblocking-blockedtext-user and globalblocking-blockedtext-on-user to include appeal information as Resolved.Wed, Jul 10, 2:24 PM
Quiddity subscribed.Thu, Jul 11, 6:56 PM
In T17294#9968294, @Dreamy_Jazz wrote:

I would like for this to be in Tech news for the week of the 22nd of July.

Sounds good! Please let us know (before the 18th) if you have any suggested draft wording and which links need to (or could also) be included. Thanks.

Dreamy_Jazz added a comment.Thu, Jul 11, 7:29 PM
In T17294#9974853, @Quiddity wrote:
In T17294#9968294, @Dreamy_Jazz wrote:

I would like for this to be in Tech news for the week of the 22nd of July.

Sounds good! Please let us know (before the 18th) if you have any suggested draft wording and which links need to (or could also) be included. Thanks.

Thanks. I've added some suggested wording to https://meta.wikimedia.org/wiki/Tech/News/2024/30. Feel free to modify.

Dreamy_Jazz added a subtask: T332401: Remove old block error messages from GlobalBlocking extension.Tue, Jul 16, 10:15 PM
UOzurumba moved this task from Not ready to announce to In current Tech/News draft on the User-notice board.Wed, Jul 17, 8:50 PM
Dreamy_Jazz closed subtask T370417: GlobalBlocking messages on WMF wikis need updating for global account blocks as Resolved.Thu, Jul 18, 2:50 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits