Jump to content

Wikipedia:Village pump (proposals)

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by GreenC (talk | contribs) at 22:04, 30 November 2018 (Throttling). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

 Policy Technical Proposals Idea lab WMF Miscellaneous 

New ideas and proposals are discussed here. Before submitting:


Proposal - Allow non-admins to close deletion discussions as "delete" at Wikipedia:Redirects for discussion

The following discussion is closed. Please do not modify it. Subsequent comments should be made in a new section. A summary of the conclusions reached follows.
  • There is ☒Nconsensus against the letter and spirit of this proposal. A contingent in opposition contested the proposal's premise of "huge backlogs". characterizing the same as "non-existent". The lack of a reply, one might expect, lends the contest credibility at the proposal's expense. Others demonstrated how effort would be duplicated and editing resources squandered for naught. Many in support seemed to endorse non-admins closing discussions as delete without making a specific case for RfD in particular while others yet expressed sentiments of need in developing a proposal more fully to have what is needed for such likes to prevail.

    Interestingly, Hawkeye7's comment showed that the opposition was not as much against non-admins closing the discussions as delete as it was against non-admins closing them as delete while in need of deletion. As such, the lack of contrary decries indicate that his mentioned form of non-admin closure is an acceptable form and is hereby made part of this proposal's close.

    (non-admin closure) by --John Cline (talk) 19:41, 26 November 2018 (UTC)[reply]


Today, I am going to propose that non-admins should have the right to close deletion discussions as "delete" at Wikipedia:Redirects for discussion. This is because it is one of those deletion noticeboards that have a huge backlog and can stretch for up to two week or even more. I am sure that with the help of non-admins, this backlog will always reduce significantly. XFDCloser should allow non-admins to close a WP:RFD discussion as "delete" and then tag the corresponding page for speedy deletion with {{db-xfd}} so that an admin can delete soon after. Pkbwcgs (talk) 12:33, 20 October 2018 (UTC)[reply]

  • It seems like this will only create duplicate work... Before using the Delete button Admins will still have to re-assess the consensus of the discussion. — Insertcleverphrasehere (or here) 12:40, 20 October 2018 (UTC)[reply]
    • @Insertcleverphrasehere: That's a good point. However, we could restrict this so that users who have more than 10,000 edits can only close these discussions. However, right now there is a backlog of two weeks at WP:RFD and non-admins can currently close any discussion as anything other than keep. Also, if that is the case then what if a non-admin closes a discussion as keep just because they created that redirect when there are five delete votes? Then, they got the consensus wrong! So, if non-admins can't be trusted to close a deletion discussion as "delete", the why should they be trusted to close a deletion discussion as "keep". However, non-admin can close discussions as anything other than "delete" on all noticeboards (except WP:TfD where non-admins can close discussions as "delete" as well) so what is wrong in letting non-admins close WP:RFD discussions as "delete" to clear the backlog? There is no problem in letting non-admins close WP:RFD discussions as "delete" and if there is any problem, it can always go back to admins only closing WP:RFD as "delete". Pkbwcgs (talk) 12:53, 20 October 2018 (UTC)[reply]
"Clearing the backlog" does nothing if admins still have to go and read all those discussions to ensure that the consensus was right (they have to do this as it is ultimately their responsibility to use the delete button appropriately). We don't need a knee-jerk response here. Just go ask at WP:AN if some admins can come over and clear the backlog. — Insertcleverphrasehere (or here) 13:00, 20 October 2018 (UTC)[reply]
I've already done two non-admin delete closures. This is possible when an admin has come along and deleted while the xfD is ongoing. Hawkeye7 (discuss) 08:43, 21 October 2018 (UTC)[reply]
  • WP:RFD does not have any backlog, much less one that's over two weeks. Occasionally a single discussion hangs out in the backlog for some time (eg: Stephni meyer), but that is different from RfD actually being backlogged. I can't think of any sizable backlog there since early 2016 and even then, it wasn't to the point where I would call it problematic. -- Tavix (talk) 15:07, 22 October 2018 (UTC)[reply]
  • Agree with @Insertcleverphrasehere. No matter what, the admin doing the "actual deletion" must reassess the situation and be personally assured that the deletion is OK and this is plainly duplication of work. Just what is needed is to draw the attention of willing admins to the area, through the usual ways.–Ammarpad (talk) 13:50, 20 October 2018 (UTC)[reply]
  • Strong oppose: What's the point of closing as delete if the closer cannot delete anyway? Regards, User:TheDragonFire300. (Contact me | Contributions). This message was left at 04:39, 21 October 2018 (UTC)[reply]
  • I supported this the last time it was proposed (Wikipedia talk:Redirects for discussion/Archive 9), and I'm still somewhat sympathetic towards it. It is true that an admin still needs to do the final review, but the main advantage comes from the fact that there are more active administrators at CAT:CSD than WP:RFD. As long as the non-admin closure is performed on clear outcomes only, time is saved by the fact that the deleting admin probably wouldn't have deleted the redirect had the non-admin not drawn attention to it. Close calls and controversial decisions should still be left to administrators. Something similar has already been implemented at WP:TFD with some success. With that being said, the previous discussion was held when, if I recall correctly, the backlog at RfD was pretty severe. I can't confess to being familiar with the RfD backlog today, so perhaps this extension on non-admin closures is simply not necessary (e.g. admins already clear out the easy delete closes quickly). Mz7 (talk) 05:07, 22 October 2018 (UTC)[reply]
  • Strong Support a great way to tackle backlogs. Yes an Admin will need to check the RfD before deleting but they will not need to fill out the fields to close the discussion. It will be very clear very fast which non-Admins are trustworthy to close RfDs where the Admin can just handle the deletions. This will reduce silly relistings as well. Legacypac (talk) 09:34, 22 October 2018 (UTC)[reply]
  • Support. Even though admins will need to check the RfD, most are unlikely to be contentious so that's likely to be little more than a rubber stamp. And in cases that might not be obvious, I generally find it significantly easier to review someone else's judgment of consensus than to judge it myself from scratch. As Legacypac says, it means the admin just has to do a quick CSD delete rather than the formal closing steps of the RfD, so it's one step of bureaucracy taken care of. Mz7 makes the point that CSD has more active admins than RfD - I've personally done lots of CSD work but I don't think I've ever even looked at RfD. On an ideological front I also think it's good to get judgment calls like this devolved away from admin-only wherever practical. Boing! said Zebedee (talk) 10:21, 22 October 2018 (UTC)[reply]
  • Procedural note. The same thing was propsed, and rejected, at an RfC in 2016, see Wikipedia talk:Redirects for discussion/Archive 9#Allow non-admin delete closures?. Of course, things can change, but if there is any obvious change since then, it is that for the past year or so we've had more admins regularly closing discussions, so the backlogs have almost disappeared now. – Uanfala (talk) 12:39, 22 October 2018 (UTC)[reply]
    It was a close call back then, and two years is a very long time in Wikipedia ;-) Boing! said Zebedee (talk) 13:31, 22 October 2018 (UTC)[reply]
  • Oppose Per above, I don't see the point. As one of the main sysops active at RfD, I don't think lack of sysop activity is a major issue, but rather lack of overall participation. Having a few more sysops swing by would be helpful, but I'd much rather have folks take part in the discussions. Best case scenario there's a half dozen or so participants, and excepting Thryduulf, there's very little actual discussion amongst participants; mostly by the seventh day there have been no comments for five or six days. ~ Amory (utc) 13:40, 22 October 2018 (UTC)[reply]
  • Hypothetical support, practical oppose. I appreciate the intent here; non-admins are perfectly capable of assessing consensus. However, since an admin still has to come along and delete the article, it just creates double work. --Jayron32 13:45, 22 October 2018 (UTC)[reply]
  • Question how would this work mechanically? Maybe a CSD-like tag indicating an RfD was closed by a non-admin as Delete with a link to the closing diff? zchrykng (talk) 13:47, 22 October 2018 (UTC)[reply]
@Zchrykng: Yes a template like {{db-xfd}}. — Insertcleverphrasehere (or here) 13:52, 22 October 2018 (UTC)[reply]
  • Oppose. It's rare that there is actually a significant backlog of discussions that are simple closures (with any outcome). user:Feminist does good work with easy keep and retarget closures and there are 6 active RfD admins (in no particular order) myself, Tavix, Patar knight, Amorymeltzer, Deryck Chan and BDD. The discussions that get left are the ones that are more complicated and need careful assessing of the arguments - NACs would not help these. The one really extended backlog we had recently was Wikipedia:Redirects for discussion/Log/2018 September 17#Stephni meyer which went unanswered for several days at WP:ANRFC but was closed by Ivanvector (an occasional RFD participant and former regular) when I left a message on their talk page. What is needed at RfD is more people (admins and non-admins) participating in discussions and admins patrolling backlogs at WP:ANRFC. Thryduulf (talk) 14:30, 22 October 2018 (UTC)[reply]
  • Strong oppose. This comes up frequently enough that I have listed out my reasons at User:Tavix/non-admin closes. -- Tavix (talk) 14:43, 22 October 2018 (UTC)[reply]
  • TBH I think what this shows is that having something like an "eliminator" user right would be useful. Galobtter (pingó mió) 14:48, 22 October 2018 (UTC)[reply]
  • Support - I did make this same proposal some time ago. I don't think this would help address any backlogs and I agree that in the more recent past this process hasn't really been plagued with backlogs anyway. I pretty much agree entirely with Thryduulf's comment, but this is more of a "why not?" support. I don't think the sky is going to fall if we let non-admins conclude that a discussion closed as "delete" just because they can't push the buttons: we let non-admins close every other kind of result anyway. Personally I think it's silly that we trust experienced editors like feminist to neutrally assess the result of a discussion but only if the result fits in a certain box. If such a user can determine the consensus of a "keep" discussion they are just as capable of determining the consensus of a "delete" discussion. Ivanvector (Talk/Edits) 15:29, 22 October 2018 (UTC)[reply]
  • Oppose per the sound reasoning at User:Tavix/non-admin closes. -DJSasso (talk) 16:31, 22 October 2018 (UTC)[reply]
  • Neutral. I have previously argued against NAC deletion, though the marginal cases of all admin-regulars having already chipped in, and the faffiness of RfA are softening me up to the idea of non-admins closing discussions to mandate admin action. As one of the RfD admin-regulars I am probably expected to leave a comment here, so I'm writing this to say why I don't feel strongly either way. Deryck C. 17:23, 22 October 2018 (UTC)[reply]
  • I'd like to find some way to make this work. Before I was an admin, I did good work (I'd like to think) with non-admin closures, including deletion results in venues that allowed it. I mostly agree that the RfD backlog hasn't been bad enough recently to really need this, but that has not always been true and likely will not be true again sometime in the future. So I don't want to argue against planting seeds just because I currently have enough food, proverbially speaking. The first thing that comes to mind is a system in which one or more admins indicate "hey, a non-admin delete close could work here". I don't know how to design a clean mechanism like that, though. I imagine it'd be invoked most when admins are involved. We wouldn't want it to just be a way for admins to try to cut short discussion on something they want to see deleted. (Please ping me if a response is requested; I won't be watching this page.) --BDD (talk) 19:22, 22 October 2018 (UTC)[reply]
  • Comment the mechanics are very simple. Close as Delete and tag the redirect G6 housekeeping noting "deleted at RfD" or similar. An admin working CSDs can just press the button. If some non-Admins closed the non-comtroversal ones the Admins woukd be freed up to close the tougb ones, though there are not a lot of tough RfD discussions. I favor letting non-Admins do everything possible to demonstrate a good trackrecord and this is a good place for someone to show their judgement. Legacypac (talk) 19:33, 22 October 2018 (UTC)[reply]
  • Oppose per the excellent essay at User:Tavix/non-admin_closes. All this does is create duplicate work. The scripts that we have make adding all the templates trivial, so a non admin doing that isn't really helping. The best that can be said for this proposal is that it might give qualified individuals the chance to better demonstrate that they are qualified for RfA, but they can do that in other ways. — Insertcleverphrasehere (or here) 19:56, 22 October 2018 (UTC)[reply]
  • Oppose. I don't understand the reasoning here at all; there's no backlog to speak of at RFD and hasn't been since the disruptive editor who used to fill it with spurious and time-consuming comments (all of which needed to be reviewed by the closing admin just in case it was one of the rare occasions when he was making a sensible point) has been sitebanned, and needing to have two closers for each discussion would increase the workload, not decrease it. ‑ Iridescent 20:02, 22 October 2018 (UTC)[reply]
  • Oppose, noting that (I think) I supported a similar proposal a while ago. It makes sense for TfD and CfD to allow non-admin "delete" closures because templates and categories need to be orphaned/emptied/replaced before they are deleted, and this extra work can be done quicker if non-admins are involved in the process. RfD has no similar issue. feminist (talk) 10:32, 23 October 2018 (UTC)[reply]
@Feminist: I have not seen non-admins close CfD discussions as "delete" and XFDCloser doesn't let me close CfD discussions as "delete". Pkbwcgs (talk) 11:38, 25 October 2018 (UTC)[reply]
Also, Wikipedia:Categories for discussion/Working is fully protected which makes it impossible for non-admins to close CfD discussions as "delete". Pkbwcgs (talk) 11:47, 25 October 2018 (UTC)[reply]
See Wikipedia_talk:Categories_for_discussion/Working#Protection_of_WP:CFD.2FW.2C_take_3. feminist (talk) 13:04, 25 October 2018 (UTC)[reply]
@Feminist: Okay. However, XFDCloser doesn't let non-admins close a CfD discussion as "delete". Pkbwcgs (talk) 14:06, 25 October 2018 (UTC)[reply]
  • Oppose Unless there is a user right that allows non admins to delete pages it makes no sense to allow non admins to close as delete unless the article is already deleted and the admin forgot or could not close it. Abote2 (talk) 10:29, 25 October 2018 (UTC)[reply]
  • Oppose per basically hwat Tavix has already summarized at User:Tavix/non-admin closes. There is already a process to determine whether someone is clueful enough to assess consensus and it's called WP:RFA. In fact, proposals like this carry the risk of deterring people from running for adminship by removing incentives (such as the ability to close XFDs as delete). Regards SoWhy 10:37, 25 October 2018 (UTC)[reply]
  • Support per Ivanvector. Also, it's great, actually, to have two users (the closer and the deleter) who believe delete is the policy compliant consensus, further evidencing that is the reasoned course. In addition, it's said that the process suffers from lack of participation, a likely side benefit to this proposal is more policy compliant participation and more experienced participation across the board. (As lack of participation in deletion, often results in a potential closer, not closing, but instead participating). -- Alanscottwalker (talk) 13:22, 25 October 2018 (UTC)[reply]
  • Oppose, per Iridescent. Unnecessary, as there is no significant backlog at RFD. Will not decrease the workload on admins but will increase the overall workload for the project and will make things bureaucratically more complicated without a completing need for it. Also will create a mess at DRV if such deletion decisions are ever appealed there since there will be more things to haggle about (the NAC closure itself and the subsequent deletion by an admin). Nsk92 (talk) 14:30, 25 October 2018 (UTC)[reply]
  • Oppose as meaningless. Admins are responsible for any use of the tools, so they would still have to reevaluate the discussion to determine if the determination of a "delete" consensus was correct. "But _______ told me to!" isn't an excuse for tool misuse. If a non-admin agrees that something should be deleted, they can of course add a "Delete" argument to the discussion, and realistically, greater participation in deletion discussions would be of far more value. Seraphimblade Talk to me 19:35, 25 October 2018 (UTC)[reply]
  • Support - if this proposal was implemented, admins should not be the ones responsible for that deletion - the non-admin closer would be. Admins would only be responsible for preventing clerical errors - establishing that an RfD was closed as delete for the correct redirect. This is easily handled by an automated tool. Hell, we could make it so an automated tool compiled the NAC deletes onto one page, waiting for an admin to drive-by d-batch all of them. Admins will likely know the closer in the vast majority of deletions that would occur under this rule. In response to the argument that anyone who is trustworthy enough to close RFD discussions as delete should simply pick up the mop at RfA, I have only one thing to say: RfA is buh-roken. Tazerdadog (talk) 06:11, 28 October 2018 (UTC)[reply]
  • Consensus has determined that only trusted users (aka those who succeeded in RfA) should have access to deletion tools, as with great power comes great responsibility. Therefore, letting non-Admins close as delete and having them delete the pages would be large break of consensus. Kirbanzo (talk) 18:54, 28 October 2018 (UTC)[reply]
  • Snow oppose - deletion should always only be carried out by administrators - besides, if it's deleted before the XfD (in this case, RfD) is finished, let some user use the custom close rationale to close it. Kirbanzo (talk) 18:54, 28 October 2018 (UTC)[reply]
  • Oppose. Doubles the work as admins are ultimately responsible for their deletions. The problem with RFD and most non-XFD AFD processes is not a lack of willing administrators, but a lack of participation. ---- Patar knight - chat/contributions 07:52, 4 November 2018 (UTC)[reply]
  • Oppose deletion is best left to admins and if they have to double-check anyway this is a waste of time Atlantic306 (talk) 16:52, 4 November 2018 (UTC)[reply]
  • Support in principle - this discussion is a close parallel to the similar one at TfD awhile back, and contains a lot of the same misunderstandings. NACs at TfD worked well, and IMO the sole condition that would limit using them in a similar way at RfD is the opposition of admins who are regulars there. We had back then the same problem with people who had no idea how the process might work showing up at the RfC to announce that it wouldn't help and would "double the work", never mind that the people actually doing the work at the time knew perfectly well where the pain points were and why this procedural change would reduce them. The difference between the TfD proposal and this one, though, is that it seems that (some of?) the admins involved aren't persuaded (see Amorymeltzer's post above) and they're the ones who actually know what they're talking about when it comes to workload. Opabinia externa (talk) 21:54, 4 November 2018 (UTC)[reply]
  • Oppose (1) the is not a huge backlog in AfD and (2) As a reviewer, I have seen many times pages have been checked reviewed and accepted on the main space even the articles have 0 source/homepage or sources associate with the subjects, let alone the articles pass the notability, reliable secondary source with WP:SIGCOV requirements. If reviewer would accept such articles, other editors might not know/might not have the knowledge of what constitute a page to be deleted. To say that, there are some editors and reviewers do have the understand to carry out the task if a non-admin "delete" closures right is provided/permitted. CASSIOPEIA(talk) 04:27, 13 November 2018 (UTC)[reply]
  • Support This will help reduce the work administrators. —Eli355 (talkcontribs) 21:54, 22 November 2018 (UTC)[reply]
  • Oppose as admin required to delete anyway Cas Liber (talk · contribs) 02:33, 23 November 2018 (UTC)[reply]
The discussion above is closed. Please do not modify it. Subsequent comments should be made on the appropriate discussion page. No further edits should be made to this discussion.

Proposal/RFC: Redesigning page-protection padlock icons to be more accessible

Hello everyone. The template doesn't seem to like tables inside of it, but I'm leaving this table here just to clarify the conclusions reached. Thanks, ProgrammingGeek talktome 14:35, 13 November 2018 (UTC)[reply]

Type of protection Former design Implemented design
Full protection
Fully protected
Fully protected
A symbolic representation of a padlock, gold in color with a grey shackle. On the body is a white capital letter F.
Fully protected
Template protection
Template-protected
Template-protected
A symbolic representation of a padlock, magenta in color with a grey shackle. On the body is a white capital letter T.
Template-protected
Semi-protection
Silver padlock
Semi-protected
A symbolic representation of a padlock, dark grey in color with a grey shackle.
Semi-protected
Creation protection
Blue padlock
Create protected
A symbolic representation of a padlock, light blue in color with a grey shackle. On the body is a white plus sign.
Create protected
Move protection
Green padlock
Move protected
A symbolic representation of a padlock, green in color with a grey shackle. On the body is a black right arrow.
Move protected
Upload protection
Purple padlock
Upload protected
A symbolic representation of a padlock, purple in color with a grey shackle. On the body is a white up arrow above a horizontal line.
Upload protected
Pending changes protection
White padlock
Pending changes protected
A symbolic representation of a padlock, blue-grey in color with a grey shackle. On the body is a white check mark.
Pending changes protected
Extended confirmed protection
Dark blue padlock
Extended confirmed protection
A symbolic representation of a padlock, medium blue in color with a grey shackle. On the body is a white capital letter E.
Extended confirmed protection
Protection by office action
Black padlock
Protected by Office
A symbolic representation of a padlock, black in color with a grey shackle. On the body is a white circle.
Protected by Office
Cascading protection
Turquoise padlock
Cascade protected
A symbolic representation of a padlock, turquoise in color with a grey shackle. On the body is a white symbol representing a chain link.
Cascade protected

The following discussion is closed. Please do not modify it. Subsequent comments should be made in a new section. A summary of the conclusions reached follows.

Most discussion seems to have stopped, and I think this RfC has reached its natural conclusion.
  • Summary: there is consensus to checkY Update the padlocks with grey shackles, without bias towards other discussions as to design specifics
  • Extended rationale:
    • There is an overwhelming majority of editors in favour of the new padlock designs. While sheer force of numbers alone does not determine consensus, this proposal is in a somewhat unique position of "I like this side more" to be a pretty valid rationale.
    • There were a total of 3 editors opposing this proposal.
      • Two stated that they had a preference for the old design.
      • One stated that they would support if the icons were removed. I weighted this opposition less because I felt it was more of an "implementation" issue, which I considered separately.
    • Most people who had an opinion either way stated that they preferred the version with the grey shackles, although I don't really buy (get it?) the assertion that Wikipedia could be mistaken for an ecommerce website without the grey shackles.
    • The question as to whether or not the padlocks improved accessibility was never really settled. As most editors supported the change anyway, this didn't seem to matter too much. As implementation wouldn't have decreased accessibility, the argument itself wasn't too important in the decision to close.
    • Much discussion was had over the specifics over the contents of the icons themselves.
      • Some editors preferred letters over symbols and vice versa. Boing! said Zebedee's suggestion that symbols were easier to learn than colours seemed to be generally agreed upon
      • Feedback was incorporated into the padlocks (viz. the symbols)
      • The discussion did not start with the padlocks that were finally agreed upon. While I think that most editors who supported would be generally happy with the final result, I believe that there should be no bias towards further discussion of specifics
        • Note that this doesn't mean that there should be another discussion - Zebedee's point that requiring another discussion would be needlessly bureaucratic is correct.

Many thanks to all who participated. Kindest regards, ProgrammingGeek talktome 01:23, 13 November 2018 (UTC)[reply]


EXAMPLES:

Should the page protection padlock icons be redesigned? XYZt (talk  |  contribs) – 07:00, 25 October 2018 (UTC)[reply]

Background (padlock redesign)

Page-protection padlocks are icons at the top right corner of protected pages. However, the current padlock designs have several flaws, many of which harm people who have visual impairments.

1. The padlocks were not designed for viewing at such a small size.
  • The edges on the icons have a white glow, which makes them appear to blend into the backgruond.
  • The shackle is thin and light, contrasting poorly with the background.
2. Many of the padlocks do not have adequate color contrast.
  • Per WP:COLOR, the contrast of text (or in this case, small icons) with its background should reach at least Web Content Accessibility Guidelines (WCAG) 2.0's AA level. This is because some readers of Wikipedia have visual impairments such as partial or full color blindness.
  • However, current lock icons like pending changes protection (light grey) and create protection (cyan) fails to meet the AA standards.
3. Most users cannot tell the type of protection each lock represents from a glance.
  • There are no visual aids that help people understand what the different padlocks mean.

Proposal (padlock redesign)

Type of protection Current Redesign Grey shackle Dark mode
Full protection
Fully protected
Fully protected
A symbolic representation of a padlock, gold in color. On the body is a white capital letter F.
Fully protected
A symbolic representation of a padlock, gold in color with a grey shackle. On the body is a white capital letter F.
Fully protected
A symbolic representation of a padlock, pink in color. On the body is a black capital letter T.
Fully-protected
Template protection
Template-protected
Template-protected
A symbolic representation of a padlock, magenta in color. On the body is a white capital letter T.
Template-protected
A symbolic representation of a padlock, magenta in color with a grey shackle. On the body is a white capital letter T.
Template-protected
A symbolic representation of a padlock, pink in color. On the body is a black capital letter T.
Template-protected
Semi-protection
Silver padlock
Semi-protected
A symbolic representation of a padlock, dark grey in color.
Semi-protected
A symbolic representation of a padlock, dark grey in color with a grey shackle.
Semi-protected
A symbolic representation of a padlock, grey in color.
Semi-protected
Creation protection
Blue padlock
Create protected
A symbolic representation of a padlock, light blue in color. On the body is a white plus sign.
Create protected
A symbolic representation of a padlock, light blue in color with a grey shackle. On the body is a white plus sign.
Create protected
A symbolic representation of a padlock, light blue in color. On the body is a black plus sign.
Create protected
Move protection
Green padlock
Move protected
A symbolic representation of a padlock, green in color. On the body is a white right arrow.
Move protected
A symbolic representation of a padlock, green in color with a grey shackle. On the body is a black right arrow.
Move protected
A symbolic representation of a padlock, green in color. On the body is a black right arrow.
Move protected
Upload protection
Purple padlock
Upload protected
A symbolic representation of a padlock, purple in color. On the body is a white up arrow above a horizontal line.
Upload protected
A symbolic representation of a padlock, purple in color with a grey shackle. On the body is a white up arrow above a horizontal line.
Upload protected
A symbolic representation of a padlock, light purple in color. On the body is a white up arrow above a horizontal line.
Upload protected
Pending changes protection
White padlock
Pending changes protected
A symbolic representation of a padlock, blue-grey in color. On the body is a white check mark.
Pending changes protected
A symbolic representation of a padlock, blue-grey in color with a grey shackle. On the body is a white check mark.
Pending changes protected
A symbolic representation of a padlock, blue-grey in color. On the body is a black check mark.
Pending changes protected
Extended confirmed protection
Dark blue padlock
Extended confirmed protection
A symbolic representation of a padlock, medium blue in color. On the body is a white capital letter E.
Extended confirmed protection
A symbolic representation of a padlock, medium blue in color with a grey shackle. On the body is a white capital letter E.
Extended confirmed protection
A symbolic representation of a padlock, medium blue in color. On the body is a black capital letter E.
Extended confirmed protection
Protection by office action
Black padlock
Protected by Office
A symbolic representation of a padlock, black in color. On the body is a white circle.
Protected by Office
A symbolic representation of a padlock, black in color with a grey shackle. On the body is a white circle.
Protected by Office
A symbolic representation of a padlock, black in color. On the body is a black circle.
Protected by Office
Cascading protection
Turquoise padlock
Cascade protected
A symbolic representation of a padlock, turquoise in color. On the body is a white symbol representing a chain link.
Cascade protected
A symbolic representation of a padlock, turquoise in color with a grey shackle. On the body is a white symbol representing a chain link.
Cascade protected
A symbolic representation of a padlock, turquoise in color. On the body is a black symbol representing a chain link.
Cascade protected

This proposal redesigns the current padlock icons with more accessibility and minimalism in mind. Unnecessary elements such as textures and shadows are removed, and all of these redesigned icons have AA-level contrast.

Symbols are embedded in the padlocks to further help in identifying different locks. For example, upload protection now has an upload icon inside the purple padlock, and cascade protection, where pages transcluded onto the protected page are also protected, now has a link icon.

People have noted that these padlocks are similar to the ones used at Wikidata. I wasn't aware of that, but it would be great if the folks there implement the embedded icons too.

Alternative designs (padlock redesign)

@Ahecht: has suggested changing the shackles to grey to make them look more realistic.


Posted by XYZt (talk) 07:00, 25 October 2018 (UTC)[reply]

Support (padlock icons)

Support, neutral/unspoken on shackle color (padlock icons)

  1. I like the proposed new icons. They are crisp and mainly easy on the eye, plus it solves the problem that colors alone are no longer helpful since so many new forms of protection have been created. Minor change requests aside, I think generally we can support updating the look based on this proposal and discuss individual icons if needed. Regards SoWhy 10:41, 25 October 2018 (UTC)[reply]
  2. I agree; nice work XYZtSpace.--John Cline (talk) 10:53, 25 October 2018 (UTC)[reply]
  3. Pending whatever minor tweaks might be needed (and based on my comments in the discussion below), I'm happy to support this as a significant improvement. Boing! said Zebedee (talk) 10:55, 25 October 2018 (UTC)[reply]
    Just to add that I don't really have a preference between grey shackles and coloured shackles. Boing! said Zebedee (talk) 16:55, 29 October 2018 (UTC)[reply]
  4. Minor tweaks aside, LGTM! ~ Amory (utc) 10:57, 25 October 2018 (UTC)[reply]
  5. Strong support, I don't make a big deal of it but this is one of the many Wikipedia things which don't work for me. The symbols mean the fact I don't see the colors is less of a problem. — Frayæ (Talk/Spjall) 11:17, 25 October 2018 (UTC)[reply]
  6. Support. They are non-invasive and simple. It also solves the problem of being dependant on colour (i.e. black/white prints/screenshots, colour blindness, etc). Rehman 11:21, 25 October 2018 (UTC)[reply]
  7. Support in principle. Colors alone re no longer useful with so many different levels of protection. Some design tweaks based on discussion below may still be warranted though. MarginalCost (talk) 11:27, 25 October 2018 (UTC)[reply]
  8. Support per above. SemiHypercube 11:29, 25 October 2018 (UTC)[reply]
  9. Good work; support in principle subject to whatever adjustments are deemed necessary. Sandstein 11:32, 25 October 2018 (UTC)[reply]
  10. Support. Great effort here. Minor tweaks can be done, but updating these old icons to solve the outlined issues is a solid idea that refreshes an older outdated icon set. -- ferret (talk) 11:33, 25 October 2018 (UTC)[reply]
  11. I am strongly supporting this proposal as they are more accessible and more colourful to make it obvious what the level of protection is. Pkbwcgs (talk) 11:57, 25 October 2018 (UTC)[reply]
  12. I was uncertain about this at first, but now I think that this is much better than what we currently have. funplussmart (talk) 12:14, 25 October 2018 (UTC)[reply]
  13. Support as currently designed, strong support with the changes below made. zchrykng (talk) 14:39, 25 October 2018 (UTC)[reply]
  14. No brainer. Clear improvement from what we have now. –Ammarpad (talk) 14:51, 25 October 2018 (UTC)[reply]
  15. Clear snowed support. Unanimous so far. Discussion proceeds on tweaks. Alsee (talk) 15:20, 25 October 2018 (UTC)[reply]
  16. SUpport Big improvement! --Jayron32 15:59, 25 October 2018 (UTC)[reply]
  17. Well thought design change. Best, Barkeep49 (talk) 16:10, 25 October 2018 (UTC)[reply]
  18. Support looks nice. feminist (talk) 18:07, 25 October 2018 (UTC)[reply]
  19. Support easier on the eyes, less confusion and a good fix for something that needs updating. JC7V-talk 18:12, 25 October 2018 (UTC)[reply]
  20. (edit conflict) Strong support on principle. I like Ahect's design below better, but would like to see more options as well. Wugapodes [thɑk] [ˈkan.ˌʧɹɪbz] 19:05, 25 October 2018 (UTC)[reply]
  21. Support but there may exist some non-obvious problems with their design. It is impossible to say without a full scale trial. Ruslik_Zero 20:14, 25 October 2018 (UTC)[reply]
  22. Support I love the new locks. However I would suggest that semi-protection has 'IP' in the lock (or similar, perhaps S for semi), because a plain gray lock is unclear in meaning on its own. Headbomb {t · c · p · b} 21:07, 25 October 2018 (UTC)[reply]
  23. Support - including the meaning of the lock in the image seems obvious. Reywas92Talk 00:05, 26 October 2018 (UTC)[reply]
  24. Support minor tweaks notwuthstanding, these are a large improvement. Tazerdadog (talk) 00:23, 26 October 2018 (UTC)[reply]
  25. Support - 1. Neutral/apathetic on grey shackles.
    2. Prefer letters on the lock bodies. (For cascade protection, which I have never actually seen in the wild, use the chain link to avoid conflict with create protection.) For the most part, people will determine the type of protection by means other than what appears on the lock body: by the tooltip; by clicking on the icon which should take them to a full description of the protection type (as happens today); and to a lesser extent by color after some experience with the new icons. But, if we must put something on the lock bodies, let it be something that is more readily associated with the protection type. I think the letter M (for example) would be more likely to make people think of move protection than would a right-arrow.
    We're used to using graphic symbols I guess because of the widespread use of that on signs of all kinds. That's done so the signs can be understood by speakers of different languages. This is the English Wikipedia, all users are expected to have a certain level of competence in English, so language independence is not a consideration here and we should think outside that box. ―Mandruss  04:03, 26 October 2018 (UTC)[reply]
    As newly created pages are marked with an "N" in edit histories, I think an N could be used for the creation protection icon if desired.--John Cline (talk) 04:25, 26 October 2018 (UTC)[reply]
  26. Looks like it improves accessibility for some of our users. Mz7 (talk) 06:47, 26 October 2018 (UTC)[reply]
  27. Support - as a small but clear improvement to the encyclopedia. I'm agnostic on the grey shackles. Thanks for your work on this! Ajpolino (talk) 06:49, 26 October 2018 (UTC)[reply]
  28. Strong support - I deal with protected pages all the time since I work on edit requests and review pending changes. I am also moderately colorblind. With all of the locks together like in this proposal, I can tell them apart fairly well (though the semi and PC1 locks still look the same color no matter where I see them). With a lock alone at the top of a page, I have no chance. It's habit anytime I see a lock to mouse over it and check the popup. The more accessible versions would be much nicer. I agree that neither set of icons means anything if you don't already know what they mean, but I do know what they mean, and the existing color-coding might as well not exist. Make the shackles any color you want, put any symbol or letter you want on any of the locks - any of the proposals I see here would be a vast improvement for me. ‑‑ElHef (Meep?) 15:21, 26 October 2018 (UTC)[reply]
  29. Support I often have to look twice (or hover over it) to be sure about a specific protection icon, especially when just quickly skimming over articles. I am sure GUI experts will be able to fine-tune minor details and tweaks. GermanJoe (talk) 17:48, 26 October 2018 (UTC)[reply]
  30. Support - more clarity than the current version. Cabayi (talk) 19:13, 26 October 2018 (UTC)[reply]
  31. Support Like the new versions, much more clear and noticeable. Personally I prefer the colored shackles, as I don't really think we need "realism" when the real point is to be as clear as possible. Keeping the shackle color the same as the body would mean we might be able to enlarge the letters/symbols to make them more readable while still having enough color to be identifiable. Gray shackles are merely aesthetic and add no informative value. However, either proposal is an improvement over the original. CThomas3 (talk) 19:28, 26 October 2018 (UTC)[reply]
  32. Support these icons make it much more obvious what type of protection is being applied. They are also stand out slightly more, are easier and clearer to look at. --Tom (LT) (talk) 22:38, 26 October 2018 (UTC)[reply]
  33. Support These newer icons are an improvement upon accessibility as far as meaning of the different lock-levels, although I too would prefer the person icon to be changed to an "S" as the extended protection and full protection already contains an E and an F. This is English Wikipedia, so having the letters makes sense.  Spintendo  23:33, 26 October 2018 (UTC)[reply]
  34. Support. May need some minor changes before implementation, but these are a big step up from the old ones in terms of design and accessibility. TeraTIX 01:27, 27 October 2018 (UTC)[reply]
  35. I wish they were 3D... Abelmoschus Esculentus 03:49, 28 October 2018 (UTC)[reply]
  36. Excellent job here! This is a good idea. I don't buy the idea that if you don't know what the current ones mean, you won't understand what the redesigned ones mean. I didn't know what the colors meant for years, and I'm quite sure the symbols would have been more distinctive to me long before I finally started to internalize what the colors mean. It probably won't help new users much, but those who've been around for a month or two will have a much better shot of getting this collection of new locks. Kevin (aka L235 · t · c) 09:10, 28 October 2018 (UTC)[reply]
  37. I support this but I also think that if the padlocks are redesigned the other topicons like the featured and good article icons should be changed too. 🌸 WeegaweeK^ 🌸 10:49, 28 October 2018 (UTC)[reply]
  38. Support These single 2D colour padlocks, with extra information included, are much more clearer. I find the current set of padlocks quite confusing. talk to !dave 15:15, 28 October 2018 (UTC)[reply]
  39. Support. Much clearer for all users, not just those with visual impairments. MichaelMaggs (talk) 15:42, 28 October 2018 (UTC)[reply]
  40. Support - these redesigned padlocks will make it clearer what protections are in place, due to the fact it would have a symbol that can clarify that. Kirbanzo (talk) 18:42, 28 October 2018 (UTC)[reply]
  41. Support - The new padlocks are easier to tell apart and discern, and their iconography is more consistent with other parts of Wikipedia. User:Axisixa [t] [c] 07:16, 29 October 2018 (UTC)[reply]
  42. Fine Among other things, the current colors seem to want to signify something (except, who knows what) the new ones are marginally better in that regard (even if it were, 'yes, we really are trying to tell you something with this, not just dress up in colors') -- Alanscottwalker (talk) 12:27, 29 October 2018 (UTC)[reply]
  43. Support New icons look way better (current design styles trend toward flatter, cleaner looks, as opposed to the early 2000s gradients on the current protection icons). The colors also are not accessible to people without full color vision, so the icons inside the locks are really helpful. – FenixFeather (talk)(Contribs) 21:21, 29 October 2018 (UTC)[reply]
  44. Support I can barely tell the difference between the current pending changes and cascading protection icons. The new icons clearly delineate what they are for. spryde | talk 00:48, 31 October 2018 (UTC)[reply]
  45. Support. This improves accessibility without impeding those who don't currently have an issue with the current set, so there are no downsides that I can see. Thryduulf (talk) 13:56, 1 November 2018 (UTC)[reply]
  46. Support Nice job, either version; the internal icons are most helpful. Slight preference for grey shackles. --Elmidae (talk · contribs) 10:37, 2 November 2018 (UTC)[reply]
  47. Support, with the proviso that Mandruss mentions above that letters are used, not symbols. As is said several times in the oppose section, the whole thing is non-intuitive or non-informative and requires exploration/explanation the first time one comes across it, but letters are slightly easier to remember or work out and, for example, i'm finding it quite difficult right now to tell the difference between the arrow for move protection, that for upload protection, and the plus sign for creation protection. Happy days, LindsayHello 09:36, 4 November 2018 (UTC)[reply]
  48. Support. I have the majority human level of color vision, but I've long found the current ones to not be clear enough. I find it impossible to remember what each color means, because I don't see them every day, so I always have to check the tooltip—the current color-coding provides no benefit to me. A little symbol or letter in the lock would make it much easier to remember what icon corresponds to what protection level, so I could tell at a glance. Also, the old ones just look excessively 3-dimensional and skeuomorphic to me. I have no preference for colored or gray shackles—I find that they look equally like shopping bags (or not), and that they look equally distinct from the other colors. I like the symbols on some of the proposed icons, but I'd also be OK with them all being letters. PointyOintment · 03:58, 8 November 2018 (UTC)[reply]
  49. Support: These seem more understandable than the old ones. This would improve accessibility, and not just for colour-blind people. Like, I looked at the current ones, and I didn't remember what white was, and then there's all those shades of blue. I don't really like the person icon for semi-protection though. Maybe a padlock slash two would be better. Or a padlock with a slash in the middle. The "semilock" that someone suggested (half dark-grey, half light-grey) might also work. Coloured shackles or grey? Maybe that could depend on the size? – Pretended leer {talk} 21:04, 9 November 2018 (UTC)[reply]
  50. Support They look very nice! Easier on the eyes MusikAnimal talk 17:15, 10 November 2018 (UTC)[reply]
  51. Support . Kudpung กุดผึ้ง (talk) 03:02, 11 November 2018 (UTC)[reply]
  52. Support proposal as a whole but oppose proposed redesigns for some. I don't like how some padlocks are based on the first letter and some others are based on the kind of protection. Either way, it's pretty good and personally if the semi-protection was not just a person placeholder icon. Imo, it should be more contextual or the letter. I'd prefer keeping it like the standard protections (full/semi/PC) being first-letter basis and the other kinds being contextual. The current designs look pretty but lack uniformity. --QEDK () 07:52, 11 November 2018 (UTC)[reply]

Support with colored shackles (padlock icons)

Note: This is only the people who explicitly stated their preference to the version with colored shackles.

  1. These look great, and should be easier for all readers to understand. 28bytes (talk) 14:03, 25 October 2018 (UTC) (Adding: I prefer the single-color redesign to the version with the grey shackles, but either one is an improvement.) 28bytes (talk) 01:51, 26 October 2018 (UTC)[reply]
  2. I prefer the single-color design over the ones with grey shackles to maximize the colored area. Single-color icons are clearer. feminist (talk) 16:19, 26 October 2018 (UTC)[reply]
  3. Support, preferably without grey shackles William Avery (talk) 16:04, 29 October 2018 (UTC)[reply]
  4. Absolutely. I prefer the one without gray shackles, since single-colored looks better in my opinion (and probably because I'm used to flat designs), but I'll accept it either way, gray shackles or not. theinstantmatrix (talk) 20:54, 26 October 2018 (UTC)[reply]
  5. Support - Although the symbols aren't all intuitive, the colors certainly aren't either, and it may increase accessibility for people with colorblindness or visual impairments. I don't see much value in the grey shackles, as they can hardly be distinguished at the size they will be used, and it's more important for an icon to be recognizable than realistic. Jonathunder (talk) 21:36, 29 October 2018 (UTC)[reply]
  6. Absolutely. I prefer the one without gray shackles, since single-colored looks better in my opinion (and probably because I'm used to flat designs), but I'll accept it either way, gray shackles or not. theinstantmatrix (talk) 20:54, 26 October 2018 (UTC)[reply]
  7. Support I also support colored shackles, but I also will accept either. CThomas3 (talk) 05:38, 4 November 2018 (UTC)[reply]

Support with grey shackles (padlock icons)

Note: This is only the people who explicitly stated their preference to the version with grey shackles.

  1. Minor tweaks notwithstanding, this is a big improvement over the current symbols. Support Grey Shackles as they look better and are just as accessible. — Insertcleverphrasehere (or here) 10:45, 25 October 2018 (UTC)[reply]
  2. Conditional support with the gray shackes (as per File:Protection redesign - ahecht.png). They look more like locks and less like shopping bags. Shopping bags are often seen as icons on webpages selling things, and I'd hate to give the impression that Wikipedia is an ecommerce site. --Ahecht (TALK
    PAGE
    ) 18:59, 25 October 2018 (UTC)[reply]
  3. Support with grey shackles. The protection padlocks have been long overdue for a clarity upgrade. This fits that bill. —Jeremy v^_^v Bori! 19:30, 25 October 2018 (UTC)[reply]
  4. Support with grey shackles. This is a lighter theme that still delivers the basic messages. De728631 (talk) 19:33, 25 October 2018 (UTC)[reply]
  5. Support the basic change. The addition of grey shackles would also be good. -sche (talk) 19:47, 25 October 2018 (UTC)[reply]
  6. Support' grey version above, which are clearer. There also needs to be an S for semi-protection, and maybe the others should be converted to letters as well since there's only one overlap? ---- Patar knight - chat/contributions 21:00, 25 October 2018 (UTC)[reply]
  7. Support with grey shackles. Renata (talk) 00:19, 26 October 2018 (UTC)[reply]
  8. Support for grey shackles versions. KCVelaga (talk) 01:16, 26 October 2018 (UTC)[reply]
  9. Support with preference for grey shackle versions: if it means that colourblind people will be able to use Wikipedia a bit better, although updating the templates may be a problem. Regards, User:TheDragonFire300. (Contact me | Contributions). This message was left at 02:46, 26 October 2018 (UTC)[reply]
  10. Support with grey shackle While the letters won't allow people with no idea of protection to know it instantly, it'll still allow people learning which is which to do it easier (I at-least remember forgetting that the "gold" (actually really brown) padlock was full protection) Galobtter (pingó mió) 08:34, 26 October 2018 (UTC)[reply]
  11. I oppose my comment being refactored in this way without any discussion and without having been notified. My original comment in support of redesigning the graphics can be found here. Ivanvector (Talk/Edits) 16:56, 30 October 2018 (UTC)[reply]
  12. Support, with some preference for the grey shackle. I very much like the idea of both (a) improving accessibility, and (b) conveying which kind of protection it is. But I also have an alternative suggestion: we really don't need a different color for each one. The identifier inside each padlock accomplishes the distinction between one padlock and another, and many of the colors are not intuitively related to the kind of protection they represent. And personally, I feel like some of the colors look too candy-colored for a serious encyclopedia. I think it would be fine to make all of the new icons black on a white background (as in the office action example, and with a black shackle), and white in dark mode. --Tryptofish (talk) 20:47, 26 October 2018 (UTC)[reply]
  13. Support, provided the shackles are grey per others' concerns that the original proposal looked too similar to shopping bags.

    However, I would prefer dropping the letters from the full, template, and extended confirmed protection symbols and the protection by office action symbol. The letters are only understandable by those who would already know what the colour denotes and, with the exception of the office action one, they are all very common types of protection. Additionally, I would have never guessed the O to have been an O; it looks like a combination lock.

    I would also be inclined to drop the person icon from the semi-protection symbol. The icon is also understandable only by those who would already know what the colour denotes. This is in contrast to, e.g., the move protection symbol. Its arrow icon's meaning might not be readily apparent to the average reader, but it would still be most useful to reminding an editor of its meaning given that one doesn't come across move protection too often. The other issue with the semi-protection symbol is that the person icon representing registered users really doesn't help the very common issue of people forgetting that IPs are human too. 142.160.89.97 (talk) 21:44, 26 October 2018 (UTC)[reply]

  14. Support with grey shackles Much better, simpler and cleaner than the current ones, the letters seam like they could be helpful to some editors. – BrandonXLF (t@lk) 02:08, 27 October 2018 (UTC)[reply]
  15. Support great improvement. support for grey shackles versions with "O, E , T" same size/height and new "semi-protect of half diagonal light vs dark grey padlock icon. CASSIOPEIA(talk) 09:33, 27 October 2018 (UTC)[reply]
  16. Support the grey shackles - the grey handles better convey that the picture represents a lock. Dreamy Jazz 🎷 talk to me | my contributions 19:51, 28 October 2018 (UTC)[reply]
  17. Support version with grey shackles Much simpler and more accessible. --Joshualouie711talk 22:01, 28 October 2018 (UTC)[reply]
  18. First choice These look great. I've been excited about these ever since I saw the proposed redesign. shoy (reactions) 13:44, 30 October 2018 (UTC)[reply]
  19. Support as per my previous comment on the idea lab page. This proposal will be accepted easily since there are only three oppose comments out of the tons of support comments here. Grey shackles would look a lot better in my opinion. 344917661X (talk) 02:00, 26 October 2018 (UTC)[reply]
  20. Support the new design makes the locks' function clearer and they don't look like shopping bags. — pythoncoder  (talk | contribs) 18:46, 30 October 2018 (UTC)[reply]
  21. I support the icons' implementation, although I would prefer for minor changes to be made first (as below). Jc86035 (talk) 14:04, 25 October 2018 (UTC) Moved to section supporting grey shackles. Jc86035 (talk) 11:26, 2 November 2018 (UTC)[reply]
  22. Support - good improvement, thanks for creating them! The gray shackles are clearer that they are padlocks Nosebagbear (talk) 23:08, 2 November 2018 (UTC)[reply]
  23. Support with grey shackles. Love the new design, especially with regards to making the protection level clear in a way that isn't just color. (Accessibility is important!) The grey shackles make it more clear that these are padlocks to everyone except those with achromatopsia so we're good on that front. To be honest, I had a knee-jerk dislike of them at first, but I realized it was just because I've been used to the old ones being around for.... what, a decade now? After I read the comments here and really thought about it, I got pretty excited about this! It's a nice, clean, modern redesign. cymru.lass (talkcontribs) 18:36, 5 November 2018 (UTC)[reply]

Oppose (padlock icons)

  1. I prefer the current ones and think they look nicer, so I guess I’m opposing, but I also don’t see this as a big deal either way. Also, just as a note, I find both sets of icons equally uninformative unless you already know what they mean, so I’m really not getting the arguments for this on those grounds. Again, don’t think this is a big deal, but this is just a graphic redesign, and it’s not particularly informative to the non-insider reader. TonyBallioni (talk) 19:21, 25 October 2018 (UTC)[reply]
    @TonyBallioni: The redesign is more informative because it doesn't solely rely on color. A colorblind user would be able to eventually learn the different icons with the redesign, whereas they might never be able to do so with the older design. – FenixFeather (talk)(Contribs) 21:25, 29 October 2018 (UTC)[reply]
    That’s not more informative: they’re equally indecipherable without knowing the key. It is more accessible, but the colourblind person still has to lookup the key. If it was more informative someone who knows nothing about Wikipedia would be able to look at them and tell you what they mean, and that’s still impossible. TonyBallioni (talk) 21:30, 29 October 2018 (UTC)[reply]
    It is more informative to a color impaired user, is what I'm saying, in the sense that there is more information where there was none before. It can be more informative to a non-color impaired user as well. For example, I don't always remember what the blue, gold, and gray locks mean and get them mixed up, but the new icons are extremely helpful with reminding me what they are. Therefore, there is actually additional information. Obviously an icon is not going to magically tell you what the icons mean, though I think the non-letter icons are well chosen and generally do line up with usage outside of Wikipedia. – FenixFeather (talk)(Contribs) 21:41, 29 October 2018 (UTC)[reply]
    I disagree. I still view them as significantly more ugly with no added value, but I also don’t want to continue arguing over something that I don’t care that much about and that is going to pass, so this will be my final reply in this RfC. TonyBallioni (talk) 21:57, 29 October 2018 (UTC)[reply]
  2. I prefer the current ones and think they look nicer - Yeah, me too. I just didn't want to be the first to say it. If you just put the icons in front of me and asked mt to tell you what they meant, assuming I hadn't seen them previously, I'd have no more clue with the new set than the old set. For example, this is my first time encountering the "office protection" padlocks. Never seen them before. The "o" on the new padlock gave me no more information to work out what it meant, than the blank black padlock did. I had to go work out what it was myself – note; I saw this yesterday before the links were placed. Mr rnddude (talk) 05:39, 26 October 2018 (UTC)[reply]
  3. The symbols on the padlock make them look... juvenile. Remove them and I would support. Nihlus 15:27, 28 October 2018 (UTC)[reply]
    @Nihlus: Juvenile, possibly, but the symbols make it easier to figure out what each is. SemiHypercube 01:19, 29 October 2018 (UTC)[reply]
    No. It isn’t. They’re equally as indecipherable unless you already know what they mean: so it’s the exact same as the current situation. This is obviously going to pass, but it’s not an improvement for anyone but admins who are trying to figure out if they need to change the protection level, and only then if they have trouble remembering that gold=full, grey=semi, and blue=ECP. The others are rare enough or obvious enough through the page history (PC), that it doesn’t matter what the design is as no one will remember it anyway. TonyBallioni (talk) 01:26, 29 October 2018 (UTC)[reply]
    Isn't the point that the new ones are meant to be easier to see for those with vision impairments? What we personally like or dislike or what admins might prefer is presumably irrelevant, isn't it? Boing! said Zebedee (talk) 07:46, 29 October 2018 (UTC)[reply]
    @TonyBallioni:
    Proposed redesign of protection locks under red-green colour blindness.
    8% of males are colour blind, we should be using something other than colour to differentiate the lock symbols. While true that "They’re equally as indecipherable unless you already know what they mean"; once you know what they mean, the new symbols ARE decipherable, while the old symbols may just be indistinguishable from each other due to colour blindness issues. See the comparison image at right which indicates what the padlocks look like to somebody who has red-green colour blindness, the symbols give a way of distinguishing that is independent of colour. — Insertcleverphrasehere (or here) 08:10, 29 October 2018 (UTC)[reply]
    I was referencing point 3 of the proposal, which is what I took the “easier to understand” supports to be referencing, not the accessibility issue. I’m still not personally sure it’s worth moving to significantly uglier graphics over, and think there is likely a better way to handle this from an accessibility standpoint (mouseover providing a description or something like that or even just a better design.) TonyBallioni (talk) 12:06, 29 October 2018 (UTC)[reply]
    Well, mouseover doesn't work on tablets and phones (I'm reliably told by folks who use such infernal devices). Boing! said Zebedee (talk) 12:19, 29 October 2018 (UTC)[reply]
    Another point that's just struck me, while looking at some tiny icons on my Mac, is that computer interface technology in general seems to be moving away from 3D appearances and fuzzy/shaded borders for very small graphics, because it is harder on visual impairments, and is using more symbols that might immediately look cryptic but which can be relatively easily learned. Boing! said Zebedee (talk) 12:27, 29 October 2018 (UTC)[reply]
    That's true. Of course, even though I supported I quiet agree with Nihlus' point. And of course, I would prefer the minimalist style that get rid of the symbols and any shading like the ones used on Wikidata. Clear boundaries and distinctive colors.–Ammarpad (talk) 12:41, 29 October 2018 (UTC)[reply]
    Yeah, those are fair points. I suppose my (Quixotic) view here is that while you could make a case for a redesign this particular redesign isn’t the one. I’d prefer something with colours that don’t look like a candy shop and where the icons don’t look so bleh. Clearly in the minority on this though, and it’s not that big a deal. TonyBallioni (talk) 12:50, 29 October 2018 (UTC)[reply]
    @TonyBallioni: I guess that is a reasonable gripe with the current icons. Given the support section is completely full of various suggestions of different opinions on what the symbols should be (and in the discussion below), I would consider that there is support that the padlocks should change to be more accessible (differentiation other than by colour), but not necessarily that this specific set of lock images is the final draft). Indeed the locks have changed substantially while this conversation has been ongoing. I suggest that the overall !voting be closed as a SNOW support for changing the locks to be more accessible, but that we have a new discussion on what exactly the locks should look like. As is I think that the various designs look very disjointed, some with letters, some with rather arbitrary symbols, etc., and a more focused discussion on various options for what they might look like is advised. — Insertcleverphrasehere (or here) 16:44, 29 October 2018 (UTC)[reply]
    Do we really need that much bureaucracy? The various tweaks suggested during the course of the discussion are relatively minor, and there's a strong consensus for something close to what has been suggested. I think there's sufficient consensus to just change them to the most recently tweaked proposed versions, whether that's the grey shackle or the coloured shackle versions - whoever closes can decide where the consensus most closely lies. Then minor tweaks can just be made via the usual editing process, and a new discussion would surely only be needed if there's significant disagreement or if someone wants to suggest a radically different set of icons. Boing! said Zebedee (talk) 16:53, 29 October 2018 (UTC)[reply]
    I think a reasonable closer will conclude that we do need that much bureaucracy. ―Mandruss  17:03, 29 October 2018 (UTC)[reply]
    I mean, I don’t like these designs and even I agree with Boing! here: just change them and make tweaks as needed. TonyBallioni (talk) 17:06, 29 October 2018 (UTC)[reply]
    Presumably making tweaks as needed would require further discussion and consensus. Why not do that now rather than later? The effort is the same, the difference is in the amount of disruption. One change to the icons is better than two. Further, I prefer letters for all, I think my case for that is strong, and I don't think it has received a full hearing because of all the other discussion going on. That's the problem with doing !voting and development concurrently, which is what WP:VPI tries to address with little cooperation from the community. ―Mandruss  17:11, 29 October 2018 (UTC)[reply]
    I'm also a fan of letters for all (with the pesky issue that we have two 'C's). While I like the Upload Arrow, and the Move arrow as natural symbology, letters make for the best cohesiveness and identifiability. But trying to discuss in the middle of all this is pretty difficult if not impossible. — Insertcleverphrasehere (or here) 17:56, 29 October 2018 (UTC)[reply]

General discussion (padlock icons)

  • @XYZtSpace: Minor nitpicks:
    • The E, T and O letters should have the same height.
    • The arrow of the upload protection icon should be a little taller since it's currently a little difficult to see what it is.
    • I think you should make the images squares (like the originals), since this would make the images easier to resize. You might also want to fit some of the objects to the 20×20 "grid".
    Otherwise, I like the icons and would favour their use. Jc86035 (talk) 08:18, 25 October 2018 (UTC)[reply]
  • For the Upload protection one, just have a vertical arrow rather than the line at the bottom (At first glance I thought this was a ± sign). What is the Icon on the cascade protection lock supposed to be? Would it be better to have a 'C' here instead? — Insertcleverphrasehere (or here) 09:02, 25 October 2018 (UTC)[reply]
    @Insertcleverphrasehere: It's probably supposed to be a chain (in reference to the protection chain). I agree that it might be clearer to use a "C", or maybe a downward arrow. Jc86035 (talk) 09:17, 25 October 2018 (UTC)[reply]
    As it says above, "cascade protection, where pages transcluded onto the protected page are also protected, now has a link icon". Boing! said Zebedee (talk) 09:21, 25 October 2018 (UTC)[reply]
  • Do the colors meet accessibility requirements when readers invert their displays? (light text on black background)? Why is semi-protection different from all of the rest? Why are there no tool tips? —Trappist the monk (talk) 09:21, 25 October 2018 (UTC)[reply]
    I think this is a great idea, with a little refinement as suggested in this discussion. I have added tooltips to the Old/New table. Alt text is still needed. – Jonesey95 (talk) 10:15, 25 October 2018 (UTC)[reply]
    I took a shot at alt text.[2]Mandruss  10:54, 25 October 2018 (UTC)[reply]
    Judging by my eyes I think the icons should be fine with inverted colors. I left Semi without an embedded symbol because it is the most common protection [citation needed] and most people should be familiar with it. XYZt (talk  |  contribs) – 15:10, 25 October 2018 (UTC)[reply]
    Really? I added an inverted background column to the examples table. —Trappist the monk (talk) 15:50, 25 October 2018 (UTC)[reply]
    Oh. Thought by "inverted colors" you meant high contrast mode. With black bg only, I think a different set of images will be needed. Either that or implement a white outline that is invisible normally but shows up in dark mode. XYZt (talk  |  contribs) – 17:01, 25 October 2018 (UTC)[reply]
  • My first thoughts are that they look a lot clearer and crisper than the old ones. Even without any visual impairment other than age-related long-sightedness, I find them significantly easier to see. Most of symbols on them were not immediately obvious to me, but it's much easier to learn and remember what symbols mean than what colours mean, so I see that as a positive step forward too. Boing! said Zebedee (talk) 09:26, 25 October 2018 (UTC)[reply]
  • I agree with Boing! said Zebedee's assessment that learning symbols is easier than colors. This would seem to follow MOS:COLOR's suggestion that color not be the only method used to convey important information. The use of a colored lock symbol seems to pass that requirement—in that the lock is a symbol itself—but because there are different lock levels, the use of a third symbol matched to a legend would be an improvement.  Spintendo  10:15, 25 October 2018 (UTC)[reply]
  • However, the current padlock designs have several flaws, many of which harm people who have visual impairments. Harm? Really? Are you really claiming that those of us who are visually impaired will suffer further degradation should we chance to look upon the old icons? Hyperbole has its uses, I suppose, but not here. —Trappist the monk (talk) 11:05, 25 October 2018 (UTC)[reply]
  • I suggest that each symbol should also be accompanied by a mouse-over text explaining what it does. E.g., the "cascade protected icon" should make text appear that explains in one sentence what cascade protection is, and provide a hyperlink to the policy page that explains it. Sandstein 11:34, 25 October 2018 (UTC)[reply]
  • Should we consider changing some of these colors while we're at it? Taking a look at a basic color-blind filter, full protection and move protection end up with basically the same color, as do template, pending changes, and cascading protection. Fixing the first set would be higher priority, since those are used more commonly. MarginalCost (talk) 11:38, 25 October 2018 (UTC)[reply]
  • This was at WP:VPI for one month before it came here. Where were all these great ideas for improvement then? ―Mandruss  11:44, 25 October 2018 (UTC)[reply]
    Some of the suggestions have to do with that the icons have changed a bit from presented at VPI (e.g crossed out circle for full protection padlock, addition of E to extended confirmed padlock). Also VPI has the third the watchers that VPR has. Galobtter (pingó mió)
    Also VPI has the third the watchers that VPR has. Precisely. If the community is not going to use VPI as intended to a much larger degree, we should get rid of it as unjustifiable complexity in the environment. Way off topic, of course. ―Mandruss  11:51, 25 October 2018 (UTC)[reply]
    I think the larger influx is probably coming from the page listing at WP:CENT, beyond just VPR watchers. MarginalCost (talk) 13:28, 25 October 2018 (UTC)[reply]
    I found this discussion only because I watch Template:Centralized discussion, FWIW. Thanks to Ammarpad for adding it there. – Jonesey95 (talk) 14:21, 25 October 2018 (UTC)[reply]
  • XYZtSpace, would you be making the minor design changes, or should others reupload the files if changes are requested? Jc86035 (talk) 14:10, 25 October 2018 (UTC)[reply]
  • Not sure if this is the correct place for this, but would it be possible to add some CSS or JS to make the icon enlarge when hovered over? Just to make it even easier to see what the icon is? zchrykng (talk) 14:40, 25 October 2018 (UTC)[reply]
    If you want to know the type of protection, that's the purpose of the tooltip. But if you really want a better look at what's on the front of the padlock, click on it for a larger version. I would oppose adding any size and complexity just to save you that click. ―Mandruss  15:34, 25 October 2018 (UTC)[reply]
    If you go to Preferences → Gadgets and check "Navigation popups" under the Browsing header, you will get a considerably larger preview of the icon when you hover on it. I recommend you give that a try.--John Cline (talk) 15:55, 25 October 2018 (UTC)[reply]
    John Cline, good to know! Thanks. zchrykng (talk) 17:15, 25 October 2018 (UTC)[reply]
  • While I have no specific suggestion for changing colors, a complete overhaul of color scheme would be good if it helps create a more clear and understandable structure.
    It might be good to go with all letters or all symbols, instead of a mix.
    Perhaps make semi-protect / extended-protect / full-protect into a clear and visible sequence of some sort.
    The full protect symbol makes sense, but the color feels particularly confusing.
    T was clear for Template, but I imagine { instead.
    For semi I imagine thin diagonal white lines, making it more transparent or "semi".
    Create and Move were easy to guess.
    The upload symbol was confusing. A plain up arrow would be better.
    The pending symbol makes sense, although I was stumped when I tried to guess.
    If we want a symbol for office, maybe an ! or big X.
    Cascade wasn't clear at first. It makes sense when explained. Down arrow was an interesting suggestion and it extends the pattern of arrow symbols. Alsee (talk) 16:28, 25 October 2018 (UTC)[reply]
    • I've tried the T -> {{ idea before in VPI. The gist of it is that it is too small to be distinguishable on the padlock XYZt (talk  |  contribs) – 02:33, 26 October 2018 (UTC)[reply]
      • Right, I suggested a single { for exactly that reason. I think(?) that would fit. Alsee (talk) 08:20, 26 October 2018 (UTC)[reply]
        • The problem is with the limited height, not width. Curly brackets are thin enough that the width of three of them combined can fit in the padlock width. However, the limited height of the padlock and the tallness of the brackets means the brackets have to be squashed down, which makes them resemble less like brackets. XYZt (talk  |  contribs) – 18:22, 26 October 2018 (UTC)[reply]
    • Color: I kinda miss the red fully protected icon. That red color was declarative; the fuzzy brass colored lock, meh, not so much. I have suggested elsewhere in this discussion that move and upload protection might be marked with '›' or '>' (perhaps also consider U+3009 RIGHT ANGLE BRACKET). We could extend that idea to the cascade lock by doing pairs of those characters: '››', '>>', or '〉〉'. Alternately, there are these: U+300B RIGHT DOUBLE ANGLE BRACKET and U+00BB » RIGHT-POINTING DOUBLE ANGLE QUOTATION MARK (»).—Trappist the monk (talk) 11:29, 26 October 2018 (UTC)[reply]
  • Thanks for the work. I do think @Michael J:'s suggested alteration for Semi-Protect (on right) is a good one - what do people think Nosebagbear (talk) 16:43, 25 October 2018 (UTC)[reply]
    Semilock
Locks with gray shackles look less like shopping bags
  • The point of the symbols is to differentiate the protection levels when the colors can't. Though I think I might change it back to the 🚫 icon, but that doesn't look very clear when scaled down. XYZt (talk  |  contribs) – 18:15, 26 October 2018 (UTC)[reply]

As a colorblind user, I don't have any problem with the current padlock system. The problem with using color to convey information is that it's generally done in place of conveying it in some other manner, whether in text or in images. With the current padlocks, however, this isn't a problem — you can always generate a tooltip to see what the protection level is, or you can attempt to edit the article. Either you'll be blocked from doing what you're trying to do (and you'll get a link to the protection log), or you can check the page history and view the logs. (If you don't know how to do this, and you're able to edit a page, you probably don't know that the page is protected in the first place and don't care.) Moreover, there are just so many padlocks already that it's hard to keep track of them; even if I could tell the difference between purple and blue, or gold and olive (I can't), I'd have to check because I just don't remember what's what. Nyttend (talk) 02:21, 5 November 2018 (UTC)[reply]

  • I was a qualitative researcher in schools for several years. I once heard a high school teacher, when describing source reliability, refer to the "locks" on Wikipedia articles as denoting quality, meaning that the pages are vetted/protected. I wonder if the lock icons are altogether the wrong metaphor. (not watching, please {{ping}}) czar 17:35, 10 November 2018 (UTC)[reply]
  • Per my comment, I think we should have uniformity in the padlocks atleast on the distinction of the kind of protection, because the semi-protection and PC padlocks are still pretty vague (PC not as much). I think we keep the standard protections (full/semi/PC and maybe even ECP) on first-letter basis and the rest contextual. --QEDK () 07:55, 11 November 2018 (UTC)[reply]
The discussion above is closed. Please do not modify it. Subsequent comments should be made on the appropriate discussion page. No further edits should be made to this discussion.

Post-implementation discussion (padlock icons)

 – Pointer to relevant discussion elsewhere. There is an ongoing discussion on how this affects the extended confirmed permission icon at Template talk:Extended confirmed topicon § New Padlock Icon. — AfroThundr (u · t · c) 18:00, 15 November 2018 (UTC)[reply]
R.I.P. the classic padlock icons (2006-2018). If it isn't broken, don't fix it. Kamafa Delgato (Lojbanist)Styrofoam is not made from kittens. 03:34, 13 November 2018 (UTC)[reply]
Pretty sure the whole point of this RfC was that the padlock icons were broken. 2606:A000:4503:AE00:38D9:300F:C34F:4D97 (talk) 05:55, 13 November 2018 (UTC)[reply]
Anywhere in the world all major companies had changed their logo to flat design. Hddty. (talk) 02:53, 14 November 2018 (UTC)[reply]
Look, the padlocks are much easier to understand now with symbols, right? Hdjensofjfnen (♪ Oh, can I get a connection? Alternatively, trout me.) 03:02, 14 November 2018 (UTC)[reply]

I found about the new icons today. I would like to point out that templates such as {{Extended confirmed topicon}} are still using the old icons. P.S. If they are implemented, I'd suggest the new icons be just an unlocked blue lock, rather than a blue lock + Wikipedia globe. Hdjensofjfnen (♪ Oh, can I get a connection? Alternatively, trout me.) 01:56, 14 November 2018 (UTC)[reply]

I don't know how (and likely don't have the tools) to edit SVG files, so pinging @XYZtSpace: on this. SemiHypercube 21:34, 14 November 2018 (UTC)[reply]
@Hdjensofjfnen: And maybe a key of matching color next to the open lock to indicate that the user have access. XYZt (talk  |  contribs) – 02:01, 15 November 2018 (UTC)[reply]
      

Use the new version at {{Extended confirmed topicon/sandbox}} – XYZt (talk  |  contribs) – 04:14, 15 November 2018 (UTC)[reply]

Oops, didn't read the "/sandbox" part, I changed the main template. SemiHypercube 12:16, 15 November 2018 (UTC)[reply]
I like it, now for Template (I'll do it)! Not for the topicon though, fiven the differences, but I'm sure the unlocked icon will be useful somewhere. Bellezzasolo Discuss 12:27, 15 November 2018 (UTC)[reply]
Bellezzasolo Discuss 12:37, 15 November 2018 (UTC)[reply]
I agree with Bellezzasolo that this is not suitable (by itself) for the topicon, although I like the design and it should be useful. - tucoxn\talk 16:58, 15 November 2018 (UTC)[reply]
I found a use for it in a user script. This script is still a work in progress, as it still does not detect move protection levels or upload protection levels. Ups @nd Downs 1234 18:21, 15 November 2018 (UTC)[reply]
Some people are very sensitive about their topicons, if changing the icons around building in a 'legacy' switch is advised! — xaosflux Talk 18:36, 15 November 2018 (UTC)[reply]
(edit conflict) For autoconfirmed and extended confirmed user topicons, I'd say use the key and the symbol, but put the symbol next to the key, not on a padlock. The open padlock could be misunderstood as "This page has this protection, but because you're autoconfirmed (or extended confirmed), you can edit this it." A key and a symbol probably won't get misunderstood that way. – Pretended leer {talk} 18:37, 15 November 2018 (UTC)[reply]
"This page has this protection, but because you're autoconfirmed (or extended confirmed), you can edit this it." That could actually be a feature. IIRC the mobile version gets rid of the lock icon if you have the rights to edit the page. – XYZt (talk  |  contribs) – 19:43, 15 November 2018 (UTC)[reply]

When you go to protect a page, the banner has the "Full Protection" icon by default. This had me kind of confused because it looked like the page was already protected. Eventually I figured out it the icon was just being used in a generic sense. Perhaps we need another "generic protection" icon which doesn't correspond to any particular level? -- RoySmith (talk) 19:01, 16 November 2018 (UTC)[reply]

RoySmith, I know you commented a while ago but I've uploaded this: , feedback appreciated. ProgrammingGeek talktome 16:13, 27 November 2018 (UTC)[reply]
Thanks for that. I think, however, we'd do better with no symbol in it. It's a little hard to make out exactly what the symbol is. In retrospect, it's obviously a keyhole, but at first glance, it looked like a letter but I couldn't quite make out what letter. The plain lock with no symbol would be clearer. -- RoySmith (talk) 22:05, 27 November 2018 (UTC)[reply]

Just found this RFC. If the new icons are better for colorblind editors, great, but it probably won't benefit readers, and the supporters were obviously influenced by preconceived notions about "modern design" and "new looks". I doubt non-editing readers even notice those icons (my father doesn't). I don't see any evidence presented here about what they perceive on pages, what's useful to them, and whether there really are colorblind readers who notice the icons and can't tell them apart. I hope someday Wikipedians let go of their unrealistic ideas about what's best for "the readers". Not that this problem is unique to them, of course... ekips39 (talk) 05:42, 17 November 2018 (UTC)[reply]

The "edit page" button doesn't directly benefit readers either, yet we keep that around. I read Wikipedia much more that I edit it, but I'll still fix tyops when I see them. I never managed to learn what the old icons meant, and now I don't need to as the meaning is clear. There is nothing wrong with making small positive changes, be it to articles or Wikipedia itself. — crh23 (Talk) 22:16, 28 November 2018 (UTC)[reply]

@XYZtSpace: @Bellezzasolo: Hi while reviewing semi-protect edit requests I used the haverights version of {{ESp}} which produced the icon was this by design? [3] Shouldn't there be a icon created called "Semi-protection-unlocked" based on this > to avoid confusion between the new types of icons? ♪♫Alucard 16♫♪ 11:30, 23 November 2018 (UTC)[reply]

Time to incubate the substubs

I propose that any stub I created which is below 200 bytes of readable prose/a one line stub without actual information be incubated/moved to user space until they can be fleshed out properly. Most will be at least 5 years unexpanded. It was wishful thinking at the time but there's a lot of currently unacceptable ones which really shouldn't be swamping the categories. There's enough crap content here as it is. There's a lot of "xxx is a village in xx. As of xxx it had a population of xx". Those are bare minimum useful with one fact but I think if there's hundreds of them like that in one category redirect and listify it by district into an A-Z table with population would be more sensible rather than incubate. I was browsing through some places in Nepal etc I created and to be honest a lot of them have degraded with local ips adding dubious, unsourced factoids. Small villages in the developing world are off most people's radars. In a lot of cases we're better off having a list with the population until somebody can write a half decent article and watch it.♦ Dr. Blofeld 12:48, 14 November 2018 (UTC)[reply]

Absolutely not. Some places (which are automatically notable) have stub articles <200 bytes long. 'Incubating' these stubs isn't going to help if they just languish in draftspace forever. If they're not being improved now, there's even fewer chances that they'd be improved later. It's a bad idea. Thanks for your suggestion, though -- I'm prone to some less than stellar ideas at times, moreso than most editors. ProgrammingGeek talktome 14:46, 14 November 2018 (UTC) Okay, so apparently I didn't read the proposal closely enough, sincere apologies! Striking in favour of new comment below. (15:59, 14 November 2018 (UTC))[reply]
Oppose - I am with ProgrammingGeek on this one, if you see a stub under 200 bytes that fails WP:N then just send it to WP:AfD. - Knowledgekid87 (talk) 14:52, 14 November 2018 (UTC)[reply]
I'm not a renowned fan of mass stub creation, but fact of the matter is, it's easier for a new editor to improve an existing stub than it is for them to create one. GMGtalk 14:53, 14 November 2018 (UTC)[reply]
I'd also like to see automated or semi-automated stub-suggestions for new editors, but I'll let you know when someone somewhere cares about my opinion. No luck so far. GMGtalk 14:54, 14 November 2018 (UTC)[reply]
I think you can configure SuggestBot to do such a thing, but haven't ever really tried. Ivanvector (Talk/Edits) 14:56, 14 November 2018 (UTC)[reply]
Well, I meant for example, if someone registers an account, and their first edit is on a rugby player, something like SuggestBot comes by (probably using category information) and says "I see you know that rugby is a thing that exists, here are some stubs (read: things we know you can work on that probably won't get deleted)". But if the user has to configure SuggestBot themselves...well...if they could do that then they know enough of what they're doing that they ain't the target audience. Having said that, queue 4.5 million angry comments about how that is too close to automated welcoming and perennial yadda yadda yadda (even though we've long identified finding work as a barrier to entry for new users). GMGtalk 15:01, 14 November 2018 (UTC)[reply]
I think we've hit on a separate discussion here, but I for one like the idea of automatically welcoming new users (or, say, newly autoconfirmed users) and offering them some "getting started" suggestions, like filling out a stub or de-orphaning something or I don't know what. Or make something so more experienced users can trigger suggestions, like putting some derivative of a SuggestBot template on their page along with a welcome template. Ivanvector (Talk/Edits) 16:09, 14 November 2018 (UTC)[reply]
Dr. Blofeld is in the top 50 by edit count not sure exact number but over 350,000 which means XTools doesn't work for finding a list of article creations. One can find them using this but it also includes redirects and page moves. The limit=5000 will work .. probably a huge number in total. -- GreenC 15:04, 14 November 2018 (UTC)[reply]
Comment I've come across Dr. Blofeld stubs over the years on obscure topics (regional German language poetry awards) and they have been useful for creating blue links when backlinking or filling in a few details. Sometimes the titles need to be adjusted for English. Not sure it would be helpful to delete unless there are some known cases of bad ideas like every fire station in Belarus. -- GreenC 15:01, 14 November 2018 (UTC)[reply]
@ProgrammingGeek, Knowledgekid87, and GreenMeansGo: I think you've misread the question. What Dr. Blofeld is asking for is authorisation to conduct a mass transfer of any stub I created which is still below 200 bytes of readable prose (my emphasis). Dr B would be the first to admit that some of his earlier stubs have problems with sourcing and accuracy, and because there are so many of them (I don't have the numbers but at a rough estimate we're talking between 10,000 and 100,000 pages, many of which are genuinely unexpandable substubs bot-created from databases with no text other than "X is a building in Y" or similar) it would require a bot to perform a bulk move of the relevant pages to a {{noindex}}ed space where the sourcing and prose issues can be cleaned up at leisure, and such a bot would require community consensus. What the three of you are effectively saying is that you're better placed than him to assess his own contributions. ‑ Iridescent 15:08, 14 November 2018 (UTC)[reply]
No, I understand the question. I also understand the Dr. B is so prolific it's hard to separate an attitude toward his stub and an attitude about stubs. GMGtalk 15:15, 14 November 2018 (UTC)[reply]
I've not been prolific in a very long time, I used to create an enormous number of placeholder stubs pre 2012 which if they've not been expanded this since probably won't soon. My attitude means all stubs not my own but I can't control those.♦ Dr. Blofeld 16:04, 14 November 2018 (UTC)[reply]
But other than the fact that they are your stubs, that's not really an argument that doesn't apply equally to all stubs, of which we have 3.2 million (about half the project). If they're non-notable, then yeah. They should be deleted and never should have been created. If they're notable, then it's a waste of time to delete them when they need to at some point in the future be recreated. Besides that, I'm fairly confident in saying that automatically deleting tens or scores of thousands of articles is probably not what the community had in mind when authorizing G7. GMGtalk 16:17, 14 November 2018 (UTC)[reply]
Yes, that's exactly what happened. Sorry. ProgrammingGeek talktome 15:59, 14 November 2018 (UTC)[reply]
The vast majority are notable, but there's a lot of things like one liners on small rivers, obscure villages etc with no real information, a lot which are hardly vital articles and more marginally notable. A great deal of them might be better listified. If G7 is a problem then they can be moved to user space of course.♦ Dr. Blofeld 18:13, 14 November 2018 (UTC)[reply]
But again, you're mostly making an argument against stubs in general, and not some critical flaw in these stubs in particular. GMGtalk 21:42, 14 November 2018 (UTC)[reply]
  • Support in case it's not obvious from my comment above. That we automatically delete any article without question from the mainspace if requested in good faith and provided that the only substantial content of the page was added by its author has been a basic principle of Wikipedia for a decade; all that's being requested here is that it be done by technical means rather than Blofeld be forced to manually move 10,000+ pages and tag the resulting cross-namespace redirects for deletion. ‑ Iridescent 15:12, 14 November 2018 (UTC)[reply]
  • Sure We can incubate (do you mean draftify?) these stubs that only you worked on. That way anyone who wants to work on one and get it main worthy can do so. Alanscottwalker (talk) 15:22, 14 November 2018 (UTC)[reply]
Some way of removing what we would call "sub stubs" from the mainspace. If they've not been expanded in six years plus years they're unlikely to be soon. I say under 200b as a lot are fleshier and decent. Basically anything which is a one liner xxx is a bla bla bla, get shot of, if it's that notable somebody will write it later. I did mostly create notable subjects but a lot are ones which most people will hardly be looking for information on. I just think it's time we took this project by the scruff of the neck and had a giant cleanup.♦ Dr. Blofeld 15:55, 14 November 2018 (UTC)[reply]
Yes, (and next up, how can we get NSPORTS to listify all those player stubs (say, what!?!)) -- Alanscottwalker (talk) 16:02, 14 November 2018 (UTC)[reply]
Yes, nothing is being deleted, just moved behind the scenes until they have adequate information. I did identify a lot of notable subjects but if they're still placeholders after years then they're not going to be developed soon.♦ Dr. Blofeld 16:23, 14 November 2018 (UTC)[reply]
If you approve a bot capable of moving substubs to draftspace then it can potentially be used to remove maintenance backlogs to draftspace as well. Incubated articles are deleted after 6 months via G13. This is a bad idea. — Frayæ (Talk/Spjall) 16:30, 14 November 2018 (UTC)[reply]
Then we'll put them in a special category so nothing gets deleted and they're linked in a place people can work on them if they wish.♦ Dr. Blofeld 17:08, 14 November 2018 (UTC)[reply]
There are no exceptions to G13 and looking at previous RfC discussions on the subject it is going to stay that way. If you want to keep the pages more than 6 months you should make sure they are put in your userspace where you have some say on the matter. — Frayæ (Talk/Spjall) 17:17, 14 November 2018 (UTC)[reply]
Move to user space then.♦ Dr. Blofeld 17:30, 14 November 2018 (UTC)[reply]

A typical stub of mine will look like Thüringische Muschwitz, that's 7 years old. Has an infobox and length but little else and the whole category is flooded with ones like it. I think ones like that would be better off in a List of rivers in Thuringia with a table giving information on source and mouth and length so no information is lost until somebody can write a better article.♦ Dr. Blofeld 17:50, 14 November 2018 (UTC)[reply]

  • Comment I thought we had generally considered that WP functions as a gazetteer, and thus justifying stubs of any officially recognized town/village or natural landmark, with the basis that local sources potentially could be used to expand these (keeping in mind, no deadline exists for that). I understand if we were talking stubs on persons or other less permanent elements to userify them, but places seemed to have been handled differently in the past. --Masem (t) 18:08, 14 November 2018 (UTC)[reply]
True, but the issue I think is people searching through categories and wanting to read and find decent articles and finding almost every entry is xxx is a village and no real information. I've been browsing some and it is frustrating when viewed from a reader's perspective. For a lot of those you could currently represent the same information in one list instead of having to browse dozens of articles just to retrieve one figure.♦ Dr. Blofeld 18:22, 14 November 2018 (UTC)[reply]
I can see listifying these then by logical groupings to give better context to readers, but this would still demand that redirects be left behind (as a gazetteer, these are searchable terms) and to that end, it doesn't make sense to necessary userify them and instead just appear a redirect to the history. --Masem (t) 18:27, 14 November 2018 (UTC)[reply]
Note that I expanded Thüringische Muschwitz a bit and now it is slightly longer than it was when Dr. Blofeld wrote the above comment. If we stick to 200 bytes, it is not eligible now to be moved.--Ymblanter (talk) 19:12, 14 November 2018 (UTC)[reply]
  • Oppose - I think removing them on grounds of quality (vs normal deletion grounds) is incorrect - I don't think it functionally harms Wiki and they can be beneficial if and when someone does want to write on one. Obviously most go a long time without being edited, but there are so many the rate of at least some having edits made must be reasonably high. Nosebagbear (talk) 18:34, 14 November 2018 (UTC)[reply]
  • Leaning oppose. I honestly don't see what's the problem with having these mini-stubs in mainspace, as long as the factual correctness is not in dispute and they have a minimum of sourcing. I would have found Thüringische Muschwitz useful (even in its pre-Ymblanter state), not least because there's the language link to the more developed version on deWP. Also, as noted above, expanding a stub is easier than creating a new article. And every so often someone comes along who does specialize in Nepalese hamlets, even if it does take longer than 6 years - why not make it easy for them to get going? --Elmidae (talk · contribs) 19:24, 14 November 2018 (UTC)[reply]
  • Oppose - if you don't like that they are so short, then you can always just expand them... Thanks. Mike Peel (talk) 20:00, 14 November 2018 (UTC)[reply]

Redirecting these villages to the district where we can put a list of all of them would be the preferred way to go. Don't dump them all in userspace or draft where no one will work on them and they will just need to be managed with the tens of thousands of other abandoned pages there. Legacypac (talk) 21:58, 14 November 2018 (UTC)[reply]

A huge number did get expanded though, I'd forgotten how many valuable subjects I'd started too! Yeah maybe the ones with hundreds of villages and one liners belong in a list.♦ Dr. Blofeld 23:01, 14 November 2018 (UTC)[reply]

Oppose deletion of the stubs. Even if they're low-quality and very short, at least it's not actual garbage, unlike some examples of mass creation... SemiHypercube 23:52, 18 November 2018 (UTC)[reply]

  • Oppose deletion or moving to userspace/draftspace or anything else. If the subject of the article is sufficient to survive deletion discussions, there is no reason to delete or move or do anything to such sub-stubs. If the article should exist, there's no reason to delete beyond the obvious (copyvio, etc.) and just "being too short right now" is not a reason. If the article shouldn't have existed in the first place, by all means, delete it, but if it could be expanded properly, but merely hasn't, please don't.--Jayron32 03:47, 19 November 2018 (UTC)[reply]
  • Oppose moving them to draftspace or userspace. Firstly, it could mean we end up with two articles for some subjects, one in draftspace/userspace and another in mainspace when someone recreates it. Secondly, it drastically reduces the number of people who are likely to improve the stub. If you want to improve them, then improve them in mainspace and give others the opportunity to help. If the vast majority are notable, then it is inappropriate to delete them. I like the suggestion that some articles be changed into redirects to lists where the small amount of information can be preserved, avoiding the issue of the articles being recreated by editors who might be unaware of the previous article or this discussion. If the information in the list is expanded, it would be easy enough to split it and replace the redirect. Jack N. Stock (talk) 05:01, 19 November 2018 (UTC)[reply]
  • Oppose removal of stubs: When the info is presented neutrally, a bit of information is better than no information. Also, the mere existence of the article is also informative as it tells the world that a certain topic exists (a town, for example). Moreover, from the editors perspective a stub is more inviting for multiple editors to make small contributions that collectively add up to a better article. In contrast, removing the article from the main space makes it more daunting for any one editor to have to draft a more fleshed out article before publication. Thank you. Al83tito (talk) 18:42, 21 November 2018 (UTC)[reply]

Reminder to VOTE NOW!

for the urgently required tools proposed by the New Page Reviewers at the Community Wishlist Survey for the Page Curation and New Pages Feed improvements - vote NOW. Kudpung กุดผึ้ง (talk) 12:11, 18 November 2018 (UTC)[reply]

Rfc : Should users be allowed to canvass for proposals at the Community Wishlist Survey ?

Should users be allowed to canvass for proposals which have been put forward in the Community Wishlist Survey ? — fr+ 09:41, 20 November 2018 (UTC)[reply]

Here goes a list:--

In response to a general conflict, Danny notes on his t/p:-- but I think your time would be better spent in encouraging editors to vote.......

There are several explicit examples, where Danny has said that explicit canvasing is allowed; a-prior to the start of wishlist.

As to a particular proposal about developments to NPP suite, a newsletter was sent to all the page-patrollers which stated The NPP community is hoping for a good turnout in support of the requests to Santa for the tools we need.......So please put in a vote today.We are counting on significant support not only from our own ranks, but from everyone......

A Signpost Report went along the same lines.

Kudpung explicitly asks for vote by posting threads over three village pumps.

Over a centralised thread, Kudpung then notes Don't worry, the canvassing isn't over yet - we still have more up our sleeves. But such a campaign has to be extremely carefully crafted, worded, and presented.....

Danny replies It's good to keep telling people about the survey....You're winning. You'll get what you want.....

Over another thread on IcpH's t/p about the same locus, Danny notes .......You all are currently doing the correct thing to get the result that you want. This is the correct procedure, and you're participating successfully........

The examples above does not equate to canvassing in all the cases. The NPP Newsleters certainly wasn't. But in the 3 VP posts and to an extent, in the Signpost article, canvassing is quite evident.

FWIW, even I have supported their efforts and commended them.

But, canvasing is explicitly allowed and it has been engaged in, solely on advice of WMF folks. They think that working on core-functionalities cannot be tended to, if they are not popular aka sexy enough and to make them popular, we can take almost every possible route. Otherwise, there's no alternative for improvements of routine maintenance functionalities. See the case of improvement of undelete logs et al, for one. WBGconverse 15:55, 20 November 2018 (UTC)[reply]

  • One post to an appropriate noticeboard is ok (see my post at the math wikiproject). It was the multiple posts to inappropriate noticeboards that led to the reverts. Johnuniq (talk) 10:12, 20 November 2018 (UTC)[reply]
  • In general, no. There are 212 proposals, canvassing for these would be disruptive in most cases. Note that this RfC is caused by the filing editor canvassing a proposal to 4 village pumps and WP:AN[4]. This kind of behaviour should not be encouraged, no matter what people at the WMF may prefer. A general notice that the Wishlist survey is happening is fine of course, but turning our pumps, noticeboards, project talk pages, ... into a place to canvass for hundreds of proposals is very bad advice from the WMF and not something we should support here. In general, he general idea that you can decide which fixes are the most urgent by seeing who is the best in canvassing support is a fallacy that may be appropriate for awards like "best empoyer" or "best product" elections which are nothing but marketing scams, but is not the way the WMF should be run, and not something we should be encouraging either. Inform people that this popularity contest exists, but don't canvass for individual proposals. Fram (talk) 10:15, 20 November 2018 (UTC)[reply]
It might be OK to remove a post canvassing a proposal for the reasons you suggest, but it was not OK to remove a discussion that involved several editors. When there have been responses, the window to remove the initial post has passed. "Village pump (proposals)" is an appropriate place to discuss a proposal. somebody uninvolved (talk) 10:26, 20 November 2018 (UTC)[reply]
  • No as a general rule. We could quickly end up in a situation where lots of people are canvassing for their proposals, thereby encouraging others to canvas for their proposals so that their proposal isn't left behind, to the point that the noticeboards are flooded with canvassing which nobody pays attention to since there's so much of it (tragedy of the commons). A general post about voting in the wishlist is fine, as are some more targeted posts (e.g. informing the bot community about a bot-related proposal), but not mass canvassing. --Deskana (talk) 11:20, 20 November 2018 (UTC)[reply]
  • Yes as per statement on Community Wishlist front page: A reasonable amount of canvassing is acceptable. You've got an opportunity to sell your idea to as many people as you can reach. Feel free to reach out to other people in your project, WikiProject or user group. Obviously, this shouldn't involve sockpuppets, or badgering people to vote or to change their vote. But a good-faith "get out the vote" campaign is absolutely okay. - Basically, don't make a nuisance of yourself and we'll be fine. It's a shame that such reasonable approaches frequently need to be hammered down with numbers and strict boundaries because people aren't smart enough to gauge when too much is too much. But we are not exactly facing a crippling epidemic of canvassing ATM, so I'd suggest not blowing this out of proportion. --Elmidae (talk · contribs) 11:43, 20 November 2018 (UTC)[reply]
    • That the WMF (or someone there) feels the need to explicitly promote violations of our canvassing guideline doesn't mean that it should be accepted here, but more that the WMF needs to be informed once again that they should respect local policies. Fram (talk) 12:27, 20 November 2018 (UTC)[reply]
  • No if it’s being done in the same way the editor in question as been doing it, as seen here, where they are clear pushing a specific stance/outcome in the discussion. I don’t oppose it if they can manage to post a neutral comment merely alerting people of the discussions existence, though I’m starting to wonder if this editor can separate themselves from the issue enough to do that honestly... Sergecross73 msg me 13:42, 20 November 2018 (UTC)[reply]
  •  Comment: @Sergecross73 and Fram:, the issue being discussed here does not pertain solely to my edits rather it pertains to the general context, as I have said in my statement as OP. What I want is a consensus position from the community which can be used for later reference in such situations. Additionally, I don't intend to go back to posting any notifications whatsoever, even if the outcome of this discussion allows me to do so. — fr+ 14:42, 20 November 2018 (UTC)[reply]
  • "Please vote support for my idea" is something that anyone should be able to say in relevant forums, such as WikiProjects discussing the subject the proposal's focus or in discussions about the Wishlist survey itself. Blue Rasberry (talk) 14:58, 20 November 2018 (UTC)[reply]
  • Yes, within reason. These are not discussions seeking to measure levels of consensus, this is a community Wishlist, where the tech team wants to know the level of support for ideas in terms of measured interest in the actual community. And also note that banning canvassing on the English Wikipedia will just reduce the likelihood that ideas useful to the English Wikipedia will come to fruition, because all other Wikimedia project will still canvas. Headbomb {t · c · p · b} 15:10, 20 November 2018 (UTC)[reply]
  • Yes. TonyBallioni (talk) 15:26, 20 November 2018 (UTC)[reply]
  • Yes, but within reason. One thread on VPT for each proposal might be over the top, but I don't really see the current situation being a problem. The Wishlist survey is designed to measure what tools are most needed by the editing community, and that includes advocacy for proposals. --AntiCompositeNumber (talk) 15:45, 20 November 2018 (UTC)[reply]
  • Yes - The community wishlist process is important, and not well publicized. It's fine to post to a few noticeboards to get the word out. It's also fine to post to individual user talk pages, if the user has previously expressed an interest.- MrX 🖋 17:24, 20 November 2018 (UTC)[reply]
  • Yes but not on Village Pump - canvassing on appropriate boards, talk pages, volunteer lists etc is all good as they are a reasonably relevant group of people. But if we allow each proposal 1 post on VPP then we are going to be absolutely buried under them. Nosebagbear (talk) 19:10, 20 November 2018 (UTC)[reply]

Hello all, I'd like to propose that we strip the tracking data from external links that Facebook seems to have added as of October 2018. It looks something like this. This information adds nothing to articles and removing it is in our interest to protect the privacy of our editors and readers. Jon Kolbert (talk) 12:25, 20 November 2018 (UTC)[reply]

@Jon Kolbert: do you have any examples of the links are being added? — xaosflux Talk 12:30, 20 November 2018 (UTC)[reply]
@Xaosflux: This search query shows a few examples of the variety of links being added with this appended referral data. Jon Kolbert (talk) 12:33, 20 November 2018 (UTC)[reply]
@Jon Kolbert: I was looking for some actual diffs of the content being added - to see if there is any additional information that we could use to stop it in the first place. Side note, your BRFA has been approved for trial. — xaosflux Talk 12:36, 20 November 2018 (UTC)[reply]
@Xaosflux: Ah okay, here's a few : Special:Diff/868769592, Special:Diff/868353000, and Special:Diff/866582270. Jon Kolbert (talk) 12:48, 20 November 2018 (UTC)[reply]
I have no problem with this, though it reminds me of the bot that was stripping certain parameters from Google (books) links. Was that KolbertBot? Might be better for that bot (whoever's bot) to do that. --Izno (talk) 18:20, 20 November 2018 (UTC)[reply]
It might be reasonable to edit filter + warn on attempt to save (not block). --Izno (talk) 18:21, 20 November 2018 (UTC)[reply]
@Izno: I'm guessing most editors inserting these have no idea they are doing it, we can set up a 'log' only filter to start tracking these and see where they are coming from. Edit filter warnings don't always play well with mobile editing and I'd rather someone put in a reliable source with this link than just abandon their edit. — xaosflux Talk 18:41, 20 November 2018 (UTC)[reply]
I'm guessing most editors inserting these have no idea they are doing it 100% agreed, as with most of the garbage that social trackers and websites using any sort of tracking add to URLs. I'm fine with logging too just to get a sense of it--just some thoughts in general--and would regardless support a bot to remove these (under previous precedent for tracking type URL parameters removal). --Izno (talk) 18:45, 20 November 2018 (UTC)[reply]

The only "anonymizing" that KolbertBot did was change country-specific links to an "international" domain. I recall doing similar edits removing referral data from YouTube links on my personal account, but those weren't automated so I didn't submit a BRFA. Jon Kolbert (talk) 18:55, 20 November 2018 (UTC)[reply]

Slack workspace for en-wiki

Not sure if this is the best place to start this thread but going to give it a try. For some time I've been kicking around the idea of a better chat platform for Wiki users who want to have real time communication with eachother. I was considering starting a Slack workspace and was curious if anyone would be interested in joining? Just gauging interest. --Zackmann (Talk to me/What I been doing) 18:10, 21 November 2018 (UTC)[reply]

  • We already have a chat platform for Wiki users ... It's called a talkpage, Sorry for the bluntness but I don't really think we need a chat platform when we have talkpages..... –Davey2010Talk 18:38, 21 November 2018 (UTC)[reply]
    Well as I said in my comment I was talking about real time platform. But I'll definitely put you down for an nonconstructive no. --Zackmann (Talk to me/What I been doing) 19:17, 21 November 2018 (UTC)[reply]
  • We have both a more-or-less official IRC channel as well as an unofficial Discord. --Izno (talk) 19:19, 21 November 2018 (UTC)[reply]
    This is also the kind of idea that should probably be at WP:VPI instead in the future. --Izno (talk) 19:24, 21 November 2018 (UTC)[reply]
    @Izno: wasn't aware of Discord! Thank you for the tip. That works just as well as Slack so I'm joining there! :-) --Zackmann (Talk to me/What I been doing) 19:28, 21 November 2018 (UTC)[reply]
  • Such a workspace would be bending or at least testing policy; per Wikipedia:Consensus Discussions on other websites, web forums, IRC, by e-mail, or otherwise off the project are generally discouraged, and are not taken into account when determining consensus "on-wiki". In some cases, such off-wiki communication may generate suspicion and mistrust. Most Wikipedia-related discussions should be held on Wikipedia where they can be viewed by all participants. we shouldn't use offwiki venues unless there is a good reason for, and regular article work almost certainly does not qualify. Jo-Jo Eumerus (talk, contributions) 19:31, 21 November 2018 (UTC)[reply]
    @Jo-Jo Eumerus: Another VERY good point! I appreciate you raising that. I was not aware of it. Certainly not attempting to circumvent policy here. --Zackmann (Talk to me/What I been doing) 19:34, 21 November 2018 (UTC)[reply]
    I think "are generally discouraged" probably should be removed as it does not add to the point of the policy, and almost certainly doesn't take into account the current reality of how many different ways there are to communicate about Wikipedia. The sentence would objectively read better as Discussions on other websites, web forums, IRC, by e-mail, or otherwise off the project are not taken into account when determining consensus "on-wiki". I also don't think Most Wikipedia-related discussions should be held on Wikipedia where they can be viewed by all participants. is framed particularly well or particularly necessary either. --Izno (talk) 19:35, 21 November 2018 (UTC)[reply]
    I would personally prefer that it be made clear that the only prerequisite for participating fully in community discussion is access to the web site. I'm not sure if a rewording of the last sentence is needed to ensure this. isaacl (talk) 22:36, 21 November 2018 (UTC)[reply]
    I think probably we should have the converse of the first sentence (with my suggested removal) or similar to enter into that same sentence, rather than the weak item at the end. Something like "Consensus is developed on Wikipedia by editing its pages and on its talk pages by discussing. Discussions elsewhere—i.e., on other websites, web forums, IRC, by e-mail, or otherwise off the project—are not taken into account." --Izno (talk) 23:04, 21 November 2018 (UTC)[reply]

Should administrators be able to unblock themselves?

The following discussion is closed. Please do not modify it. Subsequent comments should be made on the appropriate discussion page. No further edits should be made to this discussion.


As raised on this thread at WP:BN, it has been questioned if we should still allow admins to unblock themselves. Therefore, I am proposing three versions, based on what was stated:

  • Version A – No administrator, not even bureaucrats, are allowed to self-unblock.
  • Version BOnly bureaucrats can unblock themselves. Other admins cannot unblock themselves.
  • Version C – Status quo. Any admin can self-unblock.

SemiHypercube 14:42, 23 November 2018 (UTC)[reply]

Clarification I'm not talking about policy, I'm talking about the technical ability (the (unblockself) permission) to self-unblock. SemiHypercube 20:29, 23 November 2018 (UTC)[reply]
Er, what? Version C is pretty much diametrically opposite to the status quo, which is Version A other than in the case of self-blocks, as spelled out in weary detail at WP:NEVERUNBLOCK; if an outright vandal were to compromise an admin account and block me with a block summary of "fuck you" I'd still not be allowed to unblock myself. If you're asking us to recode MediaWiki to make it technically impossible to self-unblock, that's not going to happen, as we're not the sole users of the software and some smaller wikis with only one admin need the technical ability to self-unblock in the case of mistakes. ‑ Iridescent 15:01, 23 November 2018 (UTC)[reply]
@Iridescent: my reading of this is that it is about technical measures. And it should not be hard to remove the 'unblockself' permission from the sysop group if we really wanted to for just our project. — xaosflux Talk 15:17, 23 November 2018 (UTC)[reply]
Removing unblockself could create a security hole if a rogue or compromised admin manages to block all other (active) admins. Doubly so since apparently phab:T19014 implies that blocked bureaucrats would not be able to stop the compromised account. You'd have to wait for steward action which would prolong the time it takes for damage to be constrained. Also, added a phab task where this RfC question is being discussed. Jo-Jo Eumerus (talk, contributions) 15:24, 23 November 2018 (UTC)[reply]
@Jo-Jo Eumerus:, but with 'option B' above, a blocked crat (who is also an admin) could unblock themselves, then block the offender, then start unblocking admins who could then in turn unblock other admins. — xaosflux Talk 15:29, 23 November 2018 (UTC)[reply]
  • It seems like common sense to me that if there is a clear cut case of a compromised admin account or an admin gone rogue blocking numerous other admins, an exception to the prohibition on self-unblocking should be in place. Otherwise, in the course of more normal circumstances, neither an admin nor a 'crat should be able to self-unblock. bd2412 T 15:38, 23 November 2018 (UTC)[reply]
    @BD2412: I think this is about 'technical controls' not policies. Currently the only practical ways to stop a rogue admin is: (a) desysop them, (b) get a steward to globally lock them. — xaosflux Talk 15:42, 23 November 2018 (UTC)[reply]
  • Version B, assuming that we're talking about technical capabilities. The only generally acceptable reason for an admin to unblock themselves is if they self-blocked, and there's really no reason to do that. Self-blocking by mistake or to enforce a wikibreak is easily rectified by pinging another admin, and we have test accounts for admins to test the block functions. An admin blocked by a rogue account can and should contact a 'crat immediately. The community has already basically strongly rebutted all other previous and potential uses of self-unblock; there is no good reason for it to be available, and several very good reasons why it should not. But as Jo-Jo Eumerus and xaosflux already suggested, disallowing 'crats from self-unblock is a Bad Idea. Ivanvector (Talk/Edits) 15:46, 23 November 2018 (UTC)[reply]
  • Can we get some stats on how often admins unblock themselves, and under what circumstances? The only bad self-unblock recently has come from Fred Bauder. If there has even been one legitimate self-unblock between now and whenever the last bad one was before Fred, I would be hesitant to remove this permission. -- Ajraddatz (talk) 16:38, 23 November 2018 (UTC)[reply]
  • Status quo our current policy works fine. One person self-unblocking themselves is not a big issue that we need a large RfC on. Admins occasionally do block and unblock themselves and that's perfectly fine. There's no real need for any sort of technical controls such as removing the ability, because self-unblocks that violate policy happens really rarely, and when it does, no real harm is caused. Galobtter (pingó mió) 17:01, 23 November 2018 (UTC)[reply]
  • I agree that the status quo works just fine. As a practical matter, when I first became an admin, the first user I blocked was myself, to explore how the tool worked. And, then (after a vaguely amusing thread where I asked for help), I unblocked myself. It's not entirely clear if this proposal is intended to address can (as in, the software allows it), or, may (as in, policy allows it). Ether way, what we've got now needs no modification. -- RoySmith (talk) 17:14, 23 November 2018 (UTC)[reply]
  • Oppose technical restriction – I oppose any technical restriction on self-unblocking for one reason. That's because the bright line that exists is useful for weeding out bad administrators. All administrators have the ability to unblock themselves, but very few will ever actually use that power. Any administrator that is bewitched by the temptation to use it to try and get out of a block placed by another administrator clearly doesn't deserve the administrator bit. The status quo is, in-and-of-itself, a test of fitness to serve. We trust administrators to be able to use their tools responsibly. If they cannot do so, they should be removed. RGloucester 17:15, 23 November 2018 (UTC)[reply]
  • Status quo – No rationale has been provided for the need to remove the technical ability to unblock yourself as admin. Unblocks in violation of WP:NEVERUNBLOCK can be handled by desysops as it is done right now. --AFBorchert (talk) 17:26, 23 November 2018 (UTC)[reply]
  • Keep as is Admins should have the technical ability, but (by policy) are generally not permitted to self-unblock (although I can't see why restoring talk page or e-mail, if needed is generally OK). Crouch, Swale (talk) 17:31, 23 November 2018 (UTC)[reply]
  • Status quo - it's a bit chilly out tonight, I predict snow. Cabayi (talk) 19:46, 23 November 2018 (UTC)[reply]
  • Status quo - the timing for this is interesting. Old admin accounts are being hacked and blocks to active admins applied. They should certainly have the ability to reverse this trolling. Flare ups like the the that brought this proposal about can be dealt with on an individual basis. MarnetteD|Talk 19:53, 23 November 2018 (UTC)[reply]
  • Can you explain what problem you think changing this would solve? Natureium (talk) 21:23, 23 November 2018 (UTC)[reply]
  • No reason to change. What if someone finds an admin's password (two examples in the last 48 hours) and uses a script to block every other admin? Johnuniq (talk) 22:42, 23 November 2018 (UTC)[reply]
I assume in such a situation, the fix would be for a developer to do some direct database manipulation to block the rogue user and unblock all the admins. -- RoySmith (talk) 04:37, 24 November 2018 (UTC)[reply]
In 2015, when we were doing the batch adminbot blocks for the Orangemoody socking case, it took 14 minutes to block 381 accounts, and it was blocking based on an account list posted on enwiki; it's my understanding that blocking was throttled to 30/min. I'm pretty sure if we suddenly saw 30 accounts a minute being blocked, someone would be able to get it globally locked within the first 3-5 minutes of action, and I'm also sure that blocking the bad-guy account would disrupt the process, as well. But it wouldn't take very long to unblock, especially if someone had an adminbot handy. Risker (talk) 05:18, 24 November 2018 (UTC)[reply]
With Version B, if every other admin were blocked, a bureaucrat could unblock themselves and then desysop the rogue/compromised admin account and unblock the previously blocked admin. SemiHypercube 18:06, 24 November 2018 (UTC)[reply]
@SemiHypercube: in version B the desysop wouldn't even have to happen, the bad admin could just be blocked (since they wouldn't be able to unblock themselves). — xaosflux Talk 18:12, 24 November 2018 (UTC)[reply]
@Xaosflux: Which could also mean that if they were fast enough, any admin could block and stop the rogue/compromised admin, rather than only a bureaucrat. SemiHypercube 18:16, 24 November 2018 (UTC)[reply]
  • Status quo: This proposal is an engraved invitation to a Denial-of-service attack. --Guy Macon (talk) 06:30, 24 November 2018 (UTC)[reply]
  • Status quo - The number of appropriate self-unblocks (i.e. for self-blocks) far exceeds the number of inappropriate ones. This hasn't really been a serious issue for years, and I've long considered not self-unblocking to be like a cardinal rule of being an administrator, to the extent that it begs the question: if we can't trust an administrator not to unblock themselves, then why should we trust that user to be an administrator at all? Mz7 (talk) 00:09, 25 November 2018 (UTC)[reply]
    Striking my comment in light of the new information below – apparently removing (unblockself) from the administrator package will not prevent the administrators from unblocking themselves if they were the ones who blocked themselves. I will have to think this over some more, but that takes care of the main issue I had with Versions A and B of the proposal. Mz7 (talk) 03:12, 26 November 2018 (UTC)[reply]
  • Version A The commonly cited objection of accidental self-block isn't a real issue given Anomie provided statistics above. Worry over a rogue admin account blocking every other (active) admin accounts and presumingly then being able to go on a wrecking spree unchecked is perhaps misguided. When there's a rogue admin account, we already require either crat desysop or outside assistance (steward lock) to stop them precisely because such an account is able to self unblock. Removing unblockself means a rogue admin account can be stopped immediately by another admin blocking them. In the scenario of a rogue admin account blocking every other admin, given the throttle mentioned by Risker, the rogue account would be locked long before they're able to finish what they're doing. -- KTC (talk) 02:03, 25 November 2018 (UTC)[reply]
  • Question Can a blocked admin account block someone else? -- KTC (talk) 02:03, 25 November 2018 (UTC)[reply]
    @KTC: no, the only thing a blocked admin can do that a normal blocked editor can not do is unblock themselves. — xaosflux Talk 02:07, 25 November 2018 (UTC)[reply]
    @Xaosflux: Thanks for the response, but are you sure? I just remembered someone admining through a block back in 2015 by doing revision deletion on a page while they were blocked (and was desysop as a result partly because of that). -- KTC (talk) 02:30, 25 November 2018 (UTC)[reply]
    I think there are a few random things that are still allowed even if you are blocked. I did go over to testwiki/test2wiki (where I am an admin), blocked myself, and found that I could not block anyone else. --Rschen7754 02:34, 25 November 2018 (UTC)[reply]
    @Rschen7754:, @KTC:, I was wrong - there are still some things blocked admins can do. I'm not going to publish a whole list here. — xaosflux Talk 02:46, 25 November 2018 (UTC)[reply]
    Notably "edit" and "block users" are not some of them. — xaosflux Talk 02:48, 25 November 2018 (UTC)[reply]
    @KTC: revision delete is not one of them, however viewdeleted is. — xaosflux Talk 02:51, 25 November 2018 (UTC)[reply]
  • Status quo There is a policy restricting it. Abelmoschus Esculentus talk / contribs 03:02, 25 November 2018 (UTC)[reply]
    @Abelmoschus Esculentus: I don't know how much we have to say this: this is for the technical ability of admins to self-unblock, not policy. SemiHypercube 03:59, 25 November 2018 (UTC)[reply]
@SemiHypercube: I am saying that since there is a policy restricting it, there’s no need to have technical restrictions on it. Also, what if the situation mentioned by Johnuniq really happens? Sorry for not making it clear. Abelmoschus Esculentus talk / contribs 04:14, 25 November 2018 (UTC)[reply]
self-unblock (when blocked by other sysop) - desysop Abelmoschus Esculentus talk / contribs 04:18, 25 November 2018 (UTC)[reply]
  • Status quo It might seem like a good idea at first, but we have a lot of test blocks and accidental block to oneself, as well as when rouge admins block legit ones. Even when problems occur, they can get resolved by other means (ArbCom, desysoping) quite quickly. funplussmart (talk) 05:14, 25 November 2018 (UTC)[reply]
  • Version A solves a number of problems both in general situations (two admins wheel warring for example), but also, more so IMHO, in the security of accounts, one block by any admin immediately stops a compromised account. As well as for compromised accounts this will also likely remove the necessity for emergency desysops since a normal enforcement method, used on every other account, will actually be able to stop an admin account. Stewards have shown in the latest series of compromised admin accounts that they are very able to respond quickly if there is a problem. Regarding the comments about blocking oneself unintentionally, there's already a warning which appears when trying to do that, so if there's a concern that people will miss that it can be made more obvious. Callanecc (talkcontribslogs) 07:48, 25 November 2018 (UTC)[reply]
  • Status quo too many problems. feminist (talk) 08:10, 25 November 2018 (UTC)[reply]
  • (Non-administrator comment) Is it possible to disallow unblocking oneself, but allow admin X to unblock themself if admin X is the one who blocked themself? (I am not watching this page, so please ping me if you want my attention.) wumbolo ^^^ 10:22, 25 November 2018 (UTC)[reply]
    Not as currently implemented in the software. It would require asking the developer community to work on that for us, and that seems like a nontrivial task. But we could always ask, I suppose. Mz7 (talk) 11:37, 25 November 2018 (UTC)[reply]
    @Wumbolo: According to John Cline and Ajraddatz below, this is apparently precisely the functionality that removing (unblockself) would result in. So yes, it is possible, and if this RfC is successful, that is the functionality that we will get. Mz7 (talk) 03:12, 26 November 2018 (UTC)[reply]
  • Very bad use of developer resources. Malicious self-unblocks happen maybe once every decade. They are grounds for immediate loss of sysop access. On the other hand, admins accidentally block themselves fairly often. It’s easy to click the wrong link. This is a trivial block that they are allowed to undo. Don’t waste real peoples time trying to solve a problem that almost never happens, and create a new problem that happens more frequently. Jehochman Talk 12:35, 25 November 2018 (UTC)[reply]
    Resources wise, we're talking seconds to add or remove a right to a userground. Malicious self-unblocks once every decade, did you miss the 3 compromised admin accounts in the last 3 days doing it? Accidental self-block unblock, 4 in last 2 years. It's really not as commons as everyone think it is, or maybe as it used to be. -- KTC (talk) 18:50, 25 November 2018 (UTC)[reply]
Depiction of Wikimedia Foundation destroying Wikipedia with Visual Editor, Flow, and Mobile App instead of making obvious but boring improvements to what we have.
  • One would think that an organization that spends many millions of dollars on software development would have long ago changed the wiki software so that if you click the wrong link and block yourself a big red ARE YOU SURE??? would come up with the user having to type in the three letters "yes" (not just "y") to continue. Alas, we have a culture where making the software elegant, easy to use and generally excellent is not a priority, and administrators are especially prone to putting up with software that is OK but not great. This attitude is not new: during the Civil War cannonballs were slow enough so that if you noticed one coming at you you had time to duck. The problem was that it wasn't considered manly to duck.[citation needed] --Guy Macon (talk) 19:37, 25 November 2018 (UTC)[reply]
Does it make you type the word "yes" (not just "y" or clicking on a button)? It is a well known effect in human engineering that people who see a lot of "are you sure?" warnings tend to click the OK button or hit the yes key on autopilot no matter what the text of the message is. making them type something different for the rare warnings is a proven method of avoiding such errors. --Guy Macon (talk)
@Guy Macon: If you try to block your self you get 2 differences: (1) A big red warning (2) You have to check an extra "confirm block" box before proceeding. — xaosflux Talk 17:43, 26 November 2018 (UTC)[reply]
(ec) Anyone capable of accidentally blocking themselves after that lacks the reading skills necessary for adminship. DuncanHill (talk) 17:48, 26 November 2018 (UTC)[reply]
And we could change that to "Confirm self-block - you will not be able to undo this!" or the like. — xaosflux Talk 17:46, 26 November 2018 (UTC)[reply]
Note that even without unblockself admins can still remove self-imposed blocks - tested and confirmed with technical staff. -- Ajraddatz (talk) 17:51, 26 November 2018 (UTC)[reply]
Yeah, I should clarify—in case my comment directly above yours was confusing—that revoking the ability to unblock oneself is a solution that has indeed already been implemented, and it would be trivial work to remove that right from administrators, and that is what this discussion is about. What hasn't been implemented is "to disallow unblocking oneself, but allow admin X to unblock themself if admin X is the one who blocked themself". Mz7 (talk) 20:39, 25 November 2018 (UTC)[reply]
Mz7, this modification from 2011 ostensibly allows an admin to remove a self imposed block even if ever the unblockself permission is removed from the admin bundle. Whether it is still valid or not, I do not know.--John Cline (talk) 02:01, 26 November 2018 (UTC)[reply]
Fascinating. I just tested and it is still valid; removing the unblockself permission will not prevent admins from unblocking themselves unless this is changed. -- Ajraddatz (talk) 02:09, 26 November 2018 (UTC)[reply]
@Ajraddatz and John Cline: Wait... really? This is a game-changer, actually. If this had been advertised from the start of the RfC, I think it would have changed some minds. I will go and strike my comments above as I rethink. Mz7 (talk) 03:14, 26 November 2018 (UTC)[reply]
@Ajraddatz and John Cline: fix ping Mz7 (talk) 03:14, 26 November 2018 (UTC)[reply]
Yep, just did some more tests to confirm. On the beta cluster, I created a user group with only the block right and not unblockself. My test account was able to block itself and remove the self-imposed block. When I blocked my test account with my main account, my test account was unable to unblock itself. Tl;dr if we remove the unblockself permission from admins here they would still be able to remove self-imposed blocks. -- Ajraddatz (talk) 04:21, 26 November 2018 (UTC)[reply]
  • Support Version A. The rest of us can't unblock ourselves if an admin has a moment's idiocy, I don't see why, in the case of a self-block, the person who had the moment's idiocy should be allowed to unblock themselves, and if they've been blocked by someone else then they should follow the same procedures to request an unblock as the rest of us. DuncanHill (talk) 19:42, 25 November 2018 (UTC)[reply]
  • Comment would it be possible to add a ten-minute "cooldown" before the unblock can occur? The recent hijacking-vandalism has involved multiple admin-self-unblocks, and a ten-minute cooldown would be a benefit for all of them. power~enwiki (π, ν) 19:50, 25 November 2018 (UTC)[reply]
  • Support Version A. Administrators should not be more equal than others. Even in the event of a mistake and blocking themselves, the administrators are enough of a clique they can contact another administrator and at worst suffer the indignity of being blocked for a few minutes. How many of them already have multiple accounts, much less the email addresses of some of their cohorts? Or at worst, sign in as an IP. If someone is blocked for cause, there should be enough documentation that anybody of the stature of an administrator should be able to make a rational decision as to whether the block is for cause or an accident. Trackinfo (talk) 20:00, 25 November 2018 (UTC)[reply]
@Trackinfo: "the administrators are enough of a clique" Is this implying there's a cabal? Not criticism of your reasoning, just what I'm wondering. SemiHypercube 01:50, 26 November 2018 (UTC)[reply]
  • Support A. How many of you remember the Robdurbar incident? An admin went rogue, blocking a collection of people and deleting a bunch of important pages, and it took a good while to find anyone able to desysop him. Three times he was blocked, and three times he unblocked himself — there was no way to stop him from continuing his rampage until he lost sysop rights. From a technical perspective, any admin should be able to stop any other admin and any bureaucrat from acting until someone else intervenes: we're too big for a single user to be able to block everyone else without getting noticed and stopped (and we also have the stewards who could intervene), and in the event of a rogue admin, there will be no difficulty whatsoever in unblocking all the wrongly-blocked people once the rogue has been stopped. Note that I've three times attempted a self-unblock: once after blocking myself, once after someone else blocked me (I requested a block to do some testing, so I unblocked once the test was complete), and once after autoblocking myself via blocking my alt account (I had to request assistance for that one). In the final situation, I had to wait only ten minutes despite some confusing technical issues; if you can demonstrate that a compromised account has blocked you, the unblock should be nice and quick, and you can use the opportunity to say "User:Soandso is compromised or rogue and should be blocked before you unblock me" so others are aware of the situation. Nyttend (talk) 22:21, 25 November 2018 (UTC)[reply]
  • Status quo The problem this purports to solve is small conpared to the problem that it might create.S Philbrick(Talk) 00:12, 26 November 2018 (UTC)[reply]
  • Version A. If there is a disagreement or issue as to why, like everybody else, a discussion can be had at an appropriate place to work out the next step. There is no emergency as to why an admin will need to unblock themselves to do something. This ability IMO is strange and prone to disruption; the ability of an admin to go on a short break without admin tools does not justify it. --Tom (LT) (talk) 00:31, 26 November 2018 (UTC)[reply]
  • Version B. If a crat account goes haywire, it would be very difficult to deal with, but the difficulty is only increased marginally with version B. Furthermore, version B prevents 'Crats from being locked out by a hijacked admin account, and hence unable to unblock admins, or indeed perform a desysop (probably? I don't know for sure). The status quo allows havoc until a desysop occurs - in one recent case, version B would have reduced the vandalism of the main page to one occurrence, rather than two. Of course, a legitimate alternative is to allow blocked admins to unblock users other than themselves, but in the context of recent compromised accounts, that's unlikely to prevent the attacks, since multiple admin accounts have been hijacked. And there's the old idea of allowing sacrificial desysopping by admins, which I would suggest is probably a better solution than any of the current options. Bellezzasolo Discuss 01:11, 26 November 2018 (UTC)[reply]
  • Bellezzasolo, I've supported that in the past, and I'd support it again if it were proposed; it would resolve the issue at hand here without affecting people who have good reason to unblock themselves uncontroversially. I just doubt that such a proposal would go anywhere. Nyttend (talk) 01:42, 26 November 2018 (UTC)[reply]
  • Someone wrote an extension to do that some time ago. Since stewards have a ~2 minute response time, and compromised accounts should typically be locked before they are desysopped, I'd say that there would be limited benefit to actually implementing this extension. -- Ajraddatz (talk) 01:49, 26 November 2018 (UTC)[reply]
  • Yes, we can all think of doomsday scenarios. But the better approach is to focus on attacks that are likely to happen and reduce the risk that they do. Version A helps in both a doomsday blockbot scenario and the previously-seen compromise attacks, since any "good" admin can stop the abuse immediately without steward intervention. -- Ajraddatz (talk) 16:02, 26 November 2018 (UTC)[reply]
  • I strongly disagree. We should make Wikipedia resistant to attacks that haven't happened yet. Ignoring a known vulnerability because nobody has exploited it yet is a classic indicator that idiots are in charge of security. (To be clear, I am talking about those in charge of security, not anyone here. We aren't expected to know about such things. Also, the WMF people in charge iof security appear to be doing an excellent job.) "That would be really easy to correct if it ever happened and a lot of work to prevent" is a good argument for ignoring a known threat, but "nobody has tried that one yet" is not. --Guy Macon (talk) 17:49, 26 November 2018 (UTC)[reply]
  • Version B - self-unblocks only add fuel to the drama fire. (Ideally, would support version A, but there might be a security risk with blocking CRATs). Renata (talk) 02:31, 26 November 2018 (UTC)[reply]
    • @Renata3: What would the security risk be? Stewards have shown that they're very quick to respond to a compromised account. Having a compromised crat account which can remove userrights as well as everything else is worse than an admin account. Callanecc (talkcontribslogs) 07:15, 26 November 2018 (UTC)[reply]
      • There are certain hours of the day (at least when I was a global sysop looking for a steward) when there are fewer around. Won't say what those are onwiki, of course. Personally, I would like to see self-unblock restricted to a group like CU/OS or even interface admin, as those groups are pragmatically required to take extra precautions with their accounts. A lot of our bureaucrats are sadly as inactive as the admins who are getting their accounts compromised. --Rschen7754 07:41, 26 November 2018 (UTC)[reply]
  • Status quo There is no demonstrated need for a change; the current situation works fine. --Jayron32 03:15, 26 November 2018 (UTC)[reply]
  • Version A basically per Nyttend -FASTILY 05:54, 26 November 2018 (UTC)[reply]
  • Version A. If an admin blocks every other admin, that's what we have stewards for (who all have global unblockself permissions). There is no security problem here. Kevin (aka L235 · t · c) 06:04, 26 November 2018 (UTC)[reply]
  • Version A because there is no reason for administrators on enwiki to have this right. ~ ToBeFree (talk) 07:13, 26 November 2018 (UTC)[reply]
  • None of the above I don't really like any of these options. With option A, yes, stewards could self-unblock if everyone was desysopped, but the response time to clean up the damage would be significant, especially if it is a time of day where stewards are not that active. With option B, I'd rather that it wasn't the bureaucrats, as many are sadly as inactive as the admins who are getting their accounts compromised. I'd rather have the self-unblock right be held by CU/OS or even interface admin since they already have to take precautions with their accounts. If I had to go with any I'd say option C, but of course that has its flaws too. --Rschen7754 07:46, 26 November 2018 (UTC)[reply]
    @Rschen7754: So basically you're saying a tighter version of version B, right? I mean, that's not a bad idea either, while bureaucrats can desysop it wouldn't be needed with Version A or B if this was just a rogue/compromised admin account, since blocking them would stop since they couldn't self-unblock. SemiHypercube 14:15, 26 November 2018 (UTC)[reply]
    It would be kinda cool if unblockself could only be used by admins with 2FA enabled. Now that the previous security hole has been patched, it is nearly impossible that a 2FA-enabled account could be compromised. So admins that hate 2FA could continue to not use it, but if their account gets compromised they could be stopped by someone with a safer account. -- Ajraddatz (talk) 16:01, 26 November 2018 (UTC)[reply]
  • Status quo: It's interesting to note that this RfC meets four out of five of Goode and Ben-Yehuda's characteristics for a moral panic. I bet that after some time has passed, it'll end up meeting all five of them.  Spintendo  08:12, 26 November 2018 (UTC)[reply]
  • Version A -- No legitimate reason to unblock yourself. I would honestly go further and remove an admin's technical ability to block themselves as well. -- Dolotta (talk) 17:04, 26 November 2018 (UTC)[reply]
  • Version A - Ofcourse admins have blocked themselves accidentally in the past (or have done so as a test) however both are extremely rare these days (those that block themselves usually ask to be blocked and unblocked) so I don't really see a reason as such to allow self-unblocking. –Davey2010Talk 18:07, 26 November 2018 (UTC)[reply]
    @Davey2010: It has been noted above that even if the (unblockself) permission were removed, admins could self-unblock for self-blocks. SemiHypercube 18:15, 26 November 2018 (UTC)[reply]
  • Status quo. @Nyttend: as one of the affected accounts of the robdurbar incident I still feel, that the DOS affect of the other options is worse that the dangers of leaving the technical abilities as they are. Also since then we have given crats the ability to desysop. Back then we had to wait for a steward. Agathoclea (talk) 18:27, 26 November 2018 (UTC)[reply]
  • Agathoclea, while I disagree with your conclusion, I have to respect it more strongly because you were involved in the incident. Just one question: DOS affect? If you mean "denial of service", I'm unclear how that fits, so more details would help. Nyttend (talk) 01:57, 27 November 2018 (UTC)[reply]
@Nyttend: while this is a moo point now, It allows for a wiki to be shut down if the assailant is fast enaugh and hits the active admins first. Back in the day, the suggestion was made that blocking an admin should result in a automatic desysop. That would stop a rampage in its tracks. the auto de-sysop would be quickly reversed in obvious cases. In not so obvious ARBCOM would decide which of the two gets his bit back Agathoclea (talk) 08:52, 27 November 2018 (UTC)[reply]
  • Version A I'm pretty sure version A is going to happen soon regardless of the outcome of this discussion. It's not necessarily permanent, though. Right now, accounts are being compromised left and right, a number of them are sysops. Drastic times call for drastic measures. Sometimes every second counts, for example when graphic pornography is placed on the Main Page. The time it takes to go to IRC and type !steward please lock <user> and wait for action is just too long. MusikAnimal talk 18:48, 26 November 2018 (UTC)[reply]
  • Status quo - Wrong approach to dealing with compromised administrator accounts; better to elect a few more Bureaucrats who are highly active and in various time zones so that emergency desysops are less of a worry. — Godsy (TALKCONT) 20:12, 26 November 2018 (UTC)[reply]
    @Godsy: "better to elect a few more Bureaucrats" If you want to try reviving RfB, then go right ahead. Try to find an admin who is up for it. SemiHypercube 20:26, 26 November 2018 (UTC)[reply]
  • These options all have problems. Perhaps a solution could be for blocked admins to be able to block other admins and for admins to be unable to unblock themselves. --Yair rand (talk) 20:28, 26 November 2018 (UTC)[reply]
  • User:Yair rand, I'm not quite clear what you mean. Currently, you can't block someone if you're currently subject to a block, at least here at Wikipedia (is it different at Wiktionary?). Are you proposing that blocked admins be given this permission (and if so, why?), or do you mean something else? Nyttend (talk) 02:00, 27 November 2018 (UTC)[reply]
    @Nyttend: That is what I'm proposing, yes. In case of a rogue admin, the priority would be to stop damage from being done as soon as possible. If self-unblocking is allowed, blocking can't stop a rogue admin. If self-unblocking is not allowed and blocked admins can't block other admins, the rogue admin could preemptively block the other admins and remain as the only unblocked admin. If self-unblocking is not allowed and blocked admins can block other admins, any admin can block the rogue admin immediately and shut down all further actions other than the possibility of blocking the remaining admins. On further thought, however, I'm not sure that would be an improvement: All admins being temporarily unable to fix things up (like vandalism) until a steward or bureaucrat shows up might actually be worse than the alternatives... I am unsure. --Yair rand (talk) 05:49, 27 November 2018 (UTC)[reply]
  • Not of fan of anything out there right now, so status quo for me. For example, if you have a self block, I'm fine with a self-unblock. If an account is compromised, or appears to be, then de-sysop until the account is back under control. Headbomb {t · c · p · b} 20:48, 26 November 2018 (UTC)[reply]
  • At that ticket, Ajraddatz said "self-imposed blocks can always be self-removed". I've just blocked and unblocked myself, so I can confirm that this is still the case. Could someone block me (and then ping me) so we can see whether the new settings are live yet? Please be careful to disable autoblock and enable talk-page access, of course :-) Nyttend (talk) 02:12, 27 November 2018 (UTC)[reply]
  • I think so. I wish they'd waited for this discussion to close (someone mentioned this discussion, so they were aware of it), but since they didn't, there's no point in continuing. The only possible change would be a consensus to request the return of unblockself, and since they removed it on their own accord, I doubt they'd grant a request to revert themselves. Nyttend (talk) 02:35, 27 November 2018 (UTC)[reply]
  • I say let the RfC play out. I for one can't fucking believe this was done behind the scenes without community consent. I find it hard to believe that the devs can't see the double-edged blade staring directly back at them us. If the inability to self-unblock can be used as a weapon against these rogue/compromised/abusive accounts, it can be used by these accounts, against us. I really don't think "Robdurbar" would have attacked the main page if he knew it would be over the second he did so. He may have instead strategized the best way to evade a block for as long as possible while inflicting as much damage as possible. This is a big project, with plenty of dark corners. It's really not hard for me to brainstorm creative ways to go rogue without being immediately blocked. I'm sure whoever is behind the compromised admin accounts is not terribly stupid either. There's not that many admins active at any given time. If we're lucky, there will be a crat or steward around to perform an emergency desysop when needed. Some nonsensical IP user can commit blatant anti-Semitic vandalism on an obvious target for that sort of thing, and no one will notice for nearly 48 hours. Or, they can go on an unhinged BLP violating/edit warring spree, while their name sits in a backlogged administrative noticeboard. If IPs can fly under the radar, do you really think that rogue/compromised admins can't get away with it if they really try? We're just giving these people reasons to engage in pre-emptive admin blocking, not to mention stealth sprees, and that can cause far more damage than anyone has ever tried to cause before. Yeah, it sounds like a good idea with no downsides at first, but there's a huge potential for this shit to backfire. Smdh.  Swarm  talk  02:40, 27 November 2018 (UTC)[reply]
    Swarm, No point in it now, I guess. FWIW if you're interested in numbers, I've been watching them for a while. On average there are 40-60 admins active on enwiki per hour, and about 500-700 per week. SQLQuery me! 02:50, 27 November 2018 (UTC)[reply]
    Imagine if you looked at the numbers where you take the body of "active" admins in a given time, weed out the ones who aren't actually working on/involved with the administrative backlog proper, spread them out across every venue where there are outstanding reports or requests for admin action, and then compare the rate of admin work that can be, or is being, completed with that workforce, relative to the rate of new admin work being created. Reports at AIV can sometimes sit for hours. Reports at AN/I, RfPP, PERM, or AN3 can sit for days. There's basically one person who has been handling the histmerge backlog over the years. It doesn't do me much good to know that there's 60 active admins here at any given hour when I'm waiting two or three days for a simple report to get an admin's response. We're not as on top of things as you'd think.  Swarm  talk  03:11, 27 November 2018 (UTC)[reply]
    I know we are all very enwiki-centric here but this was also done globally. How about those small projects where there are two or three admins? Block, block, and you have the run of the place until a steward steps in. --Majora (talk) 02:43, 27 November 2018 (UTC)[reply]
    For what it's worth, before this change such rogue admin account already had the run of the place until a steward interfere since no blocks can stop them, and their crats don't have the power to desysop. -- KTC (talk) 12:31, 27 November 2018 (UTC)[reply]
  • Version A – I originally supported maintaining the status quo, but I have been persuaded by two arguments. Firstly, per this 2011 change found by John Cline and confirmed by Ajraddatz above, removing (unblockself) from the administrator toolset will not prevent administrators from unblocking themselves if they were also the one who blocked themselves. Most self-unblocking events on Wikipedia are administrators accidentally blocking themselves, and this proposal, as written, will not hinder administrators' ability to correct such uncontroversial errors. Secondly, per Callanecc above, this proposal would be useful in the event that an administrator account is compromised, which does occur every few years. Currently, the only effective way to stop a compromised administrator account is for a bureaucrat or steward to do an emergency desysop/global lock. The wait time for this can take several minutes, whereas this proposal would shorten the response time by allowing any administrator—not just stewards and bureaucrats—to neutralize the compromised account via a block. As MusikAnimal notes: in such a case, every second counts. Mz7 (talk) 03:12, 27 November 2018 (UTC)[reply]
    • Here's why I didn't support this option: what if someone did succeed in running a script to block all (active) admins? We have to weigh the time we save with option A and compare it against the probability of someone succeeding in doing this and the length of time it would take for intervention in that scenario. --Rschen7754 03:55, 27 November 2018 (UTC)[reply]
  • Version C I basically agree with the latter half of User:Mz7's stricken post (the bit about whether someone who can't be trusted not to self-unblock can be trusted to be an admin, which is basically unrelated to whether self-blocks would be included, although I do applaud the detective work that was apparently involved there), with the addition that it seems to be in only extreme cases where admins get blocked at all (I've seen admins do/say things that would get any experienced non-admin blocked on-site, but with admins a more popular approach seems to be to ask ArbCom to desysop, as though it was taken as a given that if someone does something blockworthy their mop should be taken away first), and admins having the ability to self-unblock would seem to be useful to weed out the really extreme cases. I should also say that one way or the other this question would be better resolved after Wikipedia:Arbitration/Requests/Case/Fred Bauder is resolved, since desysopping someone for abusing an admin tool that has already been removed from all admins is ... well, it serves a function, but still feels kinda silly. Hijiri 88 (やや) 07:42, 27 November 2018 (UTC)[reply]
  • Version D User:Jesse_Viviano's proposal that an admin can sacrifice their bit to desysop another admin.--v/r - TP 16:43, 27 November 2018 (UTC)[reply]
  • status quo, too rare of a problem to need a special solution. Andrew Lenahan - Starblind 18:03, 27 November 2018 (UTC)[reply]
The discussion above is closed. Please do not modify it. Subsequent comments should be made on the appropriate discussion page. No further edits should be made to this discussion.

Nuclear Option

So devs have decided to pull "Option A" on all projects in phab:T150826. Note admins that SELF-block can still self-unblock. In theory if we wanted some local group to be able to 'unblockself' still we could argure for it here on enwiki only (e.g. int-admins, or 'crats, expect to get a lot of pushback if we asked for sysops to have it back). — xaosflux Talk 03:42, 27 November 2018 (UTC)[reply]

  • Please don't try to add this to intadmins. SQLQuery me! 03:49, 27 November 2018 (UTC)[reply]
  • Intadmins should not be elevated beyond their pure technical abilities to edit certain pages. TonyBallioni (talk) 03:55, 27 November 2018 (UTC)[reply]
  • (edit conflict) No. Unblocking self would be important to smaller wikis, here it's done in minutes by other admins. We are fine here. -- Amanda (aka DQ) 03:56, 27 November 2018 (UTC)[reply]
  • In order of preference as to who to give unblockself to, it would be "admins that have 2FA enabled," then CU/OS, then arbs (since you would have to create a separate usergroup for them), then bureaucrats (since they don't handle private info and thus might not take precautions on their accounts), then interface admins. I just worry that we might be opening up the door to someone who runs a script and blocks all the admins, at a time of day when stewards are not around. --Rschen7754 04:00, 27 November 2018 (UTC)[reply]
    • Striking my first suggestion as I think there is a potential security problem in that, and in giving certain privileges to admins based on whether they have two-factor or not. --Rschen7754 04:14, 27 November 2018 (UTC)[reply]
  • The config change is quick and easy to make. Think of developer-forced "option A" as a temporary measure until more robust technical solutions are developed. For now, we should accept it. MusikAnimal talk 04:19, 27 November 2018 (UTC)[reply]
  • I'm somewhat peeved that the devs went ahead and partied like it's 1945 -- the issue was dealt with, the question of how to deal with the ongoing threat was being discussed, and this was sent to all Wikimedia wikis. I think there's some valid points being made on the Phabricator and while I'm partial to option A myself I'm concerned at the trigger-happiness. Best, ProgrammingGeek talktome 04:21, 27 November 2018 (UTC)[reply]
  • We don't have to "do" anything, we can just move along as well. — xaosflux Talk 04:24, 27 November 2018 (UTC)[reply]
  • Leave as is, stewards can still solve the problem if needed. Callanecc (talkcontribslogs) 07:07, 27 November 2018 (UTC)[reply]
  • Eek, "Old admin accounts are being hacked and blocks to active admins applied"? Oof. I wonder if a fix for this would be to make it harder to block admin accounts? Somehow... dunno how tho. Anyway, yeah, if admin accounts are being wrongly blocked isn't keeping it easy to unblock themselves called for? Herostratus (talk) 09:48, 27 November 2018 (UTC)[reply]
  • I would support adding this right to bureaucrats and/or int-admins (but obviously not those who are in both, that would be one person) because having nobody be able to self-unblock seems like a security flaw to me. SemiHypercube 12:14, 27 November 2018 (UTC)[reply]
    I'd also be fine with having CheckUsers and Oversighters with this right. Basically, kind of version B above. (I would've !voted as that, but I feel like it's a bit rude to !vote in my own proposal) SemiHypercube 12:19, 27 November 2018 (UTC)[reply]
    What's special about CU/OS? Natureium (talk) 14:38, 27 November 2018 (UTC)[reply]
    CUs are mainly the ones dealing with the current spate on compromises, so I guess there's that, but I'm pretty meh about it either way. Hardcore opposed to IAdmins having it as it's literally just a flag that any admin who requests at BN with a sufficient reason can get and we shouldn't be adding anything to that userright beyond maybe the ability to edit the main page/other security risks. TonyBallioni (talk) 16:36, 27 November 2018 (UTC)[reply]
    Also because there is a significant risk of private data being leaked if CU/OS is hacked (even if blocked), so we're already in trouble. --Rschen7754 19:24, 27 November 2018 (UTC)[reply]
    Those are reasons that people with a CU flag should be particularly concerned about security (although I've heard the complaints about requiring 2FA for CU/OS several times), but why would it make sense for them to be able to unblock themselves? Natureium (talk) 20:03, 27 November 2018 (UTC)[reply]
  • Suppose unblockself was a right that could be exchanged as in a changing of the guard per say, and perhaps 5 or 10 admins, coordinated at wp:an were vested with the right at all times after satisfying some form of active acceptance implying a commitment to remain active until at least such time as when another admin similarly accepts the right and commits to the role. It would not be difficult at all to maintain these 5 or 10 in-house go-to admin-guards and such an active rotation would capably foil any script a wannabe rogue could practically devise while ensuring wiki-continuity by en-means. Anyway, that's an old soldier's 2 cents worth of outside the box thought, given with no dividends due. Cheers.--John Cline (talk) 16:32, 27 November 2018 (UTC)[reply]
    John Cline: seems unnecessarily complicated, especially when we already have a group of users that are meant to be a highly available global quick-response team. –xenotalk 16:37, 27 November 2018 (UTC)[reply]
    Thank you xeno, I appreciate your reply; in its grounded truth. Considering that I support option A, and that is effectively what we now have, I'd have done better leaving the other changes unpublished. I agree with your regards. That said, I would like it known that I am in full support of the foundation's leadership demonstration in implementing this global change. Bravo.--John Cline (talk) 01:35, 28 November 2018 (UTC)[reply]
  • I don't see that the ability to unblock oneself has been removed or even decided. It's been my understanding as long as I've been an admin that we can unblock ourselves but it's a really bad idea to do so unless there is an absolute emergency. Jonathunder (talk) 21:58, 27 November 2018 (UTC)[reply]

Throttling

Slightly separate to (unblockself), I can't see any rate limits applied to administrators. I'm open to correction on that, but I can't see anything. After all, admins have (noratelimit). More concerning perhaps, should a 'crat account get hijacked, is no throttle on making sysop accounts (or, indeed, 'crat accounts). I'd suggest we have a throttle on administrators blocking other administrators (2/minute?) and a 24 hour cooldown on new bureaucrat accounts before they can user their new rights. WP:BEANS is why the cooldown is necessary, if in doubt email me and I might spill the BEANS. Bellezzasolo Discuss 13:52, 27 November 2018 (UTC)[reply]

I'll spill them. It's important that everyone knows and acts with knowledge rather than ignorance. Now that the devs have acted in their infinite wisdom and removed selfunblock, and because there is no rate throttling, at the risk (or outright ignorance) of WP:BEANS, I'm proposing this godawful idea that the next compromised sysop account simply uses the API to mass block all other administrators. Then we're fucked until a staff, dev, or steward comes by. This is a bad bad bad idea and it's going to bite us in the ass really hard.--v/r - TP 14:14, 27 November 2018 (UTC)[reply]
@TParis: Not only that, but if they got into a bureaucrat account, they'd be able to create new bureaucrat accounts through the API, and only stewards would be able to desysop them. It would be a bad case of whack-a-mole. But that's a threat even with (selfunblock), because crat accounts are also able to desysop! Only active crats and stewards would be available to fight the hacker. Bellezzasolo Discuss 15:06, 27 November 2018 (UTC)[reply]
I'm glad we've given up WP:BEANS, as it is my least favorite essay. Is it ever necessary for a single crat to +/- sysop or crat more than 2 accounts per day? It seems like a pretty strict limit would rarely cause actual problems. Natureium (talk) 15:31, 27 November 2018 (UTC)[reply]
At the start of each month, sometimes up to a half-dozen sysops have the perm removed by a crat per WP:INACTIVITY. Otherwise, well, we used to have multiple concurrent RfA's, and it's possible for multiple sysops to return at the same time (pretty nearly happened this week) so still useful if not strictly necessary. ~ Amory (utc) 16:26, 27 November 2018 (UTC)[reply]
Ah, I forgot about the inactivity desysoping. That's a good point. Natureium (talk) 16:47, 27 November 2018 (UTC)[reply]
@Natureium and Amorymeltzer: We could set the desysop throttle to something high like 20/day or 30/day. That way, although a lot of damage is done, there should still be active admin accounts to block the hacker, and then unblock the crats so they can re-sysop. If we separate +sysop and +crat, you could then have a 5/day throttle for +sysop and 1/day throttle for +crat (I don't see 2 concurrent RfBs in the foreseeable future). The +crat would need a 1 day cooldown on the new account is the main thing, as it stops a malicious script hopping between accounts. Bellezzasolo Discuss 13:49, 28 November 2018 (UTC)[reply]
This is pretty painful to read. Under the status quo, someone could already compromise an admin and go on a mass blocking spree, and if another admin was able to block them the compromised admin could just self-unblock. A compromised crat could already go on a desysopping spree, and self-unblock if blocked. In all of these situations, either steward or bureaucrat intervention is already required to stop the abuse. With the removal of unblockself, any admin can put a stop to it, because the compromised admin vandalbot can be blocked by any other admin and cannot undo the block. This is a helpful move, not a harmful one. It gives more power to local admins to stop abuse in situations involving account compromises.
There's also a question of likelihood here. All of the previous compromises would have been stopped earlier without unblockself, and honestly the various doomsday situations you describe would still have the possibility of being stopped earlier since any admin could stop it immediately. Now, I'm not saying that the implementation is without concern - specifically the part of removing unblockself from small wikis too - but I think that the reaction here is honestly quite ridiculous. -- Ajraddatz (talk) 16:44, 27 November 2018 (UTC)[reply]
The difference is that we can all unblock ourselves and go right back to cleanup. Once unblockself goes away, a rougue admin can run a script to block 1300 sysop accounts (not hard) and then have free roam of the place. In fact, if hacker were to write the bot well, they'd start by scanning the admin logs for active admins and block those first. Honestly, if you're blowing this scenario off, you haven't really given it due weight.--v/r - TP 16:49, 27 November 2018 (UTC)[reply]
And it would be trivial for even a moderately skilled hacker to write the bot that well in advance, since mediawiki is freely available software which they can practice offline. Only in death does duty end (talk) 16:51, 27 November 2018 (UTC)[reply]
I'm not blowing it off, I'm saying that it is incredibly unlikely and could be stopped by one admin under the new scheme, whereas it could not be stopped without steward/crat intervention before. The actual clean-up is trivial compared with stopping ongoing damage. A rogue admin cannot instantly block all 1300 sysops, and even if they did (which is incredibly unlikely and no compromise before has involved this) stewards still have a four minute response time, on average, over the last three compromise situations. Bad policy is made by looking only at fringe cases, there needs to be a balance between possible harm and what would help in 100% of the situations that have happened so far. -- Ajraddatz (talk) 16:54, 27 November 2018 (UTC)[reply]
I'll also clarify that I wasn't trying to single out your idea as ridiculous: I've seen all sorts of situations explained over the last two days that are very unlikely and would still be better solved without unblockself than with it. The reality is that regardless of unblockself there are still far worse things that the attackers could have done with a compromised admin account, and we're lucky nothing worse has happened. Ensuring that admin accounts are secure is going to be an important consideration moving forward. -- Ajraddatz (talk) 17:04, 27 November 2018 (UTC)[reply]
"could be stopped by one admin under the new scheme" I'm trying to tell you that all active sysops could be blocked before anyone even realizes whats happening.--v/r - TP 17:14, 27 November 2018 (UTC)[reply]
I know what you think could happen, I'm saying it wouldn't happen that way. Even without rate limits there is a physical limit to how often an action can be processed through the API. Earlier in the year we had to deal with vandalbots using the API, and they couldn't manage more than 60 edits/min. It would take 21 minutes for a bot at that speed to go through the list of 1300 admins. Lets say the attacker made a bot that was 4x faster than that - it would still take 5 minutes to block all admins. During the last compromise, the response time from the first action to first block by an admin was 2 minutes. This is still a better solution than the status quo. And as usual, I'll note two things that people here are ignoring: a) the likelihood that this would happen, since it's never happened before and removing unblockself would have helped in 100% of the past compromises, and b) the fact that there are far worse things that a compromised account could do than block every admin, so if we are dealing with someone who has inside MediaWiki knowledge and a good familiarity with our systems we'd be in trouble for more reasons than a list of blocked admins. -- Ajraddatz (talk) 17:22, 27 November 2018 (UTC)[reply]
I'm not entirely sold yet, but I kind of like the idea from the phabricator ticket to allow blocked sysops to block the user who blocked them, i.e. retaliate. It might lead to escalation in the more routine "sysop goes rogue/dumb" scenario, but it would be limited. In the compromised/mass-attack scenario, it would stop the threat of mass-blocking. In either way, basically stop the bleeding and give time to sort it out. Short-circuits the issues with an elegant(ish) solution to uncommon and very uncommon problems. ~ Amory (utc) 17:25, 27 November 2018 (UTC)[reply]
@Ajraddatz: SQL did the math. There are about 60 admins here per hour (300 per day/600 overall per week on average). Even with the limit you've given, all admins active on the project within the last hour could be blocked within 1 minute.--v/r - TP 17:32, 27 November 2018 (UTC)[reply]
Ok, fair, in which case someone would need to get a steward..... which they would need to do anyway. Again, doomsday scenario, unlikely to happen, far worse things could be done. I'll end by saying that there are also ways of reducing this one theoretical vulnerability and it looks like the devs are going to work on it. -- Ajraddatz (talk) 17:34, 27 November 2018 (UTC)[reply]
Amorymeltzer, It would solve the problem, so long as something crazy doesn't happen like 3 admin accounts being compromised at once. But, what are the chances of that happening? SQLQuery me! 17:37, 27 November 2018 (UTC)[reply]
Maybe I'm crazy, but is there some way we could test this out? Obviously not on enwiki, but setting up some test wiki with 1300 admins and with a similar configuration, and then see how long it takes. --Rschen7754 19:22, 27 November 2018 (UTC)[reply]
I'd actually like to do it. I was half tempted to say something like "I could write such a bot in 10 minutes" but I suspected some busybody would accuse me of threatening the 'pedia or going rogue and ask Arbcom to remove my bit over it. It'd help if we could get 1300 psuedo accounts with active log entries being made with a random 60 active during a given hour so that we have an accurate environment.--v/r - TP 20:14, 27 November 2018 (UTC)[reply]
Well, I'm not sure if it's needed... as you said above, it would be easy enough to just block the active ones and that would have the same impact. A better use of time would be to help the devs work around this one theoretical abuse angle. -- Ajraddatz (talk) 23:03, 27 November 2018 (UTC)[reply]
@SQL: Fair point, but if the attacker is using one or two accounts to bulkblock every sysop and saving the third to vandalize freely, we're no worse off than we were yesterday, and we've forced the attacker to burn two or three logins instead of just one. Obviously the more accounts an attacker has at their disposal the worse/harder it will be, but I'll take the net positive of half a loaf over none any day. ~ Amory (utc) 20:01, 27 November 2018 (UTC)[reply]
"Earlier in the year we had to deal with vandalbots using the API, and they couldn't manage more than 60 edits/min." @Ajraddatz: my personal record is 2000 edits in 5 minutes. This is by no means a hard limit, there are several users who managed over 1000+ edits/minute. And if you wanted, you could go faster. Blocking the top 500 admins would take 75 seconds at 400 edits/minute. - Alexis Jazz 05:04, 28 November 2018 (UTC)[reply]
And so far my personal best that I have actively noticed was around 181 edits within a minute with TheSandBot, a feat which it has accomplished a few times. --TheSandDoctor Talk 21:18, 30 November 2018 (UTC)[reply]
Toolforge job-array is designed for running massive parallel math problems but can run massive parallel worker bots. I tried it once but the speed caused problems with disk caches and logging so I backed off but for the right bot it might be extremely fast. -- GreenC 22:04, 30 November 2018 (UTC)[reply]
Yeah, I'm not buying this whole "it gives admins more power to stop disruption" angle. It can just as easily be argued that "it gives rogue admins more power to disrupt". If the risk/benefit ratio was the same, fine, whatever, but honestly, what's a harder scenario to deal with, one admin who is able to unblock themselves a few times before they get locked/desysopped, or dozens if not hundreds of admins blocked and unable to unblock themselves before anyone realizes what's going on? Even worse, what's harder to deal with, a rogue admin who knows they can unblock themselves and thus isn't worried about detection, or a rogue admin who knows they can't unblock themselves, thus goes stealth-rogue and does something like delete hundreds of obscure articles with misleading rationales, or modify the protection on hundreds of articles, or something even worse like abusively merging histories, or create vandalism articles with their autopatrolled rights. There's any number of ways to go absolutely fucking nuclear without being immediately detected, and that's what removing the ability to self unblock is going to encourage. It's clear the people who unilaterally made this decision weren't thinking about the potential downsides at all, it was just a rushed, boneheaded move, not to mention a slap in the face to the supposed concept of a volunteer-run project. It's not remotely an uncontentious security improvement as you would have us believe, and it arguably increases the potential for harm.  Swarm  talk  22:17, 27 November 2018 (UTC)[reply]
No, it can't be just as easily argued. Removing unblockself earlier would have helped in every single one of the compromise cases that have actually happened across this network of websites since I've been in a position to respond to them, which is going on five years now. You are taking a remote possibility (but still a possibility, I'll give you that) and railing against an otherwise positive security change because of it. I'll also add that attackers are already incentivized to be stealthy, since there is an end point to attacks even with unblockself when the compromised account is locked. I don't think that moving the possibility of stopping an attack sooner than it can currently be stopped (2 minutes instead of 4 minutes in the last case) would cause a significant change of behaviour in the attacker. I'd say that these public discussions about all the possible things someone can do with a compromised admin account are much more likely to cause future problems than removing unblockself from the admin toolkit.
I'm not saying that the possibility should be ignored, and maybe I haven't been very clear on this up until now. I think we should be working with WMF security staff to identify and fix vulnerabilities, not rejecting their efforts outright. Ultimately they are the ones who are subject matter experts in what they do, and should be allowed to make decisions to protect the security of our site, but it should be a collaborative process. I think there's improvements to be made on both sides in that respect. Your own sarcastic comments thanking the WMF for their change are just as unhelpful to that effort as them forcing technical changes without community consultation - they feel like the community is too busy hating the WMF to work with them, and the community feels like the WMF doesn't care. In this particular case, staff are willing to both work towards fixing this vulnerability and allowing projects to opt-in to adding unblockself to the sysop kit with consensus, but feel that removing the permission is a better option to have by default. From the arguments I've heard, that seems fair to me. -- Ajraddatz (talk) 23:03, 27 November 2018 (UTC)[reply]
I get it, you like the positive aspects of this change, but you're also just repeatedly rejecting perfectly plausible scenarios in which it can backfire, which is something plenty of people are concerned about by the way, without resolving the actual concerns. The concerns don't just dissipate because you point out that we can stop a rogue account in 2 minutes instead of 4 now. And you're also acting like it's unreasonable to be outraged when the WMF makes a contentious global change to a longstanding status quo, willfully ignoring an ongoing community discussion that clearly shows said change to be controversial at best. I would think that as a Steward, your priority in this situation would be "customer service", but apparently it's to aggressively beat back those of us who dare to question a WMF staff member's decision that quite blatantly contradicts the fundamental principles that supposedly govern us. Chastising us for being "haters", really? The devs won't work with us because we just mindlessly hate the Foundation? What?? Please extend my sincere apologies to the Foundation for hurting their feelings with sarcasm. I should have realized that it's our fault when Foundation staff arbitrarily makes decisions without the community's input, without sufficiently acknowledging the community's concerns, without providing any explanation to the community, and without being accountable to the community. I totally understand how it's retroactively our fault, for using sarcasm, after the fact. You've convinced me that the devs always make the right call, and that we should not waste time critically thinking for ourselves. Academic experts aren't given any special preference here, but the staff are. Got it. Sarcasm aside, when the Foundation does something silly, and people get pissed off about it, it's not a good look to boil it down to "hating the Foundation". I have nothing against the Foundation, I don't know anything about the Foundation and I'm entirely indifferent about the Foundation. But the merits of this "content dispute" itself aside, the Foundation should not be making decisions like this in the midst of an active community discussion, and if they for some reason feel the need to, the responsible parties need to be accountable to the community. It's not unreasonable to call them out for failing in this regard, and it's actually pretty bizarre to see a Steward try and frame that kind of criticism as unreasonable. You just come across as a shill for the Foundation. If you want to actually facilitate a better working relationship between the Foundation and the community, use your weight as a Steward to remind staff not to do things that will very obviously piss people off, like ignoring community discussions, take our concerns seriously, rather than arguing with everything and sweeping dissent under the rug, and take a leadership role in bringing us together.  Swarm  talk  01:56, 28 November 2018 (UTC)[reply]
Swarm, do you have any concerns about this change that are not addressed by Gerrit 476080, which allows blocked admins to block the admin who blocked them? -- Tim Starling (talk) 04:38, 28 November 2018 (UTC)[reply]
I have not tried to aggressively beat down anyone here; I think that the concerns are overemphasized, that the problems exist with or without unblockself but the benefits only exist without. Responding to that effect is not intended to prevent discourse or criticism, nor has it done that. As to bring the community and staff together, I've tried to do that with this situation, and have been somewhat successful in other places. Here obviously wasn't one of them. -- Ajraddatz (talk) 04:46, 28 November 2018 (UTC) I've thought about this some more, and if I was coming off as obtuse and dismissive then that's probably what was happening - my apologies. I thought I had The AnswerTM here and it was just a matter of explaining it better, but that's probably not the case and even if so I obviously haven't done that. I do think your concern is valid and hope that the patch Tim linked to above will help resolve it. And if Commons was hit with edits that fast I'm probably remembering things wrong at Meta, confirming that this is something deserving of more thought. -- Ajraddatz (talk) 05:36, 28 November 2018 (UTC)[reply]
@Tim Starling (WMF): I tend to be biased toward my idea of a solution over others, but I can't say that I can think of a reason why your solution doesn't work.

@Ajraddatz: I appreciate your comments, but you'd still have been my favorite steward after this regardless. I'm guilty of thinking I have The AnswerTM all the time.--v/r - TP 16:48, 28 November 2018 (UTC)[reply]

@Tim Starling (WMF): Well, yes, I have articulated concerns in my comments other than the potential for a rogue account mass blocking admins. However, that is a major concern, and allowing a retaliatory mutual block seems like it would be a reasonable countermeasure, even if not perfect. I can accept the fact that the status quo wasn't perfect, and there likely is no 'perfect' way of dealing with this, but the point of contention about WMF staff showing a complete disregard for the community is a bigger issue. Completely unacceptable in any business situation, additionally insulting coming from an NPO towards its own volunteers, and even more so in the context of the precedent that Jimbo set to purportedly let the community govern. If you're going to take a decision out of the community's hands while they're actively discussing something, at least have the decency to be accountable for that. @Ajraddatz: Sorry if I came across as too aggressive towards you as well, I was directing my other frustrations at you, and it wasn't necessary. Best,  Swarm  talk  17:52, 28 November 2018 (UTC)[reply]
I know it can be surprising when we change the MediaWiki configuration without community consensus being demonstrated, but that is in fact the usual process, we change configuration details every week. We especially do not consider it necessary to consult with the community before making security-related changes, and this change was recommended by our security team. But in this case, there effectively was consultation, since Brian Wolff indicated that he had read the village pump discussion and taken it into consideration before he uploaded the configuration change to Gerrit. Most village pump comments seemed to focus on the prospect of a compromised admin account using a script to block all other admin accounts, a concern which was of course known to us, as it was the subject of the third comment on the Phabricator task in November 2016 and was also discussed at length on Phabricator this month. In my opinion, there was a need for judgement in weighing up the various concerns. Our judgement was influenced by the current vandal, who appears to be technically unsophisticated, and yet is damaging Wikipedia's reputation by, for example, twice placing a Goatse image on the main page 5 days ago. I think we should first deal with the vandals who are attacking the site right now, and worry about hypothetical technically competent vandals later. As for the precedent Jimbo set, well, it cannot be so easily distilled to a single principle. In the early days when Jimbo was highly active, he didn't tell developers to always defer to community consensus, in fact we were pretty much able to make any change to the software we wanted. This was an era before bureaucrats, stewards, oversighters and checkusers, I took on all those roles by means of shell access. When I introduced the block-by-name feature in September 2003, I established the policy of allowing administrators to unblock themselves with essentially no community consultation. I recall consulting on blocks in general, and in fact the feature was initially disabled on the French Wikipedia due to Anthere's objections, but I brushed off complaints about this detail, because allowing admins to unblock themselves was the simplest thing to code, and as a volunteer I didn't have much time to spend on it. So it's strange to see the status quo defended in such strident tones when it was an arbitrary, unreviewed decision by me in the first place. -- Tim Starling (talk) 23:30, 28 November 2018 (UTC)[reply]
I appreciate you taking the time to offer an explanation, I can understand where you're coming from, and I can also understand that you guys can make judgment calls without the community's approval. But, you're still suggesting that you don't even see what the big deal is here. There's a contentious community discussion going on, you guys make a judgment call on your end to handle it unilaterally, and to you, that's the long and short of it. To us, okay, you've unilaterally overridden a community consensus-building process, something we hold sacred, something that no member of the community, regardless of standing, would ever be able to do, and you don't even have the decency to explain to us what you're doing and why, not even to give us the slightest indication that you're listening to the community's concerns, or even that you take the concept of a community-based project seriously, at all. The fact that you find this backlash 'strange' suggests that you don't understand the high level of importance that longstanding precedent, and transparency, and communication, and accountability have here, and it's all just happily arbitrary on your end, that's concerning, because it reveals a large disconnect between the culture at WMF and the culture within the community itself. I don't think the WMF has disdain for the community, but those are the optics you project in situations like this. Not intending to single you out to give you a hard time, but I think you guys can maybe do with a reminder that the community deserves a degree of courtesy in situations where you might be perceived as stepping on its toes.  Swarm  talk  21:27, 29 November 2018 (UTC)[reply]

Earlier in this discussion, Ajraddatz wrote:

"Even without rate limits there is a physical limit to how often an action can be processed through the API. Earlier in the year we had to deal with vandalbots using the API, and they couldn't manage more than 60 edits/min. It would take 21 minutes for a bot at that speed to go through the list of 1300 admins."

No policy decision should be made based upon the assumption that the Wikimedia servers won't suddenly become thousands of times faster. All it would take is a decision that certain tasks have the potential to bog down the existing servers and thus should be moved to a dedicated high-speed server for the slowness we are depending upon to vanish.

There may be other reasons to adopt or reject a policy, but this should never be one of them. --Guy Macon (talk) 18:46, 28 November 2018 (UTC)[reply]

Fair, and as pointed out above, it is likely that they could already go significantly faster with up to 2,000 actions/minute. -- Ajraddatz (talk) 19:42, 28 November 2018 (UTC)[reply]

Diffs should include log extracts

I recently looked at this diff and was misled by what I saw. It looked like my G11 tag had been deleted for no reason. What I didn't notice was that between those two versions, the page had been deleted and then restored. It would be useful for the diff to include a note, "Two intervening administrative actions not show; see log for details" (with a link to the log). Any thoughts on this before I go ahead and open a Phab feature request? -- RoySmith (talk) 15:34, 27 November 2018 (UTC)[reply]

Why the hell not? No downsides; useful feature; do it. ProgrammingGeek talktome 15:51, 27 November 2018 (UTC)[reply]

I do a lot of CSDing and then pages come back and I have to figure out why. This would be very helpful. Legacypac (talk) 20:23, 27 November 2018 (UTC)[reply]

How often are you CSDing pages that are later undeleted? Natureium (talk) 20:30, 27 November 2018 (UTC)[reply]
RoySmith, that would be quite helpful and I have suffered from the same confusion, a few times.WBGconverse 05:56, 28 November 2018 (UTC)[reply]

Complete auto-archiving of RFPP

Requests for page protection is the venue where editors request protection for pages, and admins review the requests and implement or reject them. It is an important venue for the encyclopedia, and activity there is often reviewed during RfAs. Personally, as someone who feels protection is often over-applied, I am frequently interested in finding out the context in which page protection was originally applied. I imagine that admins looking to protect a previously-protected page are interested in the context of its previous protections. All these purposes are frustrated by the inexplicable fact that RFPP only has a rolling 7-day archive, after which you are left to sift through the page history. I was inspired to come here by my experience finding the RFPP request that resulted in the current protection of International Space Station, and I challenge anyone thinking that the page history is a good enough record to do the same.

I propose that RFPP be archived in a complete fashion. Building retrospective archives would be awesome, but to avoid technical issues this proposal is specifically for the archiving of future requests. Implementation could look a number of different ways, but I think the ideal scenario would replicate the WP:PERM archive (surely a less important thing to archive than RFPP!), where MusikBot sorts completed requests into "Approved" and "Denied" and archives them by date. If I can auto-archive my talk page, and we can archive requests for rollback, then Wikipedia can archive its page protection requests. A2soup (talk) 17:40, 28 November 2018 (UTC)[reply]

  • Do you know how to access the protection log for a page? You don't have to use the page history, and RfPP requests themselves contain no information that can't be found in the protection log, so I don't see what the point of permanently preserving every single one of them would be.  Swarm  talk  21:34, 28 November 2018 (UTC)[reply]
I know very well how to access the protection log. I don't at all agree that RfPP requests contain no information that can't be found in the protection log. Just very cursorily looking at our current RfPP, I see (excerpts):
  • Drive-by IP vandalism due to rumors swirling in the college football world right now.
  • not sure if full is best but considering ec/compromised accounts are messing around significantly, requesting something a bit stronger.
  • The issue should mostly blow over in a month or two, so that period of protection ought to be enough.
All of these are valuable information about the context of the protection that is lost in the log entries. This is not to mention declined protection requests that obviously leave no log entries but may be important to access later. A current example: Declined, they stopped after warning. Please let us know if disruption resumes. A2soup (talk) 21:43, 28 November 2018 (UTC)[reply]
Okay. Well, I'll drop a note by WT:RfPP and see if anyone has any issues with this. If not, this can likely just be handled as an uncontroversial technical request.  Swarm  talk  21:35, 29 November 2018 (UTC)[reply]
Wow, thanks so much! A2soup (talk) 22:02, 29 November 2018 (UTC)[reply]

GlobalFactSyncRE/DBpedia project proposal

DBpedia, which frequently crawls and analyses over 120 Wikipedia language editions, has near complete information about (1) which facts are in infoboxes across all Wikipedias, and (2) where Wikidata is already used in those infoboxes. GlobalFactSyncRE will extract all infobox facts and their references to produce a tool for Wikipedia editors that detects and displays differences across infobox facts in an intelligent way to help sync infoboxes between languages and/or Wikidata. The extracted references will also be used to enhance Wikidata. For more see https://meta.wikimedia.org/wiki/Grants_talk:Project/DBpedia/GlobalFactSyncRE

Please let us know what you think, your opinion is important to us! Thank you! — Preceding unsigned comment added by M1ci (talkcontribs)