User talk:Funcrunch/Protect userspace RfC draft

The published RfC is now available at Wikipedia:Requests_for_comment/Protect_user_pages_by_default. Please leave any further comments there, not here, thanks! Funcrunch (talk) 17:17, 31 August 2016 (UTC)[reply]

As I promised earlier this week: This RfC draft is now open for feedback. Feel free to correct typos and such directly, but please discuss larger potential changes here on this talk page first. This RfC is currently in draft form in my userspace, and is not open to comments from the public. Pinging all those who volunteered to help with this idea at the Inspire Campaign: I JethroBT, Safety Cap, Juno Frez, Omni Flames, Thunderforge, Abrimaal, Peteforsyth, WereSpielChequers. Funcrunch (talk) 19:43, 4 August 2016 (UTC)[reply]

As it is, the proposal is a bit unclear about whether this is applying to both the user pages and user talk pages. Sentences 1 and 3 refer to "user pages", but sentence 4 discusses vandalism on a "user's talk page". Also, the relationship with subpages is unclear. We need to clearly state how our proposed policy applies to each. Also, there is a mix of the term "user pages" and "user's pages". I think that we should use the same terminology that Wikipedia uses: "user page" and "user talk page" (with the plurals being "user pages" and "user talk pages"). I think we should also avoid the possessive form ("users' pages") and instead refer to it as we do currently in the first sentence: "editors' user pages". -Thunderforge (talk) 03:39, 8 August 2016 (UTC)[reply]

Thanks for the feedback. I clarify later in the proposal the different options I'm presenting for protecting user and user talk pages, but I can edit the introductory section to explain that sooner. Funcrunch (talk) 04:12, 8 August 2016 (UTC)[reply]

I've made edits based on the above feedback. As it's now been seven days since I asked for feedback, I intend to publish this RfC tomorrow. If anyone has any other suggested changes, please speak up now! Funcrunch (talk) 18:56, 11 August 2016 (UTC)[reply]

Hey Funcrunch-- the proposal is looking good! Nice work. Here is my feedback:

• I agree with Thunderforge's feedback above around language.
• You'll want to provide an option for no changes. Having a "status quo" option is usual in RfCs, otherwise it means someone else will probably create it and, at best, mildly annoyed about it, and at worst, frame the entire RfC as non-neutral. You could phrase this option in lots of ways-- Do not protect user page or user talk pages and No changes to protection status of user or user talk pages are two possibilities I can think of off the top of my head.
• Recommend omitting options to change protection for user talk pages from this RfC. In the Comments from the Proposer section, you've noted that there's a reasonable use case here for anonymous and new editors based on comments from several endorsers. One concern I have is the notion that folks might think, "Is this proposal trying to prevent new editors from communicating entirely?" and could distract from the more pertinent issue. For both of those reasons, I don't think those proposals are likely to succeed, so I think they can be safely left out.
• Consider waiting to initiate the discussion when some data specific to anonymous editing of user pages is available. I've filed a Phabricator ticket (T141829) with Halfak (WMF) to request this query, and let them know that you want to get this discussion started soon. I think some folks have experienced harassment on their own userpages, and those experiences are informative enough, but for others who have not, I think it would be helpful to show how often it is occurring recently. Right now, the rationale section notes that harassment is a real problem, and that some of that problem comes from anonymous editors (in the form of vandalism), but there's not a strong connection to user pages. This data would provide that connection for folks reading this proposal, and I think it is worth the wait. I'll let you know as soon as it is ready.
• Slight header change: Rationale and anticipated objections --> Rationale

  I think a rationale can already suggest it will include anticipated objections, so this is just simplifying the header.

• Slight phrasing change: There is no demonstrated need for anonymous editors to make edits to a registered user's page. to There is no demonstrated need for anonymous or new editors to make edits to another editor's user page.

  Some changes to phrasing. Also, any kind of protection would also affect newer editors, so just clarifying that here.

That's all the feedback I have. This is your proposal, so it's up to you if you want to pitch it tomorrow, but I do think waiting until that data comes in will be informative, as I think some participants in the discussion would be interested in it. I JethroBT ^{drop me a line} 03:05, 12 August 2016 (UTC)[reply]

Thanks for your feedback; I will work on your suggested edits, and wait a bit longer to see if the requested data comes in. Funcrunch (talk) 03:50, 12 August 2016 (UTC)[reply]

• @Funcrunch: One other option that might be worth exploring in this RfC is having userpage protection as an opt-in measure for editors, say, on their preferences. I suspect editors differ in their tolerance of / attitude toward vandalism on their own userpage; some may prefer to opt-out of a default protection arrangement, but would support others having the agency to make that decision themselves. What do you think? I JethroBT ^{drop me a line} 00:08, 27 August 2016 (UTC)[reply]

• I considered having some sort of toggle switch available for protection, or at least making it more obvious how to request the change. I don't want to overly complicate the proposal with too many more options, so I'll have to think how to express this. Funcrunch (talk) 00:25, 27 August 2016 (UTC)[reply]
• OK, I've added two additional options to the proposal, in addition to making edits based on Peteforsyth's feedback. Funcrunch (talk) 18:58, 27 August 2016 (UTC)[reply]

Barring any further comments necesitating major revisions, I plan to publish this RfC tomorrow (August 31). Funcrunch (talk) 22:30, 30 August 2016 (UTC)[reply]

• @Funcrunch: Only other thing I'd recommend is checking out the very recent Wikipedia:New_pages_patrol/RfC_for_patroller_right discussion to see if there are any features of that RfC that might fit well here. A few of the things that caught my attention were the bullet points at the top to limit the scope of discussion and providing some info on how folks were notified: e.g.:
  • This RfC is not for discussing the software technicalities...In the case of a consensus this will be addressed at Phabricator.
  • Alternative proposals: Please start your own RfC rather than detracting from this one to make your point.
  • Please remain civil. Take your personal disagreements with contributors' comments elsewhere.
  • Notifications: Users who have previously participated in related discussions are being notified manually within the policy at WP:Canvass; apologies for any omissions. Related projects are also being informed. This RfC will also be notified on RfC Cent, the WP:VP, and on users' Watchlists.

Looking forward to seeing this discussion start. Thanks for your work preparing this! I JethroBT ^{drop me a line} 22:51, 30 August 2016 (UTC)[reply]

• Thanks - I'm tempted to copy those caveats word for word. I'll be bracing for impact once I publish... Funcrunch (talk) 23:10, 30 August 2016 (UTC)[reply]

Hi. I think this proposal is very anti-wiki and I hope it doesn't move forward.

"There is no demonstrated need for anonymous editors to make edits to a registered user's page." ← What kind of demonstration do you think is needed here? Is someone really arguing that in over fifteen years of Wikipedia's existence, an IP user hasn't fixed a typo or made another helpful edit to a user page?

Is this proposal intended to cover "main" user pages only (e.g., User:Funcrunch) or also user subpages (e.g., User:Funcrunch/Protect userspace RfC draft)?

There's a legitimate argument that if vandals and other harassers are going to make dumb edits, user pages aren't the worst place. Vandalizing a user page doesn't disrupt the vast majority of our readers: it would be much worse if vandals were focused on articles and templates and other content pages that have much higher viewership. And vandalizing a user page doesn't trigger notifications in the same way that vandalizing a user talk page does. If we block user pages, we may end up with more user talk page vandalism.

However, the biggest argument against this proposal I think is that it's anti-wiki. We strive to be as open as possible. We have many means (IP blocks, IP range blocks, AbuseFilter, page protection, title blacklists, etc.) to combat vandalism and other issues that stem from our openness. Staying free and open is a core principle that we should protect. --MZMcBride (talk) 02:48, 12 August 2016 (UTC)[reply]

MZMcBride: This proposal will be going forward. This space is for feedback from those who indicated on the Inspire Campaign page that they wanted to help with this project. You'll have the opportunity to express your disagreement with the concept on the RfC after it is published. As this is my userspace I will likely delete any further comments that are not made with the intention to improve this proposal. Funcrunch (talk) 03:18, 12 August 2016 (UTC)[reply]

I suspect you mean "revert" or "remove" rather than "delete". Risker (talk) 05:34, 13 August 2016 (UTC)[reply]

Risker, do you think this comment might come across as a bit pedantic? I strongly suspect Funcrunch knows the difference. People talk about deleting comments all the time, without intending the kind of precision you might expect in a CS class. For whatever it's worth, I would certainly have used the word "delete" in this case. -Pete (talk) 07:10, 16 August 2016 (UTC)[reply]

Geez, Pete, I'm kinda worried that an administrator can't or won't articulate the difference between deletion and reversion, given that the ability to delete is one of the major differences between administrators and non-administrators. Deletion's a big deal; reversion, not so much. Comments on this page in other sections have a lot of focus on the importance of precision in language. Hence the importance of pointing out that Funcrunch isn't going to delete anything, although he could certainly remove or revert. Even as an administrator, I've almost never deleted anything written by someone else on a page in my userspace. Risker (talk) 15:31, 17 August 2016 (UTC)[reply]

As Peteforsyth said, I do understand the difference in terms. I would prefer to limit discussion on this talk page in my userspace to improving this draft RfC. Please respect my wishes. (P.S. I prefer singular they, not he, as stated on my userpage.) Funcrunch (talk) 16:09, 17 August 2016 (UTC)[reply]

Please accept my apologies for not being aware of your pronoun choices, Funcrunch; I rarely look at user pages unless I'm encountering an editor whom I think is a problem, and I certainly wouldn't classify you as problematic in any way. It does make me aware that communicating your preference must be a bit of a challenge. Risker (talk) 01:48, 26 August 2016 (UTC)[reply]

This RfC looks very well thought out to me. A few suggestions:

• Under Rationale, you mention the need for some programming changes. Strictly speaking, the RfC could just be used as a general expression of support for a policy change; but I expect that some participants will be very interested in how those changes might be implemented, what kind of resources might be required, what timeframe, what kind of unintended consequences might result. A few words to address some of that (even if you don't have anything like definite answers) might be a worthy addition.
• How will you measure success (or how would you recommend that a researcher go about measuring success)? What kind of questions, or observations, might lead to useful conclusions about whether the desired result has been achieved, and whether any negative/unanticipated consequences resulted? A few words about this would greatly strengthen the proposal.
• Related to that last point, I think there should be one or two additional options, to implement this as a temporary experiment. For instance, change the default for 6 months, and then look at XYZ data from new contributors.

-Pete (talk) 07:20, 16 August 2016 (UTC)[reply]

Thanks for the suggestions. Pinging I JethroBT about the programming changes as I believe he was in contact with someone for details about that, and also to check on the status of the query he was making on Phabricator as that ties in with your second point. Funcrunch (talk) 16:12, 17 August 2016 (UTC)[reply]

@Funcrunch and Peteforsyth: I've been informed from a developer that yes, it is technically feasible to restrict namespace editing for certain usergroups using the $wgNamespaceProtection setting. I JethroBT ^{drop me a line} 22:20, 24 August 2016 (UTC)[reply]

Thanks for the reply I JethroBT. Does the existence of this setting mean it would be as simple as flipping a switch, so to speak, or would more time and resources be required? Also, is there any news on that Phabricator query, regarding existing vandalism to user pages? Thanks again for your help. Funcrunch (talk) 22:32, 24 August 2016 (UTC)[reply]

I don't have a clear answer about the kinds of resources/time needed to make these kinds of changes yet; I suspect it'll depend on the exact nature of the changes (just the user page, user page and subpages, etc.) I'm currently waiting on an answer to this, so I'll update when I have one. I do have an update on the phabricator task as well-- we just finished it, actually! EpochFail reported that 60% of non-subpage edits to the User: namespace are not obvious accidental logged out edits or sockpuppet edits. We evaluated a random sample of 105 recent edits from this 60% (found here) with the following constraints:

• Anonymous edits within the "User" namespace on English Wikipedia that were not to sub-pages, and
• Edits from IP addresses that were not associated with any logged-in changes (using the `checkuser` system).

Aaron and I checked through these edits and sorted them based on whether they were productive, good-faith but damaging, and vandalism. We also noted where edits were likely made while logged out:

• 45 of those edits were productive, and virtually all of them were likely made while the editor was accidentally logged out
• 6 were good faith, but damaging edits. Some of these deal with removals of instructions that should not be removed in en:User:Sandbox, others were using the userpage as a resume space.
• 54 of these edits were vandalism, ranging all over the map: from Template:Sock removals/additions, gibberish, blanking, mundane disruption, adding links to violent videos, threats, editorializing, and stuff that needed to be revdeleted, and more.

You can read through our analysis here. To Peteforsyth's suggestion above, one possible way to measure effectiveness is to see a reduction in reverts due to vandalism in the User: namespace. Conversely, assuming that folks are editing while accidentally logged out, we might hope to see an increase in the proportion of people making logged-in edits in their userspace. I JethroBT ^{drop me a line} 23:35, 24 August 2016 (UTC)[reply]

Thanks for the information. I'll work on updating the draft of the RfC per your data and Peteforsyth's suggestions shortly. Funcrunch (talk) 20:54, 25 August 2016 (UTC)[reply]

• Hmm. Random review of 105 out of how many edits during that period, which appears to be approximately two weeks? It is difficult to understand the frequency of such edits without the total number of edits meeting the criteria during the period. To put this into proportion, 105 edits is about the number of reverts done by Cluebot NG in 2 hours. I JethroBT, can you provide the denominator, please? This will give us a better concept of the frequency that the defined problem occurs, and would be useful information for the RfC. Risker (talk) 01:49, 26 August 2016 (UTC)[reply]

@Risker: I'll have to defer to EpochFail on the question of the frequency in a given period. Aaron, could you weigh in here on this question to help contextualize our findings? Thanks, I JethroBT ^{drop me a line} 02:03, 26 August 2016 (UTC)[reply]

OK. So I started with the full set of edits in the recentchanges table. You can see my queries here: https://quarry.wmflabs.org/query/11697. So, I found 2921 edits to the "User" namespace by anons. 1587 edits were subpage edits. Platonides suggested that those had a different quality to them and my analysis (see on the phab task) suggests that most of these edits are good. I randomly sampled 1000 edits from the remaining edits and flagged which of them could be associated with a logged-in action via the `cu_changes` table. This eliminated 600 edits from editors who were most likely editing logged out (for whatever reason). The sample of 100 (I did a math mistake earlier which implied that there were 105) that I JethroBT and I labeled came from the remaining 400. This is where we found that almost all of these remaining edits were either likely logged-out editing by a registered user or blatant vandalism. These results imply that few good edits to user-pages would be lost by semi-protecting. But I agree with Risker that this doesn't clearly suggest that the issue is massive enough to affect counter-vandalism workloads at all (it's a drop in the bucket). I think the primary concern here should be on the cost of user-page attacks on that user's feelings of safety and not the load on counter-vandalism work. --EpochFail (talk • contribs) 15:23, 26 August 2016 (UTC)[reply]

Thanks EpochFail. I agree with your last sentence; I would have gone through with posting the RfC even without this additional data for that reason, but I JethroBT convinced me to wait. I will work on this draft and hopefully get it formally posted by early next week. Funcrunch (talk) 15:42, 26 August 2016 (UTC)[reply]

I recently became aware of this proposal. It can be very easy in such a busy and diverse environment as Wikipedia and the Wikimedia projects to miss proposals such as this if they are not publicised widely. As this is a proposal that may signal a major change away from a founding wiki principle, I suggest that it needs to be publicised as widely as possible once it goes live. Some suggestions that may help are at Wikipedia:Publicising discussions.

On that topic, one thing that is not clear is where this proposal will be published. Will the RfC be its own page and linked from various places, or will it be at or at one or other of the talk pages of Wikipedia:User pages and Wikipedia:Protection policy? I would suggest the latter, as it is a policy and the former is a guideline (though a notification would need to be left there). Where do you intend to leave notifications when this RfC is published? Making a list of (or discussing in advance) where you intend to publicise the discussion can help. Carcharoth (talk) 11:18, 17 August 2016 (UTC)[reply]

I do plan to publicize this RfC widely once it is published. Per advice from I JethroBT, I plan to link it from the protection policy page, and add a notice to the centralized discussion template. I haven't publicized this draft page in my userspace beyond extending invitations to those who volunteered to help at the Inspire Campaign page, because I don't want to invite more criticism at this stage. People will be welcome to voice their objections once the RfC is published, of course. Funcrunch (talk) 16:02, 17 August 2016 (UTC)[reply]

Above, there is the comment "This RfC is currently in draft form in my userspace, and is not open to comments from the public." What does this mean in the context of a wiki that can be edited by anyone? You are already getting comments from others, and you will get more as more people become aware of this proposal. I suspect that the intent is to keep the design and launch of this RfC to a select group so that the original aims are properly articulated and communicated. I can understand that to some extent, but there is a danger that some people will feel excluded from the process and oppose it on those grounds. The RfCs that achieve major and genuine change are either very well designed, or have had input from the community in the design process. Sometimes several iterations of requests for comments are needed before a proposal appears that the community is happy with. It can be an intensely infuriating process, but the alternative is sometimes for a proposal to crash and burn if launched with too little pre-launch input. You (Funcrunch) talk about it having endorsements at the Inspire leaderboard, but the number there (28) is relatively small compared to the potentially hundreds of people that may comment eventually. Maybe a pointer placed at Wikipedia:Protection policy to gain input before launching this would be wise? Carcharoth (talk) 15:58, 17 August 2016 (UTC)[reply]

See my reply above. Of course I cannot prevent people from leaving comments here, but as this is my userspace I expect others to honor my wishes to keep this drafting process limited to people who intend to improve the proposal and not just automatically reject it out of principle. I do not wish to publicize this process further before the RfC is published. Funcrunch (talk) 16:05, 17 August 2016 (UTC)[reply]

I understand what you are saying, but you can't stop people publicising this once they are aware of it. I hope you do manage to get this to a stage where you are happy to publish, and that you take on board the feedback you receive from the community about this. It may well be that things have changed sufficiently that the community will now support something like this. Carcharoth (talk) 16:32, 17 August 2016 (UTC)[reply]