Community health initiative/Blocking tools and improvements
This page documents a feature the Wikimedia Foundation's Anti-Harassment Tools team has prioritized for software development.
The Wikimedia Foundation's Anti-Harassment Tools team invited Wikimedians to discuss new blocking tools and improvements to existing blocking tools in December 2017 for development work in 2018. Our team identified shortcomings in MediaWiki’s current blocking functionality in order to determine which blocking tools we can build for wiki communities to minimize disruption, keep bad actors off their wikis, and mediate situations where entire site blocks are not appropriate.
- 1 Updates
- 2 MediaWiki's current blocking functionality
- 3 Problem 1. Username or IP address blocks are easy to evade by sophisticated users
- 4 Problem 2. Aggressive blocks can accidentally prevent innocent good-faith bystanders from editing
- 5 Problem 3. Full-site blocks are not always the appropriate response to some situations
- 6 Problem 4. The tools to set, monitor, and manage blocks have opportunities for productivity improvement
- 7 See also
- 8 Footnotes
March 1, 2019
Today I officially share the Wikimedia Foundation's Anti-Harassment Tools team's recommendations for tools to combat long-term abuse that occurs on our wikis. This 9-page document roughly defines the types of long-term abuse that occurs, outlines the existing tools and tactics used to mitigate and tolerate this behavior, investigates potential new softwares to combat this abuse (namely device blocking) and makes recommendations for next steps.
In brief, our recommendations are to avoid device blocking, as it would be an expensive endeavour with very low likelihood for successful impact. Instead, our team recommends alternate tactics including a user reporting system, improvements to CheckUser, additional muting features, and more.
An immediate byproduct of this research is that our team will work on extending cookie block functionality to the Visual and mobile editors. — phab:T196575
February 15, 2019
Initial feature development on partial blocks is complete! Admins can now set blocks that only prohibit editing on certain page(s) and/or namespace(s). The rollout will be slow and staged to ensure we didn't forget any important functionality.
January 18, 2019
I've compiled some data about how often the "you are blocked" messages appear to our users on Community health initiative/Blocking tools and improvements/Block notices. There are some graphs and a table of raw data as well as some synthesized findings. Here are the main takeaways:
- Block notices appear very often on the largest Wikimedia projects, sometimes outnumbering actual edits. (6.2 million blocked edits occured on English Wikipedia over a 30-day period.)
- The desktop wikitext editor sees the vast majority of impressions by a wide margin. (98% on English Wikipedia, 89.5% on Spanish, and 98.7% on Russian.)
- The VisualEditor and mobile block notices may occur less frequently, but still display to thousands of people every month. There are hurdles to optimizing their displays, given the legacy of desktop-first design.
January 16, 2019
Partial Blocks have been enabled on Italian Wikipedia! 🎉 We're looking for more Wikipedias to test, please leave us a talk page message if your community is willing to test! More information can be found at the project page.
Also of note is that our team is currently looking into potential software solutions to mitigate Long-Term Abuse on Wikimedia. We are exploring some ideas listed in § Problem 1. Username or IP address blocks are easy to evade by sophisticated users above. We are aiming for our preliminary investigation to be complete by the end of February and will publish all notes and findings here on Meta Wiki.
Partial blocks are still in development. They are enabled on Test Wikipedia and will be enabled on Italian Wikipedia in January.
Data on the "you are blocked" messages is visible on this graph for seven wikis (more to be added soon.) I'll be spending this afternoon digging into some correlated block data to see if there are any interesting insights. For now, the most insightful things are: 1) far-and-away most people learn they are blocked on desktop via the wikitext editor 2) except on German Wikipedia, which has an incredibly high count of API blocks and 3) rough back-of-napkin calculations show that mobile block notices appear relative to desktop site notices the same as general edit trends (~95% of edits are from desktop editors.) Depending on what I have by the end of today I may post an addendum here.
One final note about blocking to close our 2018: in the next year my team will begin looking into device blocking, which was outlined and discussed as Problem 1. Username or IP address blocks are easy to evade by sophisticated users. We aim to make a proposal to the Wikimedia Board of Trustees in early 2019.
Our team is still working on addressing the final defects before we enable Partial Blocks on Italian Wikipedia. We're optimistic that we can hit this milestone next week! In the meantime testing is available on Test Wikipedia and Test Wikidata for users interested in taking a look at what's ready so far. We're also confident that we can get Namespace blocks to a near-ready state by the end of December, before we break for the winter holidays. That functionality should be ready on Test Wiki in January.
Yesterday we enabled tracking on the block notice messages that appear to users — a.k.a. the "You are blocked" messages. The data is visible on this graph. This data is currently only being measured on Italian Wikipedia but we plan to enable it on 19 more wikis next week. We will be able to compare this to the other known block data to better understand how often blocked users attempt to edit. This should inform our decisions on if or how to improve these messages and unblock workflows for users.
This first feature set is limited: admins can block an user or IP from editing up to 10 specified pages. There are some known defects that we're currently working on (for example, if an admin is partially blocked from a page they can't delete any page.) and we'll get back to building namespace and upload blocks in later November.
If you're testing partial blocks we'd love to hear from you! Drop us a note about your experience with the tool. We're looking specifically for feedback about:
- What is an appropriate limit of the number of pages a user should be blocked from? In the first version limit is 10, but it can any number.
- Are you satisfied with how partial blocks are logged?
- Do we need to change anything that has already been built?
- Is the warning message in the VisualEditor too gentle?
August 22, 2018
As part of our work on Partial Blocks (phab:T2674) we've have determined that we also need to build a system that allows for multiple simultaneous blocks to be set against a single account (user or IP) to allow communities to set different sanctions of different expiration dates. (For example, a user could have an indefinite block from uploading files but a 24-hour sitewide block.) We are referring to this work as multi-blocks and this work can be tracked in phab:T194697. Another round of designs are underway and will be shared next week on the project page.
For those interested in the technical side of blocks, we're holding a technical RFC about database changes we plan to make. A summary of our changes can be found at phab:T199917.
June 28, 2018
Over the past several months the Wikimedia Foundation's Anti-Harassment Tools team has been working on improvements to blocking tools. We recently added a datetime selector to the Special:Block tool to make it easier to set precise block expirations (phab:T132220). We also upgraded the notice that appears to inform users on mobile devices that they are blocked (phab:T165535). To make blocks stronger, we've expanded cookie blocking to IP blocks to make it more difficult for people to evade their block (phab:T152462).
We investigated building a way for administrators to block users by a hashed combination of browser information but decided it would not be effective without capturing more data during edit sessions (phab:T188160). Because of this we've decided to not pursue this feature at this time. Rather, we've prepared tickets to give CheckUsers the ability to block by IP address or IP range and browser user agent (phab:T100070). This work is prepared and ready to build, just awaiting prioritization.
Our team is currently working on building Partial Blocks, or the ability for administrators to block a user from just a specific page, all pages inside a namespace, or from uploading files. We believe this will allow more tactical sanctions to be set for troublesome users who are productive on other parts of the wiki. (phab:T2674) You can follow that project and see designs at Community health initiative/Per-user page, namespace, and upload blocking.
MediaWiki's current blocking functionality
Currently on Wikimedia wikis, users and IPs can be blocked from editing articles. Blocks prohibit users from editing all pages in all namespaces on the wiki, with the optional exception of the blocked party's user_talk page. Blocks are permissioned by default to administrators and are logged publicly on Special:Log, Special:BlockList, and Special:Block.
Similar to blocks, global account locks prohibit users from logging-in to any Wikimedia wiki, and global blocks prohibit users from logging-in to any Wikimedia wiki, and global blocks can be set against IP addresses.
Autoblocks can be assigned to username blocks, which will automatically block IP addresses used by the offending user for 24 hours.
Problem 1. Username or IP address blocks are easy to evade by sophisticated users
Blocks can be set against a username, IP address, or IP range. IP addresses can be easily spoofed or changed via proxies. The barrier to create a new account is very low and easily circumventable. The Wikimedia movement values openness and privacy, so we must balance walling off bad actors against keeping our platform accessible to good-faith newcomers.
Proposed potential solutions:
- Block by user agent (including CheckUser search)
- Block by device ID (including CheckUser search)
- Global blocks for usernames
- Add "Prevent account creation" to global block
- Cookie blocking for anons
- Add a way to extend autoblock to longer than 1 day
- Proactive globally block open proxies (or build a system that shares their IPs cross-wiki)
- Hash personally identifiable data to surface as a percentage match to CheckUser
- AI that compares editing patterns and language to predict possible sockpuppets
- Identify sockpuppets by typing patterns (e.g. rhythm/speed), network speed, and editing patterns (e.g. time of day, edit session length, categories of pages edited)
- Display all contributions made within an IP range on one feed (aka 'Range Contributions')
- Extend Nuke to IP ranges
Problem 2. Aggressive blocks can accidentally prevent innocent good-faith bystanders from editing
Many IPs and IP ranges are shared by multiple users (e.g. libraries, schools, office buildings) and most individual IPs can (and will) be reassigned by ISPs to other users. If one bad actor gets the IP or IP range blocked, other users cannot edit. Some IP blocks allow for logged-in editing, and good usernames can be whitelisted from IP blocks that prohibit logged-in editing.
We could implement new features that prohibit IPs from editing or creating throwaway accounts, but allow good faith bystanders to still create accounts and productively edit.
Proposed potential solutions:
- Require all accounts created in an IP range to confirm their email address before editing.
- Prevent the use (or flag incidents) of blacklisted email addresses from being associated with new user accounts
- Throttle account creation and email sending per browser as well as IP address
- Require email address to be unique for edits in certain IP ranges (potentially requiring whitelisted email domains)
- Allow CheckUsers to compare hashed email addresses
- Build AI that automatically sets a block length and type based on UserAgent, IP and/or email
- Require two-factor authentication for edits in certain IP ranges
- Convert Twinkle and/or Huggle from gadgets to extensions, increase their accuracy
Problem 3. Full-site blocks are not always the appropriate response to some situations
Smaller, more tactical blocks may defuse situations while retaining constructive contributors. On some wikis such as English Wikipedia, this concept is dictated by bans. However, technical means to enforce bans are currently limited, and consequently a user may unnecessarily be blocked from editing the wiki as a whole.
Full-site blocks are akin to a sledgehammer. How can we build fly-swatters to prevent a user from causing limited harm while keeping them a part of the wiki.
Proposed potential solutions:
- Block a user from...
- Allow admins to specify exactly which permissions to block.
- Allow admins to temporarily revoke a users' autoconfirmed status.
- Require all edits by a user to go through deferred changes.
- Block that only expires when a user has read a specified page (training module, user talk page, etc.)
- Allow admins to throttle a user's edits to a maximum number per day/hour/etc
- Build a version AbuseFilter that runs on all edits of specified users to create custom, complex blocks
- Tool to prevent users from writing about themselves.
- User masking systems to obfuscate or ‘hide’ users from each other on wiki 
Problem 4. The tools to set, monitor, and manage blocks have opportunities for productivity improvement
The existing blocking tools (Special:Block, the API, Twinkle, Special:BlockList, etc.) are used daily by numerous users across all Wikimedia wikis. Using these tools can be time intensive, so we would like to explore ideas of how we can simplify the workflows to set or modify a block, monitor block logs, and check the status or details of a block.
Proposed potential solutions
- When leaving a warning on a user talk page, display how many other warnings have ever been given to that user.
- Twinkle should automatically know the appropriate warning template to use on that user.
- Log bans like blocks, which could result showing the information on their user page, contributions, or autogenerate a list of all banned users.
- Allow CheckUsers to watch specific IPs
- Allow admins to annotate previous blocks as accidental
- Allow admins to set a block date range via datetime selector
- Allow admins to set different expiration times for blocking editing vs. account creation
- Allow admins to oversight usernames while blocking them
- Display block expirations in logs
- Display a warning on the block page when admins are blocking a sensitive IP
- Special:Block could suggest block length for common policy infractions
- Improved way to set mass blocks
- Block appeal process could be improved to reduce the work required for admins
- Display if a user is currently blocked on another wiki on Special:Block
- Mobile block notices are abysmal 
- Allow admins to ‘pause’ a block so the user can participate in on-wiki discussions
- /Links — A list of links on Meta Wiki, MediaWiki.org, and Phabricator about existing blocking tools or suggestions for improvements.
- /English Wikipedia policies — A list of links on English Wikipedia about blocking policies or tools, and talk page conversations about improvements.
- /Block notices — Data about how often the "you are blocked" notices appear to people attempting to edit a wiki.
- Community health initiative/Editing restrictions — The WMF's Anti-Harassment Tools team's documentation page about how new tools could support the socially enforced editing restrictions used by English Wikipedia.
- Community health initiative/Partial blocks — Project page for partial blocks, which allow admins to prevent a user from editing specific page(s) or namespace(s).
- Help:Blocking_users on MediaWiki.org
- T100070 — Allow User agent (UA)-based IP Blocks
- 2015 Community Wishlist Survey/Moderation and admin tools#Improve MediaWiki's blocking tools
- 2017 Community Wishlist Survey/Smart blocking
- Prioritization of action items, Stewards visit 2015, page 9
- T17273 — Please add "Prevent account creation" to global block
- T152462 — Add cookie when blocking anonymous users
- T27305 — Add a way to extend autoblock to longer than 1 day
- Talk:Community health initiative/Blocking tools and improvements
- T106930 — Throttle account creation and email sending per browser as well as IP address
- T2674 – Allow users to be blocked from editing a specific article
- See also: Community health initiative/Editing restrictions
- 2015 Community Wishlist Survey/Moderation and admin tools#Enhanced per-user, per-article protection/blocking
- 2017 Community Wishlist Survey/Per-page user blocking
- T179110 — Allow users to be blocked from editing a specific namespace
- T6995 — Ability to block users from uploading files only
- T18644 — Allow users to be blocked from editing non-talk pages only
- Wikipedia talk:Blocking policy/Archive 21 on English Wikipedia
- It is currently possible to block someone from using Special:EmailUser, but this requires also blocking them from editing
- T104099 — Add ability to block users from emailing other users (without performing a full block)
- T27400 — Software should allow admins to give specific users permission to edit specific pages through blocks
- Extended_blocking on MediaWiki.org
- Wikipedia talk:Blocking policy/Archive 23 on English Wikipedia
- 2017 Community Wishlist Survey/Allow further user block options ("can edit XY" etc.)
- 2016 Community Wishlist Survey/Categories/Moderation tools#All edits from hardblocked IP mark as unreviewed
- T18447 — Set a block that only expires when a user has read a specified page (training module, user talk page, etc.)
- Wikipedia talk:Blocking policy/Archive 22 on English Wikipedia
- Wikipedia talk:Administrators' noticeboard/Archive 8#Warnings and discussion before blocks on English Wikipedia
- Wikipedia talk:Banning policy/Archive 3#Recording of Bans on English Wikipedia
- T21796 — CheckUser watchlist feature
- T46759 — Allow marking blocks that were made in error
- 2016 Community Wishlist Survey/Categories/Admins and stewards#Enable administrators to update block logs
- Wikipedia talk:Blocking policy/Archive 20 on English Wikipedia
- T132220 — Add datetime selector to block and protect interface to select expiration
- T65238 — Different lengths of block and block account creation
- 2016 Community Wishlist Survey/Categories/Admins and stewards#Allow admins to hide names of users while blocking them
- T148649 — Display an entry for page in watchlist when page protection expired; Display an entry in user page when user blocking expired
- T151484 — Display a warning on the block page when admins are blocking a sensitive IP