Community health initiative/Blocking tools and improvements
This page documents a feature the Wikimedia Foundation's Anti-Harassment Tools team has prioritized for software development.
The Wikimedia Foundation's Anti-Harassment Tools team invited Wikimedians to discuss new blocking tools and improvements to existing blocking tools in December 2017 for development work in 2018. Our team identified shortcomings in MediaWiki’s current blocking functionality in order to determine which blocking tools we can build for wiki communities to minimize disruption, keep bad actors off their wikis, and mediate situations where entire site blocks are not appropriate.
After the months-long discussion, our team identified user agent blocking (phab:T100070), anonymous user cookie blocking (phab:T152462), improved block warning message for users on mobile phones (phab:T165535), and Partial Blocks (page, namespace, and upload blocks) (phab:T2674) as projects to explore and/or build in 2018.
- 1 Updates
- 2 MediaWiki's current blocking functionality
- 3 Problem 1. Username or IP address blocks are easy to evade by sophisticated users
- 4 Problem 2. Aggressive blocks can accidentally prevent innocent good-faith bystanders from editing
- 5 Problem 3. Full-site blocks are not always the appropriate response to some situations
- 6 Problem 4. The tools to set, monitor, and manage blocks have opportunities for productivity improvement
- 7 See also
- 8 Footnotes
August 22, 2018
As part of our work on Partial Blocks (phab:T2674) we've have determined that we also need to build a system that allows for multiple simultaneous blocks to be set against a single account (user or IP) to allow communities to set different sanctions of different expiration dates. (For example, a user could have an indefinite block from uploading files but a 24-hour sitewide block.) We are referring to this work as multi-blocks and this work can be tracked in phab:T194697. Another round of designs are underway and will be shared next week on the project page.
For those interested in the technical side of blocks, we're holding a technical RFC about database changes we plan to make. A summary of our changes can be found at phab:T199917.
June 28, 2018
Over the past several months the Wikimedia Foundation's Anti-Harassment Tools team has been working on improvements to blocking tools. We recently added a datetime selector to the Special:Block tool to make it easier to set precise block expirations (phab:T132220). We also upgraded the notice that appears to inform users on mobile devices that they are blocked (phab:T165535). To make blocks stronger, we've expanded cookie blocking to IP blocks to make it more difficult for people to evade their block (phab:T152462).
We investigated building a way for administrators to block users by a hashed combination of browser information but decided it would not be effective without capturing more data during edit sessions (phab:T188160). Because of this we've decided to not pursue this feature at this time. Rather, we've prepared tickets to give CheckUsers the ability to block by IP address or IP range and browser user agent (phab:T100070). This work is prepared and ready to build, just awaiting prioritization.
Our team is currently working on building Partial Blocks, or the ability for administrators to block a user from just a specific page, all pages inside a namespace, or from uploading files. We believe this will allow more tactical sanctions to be set for troublesome users who are productive on other parts of the wiki. (phab:T2674) You can follow that project and see designs at Community health initiative/Per-user page, namespace, and upload blocking.
MediaWiki's current blocking functionality
Currently on Wikimedia wikis, users and IPs can be blocked from editing articles. Blocks prohibit users from editing all pages in all namespaces on the wiki, with the optional exception of the blocked party's user_talk page. Blocks are permissioned by default to administrators and are logged publicly on Special:Log, Special:BlockList, and Special:Block.
Similar to blocks, global account locks prohibit users from logging-in to any Wikimedia wiki, and global blocks prohibit users from logging-in to any Wikimedia wiki, and global blocks can be set against IP addresses.
Autoblocks can be assigned to username blocks, which will automatically block IP addresses used by the offending user for 24 hours.
Problem 1. Username or IP address blocks are easy to evade by sophisticated users
Blocks can be set against a username, IP address, or IP range. IP addresses can be easily spoofed or changed via proxies. The barrier to create a new account is very low and easily circumventable. The Wikimedia movement values openness and privacy, so we must balance walling off bad actors against keeping our platform accessible to good-faith newcomers.
Proposed potential solutions:
- Block by user agent (including CheckUser search)
- Block by device ID (including CheckUser search)
- Global blocks for usernames
- Add "Prevent account creation" to global block
- Cookie blocking for anons
- Add a way to extend autoblock to longer than 1 day
- Proactive globally block open proxies (or build a system that shares their IPs cross-wiki)
- Hash personally identifiable data to surface as a percentage match to CheckUser
- AI that compares editing patterns and language to predict possible sockpuppets
- Identify sockpuppets by typing patterns (e.g. rhythm/speed), network speed, and editing patterns (e.g. time of day, edit session length, categories of pages edited)
- Display all contributions made within an IP range on one feed (aka 'Range Contributions')
- Extend Nuke to IP ranges
Problem 2. Aggressive blocks can accidentally prevent innocent good-faith bystanders from editing
Many IPs and IP ranges are shared by multiple users (e.g. libraries, schools, office buildings) and most individual IPs can (and will) be reassigned by ISPs to other users. If one bad actor gets the IP or IP range blocked, other users cannot edit. Some IP blocks allow for logged-in editing, and good usernames can be whitelisted from IP blocks that prohibit logged-in editing.
We could implement new features that prohibit IPs from editing or creating throwaway accounts, but allow good faith bystanders to still create accounts and productively edit.
Proposed potential solutions:
- Require all accounts created in an IP range to confirm their email address before editing.
- Prevent the use (or flag incidents) of blacklisted email addresses from being associated with new user accounts
- Throttle account creation and email sending per browser as well as IP address
- Require email address to be unique for edits in certain IP ranges (potentially requiring whitelisted email domains)
- Allow CheckUsers to compare hashed email addresses
- Build AI that automatically sets a block length and type based on UserAgent, IP and/or email
- Require two-factor authentication for edits in certain IP ranges
- Convert Twinkle and/or Huggle from gadgets to extensions, increase their accuracy
Problem 3. Full-site blocks are not always the appropriate response to some situations
Smaller, more tactical blocks may defuse situations while retaining constructive contributors. On some wikis such as English Wikipedia, this concept is dictated by bans. However, technical means to enforce bans are currently limited, and consequently a user may unnecessarily be blocked from editing the wiki as a whole.
Full-site blocks are akin to a sledgehammer. How can we build fly-swatters to prevent a user from causing limited harm while keeping them a part of the wiki.
Proposed potential solutions:
- Block a user from...
- Allow admins to specify exactly which permissions to block.
- Allow admins to temporarily revoke a users' autoconfirmed status.
- Require all edits by a user to go through deferred changes.
- Block that only expires when a user has read a specified page (training module, user talk page, etc.)
- Allow admins to throttle a user's edits to a maximum number per day/hour/etc
- Build a version AbuseFilter that runs on all edits of specified users to create custom, complex blocks
- Tool to prevent users from writing about themselves.
- User masking systems to obfuscate or ‘hide’ users from each other on wiki 
Problem 4. The tools to set, monitor, and manage blocks have opportunities for productivity improvement
The existing blocking tools (Special:Block, the API, Twinkle, Special:BlockList, etc.) are used daily by numerous users across all Wikimedia wikis. Using these tools can be time intensive, so we would like to explore ideas of how we can simplify the workflows to set or modify a block, monitor block logs, and check the status or details of a block.
Proposed potential solutions
- When leaving a warning on a user talk page, display how many other warnings have ever been given to that user.
- Twinkle should automatically know the appropriate warning template to use on that user.
- Log bans like blocks, which could result showing the information on their user page, contributions, or autogenerate a list of all banned users.
- Allow CheckUsers to watch specific IPs
- Allow admins to annotate previous blocks as accidental
- Allow admins to set a block date range via datetime selector
- Allow admins to set different expiration times for blocking editing vs. account creation
- Allow admins to oversight usernames while blocking them
- Display block expirations in logs
- Display a warning on the block page when admins are blocking a sensitive IP
- Special:Block could suggest block length for common policy infractions
- Improved way to set mass blocks
- Block appeal process could be improved to reduce the work required for admins
- Display if a user is currently blocked on another wiki on Special:Block
- Mobile block notices are abysmal 
- Allow admins to ‘pause’ a block so the user can participate in on-wiki discussions
- /Links — A list of links on Meta Wiki, MediaWiki.org, and Phabricator about existing blocking tools or suggestions for improvements.
- /English Wikipedia policies — A list of links on English Wikipedia about blocking policies or tools, and talk page conversations about improvements.
- Community health initiative/Editing restrictions — The WMF's Anti-Harassment Tools team's documentation page about how new tools could support the socially enforced editing restrictions used by English Wikipedia.
- Help:Blocking_users on MediaWiki.org
- T100070 — Allow User agent (UA)-based IP Blocks
- 2015 Community Wishlist Survey/Moderation and admin tools#Improve MediaWiki's blocking tools
- 2017 Community Wishlist Survey/Smart blocking
- Prioritization of action items, Stewards visit 2015, page 9
- T17273 — Please add "Prevent account creation" to global block
- T152462 — Add cookie when blocking anonymous users
- T27305 — Add a way to extend autoblock to longer than 1 day
- Talk:Community health initiative/Blocking tools and improvements
- T106930 — Throttle account creation and email sending per browser as well as IP address
- T2674 – Allow users to be blocked from editing a specific article
- See also: Community health initiative/Editing restrictions
- 2015 Community Wishlist Survey/Moderation and admin tools#Enhanced per-user, per-article protection/blocking
- 2017 Community Wishlist Survey/Per-page user blocking
- T179110 — Allow users to be blocked from editing a specific namespace
- T6995 — Ability to block users from uploading files only
- T18644 — Allow users to be blocked from editing non-talk pages only
- Wikipedia talk:Blocking policy/Archive 21 on English Wikipedia
- It is currently possible to block someone from using Special:EmailUser, but this requires also blocking them from editing
- T104099 — Add ability to block users from emailing other users (without performing a full block)
- T27400 — Software should allow admins to give specific users permission to edit specific pages through blocks
- Extended_blocking on MediaWiki.org
- Wikipedia talk:Blocking policy/Archive 23 on English Wikipedia
- 2017 Community Wishlist Survey/Allow further user block options ("can edit XY" etc.)
- 2016 Community Wishlist Survey/Categories/Moderation tools#All edits from hardblocked IP mark as unreviewed
- T18447 — Set a block that only expires when a user has read a specified page (training module, user talk page, etc.)
- Wikipedia talk:Blocking policy/Archive 22 on English Wikipedia
- Wikipedia talk:Administrators' noticeboard/Archive 8#Warnings and discussion before blocks on English Wikipedia
- Wikipedia talk:Banning policy/Archive 3#Recording of Bans on English Wikipedia
- T21796 — CheckUser watchlist feature
- T46759 — Allow marking blocks that were made in error
- 2016 Community Wishlist Survey/Categories/Admins and stewards#Enable administrators to update block logs
- Wikipedia talk:Blocking policy/Archive 20 on English Wikipedia
- T132220 — Add datetime selector to block and protect interface to select expiration
- T65238 — Different lengths of block and block account creation
- 2016 Community Wishlist Survey/Categories/Admins and stewards#Allow admins to hide names of users while blocking them
- T148649 — Display an entry for page in watchlist when page protection expired; Display an entry in user page when user blocking expired
- T151484 — Display a warning on the block page when admins are blocking a sensitive IP