Requests for comment/Revoke A's global renamer permission

From Meta, a Wikimedia project coordination wiki

The following request for comments is closed. Unanimous consensus favours removal of A's global renamer permissions. —MarcoAurelio (talk) 09:43, 28 October 2020 (UTC)[reply]


Proposal[edit]

Earlier today, User:A has been indefinitely blocked at the Vietnamese Wikipedia for sharing account access with other individuals, namely, with JohnsonLee01. A's account has been temporarily locked as compromised by a fellow steward Tks4Fish, upon a (private) request by Vietnamese Wikipedia CheckUsers.

You can find more details about this case at A's viwiki blocklog, as well as viwiki's SPI.

Given the user has been indefinitely blocked at his homewiki (the only wiki where he holds local privileged rights), I believe his/her global renamer status should be revoked. By this RfC, I am starting the revocation process as set by respective global policy.

Best regards, --Martin Urbanec (talk) 17:25, 22 October 2020 (UTC)[reply]

Discussion[edit]

  1. Support Support, as the proposer. --Martin Urbanec (talk) 17:25, 22 October 2020 (UTC)[reply]
  2. Support Support--𝐖𝐢𝐤𝐢𝐁𝐚𝐲𝐞𝐫 👤💬 17:30, 22 October 2020 (UTC)[reply]
  3. Support Support Yeah, even on meta A and JohnsonLee behaviour seems very related. No way to trust them in light of the grave issues. Camouflaged Mirage (talk) 17:32, 22 October 2020 (UTC)[reply]
  4. Support Support, for the reasons outlined. --Yamla (talk) 17:37, 22 October 2020 (UTC)[reply]
  5. Support Support clearly cannot be trusted to maintain account security. ST47 (talk) 17:51, 22 October 2020 (UTC)[reply]
  6. Support Support reckless behavior.—CYBERPOWER (Chat) 18:07, 22 October 2020 (UTC)[reply]
  7. Support Support due to the trust we must have to a global renamer. ©éréales Kille® 18:27, 22 October 2020 (UTC)[reply]
  8. Support Support Ontzak (Bilbo ta Bizkai guztia) 18:50, 22 October 2020 (UTC)[reply]
  9. Support Support --Novak Watchmen (talk) 19:08, 22 October 2020 (UTC)[reply]
  10. Support Support Incredible betrayal of community trust. --Deepfriedokra (talk) 20:06, 22 October 2020 (UTC)[reply]
  11. Support Support. Sgd. —Hasley 20:09, 22 October 2020 (UTC)[reply]
  12. Support Support --DannyS712 (talk) 20:18, 22 October 2020 (UTC)[reply]
  13. Regretful Support Support, sharing accounts is just not okay for someone in a position of trust like this. GeneralNotability (talk) 20:51, 22 October 2020 (UTC)[reply]
  14. Support Support definitely  — billinghurst sDrewth 21:10, 22 October 2020 (UTC)[reply]
  15. Support Support Oy, this is bad. Complete violation of community trust. Vermont (talk) 22:06, 22 October 2020 (UTC)[reply]
  16. Support Support Gross violation of policy. Jianhui67 talkcontribs 22:42, 22 October 2020 (UTC)[reply]
  17. Support Support Really sad but I agree. Alphama (talk) 22:49, 22 October 2020 (UTC)[reply]
  18. Regretful Support Support. Cheers! Nadzik (talk) 23:06, 22 October 2020 (UTC)[reply]
  19. Support Support --Rschen7754 00:53, 23 October 2020 (UTC)[reply]
  20. Support Support For sure. ‐‐1997kB (talk) 02:21, 23 October 2020 (UTC)[reply]
  21. Support Support Agree with virtually everyone above. ミラP@Miraclepine 03:46, 23 October 2020 (UTC)[reply]
  22. Support Support Very sad, but it's necessary. –MJLTalk 04:38, 23 October 2020 (UTC)[reply]
  23. Support Support Really sad. --Namnguyenvn (talk) 08:43, 23 October 2020 (UTC)[reply]
  24. Support Support regretfully, but there's no way around the issue, this permission needs to be yanked. Cabayi (talk) 11:31, 23 October 2020 (UTC)[reply]
  25. Support Support --janbery (talk) 13:21, 23 October 2020 (UTC)[reply]
  26. Support Support Banned users = revoke permissions. Agree as a only people oppose to make A as a global renamer in her requests for global permission. Zig zag x Pump it pump it up! Babe! 13:42, 24 October 2020 (UTC)[reply]
  27. Support Support - sharing a privileged account is a violation of trust. -- Taketa (talk) 11:21, 25 October 2020 (UTC)[reply]
  28. Support Support - do not see any other option in situation like this. --Levg (talk) 12:09, 25 October 2020 (UTC)[reply]
  29. Support Support saddens me when I see cases like this happen. —Atcovi (Talk - Contribs) 16:09, 26 October 2020 (UTC)[reply]

Query[edit]

Should be automatic for global rights[edit]

I would think that any person who has shared their account details would automatically have their advanced global rights removed. They can reapply by normal processes. How we write that into the policy is a little more difficult as this is a very focused situation, and the policy should cover this and like situations. I would think that wording that we would look at would be something like "purposefully compromising the security of an account with advanced rights will result in advanced account rights being automatically removed and returned through the consensus of the community". This could be one's own, or another's, and it reflects intent on behalf of account holder.  — billinghurst sDrewth 21:20, 22 October 2020 (UTC)[reply]

Addendum. It shouldn't be up to the community to confirm the removal in situations like this, the impetus should be on the account holder to propose the retention, and this would be explaining their actions.  — billinghurst sDrewth 21:23, 22 October 2020 (UTC)[reply]
I agree with you @Billinghurst, however, this is the way how the policy is written right now. I'd support a carefully written policy amendment through (but it shouldn't be discussed here). Maybe something like "When a steward comes to a conclusion that the community can no longer reasonably trust the user, the steward can revoke user's global renamer permissions"? Really a case for another RfC I guess :). Martin Urbanec (talk) 23:06, 22 October 2020 (UTC)[reply]
Martin Urbanec I understand the present situation, I did need to reflect on the problematic nature of the approach. I pulled it separately as more an alert to the community, not to resolve it here. I also believe that any approach to a change should be to all advanced global rights, not solely global renamer.  — billinghurst sDrewth 00:56, 23 October 2020 (UTC)[reply]
I'd say that the current policy would allow immediate removal of A's Global Renamer permissions without much red tape ("Global renamer rights can be removed immediately by a steward in the case of abuse or serious misuse, after which a request for comment must be filed"). Granted it might not clear as to if the abuse needs to be circumscribed to global renamer permissions or can be used for anything else the constitutes abuse or serious misuse so I understand why we're here. I'd not have objected using the express procedure in this case, given that viwiki seems to be quite convinced the account sharing happened, which is not also a breach of due diligence and trust, but could also be potentially against Section 4 of the Terms of Use ("using the username of another user with the intent to deceive") and surely Section 5 ("You are responsible for safeguarding your own password and should never disclose it to any third party"). —MarcoAurelio (talk) 10:43, 24 October 2020 (UTC)[reply]

OTRS Rights[edit]

A also currently has OTRS access. Is this the right place to discuss revoking this permission? DHN (talk) 22:26, 22 October 2020 (UTC)[reply]

@DHN A's OTRS access was already revoked. For the record, OTRS access is decided by OTRS administrators, who can be contacted via volunteers-otrs(at)wikimedia.org. For more info, see OTRS#OTRS_administrators. Martin Urbanec (talk) 23:00, 22 October 2020 (UTC)[reply]