Talk:Strategy/Wikimedia movement/2018-20/Recommendations/Sprint/Community Health/8
- 1 IP-masking discussion is ALREADY being had, with substantial resistance
- 2 "Develop physical security and rapid response capabilities to protect contributors from pressure or harm by hostile third parties."
- 3 Industry best practices on suicide prevention
- 4 Please get technical input when making claims about technology
IP-masking discussion is ALREADY being had, with substantial resistance
There is a major discussion on the issues of IP masking at Talk:IP Editing: Privacy Enhancement and Abuse Mitigation. Unlike the various working group discussions, the (here, WMF) staff (specifically NKohli) have been actively involved in communicating with us from the start which is appreciated. Significant risk, mitigation and analysis documentation has been made, or attempted to be made, far in excess of that here.
Despite that, and something like 45,000 words, the polling on editor viewpoints as the proposal currently stands (which is somewhat less aggressive than given here) is as follows: 3 in favour, 72 against.
There might well be space for negotiation there, but it can only be a reduction in those seeing IPs, not the Admin (or even CUs) limit mooted here.
I would like to know why that discussion wasn't read, in its entirety, and either the issues and risks identified and every single one considered here, or it just voided and left to the consideration there?—The preceding unsigned comment was added by Nosebagbear (talk • contribs) 13:40, September 22, 2019 (UTC)
- +1 Consensus seems to be that:
- Anti-vandalism enhancements must be in place and stress-tested before any IP masking is started. Even some Foundation representatives (hi,NKohli) agree that this shouldn't need to be said, but apparently this working group doesn't agree.
- On en.Wikipedia, extended-confirm users should have access to ALL the relevant tools, including overriding IP masking.
- A necessary specific change to the recommendations, even if this is going forward.
- Tools ensuring ongoing effectiveness of administrative and anti-vandalism work by community members would have to be available no later than first activation of IP masking itself.— Arthur Rubin T C (en: U, T) 17:50, 22 September 2019 (UTC)
- Yes, "on the day" was a bit concerning, even though it was meant to be reassuring. Nosebagbear (talk) 18:04, 22 September 2019 (UTC)
- Instead of having a timeline for activation of IP masking, it should be only activated on a given project after an RfC on that project found that for the sake of the project the new anti-vandalism tools are good enough to reduce the need for having direct access to the IPs. That RfC can then also decide whether extended-confirmation users or only admins should have the rights. ChristianKl ❪✉❫ 09:28, 25 September 2019 (UTC)
"Develop physical security and rapid response capabilities to protect contributors from pressure or harm by hostile third parties."
- Translation:- We will develop more effective liaison with law enforcement agencies around the globe, so that they start taking and following up with complaints from T&S, seriously enough. I will wish for T&S to be more competent at the first place but I like this proposal; there indeed happens cases of long-term RL harassment that started out of wiki-platforms and they can be far better tackled. Winged Blades of Godric (talk) 09:09, 27 September 2019 (UTC)
Industry best practices on suicide prevention
It seems lazy to say "industry best practices on suicide prevention" without specifying what's actually meant. Does that mean you want to overrule the enwiki decisions not to avoid wordings like "commit suicide"? It seems like the recommendation is about listing things opposition to various position the community takes without addressing the conflict explicitly or spending any effort engaging with the community. ChristianKl ❪✉❫ 10:02, 25 September 2019 (UTC)
Please get technical input when making claims about technology
These admin tools would allow admins to access information about the IPs (A system like this is implementable in various ways and a capable engineering team could decide on the approach but to provide an example on one of the simple ways to do this : the ip addresses could be masked using any of the well known hashing algorithms and could be mapped when necessary )
There aren't that many different IPv4 IP addresses. The entropy of those addresses is not high enough to stop the reversing of hashing. Additionally, information that admins use is not available anymore. If the working group would have cared to read the opinions of the community from the other discussion it would have known. ChristianKl ❪✉❫ 10:14, 25 September 2019 (UTC)