Wikipedia talk:Administrator inactivity (failed proposal)

Latest comment: 14 years ago by Avicennasis in topic Clearing up some confusion

Whats next??

edit

I'm not an admin, but I sure would like to contribute. I read it over and it makes lots of sense. Still could use a fine tuning. Perhaps a proposal to have admin who make fewer than a certain # of edits in like six months or a year. Just no edits in 3 months seems a bit too easy for admin to get around. Just by making a single edit every 3 months, sort of defeats your purpose, which is to keep an active list of admins.--Jojhutton (talk) 02:58, 9 March 2010 (UTC)Reply

Making it easy to get around is actually somewhat the point; past proposals of this nature (there were at least two, both linked at the bottom of the proposal) received criticism for making it too hard to get the tools back once a user (admin) returned. If someone would rather make an edit every three months rather than make a single request when they properly returned, that's their choice.
As for "what's next?" this will undoubtedly be discussed, debated, reworked, etc., for several weeks; if it seems as though there is a general community-wide consensus for this sort of thing, then it will be made into policy (consensus will most probably determined through a number of straw polls and guided RFC's - see the recent discussions in and around WP:CDA for a relevant example). I say policy because this sort of thing simply cannot work as a guideline, especially since it involves asking stewards to involve themselves in the management of this project. Hersfold (t/a/c) 03:56, 9 March 2010 (UTC)Reply
  • "Communication/Avoiding confusion" This reason seems extremely suspect. I sincerely doubt Special:ListAdmins is widely used or that editors reach out to admins randomly; an editor wanting help is more likely to use {{adminhelp}} or post on a discussion page. I don't have a strong opinion on the proposal, but this aspect of the justification is lousy; I'd suggest removing it. --Cybercobra (talk) 04:09, 9 March 2010 (UTC)Reply
    • Cybercobra, I regularly get requests from new editors regarding deleted articles since I've added myself to CAT:UNDELETE. That category is advertised in speedy deletion notices and elsewhere, and Special:ListAdmins is similarly advertised in a number of places, e.g. in the lead of Wikipedia:List of administrators, possibly directly in some templates as well.
      I do think that it's important to keep those categories and lists we advertise to newbie editors free from dead ends. For the categories, that will require a bot (just BOTREQed). For the special page, it will require to either keep it clean by temp desysopping, or to avoid linking to it from places where newbie editors are likely to stumble across it. I believe the concern itself has merit, though. Amalthea 00:14, 11 March 2010 (UTC)Reply
  • The thing that I have never really seen from proposals like this is the benefit. I do know that some of the our sister projects have similar policies (dewiki, metawiki, commonswiki), but even for those, I have not seen a solid rationale for doing this, with the exception of something that one user described as "dispelling the idea of adminship being some "status symbol" and instead just a bunch of tools given to trusted users." However, in response to that point, I would say that as long as these edits can get the admin flag back on request, then they are still administrators in status. If we made this a "No edits in the past year, desysopped until you go through a new RfA" deal, that would be different, but with the current proposal, I don't see the point. Responses? NW (Talk) 04:19, 9 March 2010 (UTC)Reply
    • Past proposals have had restrictions like that - I think the most recent one in 2008 did - and they were criticized for being too difficult to get the tools back. I can see arguments both ways, but the one this proposal focuses on is "by going inactive, you don't lose the community's trust." Many admins have gone inactive due to circumstances beyond their control. While some will voluntary relinquish their tools, many don't; either way, unless some circumstance surrounding their voluntary desysopping was enough to be considered "under a cloud", they're in good standing to get the tools back at any time on request.
    • As for the benefits, there are several; the status symbol argument you mention (which probably should be included in the proposal), ensuring those who hold the tools are clueful as to current policy and procedure, the added security of knowing those who hold the tools are actually using them, making sure that our statistics are actually accurate... etc. Hersfold (t/a/c) 04:37, 9 March 2010 (UTC)Reply

Doesn't fix what it claims

edit

As far as I can tell, this only actually fixes 1 of the 3 problems it claims to help with.

Number 2 – I don't think there's any precedent for not returning the tools to people who have been gone for a long time just because there have been changes to the project.
Number 3 – An account that can get adminship with a single edit to WP:BN is just as valuable as an account that already has adminship. The 3-month requirement even guarantees that there won't be any checkuser data from the original owner.

-- Mr.Z-man 04:30, 9 March 2010 (UTC)Reply

Well, with number 2, I think it's there because they do not want admins falsely blocking people when policies have been changed, and with number 3, well, I'm not sure if it's okay or not. --Hadger 04:48, 9 March 2010 (UTC)Reply
As for 2, no, there isn't, but having people request them back is nonetheless a gentle reminder of "welcome back, you've been gone for a bit, so please read up on what's new." The tools haven't been denied anyone for that reason, but I have seen instances where an admin has argued "I followed policy" and someone's replied "that was policy several months ago, where have you been?"
The problem laid out in number 3 won't be fixed by this, but it can help - a returning account will presumably make at least a few edits before the flag is reactivated, and during that time changes in personality could easily become evident. Checkuser is useless in case, yes, but a shorter time period is unfortunately impractical for this sort of plan; and anyone selling an account would probably know to wait three months anyway. Hersfold (t/a/c) 04:45, 9 March 2010 (UTC)Reply
If all we want to do is give them a friendly notice, we can do that without adding a new policy and desysopping them. A returning account won't necessarily make any new edits (and a smart hijacker wouldn't) before asking for the bit back. My point is that these 2 things are 66.6% of the rationale for the proposal, but it doesn't actually do that much to resolve them. Mr.Z-man 18:46, 9 March 2010 (UTC)Reply
Wikipedia is all about quoting and following policy. Sure there needs to be some form of formal way to deal with this issue. If not, it could cause problems in the future.--Jojhutton (talk) 18:49, 9 March 2010 (UTC)Reply
Huh? What issue? You mean the 2 issues used as rationale for this that it does almost nothing to solve? Mr.Z-man 20:04, 9 March 2010 (UTC)Reply

Suggestion

edit

I agree with this proposal, because having inactive people stay administrators would cause an unnecessary server lag, however, the removing thing should be done automatically so that when the admin logs on after the long period, the admin automatically gains his or her status back. --Hadger 04:35, 9 March 2010 (UTC)Reply

This wouldn't have any effect on server performance at all. Hersfold (t/a/c) 04:38, 9 March 2010 (UTC)Reply
Oh. Well, still, I think their rights should automatically be removed and automatically readded the next time the admin logs on. However, this code should be made very carefully, as people that are non admins and have not been on Wikipedia for a long time may have admin rights added to their account due to a glitch of the thing adding admin rights to any account that has been inactive for a long time and later logs back in. By the way, that was a quick response! --Hadger 04:43, 9 March 2010 (UTC)Reply
I highly doubt that the developers would consider adding such a function to the Mediawiki code, as only a few wikis have policies such as this, but in the event this were to be implemented, a bot could easily be set up to carry out the steps listed on the proposal. Probably after a few weeks so as not to inundate the stewards with desysop requests. (And it was a fast response because you edit conflicted me) Hersfold (t/a/c) 04:48, 9 March 2010 (UTC)Reply
You want to desysop inactive admins, but resysop them automatically when they next log on? This is a joke, right? They can't use their admins tool if they've not logged on, so what is the purpose of desysopping them? Fences&Windows 15:51, 9 March 2010 (UTC)Reply

Comment

edit

A user who can reobtain adminship has an account just as useful as one who never dropped it, and keeping or dropping the bit makes no difference for knowing current norms.

Changing these issues would require sysophood removal for inactivity that could not be reversed at will by a single post, and that inactive admins must get up to date before resysopping again.

  1. Desysop on long term inactivity is reassuring to the community, gives a sense of comfort, and allows the number of admins to look reasonably realistic. But they are all simply "comfort and reassurance points". No admin account becomes less hackable; no user more secure. If resysop was on simple request it would not improve either account security or admin awareness of norms.
  2. If the community wants a genuine increase in security or current knowhow then a mandatory process would be needed. For example - adminship removed and returning user must be active for a month (and their activities must meet other fixed criteria) before they can request adminship back again, after an absence of a year or longer. This would be a major change. Option 2 describes such a process.
  3. If the community just wanted the comfort feeling that admins will step down if idle long term, then the template below might be as good a way as any to do so. Unsure what difference it makes though.

FT2 (Talk | email) 08:48, 9 March 2010 (UTC)Reply

Option 1

edit

Template:Voluntary deadmin (voluntary process)

Should be fairly simple and watertight. FT2 (Talk | email) 06:02, 9 March 2010 (UTC)Reply

Option 2

edit

If the concerns are genuine, then (see above) it needs some kind of mandatory process. This process must be fair to returning admins though. A sample process might look something like this:

An administrator who is inactive for more than 12 months may have their sysop flag removed. They should be given 10 days notice via their talk page and by two users who have tried (if possible) to contact them by email or other communication methods.

A user whose sysop flag is removed under this process does not need to restand for RFA but does need to engage in significant activity to show they have re-immersed themselves in the Wikipedia community of the time enough to know its current norms and admin expectations. This typically includes:

  • A period of substantial and broad-based Wikipedia activity, typically 2 - 4 weeks, with participation showing knowledge and user conduct suitable for adminship;
  • Confirmation that they have read and understand current norms and will act in accordance with them;

A reinstatement discussion will then take place at WP:AN. The sole question is whether the user appears to show they understand the current norms for admins and act appropriate to them. Objections if any may be based only on current evidence, or lack of sufficient activity to judge. A user whose conduct since return evidences a reasonable understanding of current admin norms and an absence of unsuitable actions, following a reasonable degree of activity, will be resysopped.

If there is a dispute over the level of consensus when evaluating these two aspects, a 'crat will be asked to close the debate. A user who does not gain consensus may attempt this a second time after not less than a month, before being required to seek a full RFA.

Notes:

  1. Inactivity means that the user is sufficiently inactive within the English Wikipedia community (taking account of mailing list or other routes of participation) to make it likely they may not be fully aware of current on-wiki developments and norms. A user who is inactive on this wiki but active on other WMF projects should be consulted and asked to comment in the discussion, and a decision made on a case-by-case basis. A user who is virtually inactive on the wiki, or whose activity is mostly limited to mailing list posts, may be deemed inactive as an editor for this purpose.
  2. Matters from the past are to be disregarded; it is presumed that if they were significant the user would have been forcibly desysopped at the time. Matters arising from their conduct while inactive may or may not need to be taken into account, but only if they would probably have led to desysopping if active and resysopping should be blocked as a direct result.

Again, a different proposal but if the aim is to ensure inactive admins rejoin with good knowledge and in a fair manner, this is the best I can come up with. FT2 (Talk | email) 08:17, 9 March 2010 (UTC)Reply

Um... why are we doing this?

edit

As far as I am aware there is no consensus that inactive admins lose the bit and I simply can't see what security hole this proposal will actually fill. Spartaz Humbug! 11:51, 9 March 2010 (UTC)Reply

This is apparently trying to get consensus for the former. I agree regarding the weak rationale. --Cybercobra (talk) 12:42, 9 March 2010 (UTC)Reply
There seem to be three things that drive this sort of proposal. A desire for more accurate statistics on the number of admins we have, a concern that longterm inactive admins may get rusty and make mistakes when they return, and a concern that other users may post queries on an inactive admins page and not get a response. The first we already have resolved by having a statistic collected on the number of active admins (OK it isn't the definition of active that I'd have come up with but it will do and there is a good argument to measure it consistently over time). The second is a much longer term issue than a few months absence, has not yet been a problem with admins returning after absences of years, will probably become an issue in future decades but can be better resolved by having refresher training available. The last could be handled by a suggestion that admins going on breaks leave an appropriate message on their user and talk pages, but judging by the numbers who already use {{Long Wikibreak}} or equivalent, I'm not convinced that there is a problem there at present. Happy to change my mind if someone can show problems that this will solve. ϢereSpielChequers 17:28, 10 March 2010 (UTC)Reply

Categorize inactive admins, revoke their tools but allow them to get the tools back upon request, without going through RFA again

edit

We should put inactive admins in categories based on how long they've been gone (e.g. Category:Lapsed Wikipedia administrators who have been inactive since 2005 or Category:Lapsed Wikipedia administrators who have been inactive for more than 5 years), and revoke their tools after a certain period of inactivity (e.g. one year) so that {{NUMBEROFADMINS}} reflects the true number of active admins, but allow them to get the tools back upon request, without going through RFA again. That seems to address the major concerns without causing unintended consequences. Tisane (talk) 13:01, 9 March 2010 (UTC)Reply

That's essentially what this proposal is; the only things you're changing, in essence, is you're adding the category and defining "inactive" to be a longer time period. Which I'm fine with, three months was just an arbitrary off-the-top-of-my-head suggestion. I'd recommend against the category, though, for the "badge of shame" reason; it's easy enough to tell how long someone's been inactive without that. Hersfold (t/a/c) 18:51, 9 March 2010 (UTC)Reply
  • Why not just create a new magic word to reflect whatever statistic you feel it actually should reflect, avoiding all this trouble with removing tools then requesting their return? Usually when an analyst discovers that his statistics aren't useful, he adjusts the way he does his calculations rather than attempting to changes reality to fit his mold. Christopher Parham (talk) 21:36, 9 March 2010 (UTC)Reply

automatic or manual

edit
    • I would be much more comfortable with a process that sent the notice automatically after a fixed period of no activity, and if there was no response, suspended the rights, rather than one that had to be started admin by admin on an individual basis. Having someone actually request that someone else's rights be suspended individually would encourage seeing this as implying some sort of a negative feeling, which I think we all agree is not intended. Having a notice sent to inactive admins after zero activity for 6 or 12 months--and stopping the process if they asked-- would be much less personal. I;d also think that FT2's requirements for getting the tools back a little too restrictive--all that should be necessary is telling a crat that one is back, and has checked up on what's been happening. this is meant to keep the list of admins in some correlation with reality, not do anything that might possibly discourage them from returning. DGG ( talk ) 03:31, 10 March 2010 (UTC)Reply

A few questions

edit

I've read the "Proposals" section of the project page, and it says:

The steward processing the request should confirm that the administrator has been inactive for at least three months, and has been given at least one week to respond to the notices. If these conditions are met, the steward should remove the administrator's sysop flag, and enable the rollbacker and accountcreator flags.

Why is the autoreviewer flag not enabled?

The other reason is that on the lead section it says:

administrators who go inactive for a period of time may be subject to the temporary removal of their tools, so that the number of administrators listed at Special:Statistics may be generally representative of how many administrators are available for assistance.

As user with admin privileges are required to have a strong password, should they be desysopped if there is more of a chance that their account could be compromised? Minimac (talk) 07:13, 10 March 2010 (UTC)Reply

Time flies

edit

Three months is much too soon. Not much really changes in 3 months, and many users take months-long wikibreaks. The only way I would support this is if the period of inactivity was increased to 1 year or more. Indeed this is why I proposed to increase the period of inactivity at Wikipedia:Missing Wikipedians, there's a discussion surrounding this at the talk page there. -- œ 08:27, 10 March 2010 (UTC)Reply

I must agree. A year sounds about right. -FASTILYsock(TALK) 01:15, 2 April 2010 (UTC)Reply

Administrators ... are generally expected to be available to respond to questions, concerns, and requests for help

edit

Really? Where does it say that? Administrators are given extra tools to perform various tasks on Wikipedia. Nowhere in the description of administrator is there a requirement that they generally be available.

People are forgetting that all of us are volunteers. Nobody is required to do anything.

There's plenty of avenues for people to seek help on this project. We don't have to glue a pair of high intensity headphones turned up to 11 to every administrator here, and kick out those who do not consent. And for what gain?

  • So Special:Statistics in all its glory is moderately more accurate than it is now.
  • So that administrators who lose their bits will somehow magically be more motivated to update themselves on policies should they return (and how does asking for your bit back make that happen?).
  • Because it poses a security risk; yet every rogue admin account has been shutdown very, very rapidly. Is there even a case of an inactive administrator account going rogue? I don't think so.

This is a solution looking for a problem to solve. It adds bureaucracy where none is needed. Also see Wikipedia:Bureaucrat removal, as similar proposal for inactive bureaucrats, which failed. --Hammersoft (talk) 15:53, 10 March 2010 (UTC)Reply

Special Statistics

edit

Special:Statistics currently has one figures column, which for all but one statistic is a total. Why not change that so that it has two columns, "active in last 30 days" and total? That should be much simpler than autoretiring admins on wikibreaks and would keep things consistent. Afterall we don't auto retire rollbackers, Autoreviewers or crats just because they are taking a break. ϢereSpielChequers 17:43, 10 March 2010 (UTC)Reply

No need to waste developer time on that, we have WP:LOA. –xenotalk 17:46, 10 March 2010 (UTC)Reply
Yes I know, but changing Special:Statistics wouldn't waste as much resource as auto retiring admins, and it might be interesting to know how many rollbackers and autoreviewers were active.. ϢereSpielChequers 18:09, 10 March 2010 (UTC)Reply
I see it already has a line for "active" registered users, so maybe it wouldn't be that hard to add the hook into the other stats. –xenotalk 18:10, 10 March 2010 (UTC)Reply
"Active in last 30/90 days" would be good. I can see a request for equivalent magic words on Bugzilla too... :) FT2 (Talk | email) 19:39, 10 March 2010 (UTC)Reply

Giveth and taketh away?

edit

I'm more curious than anything: Why pull their sysop flag but then enable rollbacker and accountcreator? I don't get that part. (on the whole, this seems like a good idea). <>Multi‑Xfer<> (talk) 19:27, 10 March 2010 (UTC)Reply

I think that's a silly idea anyway. By making the active admin figure more accurate, we make the rollbacker and account creator less accurate? –xenotalk 19:33, 10 March 2010 (UTC)Reply
Those flags (along with autoreviewer, if that gets tossed in) are even less of a big deal than sysop; users aren't going to be looking for rollbackers with questions, as they can easily revert edits or get the tool themselves. The proposal recommends these flags get added as a mark of the user's continued trust, and so that they aren't too inconvenienced when they do return to the project. Hersfold (t/a/c) 22:42, 11 March 2010 (UTC)Reply

Longer period?

edit

I'm seeing a lot of comments here that three months is too short. Would this proposal be more likely to garner support with a longer definition of "inactive"? Some suggestions I'm seeing here are six months, one year... I can see the advantages to this, mainly being that we're less likely to catch people who go on a looong wikibreak of several months. Hersfold (t/a/c) 06:31, 14 March 2010 (UTC)Reply

comments moved from WP:VPR

edit
Moved from WP:VPR

Strong oppose. And this will solve what problem? People take wikibreaks. You want to penalize someone for returning? You want to set up new bureaucratic procedures for a non-problem? alteripse (talk) 19:53, 9 March 2010 (UTC)Reply

That idea is really stupid. We prefer to have admins for life. That's a much better idea. Angryapathy (talk) 19:58, 9 March 2010 (UTC)Reply
Please note that the proposal has nothing to do with the issue of "admins for life". It is about temporary removal of the sysop tools due to inactivity, to be reinstated without question upon an admin's return. -- Black Falcon (talk) 20:01, 9 March 2010 (UTC)Reply

It seems a good idea, unfortunately phrased. The start does indeed seem to tut-tut over admins who don't pull their weight, and one has to read through this to realize that the proposal is actually about something else.

I'm still not sure that there is any problem, but I'm willing to believe that there is one, or the potential for one. If so (and even if not), then there's nothing obviously wrong with removing a user's admin bit if its later restoration can be automatic.

Admin for life, eh? No chance of a reduction for good behavior? -- Hoary (talk) 16:19, 10 March 2010 (UTC)Reply

As I have stated on similar proposals, this idea institutes unecessary new policies and creates new workloads to solve a problem that has not been demonstrated to exist, ie. a solution in search of a problem. New rules and processes for their own sake do not an efficient Wikipedia make; WP:CREEP is relevant here. I cannot support this sort of proposal. Shereth 16:47, 10 March 2010 (UTC)Reply

Support I believe this is a necessary step to minimize the problem of compromised admin accounts. If the bureaucrat unchecking proposal passes, we wouldnt even need to bother the stewards (which I think would be a good thing, as theyre pretty busy as it is). Soap 15:58, 13 March 2010 (UTC)Reply

And how often have we had compromised admin accounts that occurred after long inactivity? Judging from WP:AN/I it is a rare occurrence. Are you aware of any count or record? The whole community should be answering proposals like this with WE NEED CONTENT IMPROVEMENT, NOT MORE ADMINISTRATIVE PROCEDURES! Can I propose that editors must make 50 constructive, non-trivial article improvements to earn the right to engage in a single administrative discussion? I will adhere to that myself. alteripse (talk) 11:51, 15 March 2010 (UTC

Support Since admins have the power to edit site-wide JS (and other system messages), a compromised admin account is valuable to hackers. Since Wikipedia is an extremely high-trafficked website, such a compromise has the potential to infect thousands of readers with malware (the security of web browsers and their plugins is far from perfect, with new exploits announced daily). Blocking the compromised account after the fact would not stop the malware infections. Reducing the number of admin accounts to only those who really need admin access is one way to lower the risk of a compromise. I'm actually surprised that AFAIK, the MediaWiki:Common.js file hasn't been exploited by the cybercriminals. Yet. PleaseStand (talk) 02:33, 20 March 2010 (UTC)Reply

The proposal of course does absolutely nothing to resolve that security issue. All someone would have to do is hijack the account after desysopping, make an edit to ask for the tools back, then its like they got the admin account directly, or they can just hijack it after 89 days; so this lowers the risk by about 0%. Additionally, the only real way to hijack an account that's been inactive for months would be a brute force attack on the password. Active accounts are much more vulnerable; vandals have even gotten admin accounts "legitimately" by creating an account, making a few thousand good edits, then running for RFA. Mr.Z-man 04:25, 20 March 2010 (UTC)Reply
Either way, any admin account with a keylogged password, active or inactive, can be used to compromise the site. In particular, would an inactive admin even notice that his account is compromised (not necessarily even an active admin)? I have posted a new proposal below specifically addressing the security risk of the immense amount of technical power granted to admins. PleaseStand (talk) 13:48, 20 March 2010 (UTC)Reply
How do you use a keylogger to capture someone's password if they never log in (since they've been inactive for months)? It would only take a few minutes and a single edit to add some script to the sitewide JS, I doubt an active user would notice immediately and even if they did, they wouldn't be able to notice until after the edit was made. Mr.Z-man 16:54, 20 March 2010 (UTC)Reply
There have been instances (Very rare instances) where an admin account (which in this case has been inactive) has been compromised by someone guessing the password (See User:RickK event). That aside this is a rare and extreme event requiring considerable patince by someone and could just as easily happened to an active admin account (Which has also supposeofly occured with some admins). At any rate in all cases this has been dealt with the current systems in place and damage has been minimized. Basically its more a matter of password security through watching out for malware or behavioural patterns in your edits that can identify your pws. That in itself i think is sperate from inactivity of accounts and more to do with the security of an individuals password and their computing habits (active or not). Just some stray thoughst on thisOttawa4ever (talk) 18:03, 20 March 2010 (UTC)Reply

Oppose. All admins are aware of the possible security issues with their own accounts. In fact, it's on the Administrators' reading list. "...Privileged editors are required to use strong passwords and are informed that the developers will occasionally try to crack their passwords and disable those that can be cracked." This alone should be all the security that is needed. Compromised admin accounts do not seem to be a common problem at all, looking over ANI. If it ain't broke, don't fix it. I trust all the admins here to have complete security over their accounts. The issue of keylogging has been brought up and discussed above. (You can't log what is not typed in.) Also, in my experience at least, almost all malicious activity, regardless of where it comes from, is quickly caught and dealt with. All events are logged, and there is an undo button for everything. Any person who is aware of which admin accounts may be inactive and what can be done with them will surely be aware of how easily their actions can be undone. It is far more likely that any unauthorized use would come from an admin leaving their account logged in somewhere, at a library for example, or in a college dorm room/workplace where a disgruntled colleague may be able to access. There really are few reasons to try and hack an admin account anyway. There is no secret information to be gained, no money to be wired to a Swiss bank account, no claim to fame as long as we deny recognition... All this policy will do (in my opinion) is add unnecessary bureaucracy to prevent a very rare occurrence. Admins may feel like they cannot take a break, lest they get "demoted" or "punished" by having their tools removed. Even if it is not considered punishment per policy, it may feel like that to the admin that has this happen to them. Not to mention the fact that the proposed policy states: "If, after a period of one week, the inactive administrator has not made any edits or logged actions, or has not in some other way acknowledged receipt of the notices given in step 1, the user who left the notices may make a request at m:Steward requests/Permissions for the removal of the administrator's sysop flag." So, any "inactive" admin just has to log in for 5 minutes a week and block a vandal at ANV or semi-protect one page at RPP. If this were a common occurrence, I would agree with the proposal. As of right now, it is simply unneeded. Avicennasis @ 11:31, 21 March 2010 (UTC)Reply

Oppose I agree with Avicennasis. I feel like I would be spitting his words back out if I launched into a lengthy explanation. Don't think this is needed right now, Airplaneman talk 16:35, 21 March 2010 (UTC)Reply

Comment. I should point out that this exact policy is listed at perennial proposals, which is a list of things that are frequently proposed on Wikipedia, and have been rejected by the community several times in the past. Also see Wikipedia:Requests for adminship/desysop poll. Like I said, if the admin has passed a RfA and gained the community's trust, then that tust should remain; (mis)use or (ab)use of tools is one thing - (non)use of tools is quite another. Also, the propsed policy would need drastic re-writting if it were to become actual policy. In the example listed about, it is far too easy for an "inactive" admin to violate the spirit of the policy, while not violating the letter of the policy. As is, there are too many loopholes. Also, the policy seems to be based off of users taking action, rather than a standard or automatic process. This would easily allow for for "targeted" de-sysop request; an admin who regularly blocks 3RR editors, for example, may get a warning (and following de-sysop) much sooner that an admin who helps at DRV. Even though an admin can easily request their rights back, this allows for users to make admins "jump though hoops" on their return to get those rights back. Avicennasis @ 20:36, 21 March 2010 (UTC)Reply

Strong oppose. It is the responsibility of any user Administrator or not to make sure their account is used only by themselves. Just because a user has not been active for some time does not mean that their account will be compromised that is a separate issue entirely. Administrators are picked in a process that is not taken lightly judging from reading some of the RfA past succeeded and failed archives. I believe then the process that a user has gone through to become an administrator should allow them and only them (unless they are abusing their powers) decide when they are no longer able to be administrators anymore. Now perhaps if there was a way to temporary "disable" a administrator's account if he is inactive for a long period of time...by say ..having to resend an auto confirm email to the email they used to sign up..or some such manner. that could be an option. I would suggest somthing temporary if needed that the user himself can reactivate...or something. But... otherwise you would have to open up a whole new can of worms to figure out ...ok how long does the user have to not be active to be diasbled from being an administrator? How active do they have to be?

I don't think it is our job to police administrators in that fashion as long as they are doing what they should be doing without abusing power i think they should be active for as long as they see fit. They earned it.

Evenios (talk) 07:32, 22 March 2010 (UTC)Reply

Strong Oppose - What I don't understand is this; how does it hurt to have inactive administrators? Honestly, these are the "most trusted" members of the community. Why should their tools be removed from them? Opposing per this and above reasons. Ajraddatz (Talk) 16:40, 25 March 2010 (UTC)Reply

Clearing up some confusion

edit

I'm intending to make this, or something very like it, policy soon. Before doing so, I wanted to clear up some confusions.

In terms of the question of whether or not this improves security, it unquestionably does. This is a simple statement of mathematics - if I'm attempting to hack an admin account, then the fewer old ones left lying around, the better. Additionally, there have been reports (perhaps apocryphal) of retired admins being offered cash for their accounts - and so, again, the fewer of them lying around, the better.

The intention here is that the reinstatement process be very lightweight - this particular proposal makes it too lightweight if you ask me, but in any event, lightweight. Objections relating to whether or not we trust people miss the point. We do trust people.

Upon return, of course any account will be under heightened scrutiny - and in most cases, it's pretty easy for others to verify the identity of the user... simply put: you can't easily become an admin without people knowing you and your style and interests - and those are hard to fake.--Jimbo Wales (talk) 14:57, 1 April 2010 (UTC)Reply

Probably not a good idea to declare this on this day... –xenotalk 14:58, 1 April 2010 (UTC)Reply
I have gone on record with this issue in the past. I could not agree more that a shitload of inactive admin accounts is a security risk. The scope of the risk is almost irrelevant. Tan | 39 15:48, 1 April 2010 (UTC)Reply
How is an account that can regain the admin bit immediately upon simple request any less of a risk than an account that still has the bit? — Carl (CBM · talk) 15:51, 1 April 2010 (UTC)Reply
It's not; I agree with you. Tan | 39 15:53, 1 April 2010 (UTC)Reply
I suppose there is a slight reduction in risk in that it will be under at least some scrutiny, since they have to jump thru the WP:BN hoop to retool themself before they sell their account. However the people soliciting admin accounts may not know how to locate these folks anymore, as they will no longer be listed at Special:Listusers/admin. –xenotalk 15:54, 1 April 2010 (UTC)Reply
While I 100% agree that dead accounts should be cleared/closed, I'm not sure how the security risk is going to be resolved when there is an automatic (or semi-automatic) right of return. I disagree with Jimbo's contention that it would be difficult for an admin to be faked, especially in the case of someone who doesn't write a lot of articles. I'm also not thrilled about the "heightened scrutiny" for these accounts - someone who goes away for a year and comes back could have a legitimate change of opinion about some issue and trying to play identity police is outside of the project scope. I think a better rule would be to make it a longer time limit (6 months or a year, so that someone who is simply going on vacation for the summer isn't going to be desysopped in their absence) but completely remove the right of return. --B (talk) 15:57, 1 April 2010 (UTC)Reply
A simply solution that would allow for automatic or semi-automatic restoration of rights: Make all admins have a committed identity (if this isn't already a policy) and upon their return and request of rights, they provide the string privately to a 'Crat that will verify it. This proves the user returning to the admin account is the same one who left it. After that, they simply have to select a new string and thus a new committed identity for next time. Avicennasis @ 04:03, 16 April 2010 (UTC)Reply

It seems to me that the best way to reduce "danger" from inactive admin accounts is to continue our process of making it impossible for any admin account to do anything worse than a minor inconvenience. There were a few remaining security holes the last time I thought about these things, but nothing too severe. If someone has an actual example of an important security risk that has not been resolved, feel free to email me about it; I'm open to changing my mind. But at the moment I can't think of much an admin account can actually do if it's compromised, so the threat seems purely hypothetical. — Carl (CBM · talk) 16:05, 1 April 2010 (UTC)Reply

It's not hypothetical - there have been hijacked admin accounts that have blocked lots of people. I suppose a worse-case scenario would be something like an admin bot account that was en masse deleting pages and blocking users. Sure, that's a solvable inconvenience that once a steward had removed the bit, everything could be cleaned up, but that's a lot of mess to clean up and not something anyone wants to spend time doing. --B (talk) 16:13, 1 April 2010 (UTC)Reply
Blocking lots of people is exactly what I mean by "minor inconvenience". Deleting pages is similarly easy to recover from. There are a few things that are more difficult to fix, but not many. So I don't really see that there is much of a "risk". — Carl (CBM · talk) 16:21, 1 April 2010 (UTC)Reply
The biggest "risk" I could think of would be a compromised admin account making some kind of trouble that gets out into the media and hurts Wikipedia's credibility. I don't know specifically how that could occur, but just hypothetically speaking I think that's the worst damage that could result from a compromised admin that I can think of. That's something you can't just clean up later. -- Atama 16:35, 1 April 2010 (UTC)Reply
I agree, but that's equally possible with an active admin account, or with an account that can regain admin rights on request. Also, it's hard to think of something that a single admin can do that could not simply be blamed on that admin. The thing that seems the most risky is access to deleted content, but a year or two ago some (active) admin went through and published all the deleted content from enwiki and it didn't seem to cause much trouble. — Carl (CBM · talk) 16:45, 1 April 2010 (UTC)Reply
When the media gets involved, it doesn't matter if we blame the admin or not. I found a real example of an admin who accidentally blocked the entire nation of Qatar when trying to stop a vandal. As the author of the article stated, it wasn't a big deal and the actual impact was a short-term convenience for people, but as he states, "Good luck getting anyone to read that." In that case, of course, it was an innocent mistake, but imagine what someone could do if they had malicious intent and really wanted to hurt Wikipedia with admin tools. Imagine if that person had not one admin account, but dozens, and used them to collaborate with and cover for each other. -- Atama 19:41, 1 April 2010 (UTC)Reply
There is worse damage that someone can do than just blocking people. Think bot-assisted history merges. A bot-driven admin could easily screw it up badly enough that only someone with a lot of time on their hands or a backup tape could fix. Or an admin could put something malicious, but not easily noticed in one of the javascript files. There's a heckuva lot that a compromised admin account can do beyond just puerile vandalism and making it very difficult to compromise an admin and ensuring that they can be rapidly deactivated when compromised ought to be a high-priority issue. --B (talk) 18:51, 1 April 2010 (UTC)Reply
Enough bean stuffing, people. -- œ 14:21, 2 April 2010 (UTC)Reply
  • I think y'all are being had. "I'm intending to make this...policy soon" ? C'mon... Tarc (talk) 16:48, 1 April 2010 (UTC)Reply
    • I don't know if it's a joke or not ... it's not funny if it is. A funny April Fool's joke would be something that is a horribly bad idea, but has some justification with an air of plausibility, eg, requiring admins to fax notifications of all blocks to the legal department because of a discovery motion in a current lawsuit. That's a funny joke. This one, if a joke, isn't funny. --B (talk) 18:51, 1 April 2010 (UTC)Reply
      • This seems sensible to me. Inactive admins obviously don't need the tools on their inactive accounts so there's no damage which could be done by removing them. It's worth noting that admin tools can be missused without the account actually showing up on any logs - admins can see deleted versions of articles, some categories of suppressed edits, etc. Nick-D (talk) 23:38, 1 April 2010 (UTC)Reply
        • The security risks that go along with hijacked admin accounts have much more to do with their ability to view deleted pages containing sensitive information, to unsalt pages protected from creation, to block bots tasked with undoing blacklisted urls... I can think of a million problems with this that don't have anything to do with blocking some people or deleting some pages. Retired admin accounts should be desysopped and admin accounts that go silent for more than 6 months out to be desysopped as well. <>Multi‑Xfer<> (talk) 18:17, 2 April 2010 (UTC)Reply
          • Whether they should or shouldn't is certainly a worthwhile debate to have, sure. Tthe reason I made the "it must be a joke" observation is that IMO is is well outside the bounds of Wales' authority to simply enact such a change. Tarc (talk) 19:11, 2 April 2010 (UTC)Reply
            • As far as Jimbo "making something policy", I don't think he could do that unilaterally at this point, but he could certainly campaign for it and given his status it would mean a lot if he did so. If such a policy was enacted largely because of his support, you could say he "made it policy". It still does seem like it was worded strangely and of course the timing of this announcement naturally causes some doubt. -- Atama 20:43, 2 April 2010 (UTC)Reply