Archive 1Archive 2Archive 3

Abuse potential and possible split

It seems to me that this usergroup is really about two different needs, one for avoiding hard blocks of regular IPs or IP ranges (relatively common), implemented by ipblockexempt, and one for avoiding tor blocks (needed for editors in China for example), implemented by torunblocked. The second one is much more sensitive and open to abuse, according to the page and to those comments, however two checkusers agreed that it wasn't that sensitive. It's clear that admins are not allowed to edit through tor (proxyunbannable has no use on WMF wikis, see Mr.Z-man's comments and here). My point is, is this really open to significant abuse, and should we be concerned that some editors in the high risk template editor usergroup have IP block exemption ? If it is that sensitive, wouldn't it be more appropriate to split this usergroup into two : IP block exemption with ipblockexempt and Tor block exemption with torunblocked ? This would also likely reduce confusion and ease maintenance. Cenarium (talk) 22:46, 12 November 2014 (UTC)

On one level a split makes sense, but I'd like to raise a few issues in answer to your questions. Admins are able, both technically and in policy, to add themselves to the IPBE group if they have a need. This effectively allows them to grant themselves only torunblocked. Related to this is that I suspect the lack of concern you're hearing from checkusers is because accounts can be quickly blocked and banned. A user is highly unlikely to have a collection of IPBE accounts due to the scarcity of the flag. This and other issues make it a high cost vandal vector, usually cheap for us to deal with.
A split will create a new list of users who specifically use Tor. I suspect users of Tor as well as checkusers/admins who have granted it may not like that. From another perspective, while it may be good for monitoring Tor users, it does not cover all users granted IPBE to use anonymous proxies. Many users find Tor slow and inconvenient and prefer to use VPNs or open proxies. In my experience the famous Tor user behind China's firewall is largely a myth (there was one once). Furthermore, not all users granted IPBE because they are affected by Tor blocks are actually using Tor. They need torunblocked because they are collateral. Lastly, ipblockexempt is a technical licence to use and abuse proxies anyway. We ultimately have to trust the user with flags to stick by policy, or start removing things from them. All in all, I think this leaves me unconvinced about the need for change, only the need for discretion and vigilance. -- zzuuzz (talk) 19:54, 13 November 2014 (UTC)
It's pretty rare to see IPBE abused. If an account with IPBE starts vandalizing, then you can find and revert the vandalism like any other account. It can let users avoid IP blocks, yes, but any dedicated vandal who understands how Wikipedia works could just use a proxy instead (or a mobile IP range, blarg). Rather than being more restrictive in giving it out, as might happen with multiple groups, it might be better to be less restrictive and give it to users in good standing who want some privacy. Ajraddatz (Talk) 07:31, 21 February 2016 (UTC)

Less restrictive IPBE requirements for editors in good standing

This topic needs to be discussed again, as some editors in good standing are being unduly affected by the current rules.

For example, there is mention of exemptions for people with "restrictive firewalls", but I suggest it be strengthened to include other similar issues like ISPs that insist on breaking connectivity. I've had issues that affect my ability to edit, which I won't go into at length here, and regularly use a VPN service to fix them. More over, many people feel it is increasingly necessary to use VPN and similar services to prevent data collection (spying) by ISPs and other agents.

For editors in good standing I see no reason why they should not be able to request and maintain an exemption indefinitely. Editors who have been registered for a long time and made many unproblematic edits over the years should be supported when they find they have connectivity issues or feel the need to enforce privacy/security.

There are two issues that need to be addressed, based on the results of the previous debate.

1. What is "good standing", or more precisely what should the requirements for an editor seeking such an exemption be? Could some kind of trial period be implemented?

2. Personal preference alone should be enough, if the editor does not abuse the exemption. Users who hold certain values, such as the value of privacy, or who have no choice but to use an abusive ISP, should not be penalized. I think there would need to be a very good reason to deny such users an exemption.

I hope we can find a way forwards. At the moment I am only able to edit Wikipedia from work on on mobile, not at home, due to this issue. ゼーロ (talk) 10:36, 19 February 2016 (UTC)

IPBE requirements should absolutely be less restrictive. This business of checking accounts requesting it and re-checking them at random times to see if they still need it is, to me anyway, quite strange (though not necessarily wrong). An editor in good standing should be able to edit. If they say that they can't, then this should be rationale enough to grant them an exemption so that they can continue. The two main arguments against handing these flags out are a) hat collecting and b) abuse. A) if the editor wants to feel special by gaining some minor right on an internet website, then they will find ways to do that anyway - this shouldn't be a significant concern, as it is clearly a vast minority of cases. B) Any abuse of the IPBE flag is still visible. Very visible. CheckUser can (and should) be used to investigate requests for exemption from users who have engaged in patterns of disruptive behaviour, if the flag isn't denied to them outright. But being a bit liberal with assigning it means that more people who are subject to blocks which did not target them intentionally are allowed to get back to editing, or users who want more privacy can get that, and these both clearly fit within the mission statement of the Foundation and the five pillars here ("Wikipedia is free content that anyone can use, edit, and distribute"). Ajraddatz (Talk) 07:37, 21 February 2016 (UTC)
I concur. As long as I'm an editor in good standing, what difference does it make if I have IPBE but don't currently need it? With the proliferation of WiFi hotspots and and the fact I don't have an internet cell phone, I don't know where I'll be denied access, and shouldn't be inconvenienced by an unexpected IP block. In addition, I don't like the idea of some random admin running a check user on a bunch of editors without serious cause or prior notice. Wikipedia is not the US Federal government, and shouldn't be acting like it. - BilCat (talk) 07:57, 21 February 2016 (UTC)
I agree with all that, and would just add that I actually do need an exemption. I'm currently using my neighbour's WiFi (with permission) to edit from my phone, because my home broadband connection is unusable. ゼーロ (talk) 10:28, 21 February 2016 (UTC)

I think it should be given to any user in good standing who claims a need. However I also think that any CU should be able to remove it if they find that it is interfering with an actual investigation. I don't think it should be removed unless it is interfering with a checkuser investigation. Really who cares if a good user uses a bad IP? HighInBC 17:08, 23 February 2016 (UTC)

Technical question: what is the mechanism whereby IPBE interferes with an investigation and removing IPBE fixes the problem? --Guy Macon (talk) 18:02, 23 February 2016 (UTC)
I suppose if a CU checks a user as part of an investigation and find that they cannot check their IP because they are using blocked proxies it would be a good reason to remove the right. Particularly if there is no record of a proper IP being used. HighInBC 05:33, 24 February 2016 (UTC)
The how concept of differentiating between a "proper IP" and a VPN endpoint / Tor exit node is flawed. IP addresses are a blunt tool and many people wish to obfuscate their use of one for perfectly legitimate reasons. Consider that if an IP address is at all useful to some random admin doing an investigation, there are good reasons to avoid it being traceable to yourself (that have nothing to do with WP). ゼーロ (talk) 12:01, 24 February 2016 (UTC)
We don't let admins look at IPs. Only checkusers. Our checkuser policy allows for this sort of checking and determination. There is no right to obfuscate your IP here, just a privilege we allow some people for special circumstances. As it stands it can be taken away simply if there is evidence it is not being used, I am suggesting it be taken away only if there is any evidence it is being misused. HighInBC 16:47, 24 February 2016 (UTC)
I agree. Re: "As it stands it can be taken away simply if there is evidence it is not being used", please see Wikipedia talk:IP block exemption#Removal without warning or discussion, where I clearly show that "not being used" does not equal "not needed". --Guy Macon (talk) 18:11, 24 February 2016 (UTC)
I appreciate what you are trying to say HighInBC, but I don't have an IP address. The one I use at home, that I can't edit WP properly from, is shared and seems to change often. Sometimes sites think I am outside the country and won't let me access services for a few days until it changes again. The whole concept is flawed. ゼーロ (talk) 17:03, 25 February 2016 (UTC)
You do have an IP address, even if it changes often and is shared with other users it can still be seen as a residential IP and not a proxy. In my scenario your changing home IP would be related to an ISP and would be seen as a legitimate set of IPs, as opposed to a proxy server or commercial public IP. HighInBC 16:44, 9 March 2016 (UTC)

What makes IPBE extraordinary?

I read through the past discussions on this page and I still don't quite get it.

  • What makes IPBE so dangerous that it cannot be retained by trusted members of the community who have at some point needed it?
  • Is it the fact that it allows editing through Tor? If so, would it make sense to unbundle ipblock-exempt and torunblocked?
  • If the issue is that lots of people having IPBE would make checkuser difficult, perhaps it should still be granted only if absolutely needed, but why does it make sense to take it away from people?
  • Would a compromised account with IPBE be significantly more dangerous (or difficult to detect) than a compromised account without it?

If the main reason is just "people who don't need a user right shouldn't have it", then I think the reaction to the recent IPBE review shows that the advantages may be outweighed by the social costs. wctaiwan (talk) 00:41, 22 February 2016 (UTC)

What about the social costs of allowing the number of IPBE users to slowly grow forever (it makes the rest of us wonder why we don't have that right)? Procedures like WP:OWN tell us that our feelings aren't as important as fitting in, and there is no reason people should have IPBE unless it is needed. Johnuniq (talk) 02:04, 22 February 2016 (UTC)
WP:OWN isn't scripture, and there is social cost to not doing it. If you want people to contribute, it makes sense to help them so do. I'm now unable to edit from home, so my contributions are heavily reduced.
To address the issues raised by wctaiwan, I think separating out Tor blocks is likely to be problematic, because people can run Tor exit nodes through VPN services. Some VPN services use the same servers to host Tor exit nodes too. To me the more interesting question is why do we block registered users who have been active for a number of years from using Tor? The goal is to block spam and vandalism, not to block Tor.
I agree that taking exemptions away from people makes no sense, unless there is some specific abuse it is dealing with. ゼーロ (talk) 09:15, 22 February 2016 (UTC)

Removal without warning or discussion

I am a bit concerned about removals of IPBE with no warning or discussion on the user's talk page. I have IPBE because when I am in China I usually work under a consulting contract that specifies that I must access the Internet is through Tails and Tor (I do consulting work work in the toy industry, where industrial espionage is a real problem). I also use Tails and Tor here in California if I am accessing the Internet through a corporate network at a remote jobsite. I often end up waiting around for someone at the remote site so have plenty of time to edit Wikipedia.

The thing is, I might go nine months without needing IPBE (thus meeting the "editor has access to Wikipedia through a non-firewalled IP address" criteria for removal) then suddenly need it very badly. I don't see how a checkuser alone would reveal this, and I don't want some admin to remove the right without first discussing it with me and giving me a chance to explain my situation.

Note: I hereby give my full permission to anyone to run a checkuser on me and reveal the results for any reason or for no reason at all other than going on an ordinarily unjustified fishing expedition. I don't care who knows my IP, and I have nothing to hide from anyone on Wikipedia. Also, I cannot be possibly be outed, because Guy Macon is the real, legal name I was born with. The WMF has proof of my identity on file. --Guy Macon (talk) 23:16, 22 February 2016 (UTC)

(...Sound of Crickets...) --Guy Macon (talk) 01:54, 25 February 2016 (UTC)
There's obviously a range of views on the best way to manage this right. Why not start an actual RfC about it? Opabinia regalis (talk) 02:11, 25 February 2016 (UTC)
^ This sounds like a great idea. Might as well get people together to make a decision, rather than arguing back and forth about it. I'd be glad to help set it up, if needed. Ajraddatz (Talk) 05:30, 25 February 2016 (UTC)
Please do that. ゼーロ (talk) 17:05, 25 February 2016 (UTC)
Sounds like a plan! I'm pretty busy until after the weekend though, so I'll set it up sometime next week unless someone else has before then. Ajraddatz (Talk) 03:22, 26 February 2016 (UTC)

Less restrictive IPBE RFC

The following discussion is closed. Please do not modify it. Subsequent comments should be made on the appropriate discussion page. No further edits should be made to this discussion.


Should the IP Block Exempt permission requirements be loosened to be generally given to established editors in good standing upon reasonable request

For the purposes of this RFC :

  • Established editors shall be taken to mean 6 month/500 edits (unless some other consensus definition evolves below)
    • Could be given to editors who don't meet this restriction if they can show some heightened cause.
  • reasonable request shall be taken to mean security (VPN), privacy, travel or other reasonably articulated concerns
  • The request can be refused (or revoked) if there there is reasonable cause or for suspicion of misuse

For additional context see Wikipedia:Administrators'_noticeboard#IPBE_-_IP_block_exemption_removals

Gaijin42 (talk) 21:03, 26 February 2016 (UTC)

Survey

  • Support Use of VPN while on public wifi is a universal recommendation from security and IT professionals. By restricting users from using VPNs we are placing them directly in harms way. For almost an insignificantly small benefit to the wiki. Support giving on demand to any established account (perhaps make it part of the Gamergate super-auto-confirmed permission?). Given on reasonable request to any account. Revocable with cause or reasonable suspicion of abuse. Gaijin42 (talk) 21:03, 26 February 2016 (UTC)
  • Support in spirit, but per the comments below, this is a very vague proposal. Beeblebrox (talk) 22:14, 26 February 2016 (UTC)
  • Oppose I was given IPBE just the other day thanks to a ne'er-do-well at my current location abusing multiple accounts. My situation is why the permission exists. If IPBE threatens our CU capabilities then I don't think it's worth giving anyone (even me) this permission. We've seen how our "trusted users" can get embroiled in content disputes, POV pushing, and edit warring. Chris Troutman (talk) 02:20, 27 February 2016 (UTC)

Threaded Discussion

  • Unless you want a series of RfCs to determine exactly how the requirements should be loosened, you may wish to include your specific changes in the body of your proposal. BethNaught (talk) 21:11, 26 February 2016 (UTC)
BethNaught that is a risk, but for two reasons I think I should keep it the same. 1) adding in ideas risks POV creeping into the RFC which could invalidate it. 2) Its a waste of time to get into minutia if overall support is going to fail. Gaijin42 (talk) 21:28, 26 February 2016 (UTC)
You'll be able to see if it is generally supported by making a proposal that clearly outlines what changes should be made. This is nothing more than a survey; I think a substantive proposal would be better here. Ajraddatz (Talk) 22:17, 26 February 2016 (UTC)
I don't think your POV concern makes much sense. A proposal for a change is by its very nature a reflection of a particular point of view. This isn't an article we're talking about here, and people would almost certainly find it easier to form an opinion if something more concrete was proposed. Rushing ahead with an RFC that is not fully formed rarely yields usable results. (See my essay on the subject for more details.) Beeblebrox (talk) 22:20, 26 February 2016 (UTC)
  • I suggested an RfC above, but what I had in mind was something much more structured. As written this is more or less an invitation to continue the sort of diffuse commentary in the previous sections, but with an RfC tag on it; no consensus for a specific policy change is going to emerge from such a broad question. I'd suggest withdrawing this for now and working with the others who suggested above that they were interested to develop a substantive proposal. Opabinia regalis (talk) 22:22, 26 February 2016 (UTC)
  • I concur with those that say this should be more structured. wctaiwan (talk) 22:32, 26 February 2016 (UTC)

Per the comments above I have restructured the RFC to give a specific proposal. @Wctaiwan, Opabinia regalis, Beeblebrox, Ajraddatz, and BethNaught:Gaijin42 (talk) 22:36, 26 February 2016 (UTC)

  • As I understand it, the reason the restrictions are tight right now is that if a user editing through VPN or other anonymizing proxy commits sock puppetry, it would be very difficult for a CheckUser investigation to produce conclusive results. I understand that the intention of this proposal is to only affect established, trusted editors, but a certain threshold of edits and tenure is not necessarily indicative of trustworthiness, and then again, we have seen established editors commit sock puppetry before, and get caught because of CheckUser. Thus, wouldn't loosening the policy in the manner proposed allow users to more easily sockpuppet without detection? Mz7 (talk) 23:43, 26 February 2016 (UTC)
  • Thanks Gaijin42, but I still think the best way forward is to withdraw this for now and re-start later with a more developed proposal. IMO the best approach would start by working with other interested editors who understand the technical background to produce specific recommendations on how the policy should be changed and why. Opabinia regalis (talk) 02:18, 27 February 2016 (UTC)
The discussion above is closed. Please do not modify it. Subsequent comments should be made on the appropriate discussion page. No further edits should be made to this discussion.

Proposals for RfC

Let's decide on the proposed questions for an RfC. I suggest:

1. All editors should get an IP block exemption after being registered for six months and having made >10 edits without sanction during that time. Editors may also request an early exemption.

2. Exemptions shall only be removed in cases where there is abuse.

Discussion: The purpose of IP blocks is to stop spam and vandalism. Unfortunately, they are a blunt tool that cause a lot of collateral damage and work for administrators. They are also anti-privacy and discriminatory against editors from areas where exemptions are necessary. Such editors essentially have to beg to be allowed to edit, and then keep editing regularly from a blocked IP range or have their exemption removed and go back to begging. The process for evaluating eligibility can also include an unwarranted invasion of privacy.

A better solution would be to simply grant all editors an exemption by default once they become established, which I define (somewhat arbitrarily) as being registered for six months and having made at least 10 edits without sanction for spamming etc. That should be more than enough to deter spammers and vandals, who would have to expend significant energy improving Wikipedia and wait six months before being able to vandalize anything. Users who need an exemption from day one can apply for a special exemption.

Following on from this, it makes sense that the only reason to remove an exemption is as a sanction for bad behaviour.

Please comment on the questions. This isn't the RfC, we are just trying to make a concrete proposal that can be implemented from a technical point of view and which is likely to address any major concerns (i.e. stand a chance of being accepted). ゼーロ (talk) 09:48, 29 February 2016 (UTC)

I think that is far too aggressive. It would be trivial for sock farms to create accounts that meet that requirement en-masse, wait for them to activate, and then CU would become worthless. If its going to be automatic, I would think something more like the GamerGate restriction would be better (500 edits, 6 months?). I'd say it should be on request, granted unless suspicious, except with the reduced requirements, that might be too heavy of a workload.Gaijin42 (talk) 14:29, 29 February 2016 (UTC)
Agree with Gaijin. There's no way that's going to work. (10 edits, is that a typo?)
I suggest something along the lines of:
  • IPBE may be granted on request to experienced editors who are affected by hard blocks or who otherwise describe a reasonable use for the right. Administrators should consult with a checkuser if they are uncertain about a particular request.
  • Editors who hold this right should be aware that the index of suspicion for sockpuppetry or other misbehavior may be higher for IPBE holders than for other users, and they may be checkusered when reasonable suspicion arises.
  • IPBE may be removed when:
  1. The holder of the right requests its removal.
  2. The account is inactive for more than a year.
  3. Reasonable suspicion of misuse substantiated by checkuser evidence has arisen.
  4. The user has been banned or has otherwise been subject to sanctions that are incompatible with the level of trust needed to retain the right.
It can't be automatic - that's too easily gamed - and while I personally think we should be much less restrictive with this right, there is a real danger of inadvertently turning it into a "trusted user flag", which would cause all kinds of unpleasantness in the event that it needed to be removed from an established user for whatever reason. But the evidence Mike V posted in his audit is that 269 cases turned up a single, disputed incident of misuse, which suggests that it's reasonable to be less strict with this. Opabinia regalis (talk) 18:18, 29 February 2016 (UTC)
Opabinia regalis's suggestions are much more in line with what I am thinking, but I do think it would be better to give a (non exclusive) list of examples about what might be "reasonable use". Is just general desire to use VPNs for security/privacy sufficient? Occasional travel to China? etc. Gaijin42 (talk) 18:43, 29 February 2016 (UTC)
  • That seems reasonable to me, though I'd still like a checkuser (or someone else who is knowledgeable on this) to explain what it is the current strict guidelines are intended to protect against. It'd really help in reaching a better informed decision. wctaiwan (talk) 19:21, 29 February 2016 (UTC)
  • The current guidelines are partly designed to prevent one user building up a 'good hand' account, which cannot be connected by normal means to the primary account. If a user only uses anonymising proxies, they are basically checkuser-proof (any admin doing this would certainly raise more than an eyebrow). We have seen whole admin accounts created using this method before. IPBE also allows users to log in to override an IP block intended for them, which would otherwise have been anonymous. -- zzuuzz (talk) 20:13, 29 February 2016 (UTC)
I like Opabinia regalis (talk · contribs)'s suggestion, especially when it comes to removal of the right. IPBE shouldn't be automatic, and should still be held by people that have a use for it. CheckUser should also be used to investigate cases where disruption is possible, given the appropriate rationale for doing so. Wctaiwan (talk · contribs) the basic argument is that it lets users sockpuppet without detection, since you could run an account with IPBE on an open proxy, and another on your main IP. The argument against this is that it is possible anyway using mobile ranges, and ultimately the behavioural evidence will be telling. Ajraddatz (Talk) 20:10, 29 February 2016 (UTC)
I suppose, on rereading, that should also say something like "Editors who discover that they no longer need IPBE are encouraged to request removal of the right." and "IPBE may also be removed at the direction of the Arbitration Committee." (Not to power-grab, but I can imagine cases where removing is warranted but no other details should be made public.)
As for Tor et al, there's a proposal floating around somewhere that the torunblocked right should be granted separately from general IPBE. I think that's a bad idea, in part because it would give snoops a handy list of users we've judged to have "extraordinary" circumstances. Personally I think we are being bad free-culture citizens by being so fussy about what are otherwise reasonably common personal-security measures (recommended by the EFF, even). We should just say something like "Tor, other proxies, VPNs, and similar services are frequent sources of abuse. IPBE holders who use such services are warned that their account might come under checkuser investigation, in which case IP addresses recently used by their account may be revealed to a checkuser. In some cases the account may be blocked if it is not possible to rule it out as a source of abuse. Be careful; we're not your mother."
That said, what would be more likely to actually get a reasonable proposal passed would be giving simple examples like "a need to edit through a firewall, even if the need arises only intermittently". Opabinia regalis (talk) 20:48, 29 February 2016 (UTC)
My personal reason is "Desire to use VPN for security while on hotel/airport/starbucks public wifi as recommended by virtually every security expert on the planet." (I can provide sources for the recommendation if needed). The reading I have done over the last few days suggests to me that the TOR right is separate right now. But I agree with Opabinia regalis's concern that that gives people an easy to use list. Are there such things as secret rights that aren't visible to regular users or admins? Gaijin42 (talk) 20:53, 29 February 2016 (UTC)
They haven't been separated yet; see Special:ListGroupRights. I agree that occasional use is still justification for the flag, and that makes unwarranted CheckUsers on accounts with the flag even more concerning (since the CU is then seeing the proxy and their main IPs). As an aside, I also support keeping IPBE and torunblocked together, since they are generally used for the same thing and it's easier to manage then. Ajraddatz (Talk) 20:58, 29 February 2016 (UTC)
Ajraddatz Ah, I was ambiguously referring to the split between the lower level "ipblock-exempt" and "torunblocked" permissions. Although we don't give normal users one without the other, the admins and bots all get ipbe but not torunblocked currently. (That would let you currently find admins who are in a sensitive location maybe? since they would explicitly be in the IPBE group to get tor, even through they already got the ipblock-exempt permission from being an admin?) Gaijin42 (talk) 21:10, 29 February 2016 (UTC)
I'd like to see the requirement for a "good reason" removed, because privacy and security are good reasons for all editors. As others have pointed out VPN use in particular is considered pretty much mandatory when using public networks, and when using private ones by many security experts. ゼーロ (talk) 10:36, 1 March 2016 (UTC)

New proposal, based on feedback

1. Editors may also request a IP block / Tor exemption without needing to provide a detailed reason, as privacy & security are considered valid reasons for anyone.

2. Exemptions shall only be removed in cases where there is abuse.

Are these more acceptable? ゼーロ (talk) 10:44, 1 March 2016 (UTC)

I think this is still too broad. You are jumping from basically completely restricted, to completely unrestricted. There is a happy medium. Making it too broad will cause heavy socking disruption
I think we should require a reason, but give guidelines that privacy and security are valid reasons. I think that we should still have some time/edit guidelines as well. For users who meet those guidelines the right should probably be granted absent other issues. If they do not meet those guidelines, additional scrutiny and or justification may be needed as the discretion of the grantor. (This is similar to the restrictions that we place on AWB Wikipedia:AutoWikiBrowser#.281.29_Register, or Rollback Wikipedia:Rollback#Requesting_rollback_rights). AWB and rollback have much less potential for long term disruption. We should not be making ipbe easier to get than these.
For number 2, "Shall, abuse" is too strong. especially as a jump from where we are now where it is removed by default. Perhaps removed (or request rejected) when there is reasonable suspicion of misuse.
Also, the right may need to be temporarily removed during the course of an investigation in which the person is presumed innocent, just to reduce the noise/question of unrelated users. Once this right is in general use, VPN/Tor collisions are going to become more likely and they may need to temporarily shut things down to identify the culprit. The right should be restored to those uninvolved afterwards tho. Gaijin42 (talk) 13:47, 1 March 2016 (UTC)
I don't see the point of requiring a reason if the reason can be "privacy/security", because anyone making sock puppet accounts will just say that. Socking should not take away every user's right to privacy and security.
As for "shall, abuse", the problem with softening it to mere suspicion is that once the block is removed it may be difficult for the user to challenge the accusation. It's also open to abuse. I don't see a problem with requiring there to be the usual level of investigation and oversight for sanctioning users. ゼーロ (talk) 15:35, 1 March 2016 (UTC)
The proposal won't pass without more broad grounds for removal. It should be removed for general inactivity as well, and I would be OK with routine audits that ask users if they still need it (without mass CheckUsering a bunch of trusted accounts) Ajraddatz (Talk) 18:18, 1 March 2016 (UTC)
By inactivity, do you mean of the account as a whole (regardless of if the IPBE right is being exercised or not)?Gaijin42 (talk) 18:22, 1 March 2016 (UTC)
Yeah. The one year timeframe mentioned above makes sense. Routine asking audits can also help to remove it from those who no longer need the exemption, but are still active. Ajraddatz (Talk) 18:24, 1 March 2016 (UTC)
The "one year" from my earlier post is arbitrary, but it's true that IPBE could make it difficult to detect a compromised account, and thus increase the potential damage from compromise, so there should be a mechanism for removing it from inactive accounts that could be compromised without the owner noticing.
One reason to ask for a reason is to prevent the use of this user right as a general "trusted user" label, which will make it more difficult to keep track of and will cause a lot of drama when the right is removed, regardless of circumstances. I do like the idea of "auditing" by routine mass message. As for #2 above, I think the best we can do is offer a standard along the lines of "reasonable suspicion of abuse" - the whole point is that actually making use of the IPBE right makes it more difficult to demonstrate abuse with the degree of certainty #2 seems to be seeking. Opabinia regalis (talk) 21:39, 1 March 2016 (UTC)
Auditing via email sounds good, perhaps with some alternate behaviour if the email address on the account changes. If there is to be a hard time limit, there should a warning email a month before so people can access their account to extend the deadline. The removal without warning is an issue for a lot of people.
To reiterate, the main issue for me is that "privacy/security" are considered valid reasons. I need the exemption to edit from home in any case, but when when on mobile etc. I'd prefer to use a VPN for privacy and security. ゼーロ (talk) 09:37, 2 March 2016 (UTC)
You already have a fairly high level of privacy and security... by having an account, and thus ensuring that your IP records are only accessible to a very small group of trusted users under a restrictive policy (i.e. checkusers). (They're also available to anyone monitoring your network traffic, but IPBE doesn't help with that either.) Given that the reason the checkuser mechanism exists is abuse prevention, I don't see it as appropriate to give it out to anyone who asks if they can edit just fine without it. (In particular, VPNs that are not open proxies should work without IPBE?) In the future the community may decide to allow editing through Tor, but let's take this one step at a time. wctaiwan (talk) 18:24, 2 March 2016 (UTC)
Wctaiwan Corporate VPNs will likely work, but most of the for-pay VPNs are blocked as open proxy (though they do not actually meet that definition) For example, the one I use is TorGuard, which is completely blocked. Gaijin42 (talk) 19:02, 2 March 2016 (UTC)
It's not so much privacy from WP admins, as privacy from ISP level spying and government spying. It wouldn't be the first time that access to certain Wikipedia pages is used against someone. There is also the issue of ISPs monitoring for targeted advertising and "content control". Many mobile ISPs do keyword filtering, for example. More over, everyone has a basic human right to privacy, and some people need to use a VPN to block ISP level interference like advert injection. I think it's important to see VPN use as like having a firewall or anti-virus. ゼーロ (talk) 09:09, 3 March 2016 (UTC)
Comment: On WP:AN, Risker mentioned previous audits ("Having participated in one or two similar audits over the years..."). On the current AN page the term "IPBE" is mentioned more than 100 times, "block exemption" 15 times. In the 279 AN archives the term "IPBE" appears only 32 times in 20 archives, "block exemption" less than 50 times in 34 archives. These previous audits apparently didn't cause (many) problems, and I don't think the policy has changed much since then? Seems to me the current problem is caused not so much by the policy, but by an admin making wrong decisions (note that LouisAlain is still blocked for supposedly using a web host, despite all evidence suggesting his IP is a freebox modem) and based on an overly strict interpretation of the policy. Prevalence 15:21, 2 March 2016 (UTC)
That's why I'm keen to re-word the policy in a more permissive way, where the default action is to allow and keep exemptions in place unless there is some specific reason to remove them. ゼーロ (talk) 09:11, 3 March 2016 (UTC)

Moving forward

It seems that there is general support for something like what Opabinia regalis proposed. (At least one person thinks it's still too restrictive, but this doesn't preclude an even less restrictive policy later.) @Ajraddatz: since you previously said you'd be willing to set up an RfC, would you be interested in starting one based on the proposal at some point? Thanks. wctaiwan (talk) 19:45, 3 March 2016 (UTC)

Yes, I would. I'd like to wait a few days though - After getting non-answers from the local CU team here, I've asked the ombudsman commission to look into the practice of mass-checking as part of IPBE audits, and I want to make sure that the new policy reflects their interpretation of how CU can be used in those cases. It may be that my own interpretation is off, and mass checking is OK, and if so that should be included in the policy somewhere - or totally removed if it is not acceptable. Ajraddatz (Talk) 21:24, 3 March 2016 (UTC)
Alright. Thanks for the follow up. wctaiwan (talk) 23:25, 3 March 2016 (UTC)
Good idea, thanks Ajraddatz. Opabinia regalis (talk) 00:23, 4 March 2016 (UTC)

Okay then. Am I interpreting this correctly if I propose:

1. Privacy and security are valid reasons to request an exemption.

2. Exemptions shall be removed if there is reasonable suspicion of abuse, or if the user does not indicate they wish to retain it in response to a regular email. The email would be sent once a year. In cases where abuse is suspected, care should be taken to avoid preventing the user from participating in discussion of the issue.

Is that what had had in mind? ゼーロ (talk) 11:55, 7 March 2016 (UTC)

This sounds better than what we have now. Though I would like to hear from CUs as they are going to be the most affected by this. HighInBC 16:46, 9 March 2016 (UTC)
That is essentially what I am thinking it will be. An expansion of the "valid rationale" section to include privacy/security for users who are obviously trusted to not abuse it, at the discretion of the granting admin, and perhaps with an edit count / account age requirement. It should also include that periodic use of proxies, etc is a legitimate use for requesting the flag: One need not be using the flag constantly to retain it, only have a continuing need for it.
In terms of removal, auditing is allowed and encouraged, but should be done by contacting users through their talk page or email and asking if they still need the flag. If there is any suspicion of disruption, then the user may be checked to prevent disruption to the project. (Depending on the result of the OC deliberations, checks may be permitted in general to help checkusers determine the continued need for the right, but should still be done in consultation with the user).
I too would like to hear from local CUs on this. My own experience with the right is on the global scale, usually dealing with cases of obvious cross-wiki vandalism and rarely the kind of in-depth sockpuppetry that happens here. And when that does happen, they always seem to be editing from the same mobile ranges as half the admins on the project. I've tried to ask about this on AN, but I fear my comment was misinterpreted as badgering over the actions taken, when I'm actually not concerned with what happened, just on how to best move forward here. Ajraddatz (talk) 08:32, 10 March 2016 (UTC)
I've been following this, but have been reluctant to comment. With a case being before the Ombuds, a group who have been known to mess up their reviews of CU usage, I feel urged to tread even more lightly. Ajraddatz, specifically your request posed to me in private really did seem like your were concerned with what happened vs. moving forward, and I don't think it's hard to see that. So I have not commented.
I get that stewards have a more stricter view of policy use in general, and that IAR, as far as I am aware is non-existant on a global scale. Being the biggest wiki, and the most targetted wiki, things that work on a global scale, do not work locally and vice versa. I can't count on two sets of hands (aka 20 cases) the amount of cases that I've dealt with users with advanced rights and "trusted users" violating the sockpuppetry policy in significant ways. That's just off the top of my head, and i'm only one checkuser.
If I look to the proposal, and "privacy" and "security" are the only words someone has to drop and they are given IPBE, then we've lost the battle to combat sockpuppetry already. We've had administrators on this project give out IPBE 1) When the user is affected by a block...but they don't provide any details about the block 2) Haphazardly to "trusted users" with less than 1k edits and a couple of weeks on the project. With the amount of abuse we have on this project, those are very dangerous things. When IPBE is granted it gives the user the ability to edit via proxy, and we never know their original location via Checkuser once that data drops off the map for more than we can check back. So when a sockpuppetry case comes up with their name in it, checkuser is utterly useless to combat sockpuppetry and it dives down to behaviour. Behavior is a lot harder to prove, and your mileage varies by administrator. That is why checkusers don't accept privacy and security as valid reasons without more details, and likelihood of issues arriving if they don't use a proxy. -- Amanda (aka DQ) 02:32, 11 March 2016 (UTC)
My objection to this is that the current level of strictness seems highly excessive considering that there's no evidence IPBE is being actively misused, or that lowering the requirements somewhat would change that. I don't think we should necessarily grant it to people who have been around only for a few months, but is it really better to err so far on the side of caution when it comes to well-established members of the community just to mitigate an utterly minuscule risk that they would sock? To me it's doing more harm than good. wctaiwan (talk) 03:08, 11 March 2016 (UTC)
The problem with this view is that IPBE is a social right versus a tool, as it should be viewed. The reason that it's granted is so that the user is able to continue editing, which is a right of Wikipedia. If it's not needed any longer, then why does it need to remain? We can discuss removal/retaining methods (which I think would benefit from a discussion) in another discussion. More well established users sock than I feel your aware of. While it's a small percentage, if it's something that can be prevented by removing an unneeded IPBE, then why not do that? -- Amanda (aka DQ) 07:04, 11 March 2016 (UTC)
If we want to just let this be used all over (which I oppose) then perhaps it could be bundled to the soon-to-be created usergroup for 500edits+30days (tentatively named extendedconfirmed). — xaosflux Talk 00:34, 12 March 2016 (UTC)
While technically possible, I agree that adding it to the new usergroup would be a bad idea. Ajraddatz (talk) 20:29, 12 March 2016 (UTC)
The main objection is that it creates a burden for the user. I've had to apply twice for an exemption now, due to premature expiry. It just happens that the VPN service I use, which I have to use to edit from home, isn't blocked by WP at the moment. Eventually someone might notice it's shared and add it to the list, and I'll have to explain the whole thing a third time. I really don't think automatic revocation is going to have a significant effect, compared to the burden it creates and accounting for the fact that it can be removed if abuse is detected. The issue is basically that if someone stops editing for a few months or their endpoint switches to a non-blocked address for a while they end up having to re-apply, wasting everyone's time. ゼーロ (talk) 09:44, 11 March 2016 (UTC)
Thanks for the reply. I do apologize if it seems like I'm here to beat a horse or pillory Mike V in particular. Regardless of what you may think, I assure you that isn't the aim. My question to you in PM was more directed at the rationale behind the practice of mass checking, to see if there was historical context or discussion around the justification for it, but I understand why you wouldn't want to reveal that. As was my question on WP:AN. Unfortunately, with non-answers from both venues, the OC was the next step for me to take. I didn't want to move forward with a proposal without understanding the local context behind the actions, and the local justification for them - to some extent, that still hasn't happened. m:Ignore all rules is a thing, though not really a policy, and in general you are right that we take a more restrictive approach to using tools - especially with privacy considerations. That is one of the reasons why I was asking around locally, because I know that attitudes here could be different, though I wanted to see how those attitudes stood up with the global policy surrounding the use of the rights.
It's interesting (and useful to know) that so much abuse of multiple accounts comes from trusted users, and if that is a real problem, then it's definitely something to consider when suggesting any changes to the policy. Ajraddatz (talk) 03:12, 11 March 2016 (UTC)
In the standing of global policy, I feel the checking of accounts is justified by "and to limit disruption of the project. It must be used only to prevent damage". We are preventing damage by checking to see if the block is still needed. As for the method of mass checking, I think we can make efforts to contact people first before using the tool. If no response is garnered from that, and there are recent edits, I'd then run the CU, else I would remove the flag for inactivity. If they still claim there are active blocks, i'd make a cursory check to verify the story at hand. If they don't need it, then they don't need it. That minimizes the impact on privacy.
Also the local Arbitration Committee is able to handle abuse/improper of priviliges complaints. Would your concerns not also fit within the local policy on checkuser use? Cause the committee does deal with the granting and removal of tools. But maybe that's the confusion with the m:CheckUser policy. It says local wikis should investigate first, and gives them the option to remove the bit, but then says all complaints of infringement go to the OC. -- Amanda (aka DQ) 07:04, 11 March 2016 (UTC)
That justification does make sense, if it is being used selectively rather than applied to anyone holding the IPBE flag - it seems counter-intuitive to say on the one hand that users with IPBE are trusted to not be disruptive, but on the other to say that having the IPBE flag is justification for being checked at any time. But what you suggest, with using it as part rather than the basis for the audit, makes sense. Removing CheckUser from the equation altogether is also obviously not an option, since it would remove any evidence-based handling of IPBE cases. Contacting people beforehand should also minimize the fallout, since there is less of a shock factor for it, and people who still need it can explain why before rather than after. This sounds like a good basis for an RfC, at least with regards to the removal of the flag. Per your last comment, I'm not sure about allowing broad access to it, though some privacy-related cases could be legitimate.
My concerns would fit within the local policy, which must be no less restrictive than the global one. Arbcom might have been a better route to go through for this for me, especially since I am looking for the local experience with these practices and what impact a change would have. You're right that there is a bit lot of jurisdictional overlap, mainly because most projects don't have a local arbcom, and not all local arbcoms handle CU/OS investigations. I guess what I was mainly going for was the OC's role in investigating local compliance with global policies, as per the opening paragraph here. If some sort of workable proposal comes out of this, then there is no need for them to get involved. Thanks for engaging in a conversation - that's what I wanted the whole time, and again I am sorry if it didn't seem that way. That's on me. Ajraddatz (talk) 07:32, 11 March 2016 (UTC)
Re "1. Privacy and security are valid reasons to request an exemption.", I just can't get around the problem that this lets anyone who is willing to say the magic words would get IPBE. I think something like this would be better: "has to convince an administrator that IPBE is needed. The admin may grant the user right based solely on a desire for privacy and security, but this should involve a conversation with the user to determine whether they understand in what way IPBE does and does not increase privacy and security, and should be balanced against the user's history (new accounts and accounts that have multiple blocks or complaints would be less likely to get IPBE, accounts in good standing with years of experience, few blocks/complaints and many edits, and which show knowledge and a willingness to follow our policies would be less likely to get IPBE.)" That's rather long and wordy and certainly could be condensed, but you get the idea.
Re: "2. Exemptions shall be removed if there is reasonable suspicion of abuse, or if the user does not indicate they wish to retain it in response to a regular email. The email would be sent once a year. In cases where abuse is suspected, care should be taken to avoid preventing the user from participating in discussion of the issue." This seems like a no-brainer. There should be a central page that anyone can watch that will indicate who hasn't responded after, say, a month. --Guy Macon (talk) 03:53, 12 March 2016 (UTC)
I think something like this certainly needs to be done. I do agree that it shouldn't be automatic, but that it should be much more readily granted to editors in good standing, and that a simple desire for privacy and security is sufficient reason for requesting IPBE to use a VPN connection or the like. I use a VPN on my phone and often on my computer, and certainly always if I'll be editing from a public location. That's not an indicator of malicious intent, it's just good security and privacy practice. I broadly agree with Obabinia above that we aren't being very good Internet citizens by actively discouraging the use of such privacy measures, and that we should make it reasonably straightforward for good-faith editors to do so. Seraphimblade Talk to me 00:13, 13 March 2016 (UTC)
  • I'm going to state the obvious here. The most logical reason to explain why we aren't seeing significant abuse of IPBE is because it is not handed out like candy. People actually have to ask for it and explain their reasoning, and they have to have an editing history that is sufficiently positive to justify the risk involved. I strongly discourage dropping that level of expectation. "Security or privacy" - well, hell. We regularly get people wanting to open up the project to the entire Tor network because someone they know and like uses Tor (I'm not kidding, it comes up at least once or twice a year from WMF staffers, not to mention others.) All of these suggestions and desires come from people who don't deal with the messes that are caused. I don't mind the idea of dropping regular screening checks. Any significant loosening of requirements wwill have a net result of a lot more hardblocked VPNs (with good reason, since they're being used for otherwise-uncontrollable vandalism), and probably the removal of IPBE from those who use those VPNs because we can't tell them from the trolls. Keep that in mind, too. Risker (talk) 00:50, 13 March 2016 (UTC)
How would you feel about allowing long time users in good standing to request an exemption for VPN use, and adding the email polling before removal? That seems like it wouldn't create an undue burden, and in fact might lessen the burden somewhat. I'm on my third exemption now, and every time it requires wasting my time and an admin's time to set up again. ゼーロ (talk) 13:15, 14 March 2016 (UTC)

How about this wording?

1. Users with good standing (many sustained good edits over a considerable period of time) may request exemption on privacy/security grounds, without need for further justification? 2. Before removing an exemption, the account owner should be emailed and allowed to request an automatic extension simply by replying.

ゼーロ (talk) 16:16, 14 March 2016 (UTC)

I'm not so sure if that's a good idea. The idea of an editor in "good standing" has never been solidified by the community. Some administrators have high standards and expect thousands of edits with months of editing, while others only require a handful of good faith edits and a couple of weeks on the project. The ambiguity also allows users to cherry pick which admin(s) they'd like to ask so they can receive a favorable response. I'm not a fan of granting it carte blanche to anyone that says it's for "privacy/security reasons". As Risker pointed out, sometimes these "security" reasons are really just editors are using an anonymizing service in a different country so they can access a different Netflix catalog. They simply don't want to turn it off while editing. We should have some form of confirmation that there is a legitimate need, whether this is through CU or discussion with the functionary team. The automatic renewal via email poses another issue. As I've noted in my original post in February, most users had it removed because they were no longer affected by a hard block. If a user is no longer affected by a hard block, it doesn't make sense to extend the permission. As for users that are using for exceptional circumstances, we should determine if the reason for granting it is still in play. Some users are no longer editing from an area of concern and occasionally, others have been misleading with their request. With a user right that does have the ability to be misused (as noted by DQ above), we shouldn't keep it enabled on just their word alone. Mike VTalk 21:24, 14 March 2016 (UTC)
Can you see any way to facilitate or at least reduce the burden on users who either choose to use or require a VPN service? ゼーロ (talk) 09:47, 15 March 2016 (UTC)

As no-one seems to have anything else to add, I suggest starting the RFC with the questions above. Any objections? ゼーロ (talk) 11:02, 17 March 2016 (UTC)

We are close, but I would like to see and comment on the exact wording that is going to go into the RfC first. Right now I am not sure whether you are proposing that a talk page notice (possibly asking for an email reply) would be used to see if I still need IPBE (this is the usual method) or whether for some reason it has to be by email. I would also like to confirm that the "desire for privacy or security is enough" question is a wholly separate question and not bundled with some other question. --Guy Macon (talk) 14:06, 17 March 2016 (UTC)
Okay, how about two separate questions then:
1. Before expiry of IPBE a notice will be placed on the user's talk page, with an opportunity to request extension there. Extension should normally be given upon request.
2. Users with good standing (judged by the admin, based on having made a positive contribution over a considerable period of time) may requset an exemption on privacy/security grounds, without the need for further justification.
It makes sense to use the talk page. ゼーロ (talk) 14:37, 17 March 2016 (UTC)
I like it. --Guy Macon (talk) 14:41, 17 March 2016 (UTC)
#1 seems reasonable to me, as well. This is basically how desysopping and removal of Crat rights for inactivity already works, so a warning message, say, 1–2 weeks before removal seems perfectly acceptable. Not sure about #2, as I'm generally against the granting of any rights "in perpetuity". --IJBall (contribstalk) 19:48, 19 March 2016 (UTC)

CUs Giveth, CUs Taketh Away

Out of curiosity, would it make it easier to follow policy if CheckUsers were the only ones who could add and remove the permission?They're the ones that have the information anyway, and administrators need to consult them... It would also provide a barrier from admins self-applying it so they can use Tor and reduce conflict. I don't know, what do people think? Kharkiv07 (T) 14:46, 17 March 2016 (UTC)

Since admins place ip blocks (including rangeblocks) they should be able to resolve collateral damage with IPBE. — xaosflux Talk 14:51, 17 March 2016 (UTC)

RfC: Proposed expiry notice for users with an active IPBE

The following discussion is closed. Please do not modify it. Subsequent comments should be made on the appropriate discussion page. No further edits should be made to this discussion.


Before expiry of IPBE a notice will be placed on the user's talk page, with an opportunity to request extension there. Extension should normally be given upon request. ゼーロ (talk) 14:53, 21 March 2016 (UTC)

  • Support this addition. As I discussed above, this change will ensure that the person with IPBE has a say in whether they keep it, and gives the CheckUser/admin investigating some additional context of why they have the rights and might still need them. Ajraddatz (talk) 00:00, 23 March 2016 (UTC)
I would also like to point out the problems with maintaining an "abuse mentality". As someone who very often deals with global vandalism and sockpuppetry, I understand how easy it is to see bad faith behind every action, and to overstate the potential for abuse associated with certain abilities. But we need to balance that out with reality. Wikipedia is a site where everyone can edit, and that is going to lead to some abuse by nature. But that doesn't mean it will lead to only abuse, nor that we should base all of our actions around preventing any potential for it. The vast majority of IPBE flags are held in good faith and not abused, and we need to find a balance between mitigating potential harm and allowing people to still contribute in tricky situations and with respect for their privacy. As I've said before here, this compromise of creating a conversation between the investigator and investigated accomplishes this balance - and I agree that the flag should generally be retained unless there is a good reason why it shouldn't be. Ajraddatz (talk) 22:09, 27 March 2016 (UTC)
  • Support this change. It should reduce the workload for admins by not having to re-evaluate IPBEs so often, and accommodate people who move around or take a break from editing so sometimes don't need the exemption for a time. I don't see any real down sides, except that it will require some small amount of work to implement. ゼーロ (talk) 09:04, 23 March 2016 (UTC)
  • I have to oppose as it's written. I'm particularly concerned that "extensions should normally be given upon request". If a user doesn't have a valid need for the right or is no longer affected by a hard block, why should they still keep it? At that point, it simply becomes hat collecting. Just to be clear, I'm not opposed to having a discussion with the user involved. I just don't think we should default to enabling the right simply because they object to its removal. Mike VTalk 19:06, 23 March 2016 (UTC)
  • How about replacing "Extension should normally be given upon request" with something like "Extension should be given according to administrator discretion, with a bias towards assuming that someone who says that he still needs IPBE is telling the truth"? --Guy Macon (talk) 19:33, 23 March 2016 (UTC)
  • Unless the user in question has the templateeditor, reviewer, rollback, filemover, and all the online course or whatever they are rights then I don't think hat collecting should be the main concern. What if the proposal were re-worded to say something like "While conducting IPBE audits, CheckUsers should first contact the user in question through email or on their talk page, and give them an opportunity to justify continued use of the IPBE flag. Should the user provide a compelling rationale, then their IPBE access can remain at the discretion of the user conducting the audit." To me, this represents a middle ground, where the auditor and audited have a conversation, rather than either unilateral action or indefinite access by default. Ajraddatz (talk) 19:34, 23 March 2016 (UTC)
Hrm, I agree with the premise of a conversation, but "compelling rationale" and "discretion of the auditor" seem to leave us exactly where we are right now, unless we do a second RFC to define what compelling rationale is. I think the presumption should be to leave it, if the user says they want it, but if the admin can justify why it should be removed anyway. If admin "Pike X" chose to run an audit, whats to stop him from deciding everyone's reason isn't good enough? Gaijin42 (talk) 20:14, 23 March 2016 (UTC)
Well, we'd probably need another discussion. The problem is that all of the people involved in the auditing process now see IPBE as something which can be abused, because of the few cases where it has been. The users with IPBE see it as something to allow them to edit normally. The fact that this change forces a conversation to happen is, to me, the most important point, so that both sides engage and see the perspective of the other. While it does leave a lot up to the admin/CU doing the audit, this is going to happen no matter what the policy is (and if admin/CU discretion is not allowed per proposal, then the proposal will never pass). Ajraddatz (talk) 20:26, 23 March 2016 (UTC)
I absolutely think it should be discretion. But I think it should be discretion where the default answer is "keep, unless..." instead of "if you can't convince me that you meet an undefined criteria, I'm going to remove it". Gaijin42 (talk) 20:30, 23 March 2016 (UTC)
I wrote it that way on the premise that if the exemption was once given then someone must have looked at it, and now it's more a question of just avoiding the situation outlined in the discussions above where someone stops editing for a few months or temporarily edits from somewhere that the block isn't needed. I've fallen victim to this myself. ゼーロ (talk) 09:27, 24 March 2016 (UTC)
Mike V, I'm glad you're “not opposed to having a discussion with the user involved”, but I've experienced first-hand what that “discussion” with you looks like, and it's just not good enough. --Babelfisch (talk) 19:15, 25 March 2016 (UTC)
  • Support – This is basically just the suggestion #1 immediately above this RfC, without the problematic #2. I assume the existing policy allowing CheckUsers to remove the right if it is abused (without a notice requirement) still stands. All in all, this strikes me as a fair approach to this. --IJBall (contribstalk) 22:42, 23 March 2016 (UTC)
  • Comment: If a hard rangeblock is placed and this is the solution for allowing an editor to continue, then the expiration or removal of the rangeblock warrants the removal of IPBE - why would a notice period be needed? — xaosflux Talk 00:38, 24 March 2016 (UTC)
    In case there are other reasons behind them using the hardblocked IP. If it is a proxy so they can edit through government firewalls or just maintain privacy, then they might be able to inform the admin in question during that discussion. I fail to see how having that discussion is in any way unreasonable. If there is no reason for them to still have it, then it's just a quick message and reply, and then the flag can be removed. If there is a bigger reason, then the conversation can reveal that to the admin in question and they can move forward in a collaborative way. Ajraddatz (talk) 01:28, 24 March 2016 (UTC)
  • Comment As I have explained before, I may go many months not needing IPBE (because I am working from my home here in California) then suddenly need it very badly (because I am working on-site in China and am contractually required to only access the internet through Tails (operating system) and Tor (anonymity network).) I can easily convince an admin that I need IPBE, but if it is removed without notice I may very well be left with no way to log on to Wikipedia and make my case. --Guy Macon (talk) 21:32, 24 March 2016 (UTC)
  • So of course noone is obligating you to edit, and it does seem a bit of a stretch that your contract includes what you do with your own personal computers on your own personal time....; not to say that you can't legitimately have a use for this. — xaosflux Talk 22:10, 24 March 2016 (UTC)
  • True, not editing is always an option. Feel free to request that your account be blocked to show us all how desirable you think that option is... I do engineering and product design in the toy industry where the industrial espionage make many governments look like amateurs. My standard contract requires that while I am in China all internet access -- at the factory or in my hotel room, accessing design documents, editing Wikipedia, or looking at xkcd -- be through Tails and Tor. --Guy Macon (talk) 22:42, 24 March 2016 (UTC)
  • Note, I did leave that you have a legitimate use. This is an overall tricky subject, and these discussions are getting long - if the community decides that this is something that just anyone can have - then why make them ask in the first place, just bundle it the soon to be created extendedconfirmed access and let it be. — xaosflux Talk 00:33, 25 March 2016 (UTC)
  • You make a good point. It is tricky. Given that IPBE makes sockpuppet investigations difficult, there really is a good case for limiting it to those who can at least make a reasonable argument that they actually need it. --Guy Macon (talk) 01:17, 25 March 2016 (UTC)
  • SupportThis really shouldn't happen again. Remember: “Assuming good faith (AGF) is a fundamental principle on Wikipedia.” (WP:AG). There is no point of blocking users who are not guilty of vandalism. --Babelfisch (talk) 19:15, 25 March 2016 (UTC)
  • Question: How can we word our policies so that things like this are forbidden while retaining the absolutely vital administrator's discretion in cases where there is an actual reason for removal? I really don't like the fact that WP:AGF was ignored and a 12-year veteran editor with a clean block log was required to prove to a functionary that he isn't telling a lie about going to China every time he makes a trip. Also see: Wikipedia talk:Blocking policy/Archive 10#IPBE. --Guy Macon (talk) 21:45, 26 March 2016 (UTC)
That's why I phrased it "Extension should normally be given upon request." In other words, simply asking for an extension when notified should normally result in an extension, unless there is some overriding reason. The theory is that the initial decision involved checking and should be enough, unless there is some actual reason to remove it beyond "you didn't use it recently enough when I randomly happened to be looking." ゼーロ (talk) 23:29, 26 March 2016 (UTC)
  • Comment. I don't understand why we would default to giving extensions when they're not necessary. If you need it, then I can see how an extension would be warranted. But if you're just requesting it because you think you might need it again some day, then you shouldn't have the right automatically renewed. NinjaRobotPirate (talk) 04:42, 27 March 2016 (UTC)
  • What if my particular "I might need it again some day" is a 95%+ chance that I will need it very badly some time in the next three years? As an established and trusted user, shouldn't it be my call whether I will need it or not? Having the admin bit is a lot more dangerous than having IPBE, but what happens every time someone suggests that admins be required to periodically prove that they still need the tools? It gets shot down in flames is what happens. --Guy Macon (talk) 04:54, 27 March 2016 (UTC)
  • My thinking is that if you were granted it once then a check was done and you have not done anything to warrant removing it, so give the benefit of the doubt. Since editors rarely turn evil it seems like it would mostly reduce the burden of re-requesting and re-checking while only marginally increasing instances of abuse, if at all. ゼーロ (talk) 21:47, 27 March 2016 (UTC)
  • For the 99% of IPBE cases, where the editor in question is a good-faith contributor, then there should be no harm in keeping a flag that only has intermittent use. This is a site that anyone can edit, and anyone should be able to edit; if people want to edit while they are in China on business trips, then we shouldn't be forcing them to run through hoops every time. Ajraddatz (talk) 22:09, 27 March 2016 (UTC)
  • Support, this should at least help prevent the mess that led to this becoming an issue. And someone who's already been entrusted with it and is not misusing it should be able to say "Yes, I still need it" and be taken at their word. Seraphimblade Talk to me 07:59, 27 March 2016 (UTC)
  • Support. If the user has had the IPBE for some time and there is no sign of abuse while editing with it, then it's only polite to check with the user rather than removing the block with no warning. I'm sure someone can soon draw up a simple template for such a case. I don't see the rush to rapidly withdraw IPBE without warning. Ronhjones  (Talk) 22:26, 27 March 2016 (UTC)

I think it's time to close this RfC, since no-one has commented for well over a month. Any admins about to look at it? ゼーロ (talk) 07:50, 4 May 2016 (UTC)

The discussion above is closed. Please do not modify it. Subsequent comments should be made on the appropriate discussion page. No further edits should be made to this discussion.

Freedom and the equality of proxified users

"Requesting an IP address block exemption, because of the equality of status." According to your given information in "/wiki/Wikipedia:About" and in your Terms of Use: "Allowing anyone to edit Wikipedia means that it is more easily vandalized or susceptible to unchecked information, which requires removal." and: "Empower and Engage people around the world to collect and develop educational content and either publish it under a free license or dedicate it to the public domain", you are allowing ANYONE to edit Wikipedia and it would seem that you asked people world wide for getting involved, which does not apply to people who cannot edit Wikipedia by using Proxy that shelter themselves from attacks by any authorities (such as those that attempting on somebody's life or seeking somebody's freedom, eg.).
So, where do we go from here? Isn't it contradicting itself, to exclude those individuals who have an tremendous demand for support like that??
Greetings from Greece. — Preceding unsigned comment added by 212.38.166.23 (talk) 22:10, 16 April 2016 (UTC)

I agree. People who have to or want to use proxies/TOR/VPNs for whatever reason are second class citizens on Wikipedia. I understand the argument that there is a lot of abuse from people using those services, but I also find the lack of will to even try to accommodate people who can't show an immediate and dire need a bit disappointing. ゼーロ (talk) 14:12, 18 April 2016 (UTC)
Can confirm. People with privacy needs or wants are treated as second class citizens here. The folks at the Tor project have never been happy with the situation on Wikipedia, and I can't say I am either. Zell Faze (talk) 18:32, 24 May 2016 (UTC)

RfC: Grant exemptions to users in good standing on request

NO CONSENSUS, POLICY UNCHANGED:

A change to IPBE policy proposed would allow admins to grant IPBE to users in "good standing". Current policy is that the exemption is granted to accounts affected by IP blocks intended to prevent vandalism or disruption. Comments in support included that a change would bring it more in line with global exemptions (where there is no set policy), that it allows users who normally use the Internet behind a VPN/proxy for privacy to continue to do so under its protection, etc. Comments that expressed concern mentioned that the RfC statement itself was indistinct in guidance, that the "loose definition of 'good standing'" may vary from admin to admin, that the right contains too much potential for abuse for "good standing" to be enough of a reason.

It's apparent that arguments both in support and opposition are grounded, and there was no rough consensus that arose from the discussion. A simple count of the !votes, if I got it correct, yields 17 in support and 21 in oppose (a 44.7% overall support), which is not considered enough to justify a policy change.

Permissions are typically granted when the editor has expressed a clear need, and are usually not done in anticipation or simply in good standing. There are suggestions that the wording in the current policy can be adjusted or softened, which is potentially an avenue worth pursuing. But that was not in the scope of this RfC.

Hence, the onus is on editors who wish to remain anonymous with IPBE to clearly explain why their circumstance is "highly exceptional". Requests by users in good standing should contain a valid explanation for exemption, such as being block-affected. (non-admin closure) — Andy W. (talk ·ctb) 05:28, 9 July 2016 (UTC)

The following discussion is closed. Please do not modify it. Subsequent comments should be made on the appropriate discussion page. No further edits should be made to this discussion.

Users with good standing (judged by the admin, based on having made a positive contribution over a considerable period of time) may requset an exemption on privacy/security grounds, without the need for further justification. ゼーロ (talk) 15:50, 23 May 2016 (UTC)

  • Support Privacy and security are extremely valuable to many editors, and if they have shown good standing over a long period of time and are unlikely to abuse the facility I see little reason to not grant them the opportunity to contribute without compromising their privacy and safety. ゼーロ (talk) 15:52, 23 May 2016 (UTC)
  • Support per Katakana-Zero. Gaijin42 (talk) 15:55, 23 May 2016 (UTC)
  • Oppose due to the possibility of an account becoming compromised. As with any other user right, a need should be demonstrated. If we require "need" for something like rollback, we should obviously require "need" for an IP block exemption. ~ RobTalk 15:56, 23 May 2016 (UTC)
If an account is obviously compromised, indef block them and roll back their edits. It's not hard. Ritchie333 (talk) (cont) 10:14, 1 July 2016 (UTC)
  • Oppose I dislike the idea of using a loose definition of "good standing". Some admins might have high expectations and others might have a very low threshold for granting. We have more concrete standards for template editor, auto patrolled, autowikibrowser, etc. For something as important as IPBE, any proposal should have a more detailed criteria than just simply admin discretion. Also, I don't believe administrators are equipped to determine if a user is in good standing for IPBE. For instance, they would be unaware if the--re was ongoing sockpuppetry, XfD fraud, good hand/bad hand editing, block evasion, etc. By granting IPBE for privacy reasons with no justification, you're essentially granting it to whoever requests it. IPBE is a right that is open to abuse and it would be wise to exercise caution in granting it. Mike VTalk 04:44, 24 May 2016 (UTC)
  Note: As this is a proposal that would significantly change the IPBE policy, I have place notifications on the Administrators' Noticeboard and the central discussion template. Mike VTalk 04:44, 24 May 2016 (UTC)
  • Oppose This proposal lacks any nuance. I think an iterative improvement process would be better than superseding the policy with what is essentially handing it out like candy. HighInBC 04:50, 24 May 2016 (UTC)
  • Oppose All user rights should show a need for them. Further justification beyond "I want it" should be required. --Majora (talk) 05:00, 24 May 2016 (UTC)
  • Oppose - for a major user right like this, we need a better criterion than some admin thinking the user is in "good standing". עוד מישהו Od Mishehu 05:05, 24 May 2016 (UTC)
  • Oppose Any proposal should start with a clear statement of why the proposed change should be made, and how it would help the encyclopedia. Currently, it sounds like a suggestion that hat-collecting should be made easy. Which editor has needed this right, and has been denied it? Johnuniq (talk) 05:11, 24 May 2016 (UTC)
  • Comment I've said previously that we are way too precious about IPBE. The actual observed rate of abuse from this source seems to be low to nonexistent. And to respond to Rob's point, this is the only user right for which "need" even makes any sense; it is possible to need IPBE to edit at all, but nobody actually needs rollback or whatever. That's just a sort of social fiction. However, as written this proposal is too vague to provide meaningful guidance. On the one hand, it invites frivolous requests (oh hey, a new hat!) and could raise the risk of abuse to unacceptable levels. On the other hand, it also shifts the balance from judgment of the requesting individual's private circumstances to judgment of their on-wiki persona. This may well lead people to be too restrictive, since "good standing" is poorly defined; we'd see requests rejected over a six-month-old edit-warring block, a tendency to get fighty on noticeboards, or other minor misbehaviors that the community generally tolerates and that have only fanciful connections to potential IPBE abuse. Opabinia regalis (talk) 05:48, 24 May 2016 (UTC)
  • Question What specifically constitutes 'in good standing' for the purposes of this proposal? SQLQuery me! 06:15, 24 May 2016 (UTC)
It's difficult to define that exactly. I think it has to come down to judgement, just like judgement is used for various other things (granting an exemption on other grounds, various investigations, arbitration etc.) Otherwise we are in danger of assuming bad faith about everyone and putting worry and the effort of doing a cursory investigation over people's privacy and security. ゼーロ (talk) 10:38, 24 May 2016 (UTC)
  • Oppose I suspect this is an attempt to rollback the recent IPBE revocation that several administrators and check users worked on a few months ago. Part of having the IPBE is so that that good faith editors who are unfortunately caught in the friendly fire of having to lock down a range of IPs that have been repeatedly disruptive (blocked on multiple IP addresses). Editors who have true need of this permission will be able to use the already established process (which includes UTRS and running a checkuser) to verify that they are eligible rather than "in good standing". Hasteur (talk) 12:29, 24 May 2016 (UTC)
  • Support. It will bring it more in line with the practice of granting the global IP exemptions. Ruslik_Zero 12:49, 24 May 2016 (UTC)
  • weak support I'd prefer that a reason should be given, but with a presumption of IPBE being granted to users in good standing unless there is evidence that the reason given is irrelevant or false. Certainly once an IPBE is granted it should not be revoked without at least one of (a) clear evidence of misuse of IPBE (not unrelated poor conduct), (b) a long term block of the user, (c) exactly zero edits and logged actions for at least six months or (d) an explicit statement from the user that it is no longer needed. If an IBPE is removed for reasons c or d it should be automatically regranted on request if they remain in good standing. Thryduulf (talk) 14:20, 24 May 2016 (UTC)
  • Oppose - This is purely an "as needed" usergroup, not some trophy to collect. Reaper Eternal (talk) 14:33, 24 May 2016 (UTC)
  • Oppose on grounds that this lacks specifics. What is "good standing", and is a request just "I'd like to have it"? I would, however, support an RfC which clarifies that a desire for privacy and security is a sufficient reason to request IPBE. I edit from public places with some frequency, and to do so without using a VPN is utterly insane. It doesn't affect me in any case, since admins by default have IPBE, but the same privilege should be available to other users who don't want to edit on an easily compromised public or shared connection without taking reasonable precautions. Seraphimblade Talk to me 14:47, 24 May 2016 (UTC)
  • Oppose Users in good standing can be given IPBE per a demonstrated need. If they don't need it, there is nothing to gain from giving it out. --Jayron32 15:31, 24 May 2016 (UTC)
  • Support Having tried a few times to get an IP Block exemption myself so that I can edit with Tor or one of my VPNs, I have found that the current process is overly complicated and usually leads nowhere. You seem to need to be in some sort of immediate danger or something and can't just be someone who cares about their general privacy. By changing the policy in this way, people who feel like they need or want that sort of privacy protection could do so. For me it is so inconvenient to have to turn off my VPN or use a non-Tor browser to edit Wikipedia, that I often don't bother to make fixes to articles when I am using my privacy enhancing tools. We lose contributions this way. I'm not sure how many, but it is definitely a non-zero number. Zell Faze (talk) 18:30, 24 May 2016 (UTC)
  • Support - if people want to be more anonymous by editing through proxy or TOR, and are obviously not vandals, then there should be no blocks to them doing so. To be brutally honest: what harm does it cause if some people "collect" this flag? I would say that the potential for good use of it well outweighs the non-existent downsides for people who obtain it and then don't use it. Ajraddatz (talk) 18:48, 24 May 2016 (UTC)
    • Even if there's no harm from the wider distribution of the right, there's still a high potential for social harm in asking admins to render public judgments on something as vague as "good standing". Opabinia regalis (talk) 20:23, 24 May 2016 (UTC)
      • I assume you mean social harm in the form of debates over whether or not a user meets the vague criteria of "good standing", and that is a fair point. The proposal could be reworded to have some specific metrics to judge that on, and obviously IAR would exist for other cases as needed. I personally prefer vague wordings, because those can encompass more cases without needing to invoke IAR, and it prevents increased bureaucratization of the project. In my experience on Wikidata and at the global level, we have very few actual policies with set criteria. There is no policy for assigning a global IP block exemption, for example. Instead, we need to perform actions with sufficient justification that should we be questioned on them, there is no issue with either defending or overturning the action. Here though, there is definitely a different "political climate" for lack of a better phrase, and perhaps that type of broad wording doesn't work as well here. Ajraddatz (talk) 21:19, 24 May 2016 (UTC)
  • Oppose I have no problem loosening the IPBE requirements just a little bit so more people can demonstrate need, but this is way too vague to garner my support. Katietalk 19:40, 24 May 2016 (UTC)
  • Support - It used to be a lot easier to grant. Wikipedia is an easy place to abuse, having IPBE so difficult to get hasn't stopped sockpuppetry nor caused a reduction in vandalism, etc. People overestimate what it does. If we really give a damn about letting people edit anonymously (something the Foundation seems to think is important) then we need to loosen our grip on IPBE for editors as long as they have significant experience with no behavioral issues, subject to community review at WP:AN for revocation. If you don't want it treated like a trophy, don't make it so hard to get. Dennis Brown - 23:06, 24 May 2016 (UTC)
  • Support. There are many cases when IPBE can be useful/necessary for users. Sincerely, Marksomnian. (talk) —Preceding undated comment added 15:43, 25 May 2016 (UTC)
  • Oppose; (also see below in the other RfC) the primary issue isn't random new users acquiring IPBE, but existing users using it to hide behind a proxy so that they can not be matched against bad hand accounts. As for stating that there is little to no extant abuse of the right, that's pretty much meaningless: by definition the right allows evasion of detection of abuse so we couldn't know. Thus, limit the right to users we (a) trust enough to not sock and (b) when they actually need it. — Coren (talk) 15:20, 26 May 2016 (UTC)
    A note: If the security provided by a registered account over SSL is not sufficient to protect you from harm, then IPBE will not help you beyond giving you a vague sense of false security - it's not a magic "make me anonymous" bullet, all it does is allow you to add one level of indirection and obfuscate your source IP from Wikipedia by editing through proxies (and TOR) which we have otherwise blocked because of existing, extensive abuse. If there is an attacker after you with resources sufficient to do traffic analysis or identify you despite being hidden behind an account, then that extra step is not going to give you any substantial added security, period.

    I'm not saying people do not have legitimate desire for extra privacy and protection - I'm saying IPBE provides neither of those things. — Coren (talk) 15:29, 26 May 2016 (UTC)

  • Oppose, mainly because if we did this, then 99% of the time you wouldn't need IPBE. That makes this user right totally unnecessary. But IPBE should still be given to users who have to edit through proxies or blocked IPs for some reason. Kylo, Rey, & Finn Consortium (formerly epicgenius) (talk) 19:41, 26 May 2016 (UTC)
  • Oppose: No more hats. All that granting IPBE liberally will do is lead more users to place "This user has IP block exempt rights on the English Wikipedia" userboxes and topicons. — Esquivalience (talk) 23:35, 30 May 2016 (UTC)
  • Support - We can ban IP users from blocks, but once you've signed in, then you necessarily have a traceable history tied with you, specifically. If your specific history is good, why not allow the user to use a DNS anonymizing service? You're no longer anonymous by logging in. Note: I use a DNS for all my traffic through my home network, as I've recently been concerned with privacy. To edit wikipedia from home, I must specifically disable my DNS for a short period, which is a hassle, and defeats my desire to keep my traffic habits out of government bulk data collection lists. There's no reason to maintain the block for logged-in known good users. Fieari (talk) 02:34, 31 May 2016 (UTC)
    I do not see any connection between IPBE and DNS, or indeed between Wikipedia and DNS. The reason for having a history of IP activity is to defend against abuse, and the reason for not wanting an IPBE free-for-all is to defend against abuse from sleeper accounts. Johnuniq (talk) 04:06, 31 May 2016 (UTC)
  • Oppose - My impression is that the current rules are mostly what Coren says above: "Thus, limit the right to users we (a) trust enough to not sock and (b) when they actually need it." At one time I thought we were too fussy about IPBE, but the actual requests for IPBE that I have seen myself were nearly always unpersuasive. Often they were from people with only a few edits saying that their work was being interrupted by a rangeblock. It was typically hard to get any useful information out of them. (I can't cite examples since I didn't make notes of any of these discussions). Under the proposal we are voting on, I assume that the plan is to give those people IPBE anyway. In the above list of comments, I don't see any supports from checkusers. EdJohnston (talk) 03:44, 31 May 2016 (UTC)
  • Oppose I don't exactly understand. Maybe the editor who started this RfC would like to reason with me? --QEDK (T C) 19:28, 31 May 2016 (UTC)
    • @QEDK: My understanding is that the supporters would like any editor to be able to access the site from TOR or similar proxy services to protect their anonymity. There are some legitimate use cases where this is potentially needed (living in countries where contributing to certain articles could result in legal issues, for instance), but they'd like to be able to do that without explaining why they need the user right beyond generic privacy/security issues. ~ RobTalk 19:37, 31 May 2016 (UTC)
  • Oppose We don't need another usergroup, and even with an overseeing admin, could still be ripe for abuse...TJH2018talk 14:00, 1 June 2016 (UTC)
  • Support I have been keeping notes with others on this idea at meta:Grants:IdeaLab/Partnership between Wikimedia community and Tor community. A large number of people have a need for IP block exemption and currently, there is no viable process for granting it to the people who need it. Yawnbox wrote a note on this at "Wikipedia continues to violate my privacy" and I think this is a common sentiment and experience among people who have sincere and pressing reasons to keep their IP addresses private. The talk about the potential of abuse for this is ill-informed, especially considering that there are lots of good ways to minimize abuse potential. Granting "IP block exemption", for example, does not necessarily mean that the user is unknown to the Wikipedia community; one very good way to grant it might be to do so on the basis of recommendations from Wikipedians who know the user or vet them in some way, and vouch for the safety of granting the right to the account. I am not suggesting that the permission be granted without discrimination but there definitely needs to be a sure path for granting it. The currently system for granting it is illogical and discriminatory because it is not standard and arbitrary. Blue Rasberry (talk) 15:48, 2 June 2016 (UTC)
  • Comment/Suggestion Why not just add the ipblock-exempt right into a number of advanced permission groups (rollbacker, autopatrolled, reviewer). If a user is in good standing enough to have additional rights they are in good standing enough to be exempt from IPBlocks. Music1201 talk 05:18, 5 June 2016 (UTC)
    Because reviewer is given out like candy. Rollbacker is only a small step up from candy. And you don't even have to personally ask for autopatrolled to get it assigned to your account. Someone else can ask for it for you. Besides, what do any of those things have to do with editing through a hard blocked IP? --Majora (talk) 05:28, 5 June 2016 (UTC)
  • Oppose sock magnet. - jc37 05:32, 5 June 2016 (UTC)
  • Support assuming the bar for "good standing" was at least at the bar of 500 edits, no socking in the last 2 years, and some other reasonable things to cut down on sock problems. Hobit (talk) 11:02, 6 June 2016 (UTC)

Question: Sorry, the bot sent me. I don't get this question. Are you saying certain users will be allowed to commit wrongdoing and be exempt from getting blocked? Doesn't that happen anyway with admins and Arbs who have the same political persuasion as the editor committing the offense? SW3 5DL (talk)

  • Absolutely not. All this is proposing is that if a user is in good standing they have the option to request and IP block exemption on the grounds of increased privacy and security (typically because they are a VPN or TOR user). At the moment merely pointing out that your government/ISP/employer is monitoring you is not enough to get an exemption, you have to be actually blocked from editing. ゼーロ (talk) 08:23, 9 June 2016 (UTC)
  • Support - per explanation by ゼーロ SW3 5DL (talk) 01:07, 10 June 2016 (UTC)
  • Strong support of devolving IPBE to admin discretion in general, because few people have fixed IPs these days. My argument has got nothing to do with Tor or proxies. An increasing number of our editors have rotating IPs because mobile internet is becoming prevalent. Granting ipblockexempt to editors in good standing will pre-emptively minimise WP:collateral damage upon a trusted editor which in turn affects editor retention. As an admin who was regularly beset by collateral damage before I got adminship, I feel very strongly on this issue. Deryck C. 11:52, 10 June 2016 (UTC)
  • Oppose per Hasteur. I also see no evidence for Bluerasberry's assertions, either. I was a victim of what Deryck Chan (above) calls "collateral damage". I submitted a request, right was given, and editing continued. I had the right revoked once I moved elsewhere. The current system works. I have doubts about the desires of those wanting a change. Chris Troutman (talk) 18:16, 12 June 2016 (UTC)
  • Support There is some potential for abuse, and we may want to explore additional tools for reducing that risk, but as a starting point, I think we should be more liberal in granting IPBE. Monty845 21:21, 12 June 2016 (UTC)
  • Oppose I don't buy the privacy argument - yes, it may obscure your IP from Wikipedia, but this may cause other issues which I'm not going to go into here in public. Additionally, this really only protects your IP address from a small group of users, and the ops team, who don't use it unless they really really have to (eg. lawsuits). I'm just not seeing how a VPN or tor helps protect privacy on this site - if it bothers you so much, why not just configure the client to not proxy en.wiki traffic while editing? Mdann52 (talk) 15:13, 22 June 2016 (UTC)
    • It protects users from their ISPs spying on them, as well as government agencies. For example, the UK is trying to introduce legislation that would require ISPs to monitor all users in detail, beyond what it already requires in terms of data retention. Using a VPN protects the users from this intrusion. ゼーロ (talk) 07:23, 23 June 2016 (UTC)

Comment Currently I can only edit this page from work because an IP block has banned my home IP address, so apologies if my responses are a bit slow. I think this illustrates why this change is needed. I'm now in the position where I have reviewing editors saying I can edit on mobile or during my lunch break at work so it's fine, or that it's just too bad with the implication that the block is more important than allowing an editor to participate and improve Wikipedia. ゼーロ (talk) 07:54, 29 June 2016 (UTC)

  • Support Blocks are cheap, and collateral damage harms the project. If ゼーロ can't make good faith edits and has to file about 4 unblock requests, we have a problem. Nobody has defined "good standing", but I'm going to put a finger in the air and say "would not get an RfA closed as SNOW / NOTNOW" (and not for any other reason) would a suitable yardstick. Ritchie333 (talk) (cont) 10:11, 1 July 2016 (UTC)
  • Oppose: Support, with the same sorts of caveats/restrictions as Hobit, et al.  — SMcCandlish ¢ ≽ʌⱷ҅ʌ≼  16:49, 2 July 2016 (UTC)
  • Support - there are any number of reasons for wanting to use a proxy server on the Internet now, from using the internet at an unsecured point to concerns about government surveillance. (Personally, I use a VPN at home for almost everything except Wikipedia now, although personally I've never bothered to apply for this right.) So giving a reason is superfluous: after all, I could just say "I use the internet at coffee shops" and it would be hard to dispute that short of running a CU on my account and examining the IPs. These decisions should be made on the user's contribution record not on their stated reason. Blythwood (talk) 05:22, 4 July 2016 (UTC)

The discussion above is closed. Please do not modify it. Subsequent comments should be made on the appropriate discussion page. No further edits should be made to this discussion.

RfC: Automatically grant IPBE to users by proof of work alone

The following discussion is closed. Please do not modify it. Subsequent comments should be made on the appropriate discussion page. No further edits should be made to this discussion.


Proposal: WP:IPBE shall be granted, for any given language wiki on WP/EN:

  1. with sufficient scope to permit Tor and VPN use (e.g. local IPBE),
  2. automatically (to the extent wikimedia admin software allows — preferably requiring zero user action, or on a bot-automated "click here to get your IPBE" type basis if not), and
  3. to any user who demonstrates any one of the following proofs of work:
    1. an edit history of sufficient length to show that the user is most likely acting in good faith, i.e. not a WP:ILLEGIT violator (e.g. ≥10 substantive edits over the course of ≥1 month)
    2. human effort sufficient to dissuade sockpuppetry (e.g. emailing stewards such that they would notice if multiple requests are from the same human or from a bot)
    3. computational effort sufficient to dissuade sockpuppetry (e.g. Javascript cryptographic task demonstrating ≥4 hours of computational time on an average home computer).

Any IPBE expiration shall be renewed on the same basis.

In particular, as a change to current policy, IPBE shall not require any justification, showing of special need, unusual circumstances, etc. To the extent possible, curtailed only by actual needs to prevent sockpuppetry or automation, IPBE shall be given presumptively, just like HTTPS. Sai ¿? 18:30, 24 May 2016 (UTC)

[edited proposal w/ strikeout & italics per below Sai ¿? 10:49, 25 May 2016 (UTC)]

Qualification: If computational proof work is not adequate alone (e.g. because of botnet or Amazon spot instances), it could be altered to e.g. require periodic CAPTCHAs, or otherwise alter the proof of work to require actual work by an individual human. The first two portions are, in any case, the more important factors. The computational proof of work is solely intended to permit users to prove good faith as a bootstrapping mechanism, e.g. if they cannot send unmonitored email to begin with.

Another method of this — though it lacks the "do it at home" factor I intend — would be to grant IPBE in return for a payment to Wikipedia of some reasonable amount of Bitcoin. Sai ¿? 19:02, 24 May 2016 (UTC)

Discussion

Justification:

  1. Privacy is a right, not a privilege. Currently, state actors are engaging in widespread dragnet surveillance of essentially everyone who uses the Internet, or everyone who does so in a way that originates from or goes through that country. This includes, for instance, the United States, United Kingdom, China, and Iran. Therefore, Tor and VPN should be considered presumptive necessities, not exceptional cases.
  2. Tor and VPN software is already a very high barrier to people who are under surveillance or restrictive Internet access, whether they are being targeted personally or as part of a dragnet. Wikipedia should not have a policy that further chills this.
  3. Requiring a user to disclose any unusual circumstances harms their privacy. Users who need privacy must not be required to give it up as the price of securing it, especially given the presumption of all communications being made in the context of an actively attacking state actor. This causes very serious — potentially lethal — risks to users in certain regimes or with certain privacy concerns. See talk below for many examples.
  4. Everything talked about in 32C3: What is the value of anonymous communication? (slides, Tor Project blog post on the problem, Tor Project blog post on the study, video)

Disclosure: I have an IPBE, for the reasons described above, as well as for particularized reasons disclosed over PGP to three administrators. This edit was itself made over a VPN requiring IPBE. Sai ¿? 18:44, 24 May 2016 (UTC)

  • I think you are underestimating how much effort the sort of person who would abuse IPBE would be will to go through. HighInBC 18:33, 24 May 2016 (UTC)
    • And you might be over-estimating how much effort someone who doesn't want to abuse IPBE would go through. I mean Jesus, four hours. I am homeless. I don't have four hours to let my computer sit and do work just so I can use a VPN or Tor. That is insane. I want to protect my privacy, but finding four hours where I can sit somewhere like that without the police being called is not always doable for everyone. Zell Faze (talk) 18:37, 24 May 2016 (UTC)
      • I think the standard should include demonstrating a need for IPBE. VPNs are exactly what long term sock puppets use to avoid being detected, that is why those IPs are blocked. People use them to run two long term accounts and to evade checkuser scrutiny, they use them to circumvent community bans. HighInBC 19:26, 24 May 2016 (UTC)
        • I strongly disagree with the premise that IPBE is "need" on any personalized basis. The one and only concern restricting blanket IPBE is controlling abuse.
        Therefore, all that needs to be shown is either that someone is non-abusive, or that they have invested enough effort into the request that it would deter [[WP::ILLEGIT]] spam accounts.
        There is no justification whatsoever, AFAICT, for requiring an individual user to show a *personal* need for privacy; it's a universal right, not a privilege for a select few. (If you disagree, please explain — as distinct from the very different, non-individualized concern of curtailing bulk account creation. Blocks can still of course be made on a per-user basis, IPBE or no.) Sai ¿? 11:16, 25 May 2016 (UTC)
        • You can't always tell if someone is abusive, some people are sneaky. If they are using VPNs then you can't tell if they are a second account helping out their first, you can't tell if they are someone evading a block. Other than the autoconfirm rights no other user right we give out without the person demonstrating a need for it first, so I don't see why this should be any different. Range blocks become useless if we let just anyone request an exemption. HighInBC 13:15, 25 May 2016 (UTC)
      • The inherent contradiction in how we think about "need" for IPBE is that we currently ask people who specifically express privacy and security concerns to reveal information about their situation in order to demonstrate "need". That makes no real sense. What we don't have is a clear sense, in quantitative terms, of what the actual risks are in being less restrictive. Opabinia regalis (talk) 20:40, 24 May 2016 (UTC)
  • This is an interesting idea, but there's too much disparity in people's access to, and ability to use, computational resources for computational makework to be a solution. If I get one sock for every four CPU-hours I can make a whole sock town. For the kind of proof of work that involves investment of actual human time, we already have a pretty good proxy measure for that, usually located at Special:Contributions. Opabinia regalis (talk) 20:40, 24 May 2016 (UTC)
    • 1. This isn't an opposition to the first two methods I stated. Contributions is the first one of them. ;-)
2. Please see the qualification I gave re making computational proof of work require human interaction. For instance, a half hour of CAPTCHAs is probably more than enough.
3. New users can't rely on contributions (obviously), and if they are in particularly repressive regimes, they have a boostrapping problem for being able to contact anyone. The computational prong is purely meant to address this aspect of the problem.
4. One could, for instance, put some sort of "probation" flag on new IPBE users, merely to ensure they're not a botfarm or other [[WP::ILLEGIT]]. Sai ¿? 11:16, 25 May 2016 (UTC)
  • Do you mean to apply this to "every" wiki, or just to enwiki? Because if your goal is to bypass general torblocks everywhere, you will need to bring this up on meta:; enwiki only has jurisdiction over this project. — xaosflux Talk 21:02, 24 May 2016 (UTC)
    • I was not aware of that. I have edited the proposal to apply only to enwiki. I do intend it to apply everywhere, but let's start here for now. Sai ¿? 11:16, 25 May 2016 (UTC)
  • Oppose and speedily close because (a) we have no jurisdiction to apply this on other language projects even if there were consensus for it; (b) there is another RfC immediately above this one with a similar but less extreme question, and that one isn't even finding consensus, and; (c) the proposed bar of 10 edits is absurdly low and would allow any banned/blocked editor to go to their local library, make 10 edits, wait a month, and then access Wikipedia from a VPN indefinitely. ~ RobTalk 21:22, 24 May 2016 (UTC)
    • None of these are reasons for a speedy close. It looks like some thought went into this and the proposer makes very good points worth discussing. Dismissing their efforts with a 'speedy close' !vote is frankly offensive. Izkala (talk) 22:38, 24 May 2016 (UTC)
      • The reality is that it's unhelpful to have multiple RfCs going on at the same time on the same issue. It never ends well. I invite the proposer to resubmit this RfC if the above one passes (since this one has no chance of passing if the above does not), but right now, it's a net negative to bringing clarity on the community's consensus for how we apply IPBE. ~ RobTalk 23:43, 24 May 2016 (UTC)
        • (a) Edited proposal, per above. (b) is not relevant IMHO, and much of the opposition to the other RfC is from its vagueness and arbitrary discretion to admins, which mine does not have. (c) is an "e.g." only. Feel free to propose some other (objective) metric for "established good faith user". :-) Sai ¿? 11:16, 25 May 2016 (UTC)
  • Strong oppose You seem to underestimate the ease as which 10 substantive edits in one month can be made. And the very idea that this should be granted in return for Bitcoin is highly insulting to everything Wikipedia stands for. Even if that was just a one off suggestion that alone should be grounds to oppose this RfC. Also, speed close this as the less radical RfC is still ongoing. --Majora (talk) 22:18, 24 May 2016 (UTC)
    • 1. See my comments above re Rob13's (c).
2. I specifically said Bitcoin for a reason. Namely, it is a proof of work (in the technical sense) that is agnostic to the computing resources available to a given person. ("Proof of burn" is another method, but is both harder to implement and pointlessly wastes funds that might as well go to support WP — which might include, eg, any increased cost of monitoring IPBE accounts for abuse due to the increase in their total number.) Its purpose is to prevent gaming the system en masse by people with more computing resources or a botfarm at their disposal.
Another method to do so, which I also listed in the qualification, is to integrate repeated CAPTCHAs into the computational proof of work.
3. "I'm insulted" is not an argument against "this is a proven method for cryptographic computational proof of work". Sai ¿? 11:16, 25 May 2016 (UTC)
I am not "insulted" but I will say that asking users to pay to edit Wikipedia is a non-starter. Not going to happen, bitcoin or otherwise. HighInBC 13:16, 25 May 2016 (UTC)
        • You are already asking them to pay — with their time. That is fundamentally what the first two auto-accept criteria in my proposal are: proof of work, one way or another.
        In any case, the 3rd criterion of my proposal is severable from the other two. It is intended only to address a narrow issue bootstrapping issue for people who are under heavy surveillance. Opposing it is not the same as opposing the rest. Sai ¿? 14:21, 25 May 2016 (UTC)


  • Strongly support I have been in the situation of having to divulge details of my personal situation when applying for an IPBE, and have been the victim of state mass surveillance. Privacy is a human right under the European Convention on Human Rights, and more over there is a strong moral and social case to be made for supporting it. I appreciate that it isn't free and creates work, but it's worth it. Perhaps the suggestion is imperfect, but I think it is a good start and can be refined later, rather than doing nothing and making no progress on this issue. ゼーロ (talk) 08:41, 25 May 2016 (UTC)
  • Oppose For the same reason above: If a user has a demonstrated need, they can be given it upon request. --Jayron32 11:39, 25 May 2016 (UTC)
  • Strongly Oppose Putting such prescriptive guidelines on what must be done to gain the privilege only will cause more editors to actually seek it and destroy the purpose of the permission. Administrator discretion (in consultation with the community for consensus) is the best way. I oppose any attempt to weaken these absent a strong and compelling case for a user being caught in a IP range block. Hasteur (talk) 11:45, 25 May 2016 (UTC)
    (a) In your view, how is "purpose of the permission" somehow harmed by more people having it? To me,"this will cause more editors to actually seek (IPBE) and (thereby?) destroy the purpose of the permission" is as nonsensical as "the purpose of freedom of speech is harmed if more people are allowed to speak". I am hoping you mean something different, as I do not wish to mischaracterize your views. (b) How do you address the justifications I gave above explaining why no personalized exception should be made in the current climate of presumptive mass surveillance? Sai ¿? 11:53, 25 May 2016 (UTC)
  • oppose While I am a huge advocate for VPN on Wiki, and think the right should be much more broadly granted, these restrictions are much too broad and would lead to sock-armageddon. If based on number of edits, the number would need to be vastly greater (perhaps something like extended confirmed user) Gaijin42 (talk) 12:52, 25 May 2016 (UTC)
    • There are currently ~20,586 extendedconfirmed editors adding ipblock-exempt and/or torunblocked would be trivial from a technical point of view, but community consensus may vastly differ. — xaosflux Talk 13:08, 25 May 2016 (UTC)
  • Oppose To clarify my oppose from earlier, I believe the criteria for 'demonstrated need' could be loosened somewhat and I'd be in favor of that. Not sure what it would look like, but this isn't it. We have prolific sockmasters who are extended confirmed already, and this proposal encourages them. No way. Katietalk 14:21, 25 May 2016 (UTC)
  • Oppose, too high of a risk of disruptive activity. Restrictions need to be reviewed by competent parties (admins, checkusers, etc.) before exemption to technical blocks are granted. There are definitely valid uses of anonymizing technologies, but they must first be reviewed before being granted. Nakon 04:05, 26 May 2016 (UTC)
  • Oppose For the concerns I and others have brought up. HighInBC 14:39, 26 May 2016 (UTC)
  • Oppose; the primary issue isn't random new users acquiring IPBE, but existing users using it to hide behind a proxy so that they can not be matched against bad hand accounts. And yes, I've seen this. Often enough that it's a concern. IPBE is exactly what it is named: an exception. Intended for users we know well enough to trust with being able to circumvent our primary protection against socking when they need it. This requires human judgment, not an automated process. — Coren (talk) 15:11, 26 May 2016 (UTC)
  • Oppose, because this could lead to abuse of the user right, i.e. for sockpuppetry from a blocked IP address to that user account. Kylo, Rey, & Finn Consortium (formerly epicgenius) (talk) 19:43, 26 May 2016 (UTC)
  • @Coren: When was the last time you saw it? Just curious, I've seen it once in the last 2-3 years. NativeForeigner Talk 23:19, 26 May 2016 (UTC)
    • @NativeForeigner: Has to have been some time ago; it was while double checking another CU's finding. I think I saw it thrice or so   which is a fairly small number in absolute terms but when matching this against the also small number of editors with the right is significant. Also, that the barrier of entry is relatively high (in particular, because people who sock wouldn't want to be checkusered in the process of applying) helps. Reducing that barrier is an invitation to sock, IMO. — Coren (talk) 01:54, 29 May 2016 (UTC)
      • An invitation to sock, or a means of better treating the people who want to legitimately contribute to our site? I've always found it pretty easy to figure out when an account is abusing IPBE: 1. behavioural evidence, 2. editing from only a blocked IP which is blocked as an open proxy. Thanks to mobile ranges, checking accounts which are trying to dodge IP bans is a nightmare anyway. Of course there is the potential for more abuse by lowering the barrier, and I don't support this particular proposal because I still think that some sort of "need" should be demonstrated. But we can't just focus on the abuse - the edit button being available to anyone causes more abuse than anything else combined, and no rangeblock or checkuser can fix that. So let's embrace our openness, rather than being needlessly restrictive to prevent against hypothetical abuse. Ajraddatz (talk) 07:48, 29 May 2016 (UTC)
  • Oppose as too complicated and if I needed IPBE, I would prefer to make a direct request rather than run some program that takes longer than a compilation of the Linux kernel. Esquivalience (talk) 21:17, 31 May 2016 (UTC)
  • Oppose as too complicated, not relevant and unlikely to solve whatever problem it is trying to solve. Thryduulf (talk) 22:29, 16 June 2016 (UTC)
The discussion above is closed. Please do not modify it. Subsequent comments should be made on the appropriate discussion page. No further edits should be made to this discussion.

VPN service

I'm going to be travelling and would like to edit Wikipedia using a VPN for better security. I've read a bunch of pages but I'm still not sure if it's allowed or not. Do I need to get special permission from an admin? Are there any VPN services that are either preferred or forbidden? There's a list of "best VPN services" as PC Mag [1]. I asked about this at Wikipedia:Help desk and was told that this is the place to check. Felsic2 (talk) 17:45, 3 December 2016 (UTC)

It's allowed, but if there's a preferred list of VPNs (especially free ones) then you can almost guarantee that a vandal has been there first and got it blocked. Tor (not strictly a VPN) is permanently disallowed from editing Wikipedia. Other VPNs may or may not be blocked - it's almost impossible to say which ones, but they are not all blocked. If you obtain IPBE you can use any VPN, including Tor. If there's a limited time that you're going to be travelling, you can either ask a checkuser (details overleaf) or an admin (like me). For good housekeeping it'll probably be only for a limited/specified time. -- zzuuzz (talk) 18:04, 3 December 2016 (UTC)
That helps - I was going to use a free one but I'll pay the bucks for one of the others, and then I guess ask for an exemption if it's blocked. Felsic2 (talk) 18:58, 3 December 2016 (UTC)

Related to this: if we actually pay for a VPN, and aren't using it to avoid blocks or something nefarious, can we ask for an IP block exception, or is that considered too minor a reason? Trivialist (talk) 19:37, 10 March 2018 (UTC)

Proposal to alter guidelines for granting IPBE

Wikipedia:Village pump (policy)/Archive 133#IP Block Exemptions should be expanded to include accounts (5+ years) in good standing. Beeblebrox (talk) 19:30, 26 February 2017 (UTC)

The proposal has now changed to include any editor "in good standing and with significant editing histories if they desire to use VPNs". Also WP:VPP#Pre-RfC on IP Block Exemptions may be of interest. -- Amanda (aka DQ) 11:20, 4 March 2017 (UTC)

The consensus at the RfC discussion said no automatic granting of IP Block Exemption but to relax the requirements to receive such grant. Best to incubate the idea of relaxing the requirements before making another proposal. Either here or WP:VPIL may be a good place. --George Ho (talk) 20:48, 2 April 2017 (UTC)

It's been five months. I've made changes the reflect my understanding of the close. NE Ent 19:52, 3 September 2017 (UTC)
The close found "consensus that the requirements for granting IPBE should be reduced from experienced/trusted users having to demonstrate a need for IPBE (being unable to edit without it), to merely wanting IPBE (preferring to use a VPN while editing for example)". However the text currently says, under "[w]ho may request", [a]n editor who has genuine and exceptional need, and can be trusted not to abuse the right. I think maybe User:NE Ent didn't notice that bit? I'm going to remove the "need" part of it based on the close. --Trovatore (talk) 17:35, 19 March 2018 (UTC)
I’ve reverted. The close specifically called for more discussion, which has not happened, and in practice we haven’t changed. A new discussion is needed to figure out what is needed here. TonyBallioni (talk) 22:22, 19 March 2018 (UTC)
Well, the main burden of the changes happened last fall, I think, with the changes by NE Ent and subsequent. My changes were just cleanup.
However, the close was clear that "need" should no longer be required. I am not too picky about the exact language used, as long as it accomplishes that. Do you have alternative language to suggest? --Trovatore (talk) 22:32, 19 March 2018 (UTC)
I think the wording is fine as is: it was toned down from exceptional need for to just need, and in the past year, the practice has stayed somewhat constant of needing a reason other than just a want. Given that the practice has been so consistent and most admins will still refuse to grant without consulting a CU, I think you’d need a newer discuss to limit it much more than currently. The current practice is typically we assign for a year for trusted users who will need it frequently. For those who need it in a specific context, it is much more limited. This is one of those situations of figuring out how to balance the prescriptive/descriptive nature of policy. TonyBallioni (talk) 22:50, 19 March 2018 (UTC)
Here is a direct quote from the close:
There was also consensus that the requirements for granting IPBE should be reduced from experienced/trusted users having to demonstrate a need for IPBE (being unable to edit without it), to merely wanting IPBE (preferring to use a VPN while editing for example).
What we need to discuss is how to implement that, not whether to implement it. It specifically says a "want" is enough for a trusted user. --Trovatore (talk) 22:58, 19 March 2018 (UTC)

Sure, but no one actually follows that, even now, and discussion was recommended before making the changes. Policy is meant to reflect practice and given that we haven’t started handing this out on request at all, I think that we’d need more discussion to liberalize it further. That consensus is stale and no additional discussion took place as the close said would need to happen. TonyBallioni (talk) 23:11, 19 March 2018 (UTC)

Policy is meant to express the wishes of the community, and the community spoke. If the admins have not been following it, then that's shame on them, not an argument that it wasn't the real consensus. --Trovatore (talk) 23:14, 19 March 2018 (UTC)
No user with advanced permissions can ever be forced to use them. If no admin or CheckUser will grant simply on request (which is the current situation) that is a sign that the initial discussion likely did not fully reflect community consensus. RfCs aren’t magic: people have to follow them in practice, and when people are consistently ignoring the outcome, that’s more suggestive that the outcome was incorrect than anything. TonyBallioni (talk) 23:26, 19 March 2018 (UTC)
Admins are supposed to implement the will of the community. That is the trust vested in them. It's not a question of whether the RfC can "force" them to. --Trovatore (talk) 23:27, 19 March 2018 (UTC)
(edit conflict)So, a weak consensus was reached - almost exactly a year ago - and no one has said anything, or tried to enact that part until now. I think a new RFC would be a very good idea. Especially as we would need one anyhow to determine wording. SQLQuery me! 23:28, 19 March 2018 (UTC)
Agreed, a weak consensus in an RfC that no one has acted on either in terms of implementing of in terms of wording for a year does not have any standing, IMO. TonyBallioni (talk) 23:30, 19 March 2018 (UTC)
I have to say it's somewhat objectionable to ignore a close on this basis. If admins have on the average a different opinion from the community on the average, will they nevertheless follow the community consensus? They ought to. If they don't, that should not be used as evidence against the consensus.
That said, if we have to do it, let's get a clear answer this time. I would propose that the RFC be specifically about the question of whether well-trusted users should be able to get an IBPE based on the desire to use a VPN, and if so, how much evidence of trustedness should be required. --Trovatore (talk) 23:41, 19 March 2018 (UTC)
Also, it should be held at village pump (policy), and well-advertised, with all previous discussants notified. --Trovatore (talk) 23:44, 19 March 2018 (UTC)
So, I have some follow-up questions. A lot of the issues this proposal has had in the past has been due to vagueness. How do you define 'well-trusted users'? Should a CU still be consulted when granting the right? Should CU's still audit IPBE usage? What should be the venue to request IPBE in this use case (I was thinking PERM, but that circles back to the CU question)? SQLQuery me! 23:58, 19 March 2018 (UTC)
You want my personal opinion, or the wording of the RFC? My personal opinion is that consulting a CU is fine; I have no objection to that. I would prefer to avoid muddling the issue by throwing that into the mix; I would be happy to make explicit that a CU may be consulted when determining trustedness. --Trovatore (talk) 00:01, 20 March 2018 (UTC)
That's really the trick, isn't it? Most admins will not grant without at least talking to a CU (whether or not a CU runs a check is different, but this is the common practice amongst anyone who sees IPBE requests that I know). What is the purpose of running a check if the right can simply be handed out based on want? The other issue here is that this also crosses the line into PERM, which is an area where admins are typically granted a lot of leeway in determining whether or not to hand out permissions (and yes, need is almost always used as the reason to deny a PERM request.) CAT:RFU is also an area where admins typically have a lot of discretion in how they work.
This is essentially combining two of the most discretion heavy admin areas where the "practice is policy" mantra basically is the policy. I think it'd be really odd to have such a prescriptive rule for handing out a permission for one that is arguably more sensitive than all the others. I think the current change lowering it from exceptional need is a good one (what is exceptional?), but there should be some demonstrated need, otherwise we wouldn't hand out the right, just like we wouldn't for other permissions.
I think future discussions would be better focused on defining what constitutes a need here rather than getting into the need vs. want question. Maybe we should loosen the granting: but I doubt we would ever simply hand it out on request. Figuring out what a need is seems to be the most productive way forward. TonyBallioni (talk) 00:11, 20 March 2018 (UTC)
No, I think the specific question is want vs need. That was hit quite hard in the previous RfC. I think criteria for "trustedness" can be set tight, but if a user is trusted, then a desire to use a VPN should be sufficient. That's the specific question I want addressed. I feel that it was already addressed in the previous RFC. --Trovatore (talk) 00:14, 20 March 2018 (UTC)
And I'm telling you that no matter what an RfC says, admins are not going to hand out any user right simply because someone wants it. This would be the only one with no standards at all beyond trust. Whether you phrase it as need or want, there needs to be a granting criteria as to what qualifies. TonyBallioni (talk) 00:16, 20 March 2018 (UTC)
It is a sufficient remedy for that if users are allowed to keep asking multiple admins until they find one who will do it. --Trovatore (talk) 00:18, 20 March 2018 (UTC)
As I say, I'm fine with definite criteria on what constitutes trust. I would expect an established pattern of good edits, say regular editing for a year, with minimal evidence of disruption. --Trovatore (talk) 00:22, 20 March 2018 (UTC)

That's the point I don't think you are getting: this isn't how user rights work. All admins want to see a need for something (even pending changes reviewer, which we basically hand out to anyone who has a pulse, we require someone to explain why they want it.) How we define need for a given user right is the question. Making this have a set criteria where it has to be given just on request would make put it out of line with every other permission. We might decide that having valid security and privacy concerns that makes someone want to use a VPN is a good reason to request the right, but that is still something someone would be expected to explain, even under a much more liberalized version of this. TonyBallioni (talk) 00:35, 20 March 2018 (UTC)

I look at my permissions and I see that I have, for example, "autopatrolled". I was never asked to explain why I "needed" it. It's not clear that I do "need" it. But I've created good articles (well, good stubs) and no really bad ones, so it makes sense to trust me with it. --Trovatore (talk) 00:53, 20 March 2018 (UTC)
Looks like you received that during the roll out of that right. I can't even find evidence of you requesting the right. SQLQuery me! 01:04, 20 March 2018 (UTC)
  • Times have changed. Speaking as a checkuser who used to be pretty strict about granting IPBE...I'm very willing to be quite liberal in the granting of it today. The reality is that many well-respected internet personal security sources advocate for internet users to utilize VPNs. We know that WMF sites have been targeted by intelligence agencies for user data. As checkusers, we know that there's really not much difference in the usefulness of the results we see if someone is using a mobile network compared to if the same user is on a VPN. I'm writing this from a plain IP right now because I'm using my hardwired desktop; but if I was on my laptop, my edits would be behind a VPN. And since I use a pretty popular VPN, most of its ranges are globally blocked; if I wasn't an admin, I wouldn't be able to edit a lot of the time. (Yeah, I know, I'm not a big editor...but I think people get my point.) If we're now to the point where we're saying "you have to put your personal security on the line in order to edit Wikipedia"...well, I'm not sure we're making a winning argument. It's time for a re-think here, one that is entirely in line with WMF and Wikipedia values. In the pre-RFC that Amanda/DQ references above, someone suggested people should be spending time editing articles rather than debating IPBE. Well, the reality is that a lot of people prioritize their security over editing articles, and they aren't editing if their VPN is blocked. Risker (talk) 01:17, 20 March 2018 (UTC)
    • Sure, and I think saying "I have valid concerns about my security and/or privacy because of XYZ" should probably be a good reason to do so for an experienced user. I don't think the RfC endorsed just handing it out like candy when someone asks for it though. There should be guidelines, which we currently don't have. TonyBallioni (talk) 01:24, 20 March 2018 (UTC)
      • Well, how about if XYZ equals "... I don't want to be tracked by my ISP"? That applies to pretty much everyone, I think, so if that's a valid reason, then we may not be that far apart. --Trovatore (talk) 01:28, 20 March 2018 (UTC)
      • I guess my point is, that the supposedly good reasons we didn't hand it out like candy before...are no longer operational. The big issue was the ability to "obscure" the user. The rule was created when most people had static or limited-range IPs; I don't know about you, but my phone has had 30 different IPs today (i.e., every time I unlock it, I'm getting a different IP). I'm not quite ready to say it should be automatic...but I no longer see a reason why "ask and ye shall receive" is a bad idea. Risker (talk) 01:45, 20 March 2018 (UTC)
        • In any case, the RFC outcome doesn't go that far; it doesn't say it should be automatic. It just says that "trusted" users should not have to demonstrate a "need". There might be an intermediate notion of a "reason" that is between "want" and "need" — but as I say, pretty much everyone has a reason. VPNs are a good idea. --Trovatore (talk) 01:51, 20 March 2018 (UTC)
          • I would be fine with changing it to legitimate reason or demonstrated reason. This gives enough flexibility to CUs when evaluating so it isn't automatic, while also keeping the idea of the RfC that the policy should be lessoned from what it once was. TonyBallioni (talk) 01:54, 20 March 2018 (UTC)
            • But is there anyone who doesn't have a legitimate reason? I think the decision should be based on the level of justified trust, not the urgency of the reason. Though I would be willing to allow that truly urgent reasons might compensate for a slightly lower level of justified trust. --Trovatore (talk) 01:57, 20 March 2018 (UTC)
              • I've come across a number of incoherent rants about needing IPBE because of VPN from users who would likely fall in the typical definition of trusted or experienced I've seen CUs use in UTRS. Someone should be able to explain in clear English why this would be helpful to them and the encyclopedia, and the CUs and admins that review them should not be forced to hand it out simply on request if the user is "trusted" (again, an undefined term).
                If we don't allow some use of discretion here like we do for literally every single permission except CU/OS when handed out to sitting arbitrators, what is going to end up happening is people invoking IAR to deny or people raising their level of what is required for "trust" (which is currently a pretty low standard form what I've seen, and that is a good thing). TonyBallioni (talk) 02:08, 20 March 2018 (UTC)
                • I'm not saying they shouldn't have discretion. I'm saying they should exercise their discretion based on the level of trust, not on the level of need. If someone doesn't "need" the right, but is trustworthy, there is no harm in giving it to them. If someone does "need" it, but is not trustworthy, we still don't want to give it to them, even though they "need" it. --Trovatore (talk) 02:12, 20 March 2018 (UTC)
                  It strikes me from the above that you may be using "trust" in some sort of term-of-art sense that I'm not entirely aware of. If that's it, then I don't mean that. I mean "trust" in the ordinary sense of the word. Has the person edited in a way that justifies trust? And have they edited enough to be able to tell? --Trovatore (talk) 02:14, 20 March 2018 (UTC)
                  • Well, what is "trust"? The whole purpose of restricting IPBE (remember, it was originally only available as part of the admin package, back when one only needed 1000 edits to become an admin) was so that socking could be readily identified by checkusers. That's a moot point now; *any* user, trusted or not, can cycle through a bunch of IPs in the course of a day, and lots of common editing locations (libraries, universities, coffee shops, locations where Wiki-activities are occurring) are now behind the same VPNs that are available to the public. There was a point in time where "clean block log" meant "trusted user", but I can think of plenty of users I'd trust just fine with IPBE who've been blocked plenty of times, just not for socking. So maybe that's the "trust" point? No blocks for socking? Risker (talk) 02:21, 20 March 2018 (UTC)
                    • As a CU, comparatively, how difficult would it be to link someone socking when a IPBE is involved? Seeing as we have had many high profile, "trusted", users who have been blocked indefinitely after it was discovered that they were abusing multiple accounts by CUs if an IPBE would make it impossible to link socks to masters then handing it out to anyone that is "trusted" is not good enough. There has to be a need there. --Majora (talk) 02:25, 20 March 2018 (UTC)
                      • Majora, I don't think that whether or not the user had IPBE would have made any difference whatsoever in being able to work out the multiple accounts from the CU perspective. Those cases are always extremely complex. Risker (talk) 02:52, 20 March 2018 (UTC)
                    • (ec, responding to Risker) I wouldn't make it that rigid, necessarily. I agree, someone who's been blocked a few times may be trustworthy, especially if it was a long time ago and their behavior has changed. Someone who's never been blocked at all, but who seems to be a WP:TIGER or repeatedly skirts the edge of blocks for tendentious editing, I'm not sure I would. As you say, the technical environment may have changed to the point where even that no longer makes sense; I don't claim expertise on that. --Trovatore (talk) 02:27, 20 March 2018 (UTC)

(edit conflict) x3 My point is that people are going to look at the reason for requesting regardless of what the policy says as we do this for literally every single user right. No matter how many times you say they shouldn't, they will, because this is how we handle permissions. Someone who sends an incoherent rant to UTRS is going to have their request denied, that is a simple fact.

I'm not using trust in any special sense: I've seen IPBE granted to users who wouldn't qualify for page mover (which has a 6 month and 3000 edit requirement.) It is used in a natural meaning of the term. The issue is that if we don't allow in policy for some discretion and evaluation of reason, people will just merge the two (i.e. I don't trust someone who sent an incoherent rant to UTRS, regardless of how good they are on-wiki, when the real reason is that the rant is incoherent and they didn't provide a reason they need it.) TonyBallioni (talk) 02:28, 20 March 2018 (UTC)

I'm perfectly willing to agree that someone who sends an incoherent rant as their request should be denied. But isn't that itself a good reason not to trust them? It's not really about the strength of the reason. It's that it affects the estimate of how likely they are to abuse the right. --Trovatore (talk) 02:31, 20 March 2018 (UTC)
Sure: but now we're getting into the problem of trust being undefined: I typically define "trust" as to mean their actions on-wiki. No one except admins get to see UTRS, which is where most of these requests come in. It won't affect their standing in the community at all or their level of trust. Giving some level of discretion here is absolutely needed otherwise you just end up bundling everything under "trust". i.e. "Why would someone who has only ever used a hardwired desktop at their house need to use VPN? I don't trust them." Requiring a reason gets people to explain it ahead of time, and if you include it as a criteria, you'd likely see more grants rather than simply raising what "trust" means. It will liberalize it while giving admins and CUs discretion, which is still needed. I can think of several recent editors who were caught socking by CU would likely wouldn't have been if we simply handed it out on request. The standard needs to be above handing it out automatically upon request, but likely lower than it has been. Allowing the people who are most impacted by this (CUs) some judgement here is needed, and I think totally in line with the RfC, which was a weak consensus at best. TonyBallioni (talk) 02:38, 20 March 2018 (UTC)
Why would they use VPN if they only ever use a hardwired desktop at their house? Because they don't want their ISP to track them. Unless by "hardwired" you mean someone with a connection independent of any ISP? I think that's such a minuscule segment that it's not worth worrying about. --Trovatore (talk) 02:51, 20 March 2018 (UTC)
As an example of what I think probably should be included here (as I was affected by it at one point, and would have liked IPBE but didn't request it): I travel a lot to client sites for work, but have a lot of downtime and I don't want them tracking what their vendor is looking at on site while waiting for meetings. Can I please use a VPN? This wouldn't be covered under the current policy, but I think would be a decent reason. I also think I should have to explain it. TonyBallioni (talk) 02:43, 20 March 2018 (UTC)

Exceptional need

(This discussion concerns the following series of good-faith edits: [2][3][4][5] --Guy Macon (talk) 19:14, 10 May 2018 (UTC))

My apologies Guy Macon. I didn't mean to make the wording inconsistent with policy but rather, I thought the wording was consistent with using exceptional there. I thought it was correct and took it from Used for anonymous proxy editing, the highlighted "Who may request: An editor who has genuine and exceptional need, and can be trusted not to abuse the right."

The words "exceptional need" are there. Are they inconsistent with the policy?
 — Berean Hunter (talk) 16:14, 10 May 2018 (UTC)
Good points. Please put back the "exceptional need" until we reach a consensus on whether to include it. --Guy Macon (talk) 19:02, 10 May 2018 (UTC)
There was an RFC that was specifically closed as showing consensus that "need" was not required (much less "exceptional need"). Unfortunately the closure asked for further discussion, which didn't happen in a timely manner. Still, that particular point was unambiguous. --Trovatore (talk) 19:07, 10 May 2018 (UTC)
As noted above, there was a weak consensus that was never implemented and nothing changed. An RfC result that hasn't been followed for over a year is not in anyway binding. TonyBallioni (talk) 19:12, 10 May 2018 (UTC)
Can you point me to that policy? --Trovatore (talk) 19:13, 10 May 2018 (UTC)
See WP:PGCHANGE. Policies document best practice. If a discussion closed recommending another discussion and no one followed up, and nothing changed in practice, and it has been over a year, we can't reasonably describe that as a best practice that is followed. TonyBallioni (talk) 19:22, 10 May 2018 (UTC)
I don't see anything there about a time limit for the validity of a consensus. It's true that it was closed recommending follow-up discussion, but it did find that particular point, that there was a consensus to remove "need". --Trovatore (talk) 19:25, 10 May 2018 (UTC)
More to the point, what is actual practice? Are we granting IPBE based on need or not? The text of this page should reflect what we actually do. That's what PGCHANGE is saying here. It doesn't matter what was, or was not, followed up on. What do actual admins in the field do regarding IPBE? I've not granted it in a few years, but I was always fairly liberal about it with any established, good-faith editor who was being hampered by blocks not intended for themselves. --Jayron32 19:29, 10 May 2018 (UTC)
OK, here we get to the key issue (or one of them). Are admins going to abide by the consensus of the community, or not? If policy reflects practice and practice is just what admins do, then why bother having RFCs? --Trovatore (talk) 19:31, 10 May 2018 (UTC)

I just reread the RfC. I agree that there was a general agreement for loosening of the restrictions, but the focus of the comments were on whether there was a valid reason (and considering privacy to be one.) As the close also noted, there was consensus against an automatic handing out of the right (which wording to the effect of "want" would have, even if that is what the close said. There is a bit of a tension there.)

Trovatore to quote you in the discussion I would be happy with just a little change of mind-set, where the first question is not "do you need it?" but rather "do we trust you?" and maybe the second question is "do you have, not necessarily a 'need', but a non-frivolous reason that rings true? My point in the discussion above is that there is always going to be a second question regardless of whether or not the first question is "do we trust you?" no matter what is written here. I'd support changing the wording to something like established users with a valid reason for requesting it. which I think is what the spirit of the RfC was, and what the close was trying to get at. The RfC wanted the standards lowered, and I think we have lowered them a bit in practice, but we need to keep in mind that automatic granting was also rejected, and I think you need to include some phrasing along the lines of "valid reason" to also reflect that. TonyBallioni (talk) 19:54, 10 May 2018 (UTC)

How about "I want to use a VPN because I don't want my ISP to track me"? If that's a valid reason, then I'm OK with including "valid reason". --Trovatore (talk) 19:56, 10 May 2018 (UTC)
I think it depends on the circumstances, but in many cases, yes, that could be one. TonyBallioni (talk) 19:59, 10 May 2018 (UTC)
Isn't it a valid reason for everyone? Maybe not if you have your own connection to the backbone, but that costs into six figures, I think, so not really worth calling out separately. --Trovatore (talk) 20:03, 10 May 2018 (UTC)
The language of this policy should not be "valid reason". That's too vague. It should say what is and is not a valid reason. See RfC below. --Guy Macon (talk) 21:02, 10 May 2018 (UTC)

RfC: Criteria for granting IP block exemption

The following discussion is closed. Please do not modify it. Subsequent comments should be made on the appropriate discussion page. No further edits should be made to this discussion.


This RfC concerns the following series of good-faith edits: [6][7][8][9] and this talk page thread: Wikipedia talk:IP block exemption#Exceptional need

What criteria should an administrator use when granting IPBE to editors?

(This RfC does not apply to Admins, 'Crats, Arbcom, etc. It only covers the case of giving ordinary editors IPBE.) --Guy Macon (talk) 21:01, 10 May 2018 (UTC)

Survey

THERE IS NO NEED TO OPPOSE. IF YOU SUPPORT AN OPTION NOT LISTED, POST YOUR OPTION IN THE "SOMETHING ELSE" SECTION.

Option 1: Auto

Administrators should grant IPBE to editors automatically based upon some as yet-undefined criteria

Any support comments should detail what the criteria should be and why we should overturn the previous RfC. If there is sufficient support, a new RfC with the various possible criteria for automatic granting listed will be created.)

  • Second choice, option 1 I'm not convinced there's anything really wrong with letting all established editors in good standing have IBPE. In fact, maybe they shouldn't even have to ask for it; maybe it should be like autoconfirmed. User:Risker reports above: As checkusers, we know that there's really not much difference in the usefulness of the results we see if someone is using a mobile network compared to if the same user is on a VPN. --Trovatore (talk) 21:21, 10 May 2018 (UTC)
  • If you want automatic, make it automatic. For example, it could be included in extendedconfirmed, or auto-granted at your 1000'th or 10000'th edit...etc. — xaosflux Talk 23:29, 12 May 2018 (UTC)
Option 1 discussion

Option 2: Judgement

Administrators rely solely on their own judgement when granting IPBE, ignoring any guidance from this page. This essentially repeals this page as a procedural policy.

  • Preferred option for bypassing blocks unrelated to webhost / VPN / other anonymizing proxies. SQLQuery me! 00:07, 11 May 2018 (UTC)
  • Agree with SQL if you aren't Kumioko and work for the Navy, we tend to give you IP pretty easily. TonyBallioni (talk) 00:17, 11 May 2018 (UTC)
  • Agree with SQL. The normal state is allowing users to edit; if a legitimate user is being restricted by a block that wasn't intended for them then they should be allowed an exemption. -- Ajraddatz (talk) 01:29, 18 May 2018 (UTC)
  • Support. Anybody should be able to edit unless they're disruptive in some way. Having an IP that's under a range block is not disruptive in and of itself. If a range-blocked editor requests an exemption it should be granted until the point they're being disruptive. If there is a high number of exemption requests from the same range that result in disruption then the admin should explain that they cannot grant the exemptions because this has proven to be disruptive. Bright☀ 17:31, 2 June 2018 (UTC)
Option 2 discussion

I have a real problem with the wording of this option. It is clearly an example of poisoning the well, and was written by the originator of the RFC to make it a pejorative option; the notion that admins, when acting on their own judgement (and they do in every decision they make), do so without regard to existing policy is frankly insulting; it sets up the false dichotomy that admins are either mindless button clickers who don't pay attention to policy at all, or are rogue actors, behaving arbitrarily without regard for existing policy. That sort of thing is ridiculous. If we can't have a neutrally worded RFC, why bother at all...--Jayron32 15:47, 11 May 2018 (UTC)

Option 3: Privacy

IPBE should be granted to editors who have privacy concerns, subject to the judgement of the granting administrator.

  • Prefer option 4 but mentioning up here that I don't see options 3 and 4 as being contradictory. Privacy can be a valid need, but there should also be discretion involved. 4 makes that more clear. This isn't an oppose so much as a "I guess I'm behind this, but I think the option below phrases it better." Sorry for the double post, Guy, but I thought it easier to explain my thoughts in two sections. TonyBallioni (talk) 21:06, 10 May 2018 (UTC)
  • Option 3, I guess I think this RFC is too fragmented; !votes are going to be all over the place, and synthesizing them into a consensus is going to be challenging. I would have preferred a much more focused question, about removing the "need" language. But given the question asked, I guess I'd pick this one, followed by "automatic subject to defined criteria" (Option 1). --Trovatore (talk) 21:09, 10 May 2018 (UTC)
  • Yes, in tandem with a use-case as described in option 4 below. -- Ajraddatz (talk) 01:28, 18 May 2018 (UTC)
Option 3 discussion

Option 4: Need

IPBE should be granted to those who show that they have a need for it, subject to the judgement of the granting administrator.

  • Support Option 4 I support this option, but consider privacy a need (just not an exceptional need), and don't consider this option to be contradictory with option 3. It just allows for there to be more discretion for administrators when granting it. TonyBallioni (talk) 21:06, 10 May 2018 (UTC)
  • Preferred option for bypassing blocks related to anonymizing proxies/VPN/Webhost blocks. SQLQuery me! 00:06, 11 May 2018 (UTC)
  • Preferred option with the note that privacy concerns are a demonstrated need, so this option subsumes option 3 as well, and is not exclusive of it. --Jayron32 15:49, 11 May 2018 (UTC)
  • Support. Like everything else, IPBE exists because people need it sometimes for a variety of reasons, and privacy is one of those reasons, but there are plenty of other reasons. Granting IPBE based on a strict set of criteria would harm those who have a reasonable need for it but simply don't pass the criteria. And this page exists to give firm guidance ("should"), but not to make bright-line rules ("must"). Nyttend (talk) 11:42, 12 May 2018 (UTC)
  • Support this only and I would echo Jayron32 completely here. Admin are capable of determining risk and need. Dennis Brown - 14:53, 12 May 2018 (UTC)
  • Support per Dennis Brown and Jayron32. Privacy is a legitimate 'need'. VPNs are ubiquitous — Opera even has a free VPN integrated into the browser — and many users connect through VPN as a matter of course for security and protection. To require they drop out of their VPN and expose their systems simply to edit Wikipedia is not acceptable. Administrators are capable of assessing whether an editor is experienced and trusted enough to be granted +ipbe. Jbh Talk 18:48, 12 May 2018 (UTC)
    • @Jbhunley, Dennis Brown, Nyttend, and TonyBallioni: Wikipedia talk:IP block exemption#RfC: Grant exemptions to users in good standing on request has already determined that privacy concerns are NOT a valid "need". Because option #4 does not define "need" and option #3 does, I cannot see how the closer can conclude otherwise than determining that option #3 overturns that previous decision and that option #4 retains it. Perhaps the closer will move all non-duplicate option #4 votes that assert that privacy concerns are a valid need to option #3, but it would be far better to !vote for the only option that specifies that privacy concerns are a valid need and not !vote for the option that retains by default the existing decision from the previous RfC. --Guy Macon (talk) 02:54, 13 May 2018 (UTC)
      • Uh, hasn't Great Firewall-avoidance long been a prime reason for granting IPBE? That's the kind of privacy I was talking about: so a hostile government can't arrest you for editing. Nyttend (talk) 03:34, 13 May 2018 (UTC)
        • The closing summary of the previous RfC ("NO CONSENSUS, POLICY UNCHANGED ... Current policy is that the exemption is granted to accounts affected by IP blocks intended to prevent vandalism or disruption.") is crystal clear. A user who wants to avoid being arrested by his government for editing Wikipedia is not in any sense of the word an "account affected by IP blocks intended to prevent vandalism or disruption". Like I said, I am not trying to be argumentative or to give you a hard time, but for an RfC to overturn a previous RfC that found that privacy concerns are not a valid criteria, the winning option needs to at least mention privacy concerns in the question. (Many people answer the questions without reading the other answers, nor are they required to read them). --Guy Macon (talk) 05:13, 13 May 2018 (UTC)
          • If Great Firewall-avoidance has long been a prime reason for granting IPBE, then we need to reconcile this fact with the fact that in a recent RcF the community failed to show a consensus for this. It may very well be that it failed because of the wording of the RfC and that a more focused RfC that specifically asks about Great Firewall-avoidance would pass, but for now we are required to abide by the result of the previous RfC (IPBE only for accounts affected by IP blocks intended to prevent vandalism or disruption) until it is overturned. Administrators are required to follow the consensus of the community, but on the other hand that consensus needs to be clear. --Guy Macon (talk) 05:22, 13 May 2018 (UTC)
            • Granting IPBE for GFW, including places like Iran and Turkey, has always been and remains relatively common. If that's your reading of the close, then the close was either wrong, irrelevant, or not long enough to contain the nuance. The policy has not changed in this respect. -- zzuuzz (talk) 05:43, 13 May 2018 (UTC)
              • The above contradicts not just my reading of the close, but the clear wording of the close. I cannot see how "Current policy is that the exemption is granted to accounts affected by IP blocks intended to prevent vandalism or disruption" can be any more clear, and I don't believe that you are seriously claiming that I misread the meaning of those words. Do I need to challenge the close? Or post a new RfC? You and others deciding that the clearly worded close of an RfC can be ignored really doesn't cut it. We have policies and procedures for when we think a closer got it wrong. --Guy Macon (talk) 16:18, 13 May 2018 (UTC)
                • Reading the close again closely, I stand by my comments. It's not a bad close, it's just not a full description of the policy for obvious reasons. However my takeaway from the RfC is that the policy has not changed ("NO CONSENSUS, POLICY UNCHANGED"). It also rejects the proposal that users should receive it on a whim ("not done in anticipation or simply in good standing"). I also can be pedantic and also say that proxies are blocked "to prevent vandalism or disruption". Lastly, this "exceptional need" has always been understood to refer to GFW. -- zzuuzz (talk) 16:47, 13 May 2018 (UTC)
  • Conditional support. In relation to option 3, I take the view that users should not just have privacy and security concerns, but they should require IPBE to overcome hardblocks in order to deal with those concerns. And by that I mean that they should be actually encountering hardblocks. I do strongly disagree with the wording as I mentioned in the general discussion below - this should say that admins may grant IPBE, and not that they should grant it. -- zzuuzz (talk) 05:43, 13 May 2018 (UTC)
  • This discussion is a mess. I hate the word need because nobody needs anything on a website where they volunteer to edit. But to the extent that a user has a legitimate use for IPBE they should be granted it - and I would say that privacy is a valid reason. And admin judgement should always be allowed when granting. -- Ajraddatz (talk) 01:27, 18 May 2018 (UTC)
Option 4 discussion

I strongly disagree with the claim that option 3 and 4 are not contradictory. One says "...who have privacy concerns". They don't have to even make an argument that those concerns are valid. The other is "....show that they have a need for it", meaning that they do have to make some sort of argument (ideally with evidence). Completely different criteria. --Guy Macon (talk) 21:32, 10 May 2018 (UTC)

This could be just a difference in how various people are hearing the word "need". --Trovatore (talk) 21:34, 10 May 2018 (UTC)
I think they should have to make the argument that those concerns are valid, but that admins should be liberal in granting. I.e. I think the ISP reason would be fine with 4 in most cases. TonyBallioni (talk) 21:36, 10 May 2018 (UTC)
Privacy concerns are a valid need. --Jayron32 15:49, 11 May 2018 (UTC)
Didn't say they aren't. The difference between option 3 and option 4 is the requirement to demonstrate a need. If you think that having a privacy concern is a legitimate need, then obviously there is no reason to require that the editor demonstrate a need -- all he has to do is assert that he has a privacy concern -- and thus you should !vote for Option 3 and should not !vote for Option 4, because !voting for option 4 is saying that they have to demonstrate a need. --Guy Macon (talk) 16:51, 11 May 2018 (UTC)
As along as the admin adjudges them to have so demonstrated their privacy concerns are valid, I fail to see the distinction. --Jayron32 16:54, 11 May 2018 (UTC)
There is always going to be a question re: validity. A crazy person who sends an email into UTRS rambling about how their university is brainwashing them so they need VPN to protect their browsing habits from the chancellor so that professors won’t be able to better brainwash them is not getting IPBE regardless of what the criteria say (you laugh, but I have seen requests similar to this come into UTRS.) Someone who lays out a rational case for a privacy need should have it granted IMO. There is no contradiction between 3 and 4 except 4 doesn’t force us to give it to lunatics. TonyBallioni (talk) 17:41, 11 May 2018 (UTC)
  • I understand and sympathize with the above arguments, but they directly contradict the closing statement at Wikipedia talk:IP block exemption#RfC: Grant exemptions to users in good standing on request, which clearly sates Policy Unchanged ... Current policy is that the exemption is granted to accounts affected by IP blocks intended to prevent vandalism or disruption. That RfC says that privacy concerns are NOT a valid "need". Option #3 overturns that previous decision. Option #4 retains it. Right now this is a moot point because so far it doesn't look like option 3 or option 4 are going to have the most !votes, but if this changes I will most likely have to post yet another RfC to address this contradiction between the two RfC results. It bothers me that some !voters are here using a definition of "need" that directly contradicts what the closing summary of the previous RfC says "need" means, yet nobody challenged that close. --Guy Macon (talk) 18:29, 11 May 2018 (UTC)
So you say, but you appear to be singular in that interpretation. Consensus, which is thankfully not determined by the volume of text to write, it the vehemence with which you write it, seems to be with a different interpretation.--Jayron32 23:25, 12 May 2018 (UTC)
I am having trouble understanding your argument here. Are you claiming that Wikipedia talk:IP block exemption#RfC: Grant exemptions to users in good standing on request didn't determine that privacy concerns aren't a valid need, or are you claiming that an RfC question that says nothing about privacy concerns overturns a previous RfC that does? Not trying to be argumentative; I really am having trouble understanding what you are claiming. --Guy Macon (talk) 03:02, 13 May 2018 (UTC)

Option 5: Exceptional need

IPBE should be granted to those who show that they have an exceptional need for it, subject to the judgement of the granting administrator.

Option 5 discussion

Option 6: Never

IPBE should never be granted to any editor.

Option 6 discussion

Option 7: Other

Something else

PLEASE DO NOT ADD SECTIONS. POST HERE, AND IF YOUR "SOMETHING ELSE" IDEA GATHERS SUPPORT, IT WILL BE ADDED AS A SEPARATE OPTION Adding options to a running RfC needs to be done carefully so that we don't have different !voters who were given different choices.

Option 7 discussion

General discussion

Does anyone have any specific example of anyone abusing IBPE? If so, what were the criteria it was granted under? --Guy Macon (talk) 21:01, 10 May 2018 (UTC)

One of the first users to receive IPBE got blocked and to put it conservatively was into sockpuppetry. A Hamish Ross sock apparently got IPBE. And a sockpuppet of Surasaman also had IPBE. To be fair these were not granted to override proxy blocks, and I'm not sure if anything would have been done differently under today's criteria, however there is a strong record on this wiki of socking users using proxies to operate socks and evade scrutiny. -- zzuuzz (talk) 21:52, 10 May 2018 (UTC)

Several of these options state that 'admins should...'. This is never a good option, and is rarely mentioned in policy, unless it's to provide accountability. -- zzuuzz (talk) 21:52, 10 May 2018 (UTC)

Serious question: is it acceptable for an RfC to conclude that the consensus of the community is that admins should do X if the resulting change to the actual policy doesn't contain that wording? --Guy Macon (talk) 22:29, 10 May 2018 (UTC)
If a RfC concludes that admin should do X then I suggest that's normally either careless, inexact, or inexperienced wording. Put simply it won't work. The only things admins should do is remain accountable for their actions. Admins may.. Admins should exercise judgment.. users may be granted... policy should be changed... , but saying that admins should take X action is a bad recipe. The community can not force any admin to take any action. -- zzuuzz (talk) 22:42, 10 May 2018 (UTC)
I would prefer "may" to "should". SQLQuery me! 01:57, 11 May 2018 (UTC)
To expand upon this - The policy documents how IPBE is handed out more than it mandates how IPBE is to be handed out. As an admin active on UTRS and CAT:RFU - this will not change the outcome of IPBE requests that I handle in any serious way, simply swapping passing/ignoring requests that I would have otherwise declined. You cannot force an admin to push a button if they are not comfortable doing so. SQLQuery me! 02:03, 11 May 2018 (UTC)
I don't think anyone intends to force anyone to do anything. Nevertheless the community is entitled to establish standards that users satisfying certain criteria are entitled to certain user rights. No particular admin is required to flip the bit, but the bit should be flipped. --Trovatore (talk) 02:09, 11 May 2018 (UTC)
And what if there isn't anyone willing to flip that bit? I see requests at RFU all the time languish for 30->60->90 days before someone closes because "No admin is willing to unblock, try rewording your request and resubmitting". SQLQuery me! 02:25, 11 May 2018 (UTC)
My guess is that if the community makes such a determination, there will be at least one admin willing to implement it. If I'm wrong about that, then we can address that at that time. --Trovatore (talk) 02:32, 11 May 2018 (UTC)
We seem to have somehow gone from need to wish to are entitled. My point is that, however this ends up, this can and should be worded more smartly because there is very little that admins should be doing. I'm actually more in favour of loosening the wording (and granting IPBE) than some other admins, but this goes back to policy describing practice instead of dictating what volunteers should be doing in their spare time, which is basically incorrect. I would also suggest that current practice is that IPBE may not should be granted, and if you are including an admin's judgment (as above) then should is still not appropriate because in reality that a may. -- zzuuzz (talk) 06:01, 11 May 2018 (UTC)
What I'm saying is, the community has the right to grant such an entitlement. I'm not saying they will. But if they do, it doesn't dictate anything to any volunteer. It just says it's the policy to grant the right. No particular admin actually has to do it, just as no particular user has to do any particular thing. If it's the policy to grant it, I think there will be admins willing to do it. --Trovatore (talk) 06:32, 11 May 2018 (UTC)
If this ends up with an overwhelming consensus for one option, I expect that many admins will link to the result of this RfC when granting/denying IPBE. If there is a consensus but not a strong consensus, I expect a minor wording tweak such as retaining/removing the "exceptional" that was added to the policy less than 24 hours ago.[10] --Guy Macon (talk) 15:02, 11 May 2018 (UTC)
You are all awful wiki-lawyers; make way for the chief pedant. "Should" doesn't convey an imperative command; only "shall" or "must" does. The statement "admins should..." does not require admins to perform the action, nor prevent them from taking a contrary action. That said, "may" is still preferable here, as it is a more commonly understood word when used in a non-imperative statement. -- Ajraddatz (talk) 01:38, 18 May 2018 (UTC)
[ https://www.xkcd.com/1771/ ].
A joke for pedants:
Q: How do you comfort someone with bad grammar skills?
A: There, their, they're.
--Guy Macon (talk) 04:47, 18 May 2018 (UTC)
  • I speak as an editor who has been three times (yes, three times) caught up in collateral damage from IP rangeblocks, and who is currently one of the select few in Special:ListUsers/ipblock-exempt.
Although there is some attraction in the idea that WP:IPBE should be granted to every editor who has made x edits, I do not think that the privilege should be given out that lightly; unless x is a seriously large number; like, say, 10,000 or 20,000. (I expect I will make edit #150,000 tomorrow.) It feels unlikely that a vandal would survive that long.
IPBE should hardly ever be necessary, and should only ever be granted for cause.
As a victim, I would like to make the following points about IP rangeblocks. (1) Sometimes a blunt object is the best tool. I remember, a few years ago, a senior mod on another site proudly declaring that she'd just blocked one-third of China. (We were getting waves of spam posts, IIRC at up to 20,000/hour. Once an attack was spotted, three mods could deal with it in real time.) However, a blunt object is indiscriminate. (2) Getting untangled from a Wiki rangeblock is less than - shall I say? - uncomplicated. (3) The first time I got caught in a rangeblock, it took me several hours to find {{unblock}}. I did not know how to request an unblock. I had to go and look for that template. It took me several attempts to guess its name. (4) The second and third times I got caught in rangeblocks, they were hard blocks. I could not post on my Talk Page, and could find no way to request an unblock within Wiki. Getting the 2nd block lifted took 9 hours and 6 emails, and intervention by an admin. Getting the 3rd block lifted required a UTRS, something I'd never heard of until after that 2nd block. A WP:STEWARD then intervened to grant me a short-term IPBE privilege.
These affairs have been, to say the least, time-consuming for several experienced and busy editors.
There are relevant discussions at User talk:Narky Blert#How about now?, MediaWiki talk:Autoblock whitelist#Collateral damage and meta:Stewards' noticeboard#Global bans. Narky Blert (talk) 18:26, 10 June 2018 (UTC)

It has been 30 days since this RfC was posted, and on;y one non-joke comment has been posted in the last two weeks. There have been seven !votes in favor of "need", and zero !votes in favor of "exceptional need". Based upon this I have replaced

"when exceptional need is demonstrated"

with

"when need is demonstrated and the user is trusted to not abuse the user right"

The extra "when the user is trusted" language reflects the many comments to the effect that it is up to the administrator to use his or her judgement to determine whether the user can be trusted. --Guy Macon (talk) 18:54, 10 June 2018 (UTC)

I have also replaced
"An editor who has genuine and exceptional need, and can be trusted not to abuse the right."
with
"An editor who demonstrates a need, and can be trusted not to abuse the right."

to avoid an internal contradiction. --Guy Macon (talk) 19:01, 10 June 2018 (UTC)

I see zero evidence that the community has ever decided -- or been asked -- if the required amount of trust for those two is the same.
I doubt whether that issue has ever been raised for discussion. WP:APAT and WP:IPBE inhabit different worlds. That was why I made that a suggestion. Nevertheless. WP:APAT = this editor is trusted to create only good articles. WP:IPBE = this editor is trusted to make only good edits. There is indeed a difference between those two ideas, but it's so close that I really see no need for a distinction between them.
My suggestion is well below granting WP:ADMIN powers, which can and have caused havoc in the wrong hands. One proposal made to me during my recent difficulties was, that any future problems could be solved by making me a WP:ADMIN. I do not want to be a WP:ADMIN. Such a solution might selfishly help me, but sweep a more fundamental problem under the carpet. My question about other possibly-affected editors remains. Narky Blert (talk) 21:09, 11 June 2018 (UTC)
I do find your "easy to implement" standard to be thought provoking. The #1 most easy-to-implement change (and the one that would eliminate more problems than any other) would be to evacuate all of the server rooms, disable the fire systems, and throw firebombs in. --Guy Macon (talk) 02:54, 11 June 2018 (UTC)
FWIW, I do recall once reading a WP:ANI thread about a former WP:ADMIN who had granted several privileges to a close mate. He got spotted. They usually do. Note my italics. 23:17, 10 June 2018 (UTC) Narky Blert (talk) 20:42, 11 June 2018 (UTC)

Call for close

This RfC has been open since 10 May 2018 and there have been no new comments since 11 June. Could an uninvolved admin or editor with experience closing RfCs please write up a closing summary and close this? --Guy Macon (talk) 00:20, 2 July 2018 (UTC)

The discussion above is closed. Please do not modify it. Subsequent comments should be made on the appropriate discussion page. No further edits should be made to this discussion.

IPBE request without email?

Is there a system for processing IPBE requests outside of emails? Nergaal (talk) 20:19, 10 June 2018 (UTC)

Is there anything wrong with the answer you got on your talk page right before you asked the same question here? --Guy Macon (talk) 21:21, 10 June 2018 (UTC)
Not really... other that having to actively put energy into figuring out how to freely edit wikipedia. To me, IRC and emails are an awkward way to get things done. What's next, ask for a photo ID card? I must be missing something since there can't possibly be so many hurdles put into place to prevent established users from editing without a serious rationale, as I am forced to use VPN on an account that is 10+ years old just to edit/reply on my own talkpage. Nergaal (talk) 22:29, 10 June 2018 (UTC)
Just use a throwaway email account. Surely you have figured out by now that there every idiot webmaster out there thinks that it is fine and dandy to require an email confirmation before you can look at pictures of cats or send them money. So send everyone a different email address, and block it when you are done dealing with them. Tuffmail lets you create as many email addresses as you want for far less than a VPN costs. --Guy Macon (talk) 22:58, 10 June 2018 (UTC)

torunblocked

This page says "Editing from Tor exit nodes require the torunblocked right, which is only granted exclusively with the IP block exemption user right." I have IPBE in order to edit through TOR (every so often I have to camp out at a factory on China dealing with a production problem. This involves a lot of sitting around waiting, and my internet access is through a corporate LAN in a company known for industrial espionage, and behind the Great Firewall of China, so I use TOR to edit Wikipedia from that location). I have no problems editing through TOR, but I don't see a specific entry for torunblocked in my user rights. Is it just something that comes along with IPBE? --Guy Macon (talk) 15:08, 14 June 2018 (UTC)

Yes, you have it when, and only when, you are added to the IPBE group. The IPBE group contains two rights: ipblock-exempt and torunblocked. You can see this at Special:ListGroupRights. -- zzuuzz (talk) 15:12, 14 June 2018 (UTC)

Bug in Unblock Ticket Request System or this documentation needs updating

It will not let me request an ip block exemption as it gives an error message saying my user is not blocked. If this is a bug how can I or someone else fix it please? Otherwise could this page be edited to explain how to request an ip block exemption correctly please. Chidgk1 (talk) 08:56, 6 December 2018 (UTC)

Does IPBE allow account creation?

I edit from some rangeblocked IPs, and although I can make edits just fine, (no hardblock) I cannot make accounts for ACC at Special:CreateAccount. Would applying for an IPBE let me make accounts? Sunmist (talk) 10:23, 13 April 2019 (UTC)

I'm going to ping Oshwah who made this edit to the blocking policy a year ago. If true, then the answer is no, presumably because the new account would need to have the block exemption. However I find it a little hard to believe so might have to test it myself to see if it's still a problem. If this was raised at WP:VPT then someone might be able to find or make a relevant bug report. -- zzuuzz (talk) 12:07, 13 April 2019 (UTC)
No, IPBE does not allow creation. When account creation is disabled following an IP address block, it applies to everyone who tries to do so though the blocked IP. ~Oshwah~(talk) (contribs) 12:32, 13 April 2019 (UTC)
I just tried it through Tor while logged out, and got the message
"Your IP address, xxx.xxx.xxx.xxx, has been automatically identified as a Tor exit node. Editing through Tor is blocked to prevent abuse. For additional information and instructions to legitimate users, see the No open proxies global policy."
I then tried it through Tor while logged in, and there was no link to create a new account.
So I manually entered the URL https://en.wikipedia.org/w/index.php?title=Special:CreateAccount and to my surprise I got the usual create a new account screen instead of the above error message.
"Aha!" I thought. "I will create an account and post to the IPBE talk page with it!". Nope. Didn't work. As soon as I entered the first letter of a username, I got a red dialog box that read
"Account creation from this IP address (xxx.xxx.xxx.xxx) has been temporarily restricted. This is probably due to persistent vandalism from the IP address you are editing from, which may be shared by many people if you are connected to the Internet via a proxy server (used by most schools and corporations and some Internet service providers) or dial-up access.
To request that an account be created for you, please follow the instructions at Wikipedia:Request an account to request a username. We recommend that you first search in the list of all users to ensure that your desired username is not taken. For all other inquiries, fill out the form provided by the Unblock Ticket Request System using the information provided below. We apologise for any inconvenience caused to any innocent users.
Information about the block: account creation from this IP address (xxx.xxx.xxx.xxx) was blocked by [Name of Admin], who gave the reason {{Tor}}."
So I could not create an account, even though I have IPBE.
One final question: The first error message says "...has been automatically identified as a Tor exit node" The second gives the name of an admin who applied a block. Are these two different error messages working from two different different lists? If I kept trying different Tor exit nodes, would I find one that is "automatically identified as a Tor exit node" but which no admin has blocked? --Guy Macon (talk) 14:12, 13 April 2019 (UTC)
Lots of Tor nodes are also locally or globally blocked for various reasons. I'd estimate somewhere around half of exit nodes are not manually blocked. Given a few tries you'd be likely to find one to produce a different message/outcome. I'd add something for Sunmist: some blocks disable account creation where it's not really necessary. You could consider asking the blocking admin to allow A/C, or, if you'd like a CU to have a look, drop me an email. -- zzuuzz (talk) 16:15, 13 April 2019 (UTC)
I have had the opposite experience, though not through a tor node as that's a special part that has special rules somewhere in the code. I regularily do give out IPBE to ACCers affected by being unable to create accounts due to blocks, in fact I just did it the other day. -- Amanda (aka DQ) 00:08, 14 April 2019 (UTC)
@Sunmist: I've enabled IPBE on your account, let me know if you still have issues. -- Amanda (aka DQ) 00:12, 14 April 2019 (UTC)
@DeltaQuad:Unfortunately, account creation is still blocked. I don't need an IPBE for anything else, so feel free to remove it. Sunmist (talk) 05:22, 14 April 2019 (UTC)
This is a known issue - see T189362 SQLQuery me! 03:52, 14 April 2019 (UTC)
Responding to Zzuuzz's ping earlier: This is something that I looked into following a message from someone at ACC who had the "account creator" flag but received errors when trying to create accounts. After viewing their exact error message and discovering that the IP address they were using was blocked, I knew that something was up. From there, I performed full and very extensive tests with other users' help, and what I found as a result of that testing was exactly how I wrote it on the blocking policy page, as well as others. As of the time of this writing (or... more accurately, the time I added the information to the blocking and other relevant Wikipedia pages), when an IP or IP range is blocked and with the "disallow account creation" option ticked (meaning that account creation is prohibited through the blocked IP or range), it applies to all users who attempt to do so through the blocked IP or range - regardless of the user rights and flags that are enabled on the account, whether it be global or local. ~Oshwah~(talk) (contribs) 20:44, 17 April 2019 (UTC)

Explanation of global IPBE

Hi all I've added an explanation of how global IPBE works because this is an issue that not even all CheckUsers understand, and it comes up frequently enough that some documentation on this page is warranted. I don't think there is anything controversial in it, but I'm posting here to alert people that it's been added and why. TonyBallioni (talk) 20:01, 23 May 2019 (UTC)

Looks good. Maybe add an explanation about the basic security priniple of not giving a user a permission that he doesn't need and will never use? --Guy Macon (talk) 22:07, 23 May 2019 (UTC)

More documenting of current practice

Sorry if this is getting repetitive, but I've added this bit to reflect what is currently the standard practice when we are handling these requests. The rationale being similar to Guy's comment above that it's a standard security practice to not grant things that are not needed, and in all honesty, many of the accounts that get granted the flag won't be active after a year.

I worded it so that it was descriptive rather than prescriptive. A lot of our practices around IPBE are not written down, and I've been trying to fix that when I can by updating the page or making notes on the functionaries list. I think having it in public so people know what to expect is best, and explaining why it is added here is also important. TonyBallioni (talk) 23:53, 23 June 2019 (UTC)

What I would like to see is a log that an admin can check to see why IPBE was granted before removing it.
My personal situation is a bit unusual. I design and program low cost (as in 5 to 10 cents) embedded computers that are inside toys. I can go for years here in California, happily editing Wikipedia without using my IPBE. Suddenly I get a call to get on the next plane to China because 10,000 workers are sitting idle waiting for me to fix a problem. I may very well spend the next month or two too busy to log in to Wikipedia, then get to a point where I am sitting around waiting for something or somebody, at which point I would like to edit Wikipedia from a toy factory in China over an untrusted connection.
My employers strongly suspect that the Chinese government is monitoring us, and we know for a fact that the factory is monitoring our Internet use -- we have to sign an agreement to that effect before using their LAN. The US outfit I work for requires that I boot Tails (operating system) from a DVD and do everything -- including editing Wikipedia -- using Tor (anonymity network), saving my work on a server in the US. A Chinese national wouldn't be allowed to do that, but I simply refuse to do the work if I am not allowed to use TAILS.
What worries me -- and the reason I watch this page -- is the possibility that somewhere along the line someone is going to remove my IPBE right for inactivity without notifying me and getting a reply and that I will then I will find myself sitting in a conference room in China unable to log on to Wikipedia.
I think a log explaining my situation would make it far less likely for me to get cut off without warning. --Guy Macon (talk) 06:50, 24 June 2019 (UTC)
There is a log at Wikipedia talk:IP block exemption/log, but admins frequently don't update it despite the reminder at Special:UserRights (message). — JJMC89(T·C) 01:44, 25 June 2019 (UTC)
Whenever I grant I let the person know how long it is, when it is expected to expire, and that if they need it again to request it again around when it expires and we can extend it. I don't think anyone who has IPBE is in danger of losing it. There hasn't been any talk of going through and removing the user right from people since I've been on the functionaries list (~ 8 months) and we do not do auditing of IPBE using the CheckUser tool anymore. The risk of IPBE being removed from an account without them knowing in advance is very low, and in situations like yours, Guy, I don't think anyone would object to it just being assigned long-term without expiration, which is what you currently have.
One of the advantages of the new checkuser OTRS feed is that it would allow linking to tickets in the user rights log and the CU log, which would allow CUs to quickly look at the reason for granting. I'll try to do this when I'm processing requests from now on. TonyBallioni (talk) 02:10, 25 June 2019 (UTC)
Hmm. I think the log is a problem. Not so much about the logs, but about the fact that we're recording the geographic location of people who are editing from countries where they could get into serious trouble for editing. I haven't entered any of the IPBEs that I have granted in the past year onto that log, because almost all of them are for geographic considerations. I don't actually see much purpose in having the log - the reason should be entered into the IPBE permission grant instead. I normally enter the OTRS ticket number as the "reason" for granting IPBE. I do not believe that we should have a page that says "this person edits from X country", particularly as many of those who are telling us this are doing so with an assumption of confidentiality (either by emailing a trusted admin to make the request, or by doing so via the UTRS or OTRS systems). Incidentally, there's no reason why a bot can't create that log; admins shouldn't have to do it. Risker (talk) 21:37, 23 December 2019 (UTC)
Yeah, I've never used it. I think it was useful when we did audits (which we can't now) but I don't see much use now. TonyBallioni (talk) 21:42, 23 December 2019 (UTC)

Removal - No longer needed or insufficient rationale for granting

Hi. I propose that "user becomes an administrator" be removed as a reason for no longer needing IP block exemption; IP block exemption comes with torunblocked rights, which admins don't have. I thought such a change would be uncontroversial, but it was reverted by @Xaosflux, so opening a discussion. Thoughts? --DannyS712 (talk) 19:32, 23 December 2019 (UTC)

Most people don't need that to edit. If someone really needs to edit using tor, they can always explain it to a CU or even grant it to themselves. For the most part it's an unneeded right, and I don't think I've ever seen anyone request IPBE for the purposes of editing via tor. TonyBallioni (talk) 19:37, 23 December 2019 (UTC)
Agree, most admins don't have a need for this as most admins won't be using tor. — xaosflux Talk 19:42, 23 December 2019 (UTC)
Gonna be honest, I have always thought it was a complete waste of time and energy to remove minor bits from accounts when they're granted admin status. Lots of admins take breaks from the admin bit, and then we wind up adding them on again. More clearly, I don't see that adminship is a reason for ever removing lower-level rights, including but not limited to IPBE. The RFA assesses trustworthiness, and if we can't trust people who have the right to reclaim admin bits with IPBE, then we might just as well close up the shop now. Risker (talk) 20:06, 23 December 2019 (UTC)
I agree generally that admins can be trusted with this and (all) lower rights, but was more commenting that if our current practice is to remove everything else, I don't see a reason not to remove this one. TonyBallioni (talk) 21:17, 23 December 2019 (UTC)

How should we deal with people who want to edit from countries that block Wikipedia when they have yet to create an account?

I know everyone watching this page is probably familiar with the fact that certain countries have blocked access to Wikipedia, and those individuals who manage to slip past those blocks are doing so using VPNs or other forms of "masking". Someone will usually grant them IPBE, even on the basis of a few edits, provided they've established an account and haven't done anything too problematic. Occasionally, however, they're not even able to start an account because the IPs used by their VPN service are hardblocked.

Should we take a chance and create an account for them and grant them (possibly very short term) IPBE to see how they do? If so, who should keep an eye on them/do the account creation? Is this something an admin should do? a checkuser only?

I ask this for a lot of reasons: first, the current policy seems to be focused entirely on existing editors; second, I'm hesitant to grant if there's an expectation that I would also be assuming the responsibility for monitoring the progress of a new account; and finally, I admit that I avoid creating new accounts for anyone. I'd appreciate the thoughts of others who have or may have faced similar situations (perhaps some of those who have granted IPBE to students in courses where their educational institute is blocked?) in particular, but other opinions are also welcome. Risker (talk) 06:06, 26 December 2019 (UTC)

@Risker: The answer is that they do not get an account.
The documentation is in about 10 places. It is a mess. We could clean it up. I think that it would take about 50 hours of labor to make a proposal to change things. I do think change is possible, but right now there is not even an outline of the issues to consider in making a policy change.
Briefly, there is a potential liability and potential payout. Right now the consensus is that the liability of supporting such accounts and the high likelihood of exploitation are such a high cost that granting rights to the user demographic you describe would be very expensive in comparison to other conventional wiki outreach strategies. If you need an alternative, send this demographic to the Wikimedia grants process. Sending US$2000 to every community group which wants it would be less expensive than granting this right, until and unless the community gathers to sort policy.
I wish to change the state of things but this is where we are. Blue Rasberry (talk) 15:24, 9 January 2020 (UTC)
WP:ACC. Or Trijnstel asks a CU on IRC to temporarily lower the range block when the stewards queue gets an email (anyone could do it, but it’s normally her pinging people.) I usually grant IPBE for a month and then let them re-request later. TonyBallioni (talk) 16:08, 9 January 2020 (UTC)
@Risker: so is this mostly about enwiki only blocks and problems? With "accounts" being global there is certainly room for overlap with global options, blocks, and policies here. — xaosflux Talk 19:37, 9 January 2020 (UTC)

Just another person whining about the IP block

I've had an account on Wikipedia for 16 years, though I usually edit anonymously as I prioritize free knowledge and anonymous acts of kindness over taking credit for my contributions. My account's always been in good standing, I've donated a bunch of times and have added a ton of stuff to commons. Earlier I was on a network that I didn't trust and wanted to add content, but I couldn't edit because of other users of my VPN. I logged in and still couldn't edit. So applied for IPBE and was rejected on the grounds that I've not done much editing in the past 12 months.

I feel the main goal of Wikipedia is to get encourage contribution over all else. I can't see how blocking a trusted editor based on their IP address would prevent vandalism, but I can directly see how it'll discourage contribution. So IMO this policy is folly. Putting a barrier this large between me and editing means that I'm not going to edit pages unless it's a really important edit, so the price of this policy is at least one casual but experienced editor doing general, incidental page maintenance. Every edit to this talk page could have been an edit to an article instead, and I think that this sort of thing should be taken into account when designing the bureaucracy that dominates this site.

Anyway, I'll keep my VPN on and just bounce from edit pages when I see the block in future. If I can edit then I will, if I can't then I won't. Bitplane (talk) 05:16, 4 February 2020 (UTC)

Related: Wikipedia talk:IP block exemption#RfC: Criteria for granting IP block exemption.
I don't get it.
  • Clearly expressed need.
  • Clean block log.
  • No warnings on talk page.
  • 719 edits since 2004
I see zero evidence for the RfC that the community wants to impose a minimum number of edits on a trusted user who is extended confirmed (granted automatically when the account is both 30 days old and has made 500 edits).
Please let me know which admin denied IPBE in this case and I will talk to her/him. (it is OJ=K to use the email link on my talk page for this). --Guy Macon (talk) 05:33, 4 February 2020 (UTC)
Bitplane, Where did you request IPBE? I checked the checkuser-en-wp queue on OTRS (which is where WP:IPECPROXY directs people to apply), and I don't see any tickets that mention your username. I don't see an issue temporarily issuing IPBE, but it's possible that there's something I'm not seeing / aware of here.
Just as a sidenote, I would point out that a VPN really isn't any help when editing from a network that you don't trust - as the connection (to wikipedia, at least - as well as any competently set up site/service) is already encrypted anyhow. The benefits of VPN's are often so over-exaggerated in ads that at least one provider's as has been banned in the UK. SQLQuery me! 17:17, 4 February 2020 (UTC)
Ah the ASA, those well known security experts. One substantial advantage of VPNs for Wikipedia is that you don't know what else your device might be doing over unencrypted connections. Unless you're meticulous about what else is running or what else you're browsing, which isn't always practical, then it is safer (as well as more private) to just leave it running while you're editing. A VPN won't affect your security with Wikipedia (as long as you don't mind people in the coffee shop knowing that you're on Wikipedia) but it may affect your other privacy/security while you're editing. -- zzuuzz (talk) 18:03, 4 February 2020 (UTC)
" Secure web servers are the equivalent of heavy armoured cars. The problem is, they are being used to transfer rolls of coins and cheques written in crayon by people on park benches to merchants doing business in cardboard boxes from beneath highway bridges. Further, the roads are subject to random detours, anyone with a screwdriver can control the traffic lights, and there are no police." --Gene Spafford
--Guy Macon (talk) 18:55, 5 February 2020 (UTC)

IP block exemptions for Wiki Education-supported student editors?

As you may be aware, the COVID-19 pandemic has completely disrupted higher education in the United States. Wiki Education's Student Program supports student editors who have been assigned to improve Wikipedia articles on course-related topics. Several of our courses have students enrolled who are originally from other countries, including China. While these students are typically in the United States at their universities, many have returned home and are doing distance learning from their home countries during the pandemic. Additionally, the Trump administration has recently proposed revoking student visas for international students currently in the U.S. whose courses are going to be virtual this upcoming term; that includes, for example, all students at Harvard and everyone in the California State University system.

Given this context, Wiki Education would like to request a time-bound IP block exemption for students enrolled in one of our supported courses who need to edit via proxy. These are not typical exemptions: These students will be new editors. But they are supported through our program, and Wiki Education staff monitors their work. We would like these IP block exemptions to only be for the duration of the course. Any student editors who are interested in continuing editing after the course will request a block exemption per the normal process.

Is Wiki Education's monitoring an acceptable alternative to the "trusted user" requirement for an IP block exemption? --LiAnna (Wiki Ed) (talk) 22:43, 13 July 2020 (UTC)

We basically give it out like candy if the individual is in China and we can see anything that remotely suggests they’re telling the truth about it. The most difficult thing there is actually creating an account on en.wiki since our VPN blocks usually prevent this. Anyway, yeah, if there are students from China the easiest thing for courses to do would probably be to have the professor or one of the WikiEd staff email a list of usernames who are in countries where using VPN is mandatory for editing to functionaries-en wikimedia.org. That would be quicker in this case than the CU OTRS. TonyBallioni (talk) 23:02, 13 July 2020 (UTC)
Side note, if WikiEd will be coordinating the account creations - there are many ways around getting that to work if the participants have email - the outreach dashboard for example is self-service. — xaosflux Talk 23:22, 13 July 2020 (UTC)
Yes. The biggest issue we face with new accounts from China is that sometimes we can’t actually give them IPBE as the global account exists but the local account isn’t created here and the block prevents autocreation. If you’re dealing with Chinese students I would strongly recommend finding a way to have the account created either by someone else with the event coordinator role or using the dashboard. TonyBallioni (talk) 23:31, 13 July 2020 (UTC)
Thanks TonyBallioni and xaosflux! Since this use case for IP block exemptions is okay, Ian and I may also grant the exemptions ourselves with our volunteer admin accounts (Guettarda and ragesoss). We didn't feel comfortable doing that without some explicit discussion of the situation first.--Sage (Wiki Ed) (talk) 16:05, 14 July 2020 (UTC)
Yeah. If it’s Chinese editors and you know them via WikiEd, I have no objections to you just giving it to them for 6 months and noting the reason is WikiEd. TonyBallioni (talk) 16:33, 14 July 2020 (UTC)

@LiAnna (Wiki Ed), TonyBallioni, and Xaosflux: I agree with all of you that giving all of these course participants in restrictive countries fixed-term IPBE in the first instance was the right thing to do. But since these students are enrolled at American universities, we should remind them that using their university VPN is preferable over using third-party VPNs or TOR. If they use their university VPN then only Template:School block should apply, which may require confirmed status but not IPBE. Looking further ahead though, for any student that shows oneself to be a worthy editor, we should extend their IPBE to indefinite so they can continue to contribute when they leave their university. (Sorry for reopening an old thread, just seen it for the first time.) Deryck C. 19:01, 3 January 2021 (UTC)

Exemption for not logged in users

I just wanted to extend the block for 85.76.76.45 (talk • contribs • deleted contribs • blacklist hits • AbuseLog • what links to user page • COIBot • Spamcheck • count • block log • x-wiki • Edit filter search • WHOIS • RDNS • tracert • robtex.com • StopForumSpam • Google • AboutUs • Project HoneyPot), but when I was done, I realized that a whole /16 range was blocked; presumably because that was the range chosen for the last block from earlier this month. I think it would make sense to keep the page specific block for the range, but apply the site wide block only to the specific IP address. What is the best way to achieve this? Unblock and implement new blocks or a block exemption? The latter appears to be only intended for logged in users. ◅ Sebastian 19:52, 29 December 2020 (UTC)

This topic moved to Wikipedia:Administrators' noticeboard#I blocked a range instead of a single IP address ◅ Sebastian 00:15, 30 December 2020 (UTC)

Split the log page?

I've just added a new entry to Wikipedia talk:IP block exemption/log and noticed that it loaded really slowly because the page is now 170k long. Should we split the page into yearly log subpages? Deryck C. 14:29, 1 January 2021 (UTC)

No response

I sent emails last week to checkuser-en-wp@wikipedia.org, but have had no response. Is no-one checking it, or have they not been received? G-13114 (talk) 18:28, 19 January 2021 (UTC)

@G-13114: only a CU that reads that list would be able to actually answer - in case it got filtered somehow you can try to contact ArbCom using wikimail (as they are in charge of Checkusers) by using Special:EmailUser/Arbitration_Committee. — xaosflux Talk 19:59, 19 January 2021 (UTC)
@G-13114: - I just logged in to check - and I do see your mail, as well as reminders, and the request for a reply soon. SQLQuery me! 20:05, 19 January 2021 (UTC)
Thank you for your replies, however I've still had no reply to the email. G-13114 (talk)

Anonymous proxy editing

The policy page contains a section Wikipedia:IP block exemption #Used for anonymous proxy editing which contains the following advice:

How to request

Email the checkuser OTRS team at checkuser-en-wp wikipedia.org ensuring your email includes your username, or contact a CheckUser directly, explaining why you need to edit via anonymous proxies...

Does this advice still apply?

I ask the question because an editor contacted me to ask if I could unblock their IP address. On investigation, the IP appears to be a VPN exit point, so I referred them to WP:IPECPROXY. They consequently informed me that they had emailed checkuser-en-wp@, only to be informed that the email was only to be used for reporting abuse. I followed up by emailing checkuser-en-wp@ asking why the reply contradicted the written policy on the page, but I've received no response yet. Can anybody clarify the procedure for requesting a VPN exemption, or explain why the editor in question seems to have received an inappropriate response, please? --RexxS (talk) 21:58, 16 February 2021 (UTC)

@RexxS: I've seen your mail in the queue for a couple days - and I'm not sure what sort of helpful reply I could give you. I mainly grant IPBE, I don't deal with a lot of the 'meta' stuff that comes in to that queue.
I've replied to your email via OTRS - but to recap here:
  • I can't find any mention of the user on the checkuser queue you specified outside of the mail you sent.
  • I can't find any useful hits that contain the signature you specified.
  • The policy pages on Wikipedia are edited, maintained, and decided by the community.
  • I, and others, regularly grant IPBE from that queue. Please see WT:IPBELOG for more details. SQLQuery me! 23:28, 16 February 2021 (UTC)
Many thanks, SQL. I'm now quite clear in my mind that I've been fed misinformation on MetaWiki, and I'm now completely reassured that the content of the page is accurate. --RexxS (talk) 23:43, 16 February 2021 (UTC)

Proposal: Automatic VPN IP block exemption for logged in "extended confirmed" users

Let's revive this topic, since it's basically been 5 years since the last discussion. Leading up to this current year of 2021, VPN usage has been a rapidly trending privacy practice.

The benefits of VPN usage include the following:

  • Privacy from ISPs and DNS hosts from logging the web activity of their clients (emphasis on DNS hosts)
  • Preventing ISPs and DNS hosts from selling metric patterns of their clients browsing activity to advertising agencies
  • Security when using public access networks, which are inherently susceptible to man-in-the-middle attacks and data-leakage
  • Privacy from surveillance for users located in regions that conduct such activities

Overall, using a 3rd-party VPN is a good idea, which is no doubt why it's approaching commonplace practice.

The problem with Wikipedia (or perhaps Wikimedia in general) is that by blocking extended confirmed users from using VPN IP ranges is that users have no choice but to temporarily waive their privacy and security to the internet during the period of time it takes to edit Wikipedia pages. During that time they may need to browse other websites simultaneously to get the information they need to edit the article; under such situations, they now also have no choice but to expose their privacy to 3rd-party non-Wikimedia affiliated websites.

Furthermore, even if they don't browse other websites whilst not using VPN protection, their device of choice is no doubt using internet resources in the background, and this is unable to be controlled. So exposure to the internet is not only a possibility, it's a guarantee.

Isn't it awkward that Wikipedia demands this risk from its users?

Of course, anybody can request an exemption. But this is tedious, and from what I've read elsewhere on the internet, such applications are rejected unless the users are in emergency situations (e.g. known surveillance, government controlled firewalls, etc.). So rather than granting hundreds (thousands?) of editors permission to use VPNs on a case-by-case basis, the better way forward is to just permit extended confirmed users (or even autoconfirmed users) to use VPNs.

Perhaps this is a slight divergence, but if the reason for this policy is concerns of abuse for hijacked accounts, shouldn't there be a more reliable method of blocking than IP address ranges be implemented for VPN users? Currently the policy seems analogous to the using a sledgehammer to crack a nut metaphor.

What does the community think? — JKVeganAbroad (talk) 02:51, 23 August 2021 (UTC)

How much time have you spent trying to defend the encyclopedia from long-term abusers and POV pushers and spammers and others just having fun? Johnuniq (talk) 03:10, 23 August 2021 (UTC)
As someone who is fairly involved at WP:OP and WP:SPI, I strongly oppose such a system. Gaming extended confirmed is trivial for someone who is reasonably committed. We very regularly find and block extended confirmed users who abuse multiple accounts using CheckUser evidence, and this proposal would essentially make that impossible. The (fairly few!) people who have a significant need to edit through a VPN can use WP:IPECPROXY, but for most, having to enable split tunnelling in their VPN, or turning it off temporarily, amounts to a minor inconvenience; it's not one that outweighs the massive abuse prevention benefit the current system has. Many of the concerns raised above can be addressed without using a VPN:
  • Privacy from ISPs and DNS hosts from logging the web activity of their clients (emphasis on DNS hosts)
    • Changing your DNS provider already gets you pretty far in that regard, and all your ISP will see if you temporarily turn off your VPN to edit is that you are connecting to some Wikimedia server.
  • Preventing ISPs and DNS hosts from selling metric patterns of their clients browsing activity to advertising agencies
    • A legitimate concern in countries with problematic laws governing ISPs, but also one that is largely mitigated by switching to a sensible DNS provider/and or ISP, and the forms of tracking that users should probably be most concerned about are almost never IP-based, and hence not something a VPN would protect against to any reasonable degree. Considering that many VPNs have ties to actors that probably aren't very privacy-friendly (Private Internet Access is owned by a company that used to produce adware, and IPVanish IPs often have the string Mudhook Marketing Inc in the WHOIS, for example), I also wouldn't put too much stock into most of them as good one-stop shop solutions for privacy.
  • Security when using public access networks, which are inherently susceptible to man-in-the-middle attacks and data-leakage
    • Most websites that people frequently use, including Wikipedia, implement HTTPS, which fixes the MITM problem if implemented correctly.
  • Privacy from surveillance for users located in regions that conduct such activities
    • This is a major and justified concern, but it's also one that the current system handles well by handing out IPBE on a case-by-case basis.
I agree it would be nice if we could do this, but from a pragmatic abuse-prevention perspective, the simple reality is that if we were to implement such a system, we might as well just turn off the checkuser extension. --Blablubbs (talk) 09:55, 23 August 2021 (UTC)
Blablubbs has said everything I would say better than I ever could, so I endorse his message entirely. The risk/reward ratio is far too lopsided for this to be a viable proposal unfortunately. firefly ( t · c ) 10:07, 23 August 2021 (UTC)

On a somewhat related topic, it seems that Apple are going to introduce private relays across all Apple devices in the near future, for the purpose of concealing IP addresses. This sounds very similar to a VPN, so I'm not sure about these internet users are going to be able to edit Wikipedia. It might be worth reevaluating. — JKVeganAbroad (talk) 14:07, 26 August 2021 (UTC)

Private relay only works with the Safari browser, so unlike the broader VPN activity described above, it will be easy to switch the VPN off by using another browser. If anything, Apple may end up deterring their users from using regular 'always on' VPNs. -- zzuuzz (talk) 14:30, 26 August 2021 (UTC)
Also, by the way, from what I've read elsewhere on the internet, such applications are rejected unless the users are in emergency situations you might want to not believe everything you read on the Internet. -- zzuuzz (talk) 14:52, 26 August 2021 (UTC)
you might want to not believe everything you read on the Internet.
I did check the number of users on the IP exemption list, and it’s less than 1 thousand. It’s reasonable to assume that far more than 1000 Wikipedia editors use a VPN, and turn it off for editing. So I’m confident in my choice to believe the claim that general VPN requests are rejected. Reading this page alone is enough to believe it. But sure, I promise not to believe everything readable on the internet. JKVeganAbroad (talk) 02:38, 27 August 2021 (UTC)

Should it be mentioned that users in China get access to IPBE?

The following discussion is closed. Please do not modify it. Subsequent comments should be made on the appropriate discussion page. No further edits should be made to this discussion.



IPBE is typically given to users in China, who need to use a VPN to access Wikipedia. Should this be mentioned on the page? (I tried adding it but someone undid it and told me to discuss here first.) Thanks! Félix An (talk) 00:18, 5 September 2021 (UTC)

As someone who's dispensed plenty of these IPBEs, I think it would be a bad idea to include that in a very public page. Remember that a lot of the people from various countries where governments control internet access can be placed at risk of harm if such a connection is made. I'll note it's not just China that's an issue; there are several other countries where editors are in similar situations. Let's just say that most of these editors don't seem to have a hard time finding out how to ask for IPBE. Perhaps a very generic statement about editors from countries where the "internet is less secure" are eligible to request IPBE, might be okay. But let's not poke any bears here if we can avoid it. Risker (talk) 00:38, 5 September 2021 (UTC)
It's very rare that people actually get arrested for using a VPN for purposes that don't endanger the national security of China, and 95% of Wikipedia articles would not be classified as such. All my Chinese friends use VPNs, and I use it while studying in China to access Google, Wikipedia, and other websites. I think it's fine to say that you can request IPBE if you live in a country which blocks Wikipedia, and mention China as an example, as it is fairly common (it's even more common on the Chinese language Wikipedia). Maybe a courtesy reminder could be added to not use IPBE to edit controversial articles in China, such as *ahem* "that protest that happened over 30 years ago", the political status of Taiwan [Province], or other articles like that. Félix An (talk) 02:16, 5 September 2021 (UTC)
Policies are meant to be broad, high level representations, and this policy already calls out the use case for cases where the editor can demonstrate the need. I don't see needing to list the names of specific governments or geographies in our policy. — xaosflux Talk 11:29, 6 September 2021 (UTC)
There is no need to specifically mention China, as there are some other countries which block Wikipedia. The policy can simply say, "An editor who is in a country which censors Wikipedia and requires a VPN or proxy to access Wikipedia", or something like that. Félix An (talk) 00:37, 8 September 2021 (UTC)
It should also be mentioned that there's WP:IGNORE, which tells editors to ignore a rule if it prevents them from editing WP. Internet censorship would be one of them, I guess. Félix An (talk) 16:47, 9 September 2021 (UTC)
Would everyone be in favour of adding a mention of editors in countries with censored Internet, without giving specific examples of the countries? Félix An (talk) 16:48, 9 September 2021 (UTC)
  • (edit conflict) Reverted this again. "An editor" in a blocked country alone is not sufficient. For example, a brand new account created today won't get this usually. If you want to change the IPBE policy, pleas properly advertise the discussion at WP:VPP and get a consensus. Policies should reflect a very strong community consensus. Also, update the page appropriately, for example you added #4 to a list that says "three main circumstances". — xaosflux Talk 16:49, 9 September 2021 (UTC)
    Additional eyes requested on the functionaries mailing list (Leaving it open that I could be completely wrong here!) — xaosflux Talk 17:35, 9 September 2021 (UTC)
  • Excuse the meta question in the middle of this discussion, but why do we need any list here? Editors can be granted IPBE when they need to edit from IP addresses which are blocked to prevent vandalism or disruption, and that description includes proxies. -- zzuuzz (talk) 18:04, 9 September 2021 (UTC)
There are many other countries that block access to Wikipedia. I don't think a list would be a good idea. Plus, it's not always an automatic grant in this situation, because WP:BEANS. I typically will look at the user's contributions to their native language wiki, and that will often help me to decide if I'm going to grant - and for how long. SQLQuery Me! 22:40, 9 September 2021 (UTC)
The discussion above is closed. Please do not modify it. Subsequent comments should be made on the appropriate discussion page. No further edits should be made to this discussion.