Last modified: 2011-09-01 21:47:56 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T23097, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 21097 - HideUser : Admin-view level
HideUser : Admin-view level
Status: NEW
Product: MediaWiki
Classification: Unclassified
Revision deletion (Other open bugs)
unspecified
All All
: Low enhancement with 4 votes (vote)
: ---
Assigned To: Nobody - You can work on this!
:
: 21129 (view as bug list)
Depends on:
Blocks: revdel
  Show dependency treegraph
 
Reported: 2009-10-11 15:00 UTC by Mailer Diablo
Modified: 2011-09-01 21:47 UTC (History)
12 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Mailer Diablo 2009-10-11 15:00:09 UTC 
HideUser could use the Admin-view permission level, which is currently available on RevisionDelete but not HideUser. Currently usernames can only be suppressed, including from admin-view, which presents a problem of all-or-nothing when it comes to dealing with abusive usernames and policy matters.
Comment 1 MZMcBride 2009-10-13 20:42:26 UTC 
*** Bug 21129 has been marked as a duplicate of this bug. ***
Comment 2 FT2 2009-10-13 20:44:24 UTC 
Copying my comment from #21229:

Usernames are the only place on the wiki where the choice is ignore or fully suppress.

As a result, faced with severely offensive "trolling" usernames being set up, a liberal stance is being followed across a range of projects (I'm told) whereby these are being full-suppressed. This isn't just enwiki, it should be noted.

Suppression is a very extreme action. Right now if those posts were anywhere else, they'd be admin-deleted or admin-level RevDeleted by those with access to such tools.

Admin-level username hiding would match the rest of RevisionDelete which includes in every other function, both admin- and oversight- level removals, so that suppression can be kept once again to its tightly limited remit, and not be used on mere "offensive posts".
Comment 3 Happy-melon 2009-10-13 21:50:22 UTC 
It looks like HideUser information is actually duplicated: a "hiddenname" flag
is set in the block log, and the ipb_deleted field is also set.  However, it
doesn't *look* like that field has been repurposed as a bitfield yet; it easily
could be, although there wouldn't be the 'usual' stuff to selectively
show/hide.
Comment 4 Aaron Schulz 2009-10-13 22:15:14 UTC 
There is no need to waste time prettifying user lists by hiding usernames. This wasn't designed for that.
Comment 5 Larry Pieniazek 2009-10-13 23:09:19 UTC 
Um.... user names can contain PII serious enough that they need to not be visible at all, even to admins. This bug is asserting that user names can also contain things that are bad enough that the general population should not see them, but not so bad that admins cannot. This is analogous to all other types of information that now is hideable, there are three classes of visibility. Therefore I don't think RESOLVED WONTFIX is a good resolution.
Comment 6 MZMcBride 2009-10-13 23:12:51 UTC 
Re-opening. Not saying this should be a high priority, but I don't think it's a "never gonna happen so stop asking" thing.
Comment 7 Mailer Diablo 2009-10-13 23:24:43 UTC 
What's happening here is that we have vandals who are trying to test the borders of the policy. Therefore they are deliberately creating usernames that would not have technically passed the border but harass editors who then come to us with the problem, in some cases with several edits being scattered around.
Comment 8 Thatcher 2009-10-14 13:57:45 UTC 
A. The stewards, and some enwiki oversighters, have used suppression EXTENSIVELY to hide vandal user names.  If you have oversight permission, go to special:listusers and look for "MONGO"; there are 100+ hidden user names.  Or "SlimVirgin" (20+), "Voice of All" (5), "FT2" (about 15).  Or parse the last thousand or so entries in the suppression log. Some of these names contain personal information and are correctly suppressed, many do not.

B. Enabling HideUser for all admins would expose hidden user names that contain personal information to all admins rather than restrict that information to oversighters.  If HideUser is going to be made available to admins, it must be a two-tiered system.

C. Even if enwiki Arbcom and Auditcom enforce stricter standards over enwiki oversighters, we have no control over the stewards.  The current use of suppression to hide attack user names is far outside the written Meta:Oversight policy.

D. Rather than implement a technical solution, change the policy to reflect how suppression and HideUser are really being used.  If there are strong objections to HideUser being used so liberally, stewards and oversighters would have a responsibility and a duty to listen to the community and stop doing it.  If no one objects, then there is no reason to stop and no reason to open it up to admins.
Comment 9 Kudu 2011-09-01 21:47:56 UTC 
(In reply to comment #8)
> C. Even if enwiki Arbcom and Auditcom enforce stricter standards over enwiki
> oversighters, we have no control over the stewards.  The current use of
> suppression to hide attack user names is far outside the written Meta:Oversight
> policy.

Not so. The use of local oversight by stewards *is* within ArbCom's jurisdiction.

To follow the existing schema, the new rights should be "hideuser" (admin) and "suppressuser" (oversighter / old hideuser).
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links