Wikipedia:Community health initiative on English Wikipedia/Blocking tools and improvements

The Wikimedia Foundation's Anti-Harassment Tools team invites all Wikimedians to discuss new blocking tools and improvements to existing blocking tools in December 2017 for development work in early 2018.

What this page is for
Our team is identifying shortcomings in MediaWiki’s current blocking functionality in order to determine which blocking tools we can build for wiki communities to minimize disruption, keep bad actors off their wikis, and mediate situations where entire site blocks are not appropriate.

This discussion will help us prioritize which new blocking tools or improvements to existing tools our software developers will build in early 2018. We need the input from users to determine which of the four problems listed below are the most important to address first and which of the proposed solutions hold the most potential. We are also looking for any new proposals for new blocking tools or improvements to existing tools.

By mid-January 2018 we hope to have received enough comments to have a direction on which problems are the most important to address first. By mid-February 2018 we hope to have determined which new tools to build or existing tools to improve, and hope to have reached specific decisions about how they will look and work.

Please join us in discussing potential improvements to blocking tools discussion page.

MediaWiki's current blocking functionality
Currently on Wikimedia wikis, users and IPs can be blocked from editing articles. Blocks prohibit users from editing all pages in all namespaces on the wiki, with the optional exception of the blocked party's user_talk page. Blocks are permissioned by default to administrators and are logged publicly on Special:Log, Special:BlockList, and Special:Block.

Similar to blocks, global account locks prohibit users from logging-in to any Wikimedia wiki, and global blocks prohibit users from logging-in to any Wikimedia wiki, and global blocks can be set against IP addresses.

Autoblocks can be assigned to username blocks, which will automatically block IP addresses used by the offending user for 24 hours.

Problem 1. Username or IP address blocks are easy to evade by sophisticated users
Blocks can be set against a username, IP address, or IP range. IP addresses can be easily spoofed or changed via proxies. The barrier to create a new account is very low and easily circumventable. The Wikimedia movement values openness and privacy, so we must balance walling off bad actors against keeping our platform accessible to good-faith newcomers.

We could implement new blocking techniques that use different, more modern pieces of identification technology. These features will need to comply with our Privacy Policy and Terms of Use.

Proposed potential solutions:
 * Block by user agent (including CheckUser search)
 * Block by device ID (including CheckUser search)
 * Global blocks for usernames
 * Add "Prevent account creation" to global block
 * Cookie blocking for anons
 * Add a way to extend autoblock to longer than 1 day
 * Proactive globally block open proxies

Problem 2. Aggressive blocks can accidentally prevent innocent good-faith bystanders from editing
Many IPs and IP ranges are shared by multiple users (e.g. libraries, schools, office buildings) and most individual IPs can (and will) be reassigned by ISPs to other users. If one bad actor gets the IP or IP range blocked, other users cannot edit. Some IP blocks allow for logged-in editing, and good usernames can be whitelisted from IP blocks that prohibit logged-in editing.

We could implement new features that prohibit IPs from editing or creating throwaway accounts, but allow good faith bystanders to still create accounts and productively edit.

Proposed potential solutions:
 * Require all accounts created in an IP range to confirm their email address before editing.
 * Prevent the use (or flag incidents) of blacklisted email addresses from being associated with new user accounts
 * Throttle account creation and email sending per browser as well as IP address

Problem 3. Full-site blocks are not always the appropriate response to some situations
Smaller, more tactical blocks may defuse situations while retaining constructive contributors. On some wikis such as English Wikipedia, this concept is dictated by bans. However, technical means to enforce bans are currently limited, and consequently a user may unnecessarily be blocked from editing the wiki as a whole.

Full-site blocks are akin to a sledgehammer. How can we build fly-swatters to prevent a user from causing limited harm while keeping them a part of the wiki.

Proposed potential solutions:
 * Block a user from...
 * ...individual page
 * ...all pages inside a specific category
 * ...specific namespaces
 * ...creating new pages
 * ...uploading files
 * ...all pages except talk pages
 * ...all pages, except a whitelist
 * ...viewing Special:Contributions
 * ...emailing or pinging other users
 * Allow admins to specify exactly which permissions to block.
 * Allow admins to temporarily revoke a users' autoconfirmed status.
 * Require all edits by a user to go through deferred changes.
 * Block that only expires when a user has read a specified page (training module, user talk page, etc.)

Problem 4. The tools to set, monitor, and manage blocks have opportunities for productivity improvement
The existing blocking tools (Special:Block, the API, Twinkle, Special:BlockList, etc.) are used daily by numerous users across all Wikimedia wikis. Using these tools can be time intensive, so we would like to explore ideas of how we can simplify the workflows to set or modify a block, monitor block logs, and check the status or details of a block.

Proposed potential solutions: Log bans like blocks, which could result showing the information on their user page, contributions, or autogenerate a list of all banned users.
 * When leaving a warning on a user talk page, display how many other warnings have ever been given to that user.
 * Twinkle should automatically know the appropriate warning template to use on that user.
 * Allow CheckUsers to watch specific IPs
 * Allow admins to annotate previous blocks as accidental
 * Allow admins to set a block date range via datetime selector
 * Allow admins to set different expiration times for blocking editing vs. account creation
 * Allow admins to oversight usernames while blocking them
 * Display block expirations in logs
 * Display a warning on the block page when admins are blocking a sensitive IP