Wikipedia:Requests for comment/Protect user pages by default

Request for comment: Protect user pages by default
There was consensus to at least have ongoing semi-protection of user pages. There wasn't consensus for extended or for user-toggled. - jc37 00:14, 5 October 2016 (UTC)
 * For clarification, please see the talk page. - jc37 09:42, 5 October 2016 (UTC)

--

Shall user pages be protected by default from editing by anonymous and new users? Funcrunch (talk) 17:07, 31 August 2016 (UTC)
 * Please read this entire proposal before adding comments to the or  sections. Your questions or objections might already be addressed.
 * Please remain civil, constructive, and on-topic.
 * Per WP:CANVASS guidelines, users who commented on this proposal when it was in idea or draft form will be notified of this RfC. The RfC will also be posted on relevant noticeboards.

Introduction
On Wikipedia, editors' user pages are frequently used to display limited autobiographical and personal information. These optional pages are not encyclopedia articles. Once created, links to a user's page are readily available in the page history of every page they have edited. This makes it easy for other editors to readily access a user's talk page for discussion, and to thank them by awarding barnstars and the like.

Unfortunately, some editors take advantage of this easy access to vandalize other editors' user pages through blanking, impersonation, defamation, personal attacks, and other disruptive tactics. A victim of such harassment may request semi-protection of their user space, but where and how to do so is not immediately obvious, especially for new editors. Additionally, this request is made in reaction to vandalism and thus does not prevent vandalism from happening in the first place.

The idea to protect user space by default, rather than requiring editors to request this protection, was originally proposed during the June 2016 Inspire Campaign, which solicited ideas to combat on-wiki harassment. The idea tied for fifth place on the leaderboard, with 28 endorsements. This proposal presents options for default semi-protection or extended confirmed protection of the user page.

Current policy
Relevant excerpts from current policies are below.

From Protection policy:


 * On user pages: "User pages and subpages can be protected upon a simple request from the user, as long as a need exists—pages in userspace should not be automatically or pre-emptively protected."

From User pages:


 * On protection of user pages: "As with article pages, user pages are occasionally the targets of vandalism, or, more rarely, edit wars. When edit wars or vandalism persist, the affected page should be protected from editing."


 * On editing other users' pages: "In general, it is usual to avoid substantially editing another's user and user talk pages other than where it is likely edits are expected and/or will be helpful. If unsure, ask."

Proposal
Protect the user page by default from editing by anonymous and new users. Options for protection presented in this RfC are:
 * Semi-protection, requiring four days tenure and 10 edits (autoconfirmed user access level)
 * Extended confirmed protection, requiring 30 days tenure and 500 edits (extendedconfirmed user access level)

Extended confirmed status is a relatively new access level, and its application is the subject of a recent RfC. It is proposed here as an option for user pages because the low threshhold for autoconfirmed status may not be sufficient to dissuade vandals.

Instead of applying this protection by default, another option would be to have an easily-accessible setting, allowing an editor to toggle protection of their own user page without having to post on an administrator noticeboard.

The scope of this RfC is limited to the primary user page, not to user talk pages or subpages in the user namespace.

If these proposed changes are adopted, we should see a reduction in reverts due to vandalism to user pages. Success could be measured with queries on samplings of edits (see rationale section for an example). The default semi- or extended-confirmed protection could be implemented for a limited period of time, followed by an assessment of data to determine whether to make the changes permanent.

Rationale
Online harassment is a serious problem, affecting nearly half of all users and nearly three-quarters of women on the Internet. Personal attacks cause emotional distress and decrease editor participation on Wikipedia. Taking online abuse seriously is necessary to the healthy functioning of an Internet community. Restricting user pages from editing by anonymous and new users would help cut down on one source of online harassment.

A study found anonymous editors to be responsible for 85% of vandalism on the English Wikipedia. A sampling of anonymous edits to user namespace (not including subpages) on the English Wikipedia revealed that nearly all of these edits were either vandalism or, very likely, logged-out editing by a registered user. There is no demonstrated need for anonymous or new editors to make edits to another editor's user page. If a user requires help editing their own user page, a request would normally be made of an experienced, registered editor.

Protecting user pages from anonymous editing will not interfere with legitimate discussion and debate, nor with sending messages of appreciation or virtual awards. These activities generally take place on user talk pages, and the user can move received awards from their talk page to their user page if they wish.

If user pages are protected by default, programming changes will need to be made so that new users can edit their own pages before reaching the required threshold. Programming changes will also be required if a toggle switch for protection is added to the user settings. The $wgNamespaceProtection setting may allow restriction of namespace editing to certain usergroups. The exact time and resources required for any programming changes need to be determined.

Comments from the proposer
When I originally presented my Inspire Campaign idea, I had in mind semi-protection of both the user page and the user talk page. However, I was convinced by arguments of several endorsers that it is reasonable to allow anonymous users to edit a user's talk page by default, for the purposes of discussion and feedback on articles.

Option 1: No change to default protection status or settings for user page

 * 1) Support. I really do not see enough reason to change the present system, and I oppose any of the default options. I don't particularly oppose giving users the ability to toggle the setting. However, I think that it is not that difficult to revert the kinds of problems that this proposal is intended to address. --Tryptofish (talk) 18:18, 31 August 2016 (UTC)
 * 2) Support. I don't disagree that harassment is discouraging, especially to new editors, and that most edits to others' user pages by new or anonymous editors are unconstructive, but I see no evidence that harassment on user pages is more damaging than harassment on user talk pages. Since we're not protecting those, I see no reason to spend valuable programmer time adding this feature to the software and documenting it in the user interface. It would be like blowing our rent money to buy a electronically-controlled side door while the front entrance doesn't even have a lock.  Rebb  ing  18:33, 31 August 2016 (UTC)
 * I see it as the opposite, actually: The user page is like a virtual front, not side, door. If a vandal spray paints obscenities on the front of someone's house, then everyone who goes by that house sees the damage. Spray paint, like editing, can be used for good; perhaps the paint on the door is peeling and could use a touch-up. But it makes sense to me to impose a waiting period on who can use the spray paint. Autoconfirmed access is only four days and ten edits, so that's not very long to wait. Funcrunch (talk) 01:11, 2 September 2016 (UTC)
 * 1) Yes, please. User pages should not be autoprotected, and I'd resent it being done without my consent. In fact, if any of the downpage proposals actually pass, I'll be marching forthwith to the nearest Admin to completely unprotect my page. This should not be done without users' consent! --IJBall (contribs • talk) 04:33, 2 September 2016 (UTC)
 * Addendum – That said, Option #4, or a hybrid of Options #1.5 and #4, isn't horrible, and I wouldn't oppose either of those actually passing... --IJBall (contribs • talk) 04:36, 2 September 2016 (UTC)
 * 1) Support, first choice.  If my userpage is vandalized, then that gives me (and likely the blocking admin) information for our future dealings with the IP/newbie.  It's also vandalism on a nice, safe, non-indexed page away from the public's view.  I will also note, that AGF doesn't stop at user pages, and I trust new users/IP's until I have evidence to the contrary.  User:Jimbo Wales's user page is a decent mini-essay on the subject. Tazerdadog (talk) 06:13, 2 September 2016 (UTC)
 * 2) Mostly supporting this option because I am not convinced that the problems indicated are severe enough to merit such a solution. Besides, WP:LOGOUT is part of a policy, I am not sure why it should be disallowed - assuming that the good edits listed in the query are indeed logged-out edits, of course. Jo-Jo Eumerus (talk, contributions) 08:13, 2 September 2016 (UTC)
 * 3) Support - This is the encyclopedia anyone can edit. We shouldn't be less inclusive by further restricting the pages newcomers can edit if there is not a real need. I'm not convinced that there is one. Protection can be requested if a user page is being vandalized. — Godsy (TALK CONT ) 10:32, 2 September 2016 (UTC)
 * 4) Support. Please see the data-driven evidence at the bottom of the page. I do not believe that the frequency of inappropriate editing to user pages is sufficient to justify the cost of developing a software "solution" when simple policy changes could potentially have the same or greater effect. I agree that it should be easier for editors to request and obtain user page semi-protection, and I will go so far as to say that it should be granted automatically upon request by a user whether or not their user page has been vandalized or had harassing material posted.  I would even recommend that semi-protection should be granted automatically if another user requests it for a user page where the editor has been inactive for some given period of time. Given the data that I was able to collect, it seems that user page protection is being employed far too rarely.  It is possible that many of the users whose userpages are vandalized do not find it bothersome; my user page is semi-protected at the request of some recent changes patrollers who found the vandalism to my page was "too gross", not because it bothered me, but I'll admit I've got a pretty thick skin.  Myself, I will gladly protect the user page of anyone who asks me, whether or not they've ever had a "problem" edit to their page.  Risker (talk) 05:16, 3 September 2016 (UTC)
 * Thanks for the analysis, . I think the suggestion outlined is an improvement (and I agree that protection is underutilized), but I question the notion that a prescriptive approach to this issue of vandalism and harassment specific to userpages is serving us well. We assign protection to articles, talk pages, and other pages when there is evidence of sustained disruption from anonymous or new editors, and not before, because it has consequences on potentially good edits from this same population of editors.  That is all well and good.  The thing about userpages is that there is an absence of potentially good edits from anonymous editors.  They are virtually all from registered editors who are accidentally logged-out working on article drafts, and if they registered, it stands to reason that they'd want to be logged in.  The objection based on the time needed to implement this does not seem to be substantiated, as  below notes that the changes would not be technically difficult.
 * Finally, userpages are also different from other pages: they are more intimate spaces where we tend to open up a bit about ourselves, our contributions, and what we enjoy about this project. Experiences with vandalism and harassment on-wiki differ from editor to editor, but when these spaces are vandalized or we face harassment there, it's more personal.  And once vandalism or harassment has happened, its known negative effects on the retention of editors who have experienced or witnessed it (pp. 43-44) are not likely to be remedied by subsequent protection.  Phillipa Gregory captures this idea nicely: Words have weight, something once said cannot be unsaid. Meaning is like a stone dropped into a pool; the ripples will spread and you cannot know what bank they wash against.  Frequency alone seems like a pretty limited way to capture this kind of disruption and harm; (at least) 400 problematic edits in a week to the userspace also does not sound small to me-- it sounds like hundreds of editors who were on the receiving end of some pointless vandalism or more damaging harassment when they didn't have to.  It sounds like hundreds of editors saying to themselves, "Do I really need to put up with this nonsense to help build an encylopedia?  Maybe this isn't worth my time."  On that basis, I support a preventative approach in this case. I JethroBT drop me a line 00:37, 4 September 2016 (UTC)
 * Hi I JethroBT. All well and good. Do you know what the #1 reason for request of oversight is? Inappropriate content on user pages, normally put there by the users themselves - many of them minors who include all kinds of personal information about themselves, their families and friends. When I was on IRC more regularly, I would often be asked to address these pages by newer editors who would not be able to remove that material before finding an oversighter. (I grant that most requests come from long-registered editors.) Do you have any idea how many user pages are filled with inappropriate content and spam, which is frequently blanked by the first editor who comes by, including IP editors?  One of the things I noticed when reviewing all of those pages was the positive response from people whose user pages had been vandalized (particularly with "harassing" material) because more than half of the edits were reverted by someone else. In quite a few cases, if it was an admin reverting, they'd semi-protect the page and leave a message for the editor; in other cases, the editor would thank the reverter, and sometimes there would be an ongoing discussion.  We lose those opportunities of socialization and of visibly demonstrating our care for each other.  The ability to care for each other is an important factor in what makes us a community. The overwhelming number of user pages are never vandalized, never subject to harassment, and many modifications made by "outsiders" are often welcome or alternately done because of policy reasons, which are normally explained to the user at the time. Unregistered users are a major part of our community - in fact, most editors start as unregistered users - and spitting in their faces and telling them they're not worthy of cleaning up spam goes against core principles. The entire "nobody needs to edit these pages" devolves pretty quickly when you realize the next step is "well, nobody needs to edit anything".  I don't think it is a good idea to put much weight on that "harassment" survey, which was possibly the most poorly designed survey the WMF has ever put out (and that's saying something, because the WMF is notorious for poorly designed user surveys). I tried to gently correct some of the worst issues in it before it was too widely distributed but was unsuccessful, and given the climate of the WMF at the time didn't want to make too big of a fuss because I was concerned that someone was bound to get fired, and the entire team would have had their working life made even more miserable. I sat in the WMF offices for a four-day meeting about the time this survey went out, so I do know what I'm talking about here, even though I notice that quite a few staff have done their best to put that era out of their minds (probably with good reason). It's unfortunate that it's being used as the foundation of so much work right now, given its massive flaws. I don't doubt that there's a lot of harassment going on, but it's not really happening on user pages. One read of ANI is enough to wonder why *anyone* edits this project.  Risker (talk) 04:09, 4 September 2016 (UTC)
 * You'll have to specify the criticism, as I don't find the criticism on the talk page to be particularly compelling as it relates to this proposal. Unregistered users are a major part of our community - in fact, most editors start as unregistered users - and spitting in their faces and telling them they're not worthy of cleaning up spam goes against core principles. Have you considered having a conversation with ?  Their motivation is not some anti-anonymous editor campaign, it's about retention and preventing harm, and you would know this if you talked with them.  And no, I don't really see how this proposal would devolve into "well, nobody needs to edit anything", that sounds like a substantial number of steps and is out of touch with the actual details of this proposal.  There's no evidence that productive edits from truly anonymous editors (i.e. as opposed to people who accidentally logged out) are happening with any real frequency in the userspace, and conversely, there is evidence that disruptive edits are happening with some frequency.  We'll have to agree to disagree on what is small or not.  You know what people balk at when I talk about Wikipedia?  It's not when I explain that anyone can edit articles.  It's easy for people to understand why that is beneficial and important.  It's when I explain that their userpage can be edited by anyone, and if some idiot decides you're their target to mess with, you need to ask for someone's permission to protect it and draw attention to whatever crap it is that motivated your decision.  That's a system that strikes people as impersonal, strange, and bureaucratic.  That's not taking care of people, period.  You have to wonder what, exactly, we are protecting here by leaving an essentially personal, non-article space completely open.  It really doesn't seem like much, and this notion of disrespecting anonymous editors is irrelevant; they're not editing userpages for productive reasons.  ANI doesn't need to be the reason folks don't get involved in this project-- you need only look as far as our bizarre userpage conventions. I JethroBT drop me a line 12:26, 4 September 2016 (UTC)
 * , I should clarify to you and the team responsible for the harassment survey that I recognize the incredibly difficult circumstances under which the harassment survey was formulated. I'm going to stick to my position that the WMF at the time of the survey was a very toxic work environment, even for employees working remotely; easily 40 staff told me directly that they dreaded opening their inbox each day to read who had quit or been fired. (Paraphrase of a staff member in January: "Don't you love how we've managed to whitewash all the walls so the bloodstains are hidden?") Simply the fact that the survey was entitled "Harassment Survey" biased the results to what I believe is a level that probably couldn't be remedied; it gave the impression it was targeted to users who had been harassed (or interpreted certain types of encounters as harassment) and wasn't really for people who hadn't been harassed, and as a result gave the impression that Wikimedia projects and Wikipedia in particular were raging hotbeds of constant harassment, which I am pretty sure was not the intention of the survey or the result that was anticipated. Unfortunately, the best way to have remedied that bias was an option that was not available to the team — embedding questions about user harassment into a general user survey. I did not present a lot of concerns to the team at the time of the survey because it quickly became apparent that it had been "in the field" long enough that it was really too late for much modification without making the results messier than they would already have been.  What you say about users being highly possessive of their pages reminds me of my shock in my first year of editing to find that someone (a bot, as it turned out) had come along and "changed" the userboxen on my user page; it had been done as routine maintenance because the userboxen had been moved to other pages, but I found it quite disturbing.  Keep in mind that those very types of changes will still have to be able to be done, and they'll still freak out those very users who you're talking about; when I did my study below, frequent edits to the userpages were done by maintenance bots, in many cases more frequently than the users edited the pages themselves.  Ironically, my first edit to my userpage was to post a "helpme" template because I thought that was where I was supposed to communicate with other users. Never underestimate the extent to which new users demonstrate good-faith misunderstandings. Risker (talk) 07:12, 10 September 2016 (UTC)
 * 1) What Risker said. This is a solution to a problem which doesn't really exist—harassment on Wikipedia is a real thing, but the instances in which userpages are the medium are vanishingly rare. In any case, this would just displace any problem elsewhere, so doesn't actually solve anything. &#8209; Iridescent 14:25, 3 September 2016 (UTC)
 * 2) Support (i.e. no change). The most likely consequence of this proposal passing, would be that anonymous trolls who want to harass someone will follow them to an article they have edited and put the harassment there, where it will be much more visible. What is needed is more visible and proactive actions taken to protect userspace using the existing software and tools, but not to the extent that the problem gets displaced or where the implementation of a proposed solution takes up time needed elsewhere. Carcharoth (talk) 15:27, 3 September 2016 (UTC)
 * 3) Support Per everything Risker said. Couple of technical comments too: the code changes needed to implement this aren't too hard ($wgNamespaceProtection + Autopromote settings could probably manage this). However, I cannot describe how opposed I am to option 4 & 5--user preferences are evil. ^demon[omg plz] 17:42, 3 September 2016 (UTC)
 * 4) Support I agree with Risker. I hate to oppose a good-faith suggestion for dealing with harassment problems, and I grant that there's a psychological value in not having to ask an admin for help. But this unfortunately addresses only a very tiny fraction of harassment, at nontrivial cost in loss of good edits, use of developer time, and social decline of the "anyone can edit" philosophy, and may well just serve to displace the same harassment somewhere more visible. And frankly, if a good-faith request for a userpage semiprotection landed on my talk page or in my inbox I'd just do it anyway, policy be damned. Opabinia regalis (talk) 04:29, 4 September 2016 (UTC)
 * 5) Support second choice. Default ECP could deter some patrollers from reporting spam, which from my delete and block logs you can see I know to be a serious problem. I realise all the options will take some coding effort but I just don't like the idea of a mini-protect unbundling. If a new user is being harassed, what are the chances they'll find the option? Better to have automatic protection. However, user pages must remain fully unprotectable to satisfy the (IMO OTT) interpretation of "anyone can edit" held by many, it seems, that user spaces should be editable by drive by vandals. BethNaught (talk) 08:26, 4 September 2016 (UTC)
 * 6) Strong support: I can only echo many of the concerns and valid points already expressed by Risker, Carcharoth, Iridescent, and Opabinia regalis in this section. Harassment and vandalism are real problems, of course, but part of what makes Wikipedia special is its radical openness. We should strive to maintain "anyone can edit" as a core guiding principle. We have an arsenal of tools&mdash;IP blocks, IP range blocks, user blocks, AbuseFilter, blacklists (title, spam, and otherwise), page protection, rollback, bots, etc.&mdash;designed and deployed to deal with problems when they arise. I think part of assuming good faith means being as opening and welcoming as possible; defaulting to page protection stands in opposition to our values. --MZMcBride (talk) 04:43, 6 September 2016 (UTC)
 * 7) No reason to change. The data is clear, this is just a witch-hunt. Nemo 05:02, 6 September 2016 (UTC)
 * 8) I supported Option 4, which does not change defaults, but the discussions here have cast some doubt on the actual extent of harassment via user page edits. I'd like to see more data. There are also several measure that could be taken without software changes that should be tried. And if software resource were available, I would start with some mechanism for watching all edits to user pages from someone other than the user. That could be as effective as the most stringent of the options proposed without altering our bedrock open editing policy.--agr (talk) 21:23, 6 September 2016 (UTC)
 * 9) Strong support: I have my userpage protected because I wish to have sole dominion over it, but this is an overreaction. All this proposal does is place a roadblock, which may prevent vandals from using the blocked road, but one never thought about vandals just taking an alternate route. Analogously, they could use the user talk page. This could actually increase the degree of which vandalism and personal attacks wastes time, as user page watchers will revert vandalism to user pages quickly. Watchers are less likely to look over user talk edits. — Esquivalience (talk) 22:35, 6 September 2016 (UTC)
 * 10) Userpage vandalism is not a significant proportion of malicious edits to the wiki. Yes, harassment of users is a bit of an issue sometimes, but it's sporadic enough for the majority of editors that a simple reversion will do, and in the odd case if it carries on a block or warning or whatever can be issued to the perpetrator. We don't need an extra solution that could end up being an inconvenience.  Rcsprinter123     (cackle)  20:47, 7 September 2016 (UTC)
 * 11) Support as first choice – I don't see userpage vandalism as being widespread enough to warrant default protection of the main userpage; vandalism to articles is far more widespread and is of a greater concern to me than userpage vandalism. — Jkudlick • t • c • s 11:19, 8 September 2016 (UTC)
 * 12) Support - absolutely no need to restrict editing on these pages. Routine maintenance is often done on userpages, no need to make that any harder than it is because some antivandals get the occasional bit of vandalism on their userpages. -- Ajraddatz (talk) 03:11, 10 September 2016 (UTC)
 * 13) Support - first choice, mostly per MZMcBride's summary of all the tools already available. — xaosflux  Talk 03:47, 10 September 2016 (UTC)
 * 14) Support - first choice. The scale of the problem is so small that automatic protection of pages is an overreaction. The statistics posted below about currently-protected pages demonstrate this. It is not worth sacrificing Wikipedia's openness over it. --Joshua Issac (talk) 13:56, 11 September 2016 (UTC)
 * 15) Support per above, but I do think users should be able to make a simple request to have it protected, regardless if there has been prior disruption. The only thing is they themselves need to be able to edit it. As for adding a "toggle" for them to protect it at their own discretion – you really should consult about technical implications before proposing things like this. I can't say for sure, but this doesn't sound likely to be implemented, even if there is consensus to do so. I also really don't like the idea of a freshly autoconfirmed user showing up in the admin protection log &mdash; MusikAnimal  talk  17:01, 11 September 2016 (UTC)
 * 16) Support Carcharoth sums it up for me. As long as we can protect it for them upon simple request, I see no need to change the current system. This is not a big problem for us compared to other vandalism issues. Katietalk 22:07, 14 September 2016 (UTC)
 * 17) Support. As noted by Joshua Isaac, this really is a solution looking for a problem: vandalism to userpages is a comparatively small problem, and we already have the tools to fight it.  Anyone who knows how to edit a page can undo vandalism, and anyone who's been here long enough to attract more than very-rare vandalism knows how to find WP:ANI or WP:RFPP.  The occasional user who gets overwhelming amounts of vandalism, for whom semiprotection doesn't work, can always be pointed to the .js transclusion solution.  Automatically protecting pages would go against the wishes of many users (see the second section on Jimbo's userpage, for example), and enabling anything to be protected without oversight admits the potential for problems, especially vandalism or spam that can't easily be removed.  As someone who patrols CAT:CSD frequently, I know that we're constantly getting CSD nominations for spammy userpages, and a decent number of them are tagged by IPs; this proposal would make it totally impossible for IPs to participate in CSD-tagging of spammy userpages.  However, protection should be applied to any userpage merely upon request of the user in question, unless the reviewing admin has reason to question the user's good faith.  Nyttend (talk) 02:16, 15 September 2016 (UTC)
 * 18) Support - While I agree that harassment is an evergrowing problem on Wikipedia, this proposal defeats its own purpose because they could just target user talk pages (which they already can) and follow you to the articles you edit (which they already do). Instead of making changes to how the software works, other measures need to be taken with what we already got as Carcharoth has stated. I also agree with Katie and Nyttend that if they want their userpage protected, they can just ask for it themselves and both users make many other valid points as well. — Mythdon 04:36, 15 September 2016 (UTC)
 * 19) Support, both an effort to reduce wiki harassment and the retaining of the status quo. I agree with others that protecting user page by default doesn't stop harassment, it just redirects elsewhere like user talk pages or other discussion pages. And what if the user puts offensive content, etc. on their own user pages? One more step of unneeded bureaucracy will be needed to resolve such a problem. Harassment should be dealt with in a better way, using what we have now, before we try this proposal. epicgenius (talk) 23:49, 19 September 2016 (UTC)
 * With semi-protection, autoconfirmed/confirmed users would still be able to blank pages (the good kind of blanking), request speedy deletion, etc.. The only thing that would change is the ability to protect one's own pages from then being vandalized by, say, a sock of the editor you reported.  As far as taking care of userpage vandalism (including inappropriate stuff vandals put on their own pages), I don't see anything changing for auto-confirmed/confirmed users. -- Gestrid (talk) 00:10, 20 September 2016 (UTC)
 * 1) Support. From my own experience, and as noted by several others, this isn't a particularly large problem - certainly not enough to warrant such draconian action as protection without the user's consent! Perhaps, as an alternative, we should put effort into making requesting protection more obvious/accessible for new users. WikiPuppies  bark dig 05:40, 21 September 2016 (UTC)
 * 2) Support, userspace vandalism is not a big problem, and protecting all userpages is not going to help very much. I very much prefer vandalism / insults on my user page to vandalism in article space. —Kusma (t·c) 10:54, 21 September 2016 (UTC)
 * 3) Support It isn't an issue. I could see having a toggle like mentioned below but it really isn't necessary. If a page is being targeted often it is easy enough to get it protected specifically. -DJSasso (talk) 15:06, 23 September 2016 (UTC)
 * 4) Support (or rather, oppose any change, I suppose). This is against both the spirit of the existing protection policy and the idea that users don't own their own userpages. ~ Rob 13 Talk 11:08, 24 September 2016 (UTC)
 * 5) Support per everybody Gary &#34;Roach&#34; Sanderson (talk) 22:49, 26 September 2016 (UTC)
 * 6) Support as first choice. Admins generally don't bat an eye at WP:UPROT requests at WP:RFPP (Second was Option 4) — Andy W.  ( talk  · ctb) 00:05, 5 October 2016 (UTC)

Option 1.5: Restrict anonymous editing of base user pages

 * This option was added to the RfC after the start by Xaosflux 


 * 1) Weak support - second choice - the cited studies above only reference problems from anonymous users - so why go after logged in users too? —  xaosflux  Talk 03:43, 1 September 2016 (UTC)
 * 2) I could support this, but only if it was a User-toggled option... --IJBall (contribs • talk) 04:37, 2 September 2016 (UTC)

Option 2: Default semi-protection for user page

 * 1) Support, second choice, as proposer. Funcrunch (talk) 17:07, 31 August 2016 (UTC)
 * 2) Support, first choice. I've always been in favour of this. Deb (talk) 17:58, 31 August 2016 (UTC)
 * 3) Support, first choice. --Xxmarijnw (talk) 18:00, 31 August 2016 (UTC)
 * 4) Support, second choice. -Pete (talk) 18:05, 31 August 2016 (UTC)
 * 5) Support, second choice. I JethroBT drop me a line 18:18, 31 August 2016 (UTC)
 * 6) Support, second choice. I prefer extended confirmation protection, but any protection is better than none. -Thunderforge (talk) 18:35, 31 August 2016 (UTC)
 * 7) Support, first choice. Many spammers use their user page as an ad page. It's necessary that experienced editors can tag these pages for speedy deletion, but it's unlikely that a genuinely new editor would know how to do that. Seraphimblade Talk to me 19:07, 31 August 2016 (UTC)
 * 8) Support, second choice.  Omni Flames ( talk ) 22:11, 31 August 2016 (UTC)
 * 9) Support: First choice. DaltonCastle (talk) 22:15, 31 August 2016 (UTC)
 * 10) Support. First choice per Seraphimblade. MER-C 04:01, 1 September 2016 (UTC)
 * 11) Support only because I don't approve of extending extended confirmed protection to anything beyond the barest necessities. It has the potential to create a chasm between well-established users and newer users. Should Option 3 pass, I can see us beginning to slide down a dangerous slippery slope. — This, that and the other (talk) 00:16, 2 September 2016 (UTC)
 * 12) Support, first choice. Kaldari (talk) 00:40, 2 September 2016 (UTC)
 * 13) Support, first choice. The problem with Option 3 is that it disallows editors with less than 500 edits from using legitimate secondary accounts to edit their own user page. SST  flyer  01:41, 2 September 2016 (UTC)
 * 14) Support: As long as this is for userpages and not user talk pages, I'm all for it -- I see no reason for an IP or logged-out user to ever edit a userpage. Softlavender (talk) 10:13, 2 September 2016 (UTC)
 * 15) Support: Semi protection would be enough in my opinion. Isn't extended confirmed protection used only on articles imposed by the decision of the Arbitration Committee? Ayub 407 talk 13:21, 2 September 2016 (UTC)
 * 16) Support first choice per Seraphimblade. BethNaught (talk) 08:17, 4 September 2016 (UTC)
 * 17) Support first choice. There's clear evidence that most anonymous (and not logged-out) edits to user pages are vandalism.  However, there's no clear evidence that a stronger protection (Extended confirmed) will have any meaningful, positive effect.  Default protection will be important since people are unlikely to find any protection setting we give them.  The harm will likely have been done by the time an editor looks into protecting their user page.  --EpochFail  (talk &bull; contribs) 17:34, 9 September 2016 (UTC)
 * 18) Support I don't even see why anyone needs to edit anyone else's user page in the first place. That being said, I don't see any reason why we need restrictions any stronger than this, and I'm opposed to over regulation. Tamwin (talk) 05:13, 12 September 2016 (UTC)
 * 19) Support - Second choice. There's no reason a new or accountless user should need to be able to edit someone's user page.  As long as the new user can edit his/her OWN user page without having been autoconfirmed, this is acceptable to me, although I'd prefer a user-selected toggle. Fieari (talk) 05:51, 12 September 2016 (UTC)
 * 20) Support - Per both Seraphimblade and This,_that_an_the_other, there is legitimate reason for blocking IPs indiscriminately, but there are legitimate reasons why even new users would edit another's User: page. I specifically oppose extended confirmed. If autoconfirmed isn't enough, even a weakly-determined vandal can just spam edit. So raising the limit to extended just encourages spam, which is almost the exact opposite of the intention of the proposal. --Unready (talk) 03:17, 16 September 2016 (UTC)

Option 3: Default extended confirmed protection for user page

 * 1) Support, first choice, as proposer. Funcrunch (talk) 17:07, 31 August 2016 (UTC)
 * 2) Support Wikipedia is made of people. Ckoerner (talk) 18:01, 31 August 2016 (UTC)
 * 3) Support, first choice. There really isn't a compelling reason for anonymous or very new editors to edit the userpages of others.  We already advise all editors to avoid doing so.  The available, recent sample shows that most anonymous edits to a userpage are either 1) vandalism or harassment, or 2) someone working on an article draft who is accidentally logged out.  Looking at this proposal from a harms and benefits perspective, default semi- extended confirmed protection presents no substantive harm; editors who are logged-out were motivated to create an account at some point, so it makes sense that they'd want to be logged-in while continuing to work on their draft.  On the benefits side, the change creates a much-needed barrier to vandalism and harassment that myself and other editors have experienced that is, at best, a waste of one's time, and at worst, motivation to leave the project entirely. I JethroBT</b> drop me a line 18:18, 31 August 2016 (UTC)
 * You say "default semi-protection presents no substantive harm" so aren't you advocating Option 2?--agr (talk) 18:27, 31 August 2016 (UTC)
 * Fixed. I was back-and-forth on which one of these options I preferred, and just forgot to update the text. <b style="font-family:Candara;color:green">I JethroBT</b> drop me a line 18:31, 31 August 2016 (UTC)
 * 1) Support, first choice. I can't see any reason why not to make user pages a little safer. Pi.1415926535 (talk) 18:28, 31 August 2016 (UTC)
 * 2) Support, first choice. I Jethro BT sums it up perfectly. RickinBaltimore (talk) 18:30, 31 August 2016 (UTC)
 * 3) Support: first choice. The only reason for anyone other than the page owner to edit a user page is to remove inappropriate content (personal attacks, personal information about a minor, extreme offensiveness, etc) or to mend something technical which is damaging the encyclopedia. If an IP or new editor sees something needing fixing they could ask at AN or elsewhere, to find an extended confirmed editor to fix it. I've wondered for a long time why we allow all and sundry to edit an editor's user page, and am pleased to see this discussion. Pam  D  18:32, 31 August 2016 (UTC)
 * 4) Support, first choice. A user page is a person's home. Only trusted editors should be allowed to make changes to it. -Thunderforge (talk) 18:35, 31 August 2016 (UTC)
 * 5) Support - There is no reason for editors who aren't extended-confirmed to edit other people's userpages. The percentage of edits to other people's userpages from unregistered or non-extended-confirmed users that are constructive/desirable is minimal and can very well be handled by other established users. ☺ ·  Salvidrim!   ·  &#9993;  19:42, 31 August 2016 (UTC)
 * 6) Support I haven't seen any good reasons here for permitting easy vandalism of new user's pages. The barrier is high enough anyway for new users, getting familiar with the wiki syntax, making sense of the many notices they may get, trying to understand the techy speech of wikipedians especially when talking about guidelines. The very last thing a new user needs on top of that is to get their user page vandalized. While experienced wikipedians who open a new account for whatever reason can easily ask an admin to permit anonymous editing of their user page if that's what they wish. I think policies for new user pages should be focused on what is best for genuinely new users. I haven't had my own user page vandalized, but I can imagine how disconcerting that would be for a new user - who may not realize how easy it is to revert. The talk page is different - a new user would expect, from its name, that others would be able to edit it to talk to them. Robert Walker (talk) 23:02, 31 August 2016 (UTC)
 * 7) Support per I, Jethrobot and Robertinventor. ~ Matthewrbowker  Drop me a note
 * 8) Support per I JethroBT and Robertinventor.&bull; &bull; &bull; Peter (Southwood) (talk): 04:18, 1 September 2016 (UTC)
 * 9) Support per I JethroBT and Robertinventor. DAY TALK 09:54, 1 September 2016 (UTC)
 * 10) Support per I JethroBT and Salvidrim. --Tom (LT) (talk) 10:23, 1 September 2016 (UTC)
 * 11) Support  Varun FEB2003    13:21, 1 September 2016 (UTC)
 * 12) Support I am a victim of IP sock attacks on my personal page, and I spent time seeking the methods and asking for such protection, see my Talk Page history why it matters to me. Zezen (talk) 20:33, 1 September 2016 (UTC)
 * 13) Support, second choice. Kaldari (talk) 00:41, 2 September 2016 (UTC)
 * 14) Support as first choice. My userpage is now a target for vandalism/attacks/harassment but I still allow anyone to edit my userpage. KGirlTrucker81huh? what I'm been doing 11:24, 5 September 2016 (UTC)
 * 15) Support - First choice. I see it this way: An account's userpage is functionally like a social media userpage (Facebook, Twitter, LinkedIn). A Wikipedia userpage is in its most fundamental form the personal page of a Wikipedia editor. We don't let others edit our Facebook pages, so why should we let others edit our Wikipedia userpages? Why should Wikipedia user pages be treated like any other unprotected Wikipedia article? GabeIglesia (talk) 12:27, 8 September 2016 (UTC)
 * 16) Support, second choice. Airplaneman   ✈  19:58, 8 September 2016 (UTC)
 * 17) Support - First choice. I have witnessed users vandilzing pages many times and I would go as far to say I would support User pages been protected indefinitely, but sometimes the users themselves vandilze their pages and others need to revert it, like I have had to do. Some IPs actually create several accounts just to vanadlize User pages. Some protection is needed against this sort of effort. I JethroBT reasoning is very well said and I am supporting this along the same lines. I as a new user was clueless to how Wikipedia worked and accidently did some stuff that if this were in place would have been prevented. Chase (talk) 01:54, 10 September 2016 (UTC)
 * 18) Support - Online harassment is a real problem for some folks. We should default to "protect everyone". This will not end online harassment, of course, but it is a necessary step. &mdash; Safety Cap (talk) 13:47, 15 September 2016 (UTC)
 * 19) Support - This can prevent anybody vandalizing user pages of those users they don't like. By the way, I have thought of a special logo, which is like: Padlock-solid-yellow.svg distinguish it from normal extended confirmed protection. Wetit🐷 0 08:23, 29 September 2016 (UTC)

Option 4: User-toggled setting for semi-protection of user page (no default protection)

 * 1) Support, second choice. Deb (talk) 17:59, 31 August 2016 (UTC)
 * 2) Support, second choice. --Xxmarijnw (talk) 18:01, 31 August 2016 (UTC)
 * 3) Support, first choice. -Pete (talk) 18:05, 31 August 2016 (UTC)
 * 4) Support, first choice. Colonel Wilhelm Klink (Complaints&#124;Mistakes) 18:14, 31 August 2016 (UTC)
 * 5) Support, first choice. (I understand this option as saying the default is no protection; that should be made explicit, though it seems clear from contrast with the first options.) I see this as the least intrusive option to address the reported problem. "Anyone can edit" openness is a hallmark of Wikipedia. It says we trust our readers and deal with situations where that trust is not warranted on an exception basis. Extended protection is new and and should be kept for extreme situations where semi-protection has failed. Remember users who pass the semi-protection barrier are subject to warnings and blocks for vandalism or harassment. Our goal has always been to get vandals to become well behaved editors, not to keep the riff-raff out.--agr (talk) 18:43, 31 August 2016 (UTC)
 * 6) Support. Current situation is that these pages are semi-protected on request even without a need for it; in this one situation, I think we can trust the users themselves to handle it. עוד מישהו Od Mishehu 18:50, 31 August 2016 (UTC)
 * Actually, per WP:UPROT, "user pages are not preemptively protected." I'm assuming this RFC would change that, though. Colonel Wilhelm Klink (Complaints&#124;Mistakes) 19:11, 31 August 2016 (UTC)
 * As far as I know, here we have a difference between "official" policy and actual practice. עוד מישהו Od Mishehu 19:12, 31 August 2016 (UTC)
 * 1) Support, second choice. I have no problem with the initial setting being semiprotected, but do strongly object to it being extendedconfirmed. We put in extendedconfirmed to deal with exceptional situations, not everyday ones. Seraphimblade Talk to me 19:09, 31 August 2016 (UTC)
 * 2) Support, first choice. Prefer to option 2 as option 2 has issues with new users not being able to edit their own userpages, as their userpages would be automatically semi-protected. <b style="color:#CCCC00">Joseph</b><b style="color:#00FF00">2302</b> 20:42, 31 August 2016 (UTC)
 * This issue is addressed in the section. Funcrunch (talk) 20:46, 31 August 2016 (UTC)
 * Agreed that it is, but I believe it's better to implement a guideline that doesn't require vast programming changes. <b style="color:#CCCC00">Joseph</b><b style="color:#00FF00">2302</b> 20:55, 31 August 2016 (UTC)
 * 1) Support, first choice per Joseph2302. It makes sense, and is a good idea. ThePlatypusofDoom (talk) 21:26, 31 August 2016 (UTC)
 * 2) Support, first choice. Not all user pages need to be protected, but when they do, the user should be able to protect it themselves instead of having to go to WP:RFPP and possibly wait a while for an admin. This is also the ideal level of protection in my opinion.  Omni Flames ( talk ) 22:04, 31 August 2016 (UTC)
 * 3) Support, first choice. I think this is the best solution because it allows leeway as to if users want their userpage protected or not. Some people might not want theirs protected(as agr said anyone being able to edit is tradition on Wikipedia), while others may want the added protection. JakeR (talk) 01:18, 1 September 2016 (UTC)
 * 4) Support. Second choice because this requires some software development; who knows how long it'll take the WMF to get around to it. MER-C 04:04, 1 September 2016 (UTC)
 * 5) Support I'm not a big fan of the idea in general as we should still minimize protection in user-space, but this proposal is fine. It is basically already policy that we will permanently semi-protect a userpage on request, and this just shifts the burden from admins to an interface toggle. Hard to argue with that. Monty  845  12:06, 1 September 2016 (UTC)
 * 6) Support, first choice, per Joseph2302 and Omni Flames. M. A. Broussard (talk) 22:00, 1 September 2016 (UTC)
 * 7) Support second choice, largely per my comments in section 1. Tazerdadog (talk) 06:15, 2 September 2016 (UTC)
 * 8) If something along these lines gains consensus, it should be disabled by default, hence this is the only viable option in my opinion. This is the encyclopedia anyone can edit. I don't see any evidence that there is a need to decrease the openness in this case. It is already adequately handled by the system we have established. Giving users the ability to protect their userpage if they choose to is reasonable. The current guideline states that a need (e.g. recurrent vandalism) must be demonstrated. A little more leeway wouldn't be too bad. Either allowing preemptive requests or a technical implementation to allow users to do it themselves would work. Semi-protection is okay, but extended-confirmed protection is too high of a bar (might as well offer a protection like script pages do if that were to be the case). —  Godsy (TALK<sub style="margin-left:-2.0ex;"> CONT ) 10:43, 2 September 2016 (UTC)
 * 9) Support as a first choice. This is a great idea, and I don't see why protection by default is needed. Enterprisey (talk!) 22:41, 3 September 2016 (UTC)
 * 10) Support as a first choice per Omni Flames. AntiCompositeNumber (Leave a message) 22:02, 6 September 2016 (UTC)
 * 11) Support, but would rather see it as a choice that the user can toggle between semi-protected and extended confirmed protection. Also, it should be disabled by default per 's reasoning. --MorbidEntree - (Talk to me! (っ◕‿◕)っ♥) (please reply using &#x7B;&#x7B;ping&#x7D;&#x7D;) 11:47, 7 September 2016 (UTC)
 * 12) Support as second choice. I agree with that allowing editors to apply extended confirmed protection to their own userpages is a bit much, but semi-protection is fine if the user feels it is warranted. Obviously, it should be disabled by default. If an editor's userpage is continually vandalized and semi-protection doesn't work, then WP:ANI is the more appropriate place for the issue to be addressed. — Jkudlick • t • c • s 11:27, 8 September 2016 (UTC)
 * 13) Support, first choice. This comes down to assuring a good quality of life for editors (as per I JethroBT's arguments in this RFC); if userspace protection provides a boost in quality of life and does not restrict the productivity of anonymous contributions—which I don't think it does—I see no arguments to withhold this feature. In my experience, I haven't seen any productive anonymous editing on userpages, and they're fertile ground for vandalism and harassment, especially for those who are on the front lines (e.g. dealing with trolls and vandalism). I'm seeing many arguments under option 1 that claim that userpage vandalism is rare and/or is of less concern than article vandalism. Though these arguments are not wrong, I don't see why they should preclude an option&mdash;which I believe is a much-needed one&mdash;for an editor to lock their own userpage if they so choose. Airplaneman   ✈  19:45, 8 September 2016 (UTC)
 * 14) Support as second choice. I would prefer to see userpages stay open by default, but this is a good compromise. -- Ajraddatz (talk) 03:13, 10 September 2016 (UTC)
 * I think you both slightly misunderstood this option. It calls for an option for an editor to protect their own userpage. This does, indeed, keep the user page "open by default." User action would be required to protect the page. Airplaneman   ✈  16:57, 11 September 2016 (UTC)
 * Nope, I read it. This way at least user pages are open by default, which as I said is what I prefer. :-) -- Ajraddatz (talk) 17:27, 11 September 2016 (UTC)
 * 1) Support - second choice. Though I prefer Wikipedia continuing to be open for editing for anyone, as its motto reads, if user space protection were introduced, I would support letting the user turn it off, so that others (including new and IP editors) may edit their user page. --Joshua Issac (talk) 14:00, 11 September 2016 (UTC)
 * 2) Support - first choice. Users don't "own" articles, but they should be allowed to "own" their own user page. This would enable enforcement of that, and allow harassed wikipedians to feel more empowered. Fieari (talk) 05:49, 12 September 2016 (UTC)
 * 3) Support - first choice. I'm *not sure* this will solve a problem or even move us in the right direction. OTOH I'm pretty sure it will not cause any problems and it will likely occasionally help. (I'd even allow it to be optionally extended to a user's talk page). Throwing up our hands and saying "we can't do anything" is not the way to go. The cost-benefit balance favors doing this. Smallbones( smalltalk ) 18:51, 12 September 2016 (UTC)
 * 4) Support - first choice. After having recently dealt with a vandal that was on a high-speed userpage raid (They were adding very innappropriate fake "Welcome to Wikipedia" messages to many userpages, and I had to request WP:G10 on a bunch of them in the middle of the night.  Not many admins seem to be on at 3am.), I'm very open to this option.  I would also prefer an additional option to protect subpages and my talk page (talk being off by default).  No non-autoconfirmed user has any need to touch my Editnotice pages or my transcluded pages. — Preceding unsigned comment added by Gestrid (talk • contribs) 1:55, 18 September 2016 (UTC)
 * Comment - I found the user and their IP sock who that doing what I mentioned above. Administrators, see Special:Contributions/Amotrtias (NOT to be confused with !) and Special:Contributions/92.40.156.172.  All edits by that user and their IP sock have been removed from public view for blatant vandalism or attack pages. -- Gestrid (talk) 19:51, 24 September 2016 (UTC)
 * 1) Support 1st option. Iazyges   Consermonor   Opus meum  00:30, 19 September 2016 (UTC)
 * 2) Support First choice. - F ASTILY   07:34, 19 September 2016 (UTC)
 * 3) Support – first choice. Harassment is incremental, and this is an incremental improvement towards closing the harassment gap. Cheers!   01:47, 25 September 2016 (UTC)
 * 4) Support as second choice, but don't feel strongly about this being implemented (first choice being status quo) — Andy W.  ( talk  · ctb) 00:05, 5 October 2016 (UTC)

Option 5: User-toggled setting for extended confirmed protection of user page (no default protection)

 * 1) Support, second choice. Colonel Wilhelm Klink (Complaints&#124;Mistakes) 18:14, 31 August 2016 (UTC)
 * 2) Support, second choice. ThePlatypusofDoom (talk) 21:26, 31 August 2016 (UTC)
 * 3) Support: second choice. KGirlTrucker81huh? what I'm been doing 11:25, 5 September 2016 (UTC)
 * 4) Support second choice. Iazyges   Consermonor   Opus meum  00:30, 19 September 2016 (UTC)
 * 5) Support – second choice.   00:58, 25 September 2016 (UTC)

Discussion

 * Your user page is the one place on Wikipedia where relatively unbridled self-expression is encouraged. While vandalism and harassment may not seem like a big deal to a wiki veteran, it can be very off-putting to a new contributor; performing any reversion can take a great deal of confidence. While help setting up one's user page, can be welcome, it's generally best if that help is solicited, or discussed in advance. I like the user toggled approach, because it would allow any given user to easily open up their page if and when they feel comfortable with that. Thank you for all your work putting together this proposal. -Pete (talk) 18:09, 31 August 2016 (UTC)
 * While I rather enjoy having my user page vandalized (as it shows that I've miffed the vandals enough to warrant a reaction), I realize that there are people who don't appreciate it (e.g., people who are simply insulted by trolls because of sexuality, religion, etc.). Also, as Pete points out, new users may be more sensitive to insults, and thus be deterred from contributing if their user pages are vandalized. As such, I would prefer the decide-for-yourself approach, which would allow people to choose whether they want an unlocked or locked page. Colonel Wilhelm Klink (Complaints&#124;Mistakes) 18:28, 31 August 2016 (UTC)
 * My vandalized userbox was a mark of pride, until someone went and permanently semi-protected my user-page. I couldn't really justify asking for protection to be removed, when the only reason to do so would be to let people resume vandalizing it... Monty  845  02:01, 1 September 2016 (UTC)
 * What happens if a file used on an enwiki user page is moved or deleted on Commons? Commons requires an appropriate level of trust - 1500 edits is the usual approximate threshold - for moving files, and even more trust for adminship. However, a trusted user or admin on Commons may have very few enwiki edits, and the automatic replace/remove would then fail. That's a minor logistical issue with several possible solutions (tossing it to a bot, making an exception for automatic edits by trusted Commons users, etc) that should be solved, but doesn't take away from this excellent proposal. Pi.1415926535 (talk) 18:30, 31 August 2016 (UTC)
 * I assume, but am not certain, that semi or extended protection could be enacted without preventing the user whose user page it is from editing their own user page, when they themselves are just starting to edit. --Tryptofish (talk) 18:34, 31 August 2016 (UTC)
 * This issue is addressed in the section. Funcrunch (talk) 18:40, 31 August 2016 (UTC)
 * "If user pages are protected by default, programming changes will need to be made so that new users can edit their own pages before reaching the required threshold." So work would need to be done, but in the end the user will still be able to edit their own protected pages. -Thunderforge (talk) 18:43, 31 August 2016 (UTC)
 * Currently, applying any kind of protection to a new editor's userpage would prevent them from editing their own userpage-- there is no special case built in to the mediawiki software underlying how page protection works (as far as I know, anyway). However, any changes from this proposal would not be enacted unless new editors could continue to edit their own userpage regardless of its protection state. <b style="font-family:Candara;color:green">I JethroBT</b> drop me a line 18:50, 31 August 2016 (UTC)
 * Thanks, all. --Tryptofish (talk) 21:08, 31 August 2016 (UTC)


 * Comment on user-toggling: for new users espeically, it would be important to clarify which way the default toggle was set: Protected until they opt for unprotection, or the reverse. I'd hope we'd go for "Protected until I've opted otherwise", to protect the most inexperienced of our editors, if either of the toggle options was chosen. Pam  D  18:37, 31 August 2016 (UTC)
 * I interpret options 4 and 5 as unprotected unless users opt for protection. "Protected until I've opted otherwise" is essentially what options 2 and 3 offer. But I agree this should be made clear in the RFC.--agr (talk) 18:53, 31 August 2016 (UTC)
 * I've edited the titles of the toggle options to clarify that the default would be no protection. Funcrunch (talk) 19:35, 31 August 2016 (UTC)


 * Please provide a link to previous discussion(s), at least to this one I am aware of dating from 2013 where the idea of automatically-protected user pages was raised: Wikipedia talk:Protection policy/Archive 15. ☺ ·  Salvidrim!   ·  &#9993;  19:26, 31 August 2016 (UTC)
 * Thanks for the pointer. But as the linked discussion took place three years ago, I'm not inclined to edit the main body of my proposal to include it. Folks are still free to discuss it here of course. Funcrunch (talk) 19:39, 31 August 2016 (UTC)


 * Well I know that I'm far from a novice editor on enwiki, but I've recently edited other users pages on other language wiki's where I didn't have 500/30 (e.g. w:tr:Special:Diff/17505878; w:it:Special:Diff/82613120) - I think that was a net positive - and if some new user fixed an error like that on my page here today I really can't see why I would care. I have no idea how much this type of activity may be occurring - does anyone have statistics on useful edits by new users to this space that would be prevented? —  xaosflux  Talk 22:35, 31 August 2016 (UTC)
 * The section mentions a recent query with some statistics. Funcrunch (talk) 22:39, 31 August 2016 (UTC)
 * I did see that section, and unless I'm missing something the data cited is for anonymous users, but the conclusion lumps in "new" users not supported by the data. Please point to anything I am missing here. —  xaosflux  Talk 00:26, 1 September 2016 (UTC)
 * Our policy WP:Harassment defines it as follows: "Harassment is a pattern of repeated offensive behavior that appears to a reasonable observer to intentionally target a specific person or persons." I didn't see anything in the data cited that would come close meeting that definition. Is this really about harassment or just reducing vandalism to user pages?--agr (talk) 01:55, 1 September 2016 (UTC)
 * It's about both harassment and vandalism. I agree that the latter is more common in the sample.  The set of edits was randomly sampled from the past several weeks, so it's probably not going to reveal a pattern of behavior from a single person on its own (esp. if they are IP-hopping); that would require a more in-depth approach.  However, looking over some of the sample, some edits have been revdeleted on the basis of being grossly offensive.  One that was not revdeleted was someone making a legal threat and writing the word "faggot" backwards on a userpage.  This is behavior that is consistent with harassment.  WP:Harassment also reads: Harassment, including threats, intimidation, repeated annoying and unwanted contact or attention, and repeated personal attacks may reduce an editor's enjoyment of Wikipedia and thus cause disruption to the project. Harassment of an editor on the basis of race, sex, gender, sexual orientation, religion, age or disability is not allowed. <b style="font-family:Candara;color:green">I JethroBT</b> drop me a line 02:13, 1 September 2016 (UTC)
 * I took a look at the two revdeleted examples. They were both done on the same day from the same IP and had the same content: multiple, identical, all-cap lines that suggest the person had "diarrhea" -- that was the only offensive word. Repeated edits could count as harassment, but the user page was a deleted sock puppet. There is reason to believe the vandal was the owner of the user page in question. The same IP also performed the same vandalism multiple times on one article-space page that day. The legal threat you mentioned was pretty unspecific and directed to an experienced user who seems to get a lot of vandalism, but with no particular pattern. Much of that vandalism was reverted by editors other than the owner. He has not chosen to protect his page. Many of the other examples in the search involve sock puppet user pages and are likely instances of the blocked individual acting out. None of this bad behavior is acceptable, of course, but I haven't seen examples that are clear cut harassment as defined in our policy or that suggest our existing mechanisms are inadequate to handle such incidents and that new measures are therefore required. The arguments seem to be 'no one has any business editing someone else user page, so let's protect them." I'd like to see more evidence that a real problem exists.--agr (talk) 11:25, 1 September 2016 (UTC)
 * This is anecdotal, but I experienced harassment on my user page that was serious enough for not only the edit but also the edit summary and even username (from a new account) to be revdeleted. I understand the desire for more evidence, but my argument (as well as 's) is that there aren't sufficient compelling reasons for allowing anonymous and new users to edit other users' pages by default. The threshold for autoconfirmed access is only four days tenure and 10 edits, which is really quite low. Funcrunch (talk) 15:47, 1 September 2016 (UTC)
 * The compelling reason is long-standing Wikipedia policy not to treat IP users as second class citizens. Instead we deal with vandalism on an exception basis when it occurs. There have been many suggestions to limit this and that to logged or auto confirmed users, but they have not been adopted. See https://en.wikipedia.org/wiki/Wikipedia:Perennial_proposals#Prohibit_anonymous_users_from_editing for a discussion of why. In my opinion we need a compelling reason to alter our policy of openness. The intro to this RFC identifies harassment as that compelling reason, but I have seen no evidence here that it is more than an occasional problem that can be handled well enough by existing mechanisms. Did you find the handling of your harassment problem overly burdensome?--agr (talk) 17:15, 2 September 2016 (UTC)
 * Without going into details, as the harassment (which occurred on my user pages on Commons and Meta as well as en:wp) was redacted for good reason, yes, it was burdensome. Funcrunch (talk) 17:23, 2 September 2016 (UTC)
 * If the issue is preventing potentially good edits from new editors, my gut tells me that they are scarcely ever going to other people's userpages to change/fix them. I don't find fixing things like spelling or broken links to be particularly compelling or important kinds of benefits when it comes to userpages.  New editors are better suited editing in different areas anyway, and if they want to fix mistakes on another userpage, they can be brought to the editor's attention on their talk page, which is what policy recommends anyway. <b style="font-family:Candara;color:green">I JethroBT</b> drop me a line 02:31, 1 September 2016 (UTC)
 * I'm really wondering if they are going to these pages at all - which is what I was wondering when looking for "the missing option" in this poll: Restrict base user pages from being edited by anonymous users. - I added it now, if this is too disruptive to the rfc in progress feel free to revert me. — xaosflux  Talk 03:37, 1 September 2016 (UTC)
 * I guess I'm OK with the additional option you added, though I'd prefer it clarified that it wasn't part of my original proposal. I do want to emphasize though that the threshold for autoconfirmed status is quite low: only four days and 10 edits. Funcrunch (talk) 05:02, 1 September 2016 (UTC)
 * I support the most stringent protections of user pages; I've seen that many admins, as soon as they pass RfA and get the bit, protect their user pages first before even trying on the T-shirt. It only makes sense other editors get this protection. I suspect though, that this measure really benefits our countervandalism editors, most of whom are experienced enough to toggle a switch should they choose. I recall only once seeing the userpage of a new editor vandalized and it was by another registered user who presumably knew the other in real life. Not that it would be bad to set protection by default but I'm not sure it's necessary. My userpage has only been vandalized 12 times and as they say, that's how you know you've been effective. The only constructive edits to my userpage not done by me are There's really no good argument against this proposal.  Chris Troutman  ( talk ) 23:16, 1 September 2016 (UTC)


 * Re your comment in the section you added that I seem to have "dismissed" the option of policy changes: I did not include such options in this RfC because I am not convinced that there is a demonstrated need for anons and new users to edit other users' pages, and I would rather help prevent harassment from occurring on those pages in the first place than remove it after the fact. I included the toggle option that was suggested to me so that users like yourself could still allow anon/new editing, while users who don't want that could easily prevent it without involving admins at all. I thank you for your detailed analysis regardless of whether we agree on that path forward. Funcrunch (talk) 14:13, 3 September 2016 (UTC)
 * Hold on. You have framed this entire RFC on the premise that semi-protecting user pages will have a significant effect on reducing harassment. The reason your proposal got support at the Idea Lab was because it was framed on reducing harassment.  If you'd simply said what you are saying above, that you don't think logged-out or new users should be editing other editor's user pages, your proposal would have gone nowhere at the Idea Lab, and you probably wouldn't be having WMF staff support to help you run this RFC.  I'm wondering if they're feeling a bit sheepish now; they ought to be.  Keep in mind that the same WMF staff study I mention below showed that 40% of logged-out edits to user pages were good edits. You keep talking the talk, Funcrunch, that this is about harassment.  But when it came down to brass tacks, it turns out it's really about restricting anon editing through technical means. Addressing harassment seems to be your hook, not your objective. If this was really about harassment, you'd have jumped on the bandwagon I waved under your nose and said "yes, yes, let's fix the policy right now, while we consider whether or not technical solutions are required".  Harassment is a serious issue on this project and on many other Wikimedia projects, and I'm not happy that you're using it as a coatrack for restricting anon and new user editing.  Risker (talk) 15:39, 3 September 2016 (UTC)
 * You're misreading me. As a user who has experienced serious harassment, both on my user page and elsewhere, reducing harassment was indeed my motivation for the proposal at the IdeaLab and for this RfC. In the course of proposing the idea and the RfC, I concluded that there were no compelling reasons for anon and new users to edit another user's page, so preventing that from happening would be one way to reduce harassment. Obviously others disagree with me on that, but please don't second guess my motivations. Funcrunch (talk) 16:47, 3 September 2016 (UTC)
 * I would be open to there being an option to protect individual userpages. For example, if there ends up being an option to semiprotect subpages (as I hope there will be if this passes), I would prefer to protect User:Gestrid/Editnotice and User talk:Gestrid/Editnotice while leaving User:Gestrid/Liberty University (a copy of Liberty University used by me for making test edits to that article) unprotected in case someone came along who wanted to work on it.  One more thing: In addition to this, would it be a good idea to semiprotect unregistered user and user talk pages?  This would protect against pages being created by vandals to harass users.  (This actually did happen to me after the vandal mentioned in my !vote above noticed I was WP:G10ing or undoing everything they were doing.  They started creating inappropriately named user talk pages with that same welcome message I mentioned above.) -- Gestrid (talk) 02:16, 18 September 2016 (UTC)
 * I finally found the user and their IP sock that caused all those people some harm on their pages. Administrators can see edits by the user at Special:Contributions/Amotrtias (NOT to be confused with !) and their IP sock at Special:Contributions/92.40.156.172.  All edits by the user have been removed from public view for either blatant vandalism or attack pages. -- Gestrid (talk) 20:10, 24 September 2016 (UTC)

Scope: subpages
Why are User: subpages not included? If my user page is protected, any troll could still create User:BethNaught/My crimes and, linking to it as a purported confession, libel me, for example. If it were not on my watchlist, I wouldn't even noice. In dealing with the Nsmutte troll, I had to use the title blacklist to protect all Bonadea's user space from harassing creations and edits. Though I welcome option 2 as a sensible first step, this RfC would only dislocate the harassment. BethNaught (talk) 08:33, 4 September 2016 (UTC)
 * Users sometimes collaborate on subpages in the userspace, for example to draft articles or RfCs such as this one. Anon and new editors can contribute productively there, on the user talk page, and elsewhere on Wikipedia. It's only on the user page itself where I haven't seen sufficient compelling reasons for the current default of open access, so that's my primary target for addressing one venue of harassment. I'm not sure how to preemptively handle the case of a troll creating a user subpage specifically to defame a user... Funcrunch (talk) 14:56, 4 September 2016 (UTC)

Move and create
If the option for user-toggled extended-confirmed protection passes (doesn't look like it has as much support as other options), does the option for moving these pages also have ECP toggle? (This is not a concern at the autoconfirmed level, since the "baseline" for move is inherently at semiprot)

Along similar lines, it's possibly worth a very short discussion about whether user (sub)pages should have create restriction at semi- or ECP level, and if it's worth a future RfC if this one passes? (The "baseline" for create is not autoconfirmed) — Andy W.  ( talk  · ctb) 17:34, 8 September 2016 (UTC)
 * Certainly worth a discussion down the line; per my reply to in the section above, I hadn't really thought about the case of a vandal creating a page in another user's space specifically to defame or harass them. I've limited the scope of this RfC to just the primary user page, but if one of the options does have enough support for programming changes to be made, then other issues like this will need to be addressed. Funcrunch (talk) 22:09, 8 September 2016 (UTC)

Evidence-based information and interpretation
'' This section was added by after the start of the RfC. ''

In order to determine the frequency that inappropriate editing of user pages has resulted in user page protection, I obtained the list of user pages currently protected or semi-protected. The page is available at Special:Protected Pages, selecting user namespace and hiding redirects. At the time that I ran the report, the total output was 8067 pages in user space (excluding user talk pages) that were semi- or full protected. Eliminating subpages left 4470 user pages. Further eliminating IP pages (all of which were tagged as socks, and which I have now deleted with one exception) reduced the total number of registered user pages semi- or fully protected to 4360. I examined 20% of those pages (875 pages) to determine the reason that they were protected, which I think is a fair sample size. I did not differentiate between fully protected and semi-protected pages. The results are below.

Results of review
Total pages reviewed was 875 user pages (20% of user pages protected at the time the list was downloaded). No differentiation was made between fully protected and semi-protected user pages.

Administrators and related account types are separated out because they have the ability to protect their own pages or, if they are former admins/stewards, they have the contacts to get a page protection quickly without questions. While it is probably true that admin-type accounts are much more likely to be the subject of user page harassment/vandalism, their user pages are protected at a much greater frequency than non-admin users.

Adding together all types of user requests (with or without user page harassment/vandalism, as well as admin accounts), this is 35% of all protected user pages.

I was saddened by the number of pages identifying deceased users. I was also horrified by some of the vandalism and harassment that I saw on looking at page histories and diffs. It has certainly heightened my awareness as an administrator about some of the nastiness our users experience, and I am very motivated to increase administrator sensitivity and responsiveness to these situations. I note in passing that about 20% of the semi-protected pages continued to receive vandalism/harassment posts; the harasser just got the account autoconfirmed before posting.

Coolest thing found on review: the IP address originally used by Willy on Wheels. This page has been left intact as it is a part of Wikipedia history.

Focus on User pages that have been targeted for harassment/vandalism
It is concerning to see how the number of pages protected over the years has significantly decreased. This is an area where administrators can really start making a difference.

Other data
Some additional data provided by a query created by WMF staff of IP edits in userspace for a two-week period showed that a total of 2921 edits were made, of which 1334 were to user pages. Of those, 105 edits were reviewed in depth; about 60% of them were problematic. (See the discussion in Funcrunch's user space). Extrapolating, that would be 800 problem edits in two weeks, 400 in one week, about 60 a day, spread across tens of thousands of userpages. This is a very small number - many of our RC patrollers revert more edits than that in under an hour - so it is difficult to really get a good sense of the frequency and severity of this issue.

Opportunities for improvement

 * The frequency of page protections as a result of harassment/vandalism is much lower than I expected it to be when I started this review. I do not believe that these numbers reflect the reality of inappropriate editing of user pages; better evidence and studies are required to get a better sense of the frequency of these problems.  It is important to gather this information in order to figure out what the best options would be to reduce the frequency of these edits.
 * It is also important to quantify the frequency in order to justify the expenditure of finite resources (i.e., developer time) if part or all of the "solution" is predicated on software changes. All of the software-based options above will require the time of experienced MediaWiki developers.
 * Policy changes that can be made immediately without any software changes are not included in the options listed, and seem to have been dismissed by the creator of the RFC.  This is unfortunate, since the first and most obvious opportunity to reduce inappropriate editing of user pages is to change the standard so that administrators are expected to default to semi-protecting user pages on request by a user (with or without any user page vandalism/harassment) or any person who has reverted an inappropriate edit on a user page of a user who has been inactive for more than two weeks.  If there are 60 inappropriate edits happening every day, we should be seeing several user page protections every day, not one or two a month.
 * Instead of requiring requests for page protection be made at exactly the right page in exactly the right format, with exactly the right reason, administrators should be encouraged to act on any request made anywhere that comes to their attention. This should include AN and ANI noticeboards.
 * Another possible improvement that requires no new software or approvals would be a system to encourage users to watch each other's User pages. My prefs are set up to watch any page I edit and as a result I have over 100 user pages on my watch list and it is no burden. I woul be happy to add a couple hundred users who request it to my watch list. Implementation coul be as simple as making a list of willing editors. Or a tool could be built that randomly assigns requests to willing editors. One big advantage of this approach is that it covers user talk pages as well. A more advanced version would automatically detect non-self changes to user pages and add them to the watch list of volunteers. Catching vandalism early is a powerful deterrent.--agr (talk) 15:15, 5 September 2016 (UTC)

Closure requested
As 30 days have passed since I posted this RfC, I have requested evaluation and closure from an experienced, uninvolved editor at Administrators' noticeboard/Requests for closure. Funcrunch (talk) 21:04, 30 September 2016 (UTC)