Wikipedia:Revision deletion

RevisionDelete (also known as RevDel or RevDelete) is a feature that allows administrators to remove individual entries in a page history or log from public view. It is used for "selective deletion", largely replacing the prior method (delete and partial undelete) which should no longer be used except for history merges and occasional other technical cases where it is needed. Revision deletion should only be used in accordance with the criteria for redaction.

RevisionDelete can hide the text of a revision, the username that made the edit or action, or the edit summary or log summary. On the English Wikipedia, criteria exist to govern the use of RevisionDelete, which are outlined below. Use of RevisionDelete by oversighters in "Suppression" mode is covered separately by the Oversight or Suppression policy.

Any administrator may handle RevisionDelete requests made by users, but Category:Wikipedia administrators willing to handle RevisionDelete requests lists administrators who have declared a particular willingness to handle such requests. Users who have concerns about any particular use of RevisionDelete may ask any administrator to review the matter, but again administrators listed in that category may be particularly well placed to do so. When contacting editors about sensitive material, email is preferred to talk page messages, to avoid exposing information to more readers.

Overview
RevisionDelete allows selective redaction of posts and log entries by administrators, as well as peer review by any administrator of the correct use of the tool. Entries still appear in redacted form on the public wiki, and any user may request that an administrator review a RevisionDelete action, to determine whether its removal was reasonable. RevisionDelete logged actions can be found here.

As a deletion tool, RevisionDelete is capable of removing material from the wider community's view. Because of this, the tool should only be used within strict guidelines.

In time-sensitive situations where material may be subject to the oversight policy (such as privacy breaches and defamation), an administrator may redact first, then immediately bring the matter to the attention of oversighters. (See below.)

Misuse
RevisionDelete was introduced for administrators in 2010. The community's endorsement of the tool included a very strong consensus that its potential to be abused should be strictly barred, prevented by the community, and written into the policy. Especially, RevisionDelete does not exist to remove "ordinary" offensive comments and incivility, or unwise choices of wording between users, nor to redact block log entries.

Material must be grossly offensive, with little likelihood of significant dissent about its removal. Otherwise it should not be removed. Administrators should consult as usual if uncertain that a revision would be appropriate to redact.

Criteria for redaction
 A certain low degree of inappropriate or disruptive posting is normal within a large community. In general, only material that meets at least one of the criteria below should be deleted. Users should consider whether simply reverting or ignoring would be sufficient in the circumstances. If deletion is needed, only redact what is necessary (i.e. leave non-harmful fields visible), and give a clear reason for the removal.

The community's decision was that RevisionDelete should not be used without prior clear consensus for "ordinary" incivility, attacks, or claims of editorial misconduct. The wider community may need to fully review these at the time and in future, even if offensive.


 * RD1. Blatant violations of the copyright policy. Best practices for copyrighted text removal can be found at WP:Copyright problems and should take precedence over this criterion. Usernames should not be hidden under RD1.
 * RD2. Grossly insulting, degrading, or offensive material that has little to no encyclopedic or project value, or violates our biographies of living people policy. This includes slurs, smears, and grossly offensive material of little or no encyclopedic value, but not mere factual statements, and not "ordinary" incivility, personal attacks or conduct accusations. When pages with grossly improper titles are in question, the page names may also be removed from public log entries.
 * RD3. Purely disruptive material that is of little or no relevance or merit to the project. This includes harassment, grossly inappropriate threats or attacks, browser-crashing or malicious HTML or CSS, shock pages, phishing pages, known virus-proliferating pages, and links to any of these or to web pages that disparage or threaten some person or entity and serve no valid purpose, but not mere spam links.
 * RD4. Oversightable information – see separate section below for criteria.
 * RD5. Valid deletion under deletion policy, executed using RevisionDelete. Except for history merges and fixing cut-and-paste moves, if selective deletion is required, RevisionDelete is usually preferable, and should be used instead of the old method of "delete and then partially undelete". It is important that the underlying reason for deletion be made clear in the log summary.
 * RD6. Non-contentious housekeeping including correction of clear and obvious unintended mistakes in previous redactions, changes to redaction based upon communal discussion and clear consensus, adding information to the delete logs, and converting traditional selective deleted edits to RevisionDelete. (The action must not be likely to be contentious or controversial; consult if needed)
 * RD7/AC. Deletion mandated by a decision of the Arbitration Committee. At times the Arbitration Committee may determine that a logged item was sufficiently improper that the record should be formally deleted in the public log. The deletion reason should clearly link to the decision. Deletions under this criterion are considered to be Arbitration Enforcement matters and should not be overturned improperly; they may however be appealed.

Log redaction
Log redaction (outside of the limited scope of RD#2 for the creation, move, and delete logs) is intended solely for grossly improper content, and is not permitted for ordinary matters; the community needs to be able to review users' block logs and other logs whether or not proper. Use of the RevisionDelete tool to redact block logs (whether the block log entry is justified or not) or to hide unfavorable actions, posts or criticisms, in a manner not covered by these criteria or without the required consensus or ArbCom agreement,  will usually be treated as abuse of the tool .

Hiding oversightable material prior to Oversight
Personal information includes almost any material that is (or looks like it might be) actual claims, facts, hints, or allusions to non-public, personal, or private information (see WP:Oversight and WP:OUTING).

It does not matter whether the privacy-breaching material was posted by the user themselves or by a third party, whether in good or bad faith, recently or in the past, whether accurate, whether the target is identifiable to the administrator, nor whether it is a statement, pointed speculation, or implied.

RevisionDelete can be used to hide any privacy-breaching or defamatory posts while waiting for Oversight. Since Oversight is not immediate, an administrator may provisionally delete the information from public view to minimize harm, then promptly contact an oversighter.

Even if the material is ultimately found not to be suppressible, administrators are allowed to err on the side of caution, even in cases with an apparent conflict of interest, provided it is in good faith and they quickly seek oversighter review. If the oversighter decides suppression was not appropriate, the material will be restored or RevisionDeleted instead.

Administrators should be aware that delete logs are public and scrutinized. Deletion may lead to extra attention at times. Only administrators can see the material when it is RevisionDeleted (and before oversight), but even so it may sometimes be more discreet to contact oversighters directly, and not use RevDelete first. A lot depends on the material itself.

When hiding personally identifiable information related to an individual who can be contacted by email, it may be considered good manners to notify them that the information was deleted and hidden from public view. Providing such notice is at the administrator's discretion.

Notes on use

 * It does not matter if the target is identifiable, just that it appears to have a target
 * It is not necessary that the target be identifiable. It is sufficient that it appears to refer to some real person, organization, or group, or could be intended to suggest a specific target to the right reader. For example, a smear could target a person known locally by a nickname or other allusion that no Wikipedia administrator has heard of, but that is recognizable to people in that school, town, or social community. It is therefore not necessary the target(s) be identifiable, to treat the situation as if a target exists.


 * Username hiding (copyright attribution issues)
 * Wikipedia's licenses require that accessible edits be linked to the user who performed them, so it is generally a problem to hide the username from a revision while leaving their edited changes to the page in public view.
 * Cases where it is acceptable are:
 * The revision contains no valid information copyrightable to the user who posted it (e.g. plagiarism, gibberish, vandalism, adding categories, no copyrightable change made to revision text, etc.); or
 * All copyrightable changes have been reverted and the text of all intervening revisions has been hidden; or
 * The user accidentally posted while being "logged out" and the aim is protection of privacy at the request of the user.


 * High-traffic pages
 * If redaction may be required on a busy page it can sometimes be worth an edit to take care of problematic text. If redaction is eventually required, fewer revisions will be affected.


 * Guidelines mentioning revision deletion
 * These are not additional criteria for revision deletion, but rather community-approved interpretations of the existing criteria:
 * Responding to threats of harm recommends revision deletion pending oversight for specific threats of suicide or self-harm.
 * allows revision deletion of userspace material to protect a user's privacy.

Large-scale use
RevisionDelete is mainly intended for simple use and fairly recent material. Text that exists in numerous revisions (e.g. on busy pages) or which has been the subject of many others' comments may not be practical to redact. Redaction of such material should take into account how practical and effective redaction will be, how disruptive it would be (e.g. to others' valid posts), and whether redaction will itself draw attention to the issue. No hard line exists; judgment is required.

Administrators in this situation may wish to initially edit the page to revert or remove the grossly improper material, and then consult.

How to request revision deletion
To request revision-deletion for copyright violations (RD1), use Template:Copyvio-revdel.

To avoid the Streisand effect, there is no dedicated on-wiki forum for requesting revision deletion under other circumstances. You can send a message to any administrator in Category:Wikipedia administrators willing to handle RevisionDelete requests either at their talk page or by email, especially if privacy is a concern.

You can also request revision deletion on IRC using. Only use this for requests that are urgent and should not be handled publicly (RD2, RD3, and RD4). In this channel, only administrators will be able to see your request.

Keep in mind that if the revision you're reporting could be subject to oversight, follow the procedures at WP:Requests for oversight or email .

Appeal and discussion of actions
To contest or reverse revision-deletions, discuss with the deleting admin. For image revisions deleted under F5, you may instead request undeletion at Requests for undeletion.

Actions performed using this tool remain visible in the public logs. They are subject to review by other administrators (who can see redacted material), and to reversal upon clear, wider consensus. Such a review should take place at the Administrators' noticeboard. As with other administrative tools, good judgment and appropriate use are expected; improper use can lead to sanctions or desysopping.

Technical details
On the English Wikipedia, the revision deletion feature is available in administrator mode to administrators and in administrator and suppression mode to Oversighters (all of whom are currently also administrators).

Functionality
Page histories and logs have a button for administrators and oversighters that allows multiple entries to be redacted by selecting them from the list with checkboxes. On page histories, the button is ; on logs it is.

When a revision or log entry is hidden from view in its entirety, it is displayed as shown to the right, with the elements hidden from view stricken and greyed out. The struck-out elements cannot be viewed by any usergroup which does not have the deleterevision right. A user who cannot access the relevant revisions and who tries to compare the revision with other revisions or access its &oldid= page will receive an error stating that the revision has been removed from the public archives. Similarly, looking up log entries or contributions by username will not show log entries where the username has been redacted.

The button can usually be clicked by an administrator to view selected redacted entries. It will appear in black if suppression has been applied, in which case both the redacted material and its deletion settings cannot be accessed by administrators or users who lack access to the oversight tool.

Revision deletion actions are retained even when the revision or page is deleted in the traditional manner. If a page is later undeleted, data that was deleted with RevisionDelete will still remain deleted.

When redacting the log entry of a page move, note that it will also have been recorded as an edit summary in that page's history; it will need to be redacted as well.

Limitations and issues

 * The revision text of the most recent edit on a page cannot be redacted. This is intentional. The content must be reverted first, to be redacted. Other fields (username and edit summary) can be redacted even on the most recent edit.
 * If the edit to be redacted was not reverted in the edit immediately following it, all edits between it and its revert will contain the content of the edit. In this case, all of the intermediate edits must be redacted to fully hide the edit's contents.

Revisions stored by third parties
While a RevisionDelete is generally effective at removing sensitive information from the public eye, it does not impact third parties. Third parties may:
 * Capture revisions from the recent changes stream before a RevisionDelete occurs
 * Detect RevisionDeletes, even those made in "suppression" mode, by comparing revisions logged from the recent changes stream against the standard database snapshot

Changing visibility settings
To hide or unhide a revision or a log entry, select the relevant revision[s] or log entry/entries that you wish to show or hide with the checkbox[es] to its/their left, and click or  as appropriate. Depending on your permissions, there may be either three or four options to choose from:


 * Delete revision text
 * Delete edit comment
 * Delete editor's username or IP
 * Suppress data from administrators as well as others. (only available to users with the suppressrevision right, namely oversighters)

In the visibility restrictions option area, tick the checkboxes next to each restriction you wish to apply to the selection, and provide a reason for the setting from the Reason dropdown menu. Optionally, enter further information into the text field. Once this information has been filled in, click to apply the change. If this has been done correctly, a success message should be displayed.

Unhiding a revision or log entry follows the same procedure. Untick the checkboxes that you wish to unset in the visibility restriction options section, and provide a reason for the change.

Hiding of a username or IP should only be used where that username or IP has a reason in and of itself to be hidden, such as accidentally editing logged out or an attack username. Hiding a username will remove the contribution completely from the user's contributions list (except from administrators, who will see a warning indicating it is invisible to users), rather than a crossed out entry for deleted edits without hidden username. This will cause issues with users trying to review actions taken on the user, as well as potential copyright violation risks.

RevisionDelete's own log entries
Use of RevisionDelete produces an entry in the public deletion log, or the private suppression log if used by an oversighter and "Suppress data from administrators as well as others" is checked. Log entries created in the public deletion log look like those displayed to the right, for page revision and log entries visibilities respectively. The options ( diff | change visibility ) provide an easy link to view or redact the underlying page revision to which the log entry refers.

Selective undeletion
The older method of selective undeletion (i.e. delete the entire page then selectively restore revisions) as a method of deleting revisions is deprecated in favor of this system. While selective undeletion does still have a few valid uses (such as complex history merges), it should not be used to remove revisions from the page history, due to its relative lack of transparency and poor efficiency.

Statistics

 * RevDel statistics
 * Examples of what should and should not be redacted
 * Academic paper on RevDel usage, statistics, and impact (presented at WikiSym'11)