Wikipedia talk:Abuse response/2009 Revamp

Email list
Do we want to try and get a more official email list from Wikipedia?[] It could either be public or private but I think it would be really helpful to have something more official that we could send emails from and have responses go to. It also gives a little transparency so that everyone sees what's going out and what's coming back. We could also try and have Godwin or someone else form the foundation on it as well. Possible thought AbuseReports-EN? Jamesofur (talk) 03:04, 29 August 2009 (UTC)
 * Great idea! Where exactly do we put in that request? Netalarm   talk  02:54, 30 August 2009 (UTC)
 * By the way, can you elaborate more on what you wanted to setup here? I'm not entirely sure what you mean; did you mean just setting up a simple mailing list for volunteers and editors?      bsmithme    03:41, 19 September 2009 (UTC)

Getting More Input
While we can and ought to continue reworking the project, I still think we should get more outside input and perhaps bring in some more folks willing to help. I already posted on the administrator notice board, any other thoughts on reaching out? bsmithme   07:07, 4 September 2009 (UTC)
 * I agree we definitely want to get as many people as possible. I started an IRC channel if we want to use that at all and get people talking (#wikipedia-en-AR) and I think we may want to reach out to checkusers/SPI since they are closely linked. Maybe a posting on the CounterVandalism project talk pages?
 * What do we do now? We can't really move forward until we get the template completed, then we'd copy the project over to Abuse Response and arcive the entire abuse reports project. Any thoughts on what we do now? Netalarm   talk  02:28, 7 September 2009 (UTC)
 * Well there are still things on the to do list that need to be done. I've been working on stuff little-by-little and it is coming along.  I did re-write the guide, can you look it over and post your feedback on its talk page? And make your edits too.        bsmithme    01:41, 8 September 2009 (UTC)

(outdent) I'd be willing to write a revamped guide for investigators/contactors (since it seemed that one of the issues with AR was the lack of workers). I'm not sure that the process is nailed down enough for this to proceed yet, though. I'll work on some of the template stuff that needs to be done, but my Wikicode is pretty weak, so I don't know how to work with switches and the like for templates. do let me know if I can be useful in some other way. Master Runner (Talk/Contribs) 05:47, 7 September 2009 (UTC)
 * I actually just re-wrote that recently, but feedback, additional discussion, refinement, and expansion is absolutely welcomed :-) If you are interested in helping in other ways, let us know for sure.         bsmithme    01:41, 8 September 2009 (UTC)

As for right now, seems like we probably ought to process a few more cases each to get a feel for how the current template is working and how we can improve it and possibly trim it down. And just a reminder that ALL of the case statuses and categories are/should be handled by the case status in the ARStatus template. bsmithme   01:41, 8 September 2009 (UTC)


 * I would certainly be willing to help. When you get the Foundation's backing for this. ISPs don't give a hoot about random volunteers complaining. At the very least, you need to talk to Cary, and get permission to say that you/we represent English Wikipedia and the Wikimedia Foundation in the contact with ISPs. Otherwise complaints will just get roundfiled. I am puzzled by your resistance to this. → ROUX   ₪  02:07, 8 September 2009 (UTC)
 * It is not resistance to the concept it is resistance to the insinuation that we are a waste of time without it which is something I personally disagree with. I do agree that making it more official has merit, and I am currently looking into setting up a queue at WP:OTRS which I think you may find satisfactory.      bsmithme    00:44, 9 September 2009 (UTC)
 * There's no insinuation; I am flat-out saying this is a waste of time without official sanction. You work at an ISP. Someone with zero official standing calls alleging that someone using your service has violated Wikipedia's TOS (and therefore the ISP's). You now have a couple of choices:
 * Take the time to listen, learn Wikipedia-speak, and go through probably dozens (if not more!) diffs,
 * Listen, make appropriate noises, terminate the call, do nothing.
 * Having worked in customer service, and with friends scattered throughout the telecom industry, I can guarantee that 99 times out of 100, the response will be #2. However, if the communication is coming from someone authorised to speak on behalf of the Wikimedia Foundation, or (better) directly from WMF's legal counsel, it will be noticed. → ROUX   ₪  03:55, 14 September 2009 (UTC)

Bot Request
I've withdrawn my recent bot request. We need to hammer down what is going to be handled by investigators versus a bot. Although I've come to a precursory conclusion that a bot may not even be necessary anymore. The reason is that all of the tasks that the bot was handling before I've eliminated. For one, I don't think we really need a list of cases on the main page as this can simply be done by accessing the category for open cases. For another, archiving a case should be fairly perfunctory at this point as well. It will only entail changing the case status to "Closed" and placingthe ARA_top template at the very top and ARA_bottom template at the very bottom of the template. bsmithme   01:47, 8 September 2009 (UTC)

Revamp Changes
This is more to bsmithme than anyone else:

You said that we still need a system to verify that investigators meet criteria. Maybe we could use the kind of clerking idea I mentioned above. If we used JamesR's bot to archive, and made it check to see if a clerk was closing it, that's a way to handle one function of the investigator's role. I'm also not sure if it's possible, but could we maybe get an edit filter created? It checks all edits to the Wikipedia:Abuse response/* namespace, and checks to see if an editor not on a pre-approved list is editing a report, and warns them. Not disallow, as I feel just the warning would be enough. MacMedtalk stalk 20:41, 18 September 2009 (UTC)
 * Our original thought was that we just wanted a very informal set of things that we'd like volunteers to understand before diving in. I don't even remember if we wrote them down.  One example was you should know what an IP Range is, which is a fairly basic requirement.  Basically we could put the standards on the volunteer page and ask that the user understand the principals before adding their name to the volunteer list.  Netalarm was working on this more, but that was before he went back into retirement.  As far as clerking, I'm just weary that that may just complicate things more than it would simplify.  Right now it's completely up to the investigator to process the case from open to close, that is unless he or she hands it off to another person, or abandons it.  This works as long as we have people monitoring all the cases.  One of the fundamental principles we've had in mind for the revamp is to keep things as simple as possible.        bsmithme    20:58, 18 September 2009 (UTC)
 * Eh retirement... making me feel old xP. School's taking up most of my time now, but I'll now try to get on AR on Fridays and probably Saturdays. Regarding the requirements for volunteers, there would be no way for us to enforce it, because the cases are all listed for public viewing. Anyone could potentially pick up a report and contact the responsible organization on our behalf without the project's consent. I support enacting a filtering system for all volunteers so we can ensure vandals are not part of the project (yes, this has happened about 8 times in the past). Here's my view on the basic requirements:


 * Understanding of the IP protocol and IP ranges, blocks.
 * Have the ability to conduct and understand WHOIS results.
 * Understanding of DNS servers. (Maybe not needed)
 * Have the ability to trace IP numbers. (Maybe not needed)
 * Have a history of keeping calm, being understanding, being polite, and exhibit good character in general.
 * Not have been blocked for the past 6 months.
 * No serious offense history.

Netalarm  talk  02:38, 4 October 2009 (UTC)
 * I'm actually striking the "within six months". I think any block should be a disqualifying factor. We are representing the Wikipedia community and as such, the utmost professionalism must be demonstrated. Any sort of block in my mind disqualifies you as the best candidate for representing the community.     bsmithme    00:12, 13 December 2009 (UTC)

Conference
I think it's time we have a complete team conference again, as we're not clear on where abuse response is headed. Having this conference would help us set a clear direction with concepts on how to reach that. We could either IRC, Skype, or any utilize any other IM protocol. Comments? Netalarm  talk  22:12, 16 November 2009 (UTC)
 * I concur, although my hours of availability are a little funny. I can do after 11PM T-S or sometime in the evening Sunday or Monday.       bsmithme    00:42, 17 November 2009 (UTC)
 * Update. As for me, my boss made me take some vacation time this week so my availability is a bit expanded now :)     bsmithme    23:58, 17 November 2009 (UTC)

RfC
I am beginning to think that we need to file an RfC to get input from the community as a whole, on whether to continue this project at all. Based on the limited response we are getting from the community, it seems et sequitur to ask the community whether they believe the project should continue. Thoughts on this? bsmithme   00:13, 18 November 2009 (UTC)
 * Ya, more input would be nice. But since this project has lasted so long, I think the continuation shouldn't be a huge problem. Is there anything in particular we would need input on? Netalarm   talk  02:07, 18 November 2009 (UTC)
 * That may be so, but you have to admit that just because it lingers, it doesn't mean that it is being effective. We are finishing on average, what, two cases per month?  The fact is we need more people interested enough to contribute, and if there aren't enough people who are that interested, then I think it's a valid question to ask if we should still be expending effort on it at all.        bsmithme    22:37, 19 November 2009 (UTC)

Deletion of old reports
The old reports under Wikipedia:Abuse reports/ are clogging up our categories. Click on rejected reports and a ton of old reports show up, making it difficult to find new ones. Since the old reports are useless, I'm proposing that we delete them all to make clear up the project. While I believe the rejected reports may be deleted without controversy, I think there needs to be discussion on the reports that have content. Archiving them under abuse response/PastArchive would help, but if the caretory is still there, they're going to clog up the system. Delete them as well? Netalarm  talk  04:24, 21 November 2009 (UTC)
 * Well, you all know I've stated many times before that I'm absolutely okay with deleting old reports, everything up to our revamp even. Things have changed so much since this project first started that the old reports in many ways don't even resemble anything useful.       bsmithme    20:13, 21 November 2009 (UTC)
 * Let's try to reach a consensus on this issue so we can move forward and do what's necessary to revamp this project. I support the deletion of all old reports, regardless of whether it has been rejected or was processed and completed. Old cases do not contain much useful information to the new abuse response project. Netalarm   talk  23:29, 24 November 2009 (UTC)
 * I do not support the deletion of old archives, but I think they should be separated from the new project, fully protected, and kept under some kind of historical archive for WP:Abuse reports. I think we should keep a historical archive page of the old Abuse reports like we have for WP:AOL, but we should have a note there stating that it was replaced with WP:Abuse response. That's my opinion anyway. PCHS-NJROTC  (Messages) 02:25, 4 December 2009 (UTC)
 * Comment If we do keep the old reports, the categories would have to be removed to prevent them from showing up and clogging the new project. Netalarm   talk  02:31, 4 December 2009 (UTC)
 * I would say the best thing may be to put a new cat on them (stale or old would be my guess) We could also list them all on a page and get someone to cascading protect the page. Jamesofur (talk) 07:03, 4 December 2009 (UTC)
 * PCHS, you don't support deleting the old reports, but do you have a compelling reason to keep them?      bsmithme    19:18, 5 December 2009 (UTC)
 * It's not policy; we archive stuff like this, not delete it. Why not delete WP:AOL? PCHS-NJROTC  (Messages) 21:08, 8 December 2009 (UTC)

I've replied in the next section. But basically, we let consensus decide what to do with stuff. Netalarm  talk  22:09, 8 December 2009 (UTC)

To get the project back on track
It's taken Abuse Response way too long to reorganize this. Here's my straightforward guide on what needs to be done to at least be back on track. Please comment/modify.
 * Delete all old reports under Wikipedia:Abuse reports
 * Figure out the email list. Are we getting one or not?
 * Template unification

This is seriously taking too long. No reports (or few) have been processed because of this revamping. Is it possible for us to get on Skype/AIM to discuss the changes? Netalarm  talk  02:15, 4 December 2009 (UTC)
 * I think the project's been gradually losing steam anyway. What's more, I think some of the volunteers have simply given up rather than try to keep up with the changes. I've processed some complaints since the revamp, and I'm likeing what I see, but it does take some getting used to. I've also independently sent in reports without taking it through WP:ABUSE. I don't think we should delete old reports, but we should close them all and mark them as closed with a "do not modify." PCHS-NJROTC  (Messages) 02:21, 4 December 2009 (UTC)
 * A lot of the problem is we are getting no help from anyone who can actually get a lot done to help us (such as an admin, bureaucrat, OTRS-person, etc) and that's either because they don't see the value in the project or they just don't have time, essentially being the same thing. Frankly, I for one am tiring of the 'non-bureaucracy' bureaucracy of Wikipedia where it has all the hallmarks of one but pretends not to be and does things that makes things far more difficult in the same way that a bureaucracy actually does.  This project is a perfect example of a victim of this. Wikipedia may be better for if it would just admit its a bureaucracy and start taking steps to fix things along those lines, then keep denying what is already true.


 * At this point there is nothing stopping cases from being processed, as it is at a point where it goes fairly smoothly from open to close. The revamp is not stopping that.  The only major question that remains now is whether we will use OTRS or relation function and I have gotten ZERO response from anyone on that, including Jimmy Wales himself, despite him trying to help.       bsmithme    07:52, 4 December 2009 (UTC)
 * I personally don't think we should be working on this project at all if we aren't receiving even a response from anyone. Netalarm   talk  04:07, 5 December 2009 (UTC)
 * When you say response do you mean from RO's or Wikipedians?      bsmithme    19:16, 5 December 2009 (UTC)
 * Wikipedia. Responsible organizations so far have been responsible and most of them have responded. Netalarm   talk  01:56, 6 December 2009 (UTC)
 * We wont get an OTRS project, this much is certain. First and for-most OTRS is for offical communications, something the Abuse Response is not. To make it more offical it would become much more rigid (for instance highly trusted admins and checkusers only) which would preclude most the existing volunteers. However, nothing is stopping us going in an ACC like direction with a mailing list and interface.  « l | Promethean ™ | l »   (talk) 02:48, 8 December 2009 (UTC)

I thought we were going for a mailing list, then it become synonymous with OTRS. I'm not too sure about the two of them and how they differ, but our main goal is to set up an @wikipedia.org or an email of that sort to receive (send if possible) emails on behalf of the team. This would allow us to check each other's work and prevent abuse by the team. Netalarm  talk  05:46, 8 December 2009 (UTC)
 * We can possibly get a mailing list, however this will only work for inbound communication. Again, sending as a wikipedia.org address would be beyond our mandate so to speak. The foundation will be very cautious in granting anything that would make Abuse response seem in any way offical.  « l | Promethean ™ | l »   (talk) 13:00, 8 December 2009 (UTC)
 * We are getting responses, we're just not getting what people here want to see. Without OTRS or anything of the like, I know I've had Embarq, JANET (UK edu backbone), and AT&T (ATT through the Better Business Bureau) take effective actions against abusers. Comcast, Road Runner (ISP), British Telecom, Verizon, Cox, and several schools appear to also take Wikipedia abuse seriously. I've actually submitted several reports on my own without even posting them on WP:ABUSE (mostly petty vandalism). Sometimes the more responsive ISPs have less vandalism issues than non-responsive ISPs probably because people who know what they're doing are going to report abusers whether they meet WP:ABUSE guidelines or not, and they'll take action whether the person simply inserts a heart in one article or the person has been violating every single policy on WP on several pages with several socks for over a year. People who expect zero vandalism after an AR on a shared IP will be disappointed unless the org blocks the site, which shouldn't be the goal of this project; I think we should ask orgs NOT to block the site as we can just block their IPs indef if they'd rather not be bothered handleing the abuse issues. Some orgs I've encountered would like to see something official, but they're going to expect a network administrator, and not a just an WP:ADMIN. Bottom line is we need people that know what they're doing, and simply saying "hey, stop the vandalism from x.x.x.x, they've been blocked six times" isn't going to cut it; they want logs, real logs, logs with date/time, source IP, dst IP, brief explaination of what happened in that particular instance. If we're to get technical with this, we ought to have an automated system that makes it easier, for example, an "abuse reponse" tab appearing on the contribs for an IP (or maybe even for accounts) will enable a tool that allows a volunteer to pick the malicious edits out of the log (it would show exactly what was added or removed for each edit next to the log entry, allowing blatant vandalism to be identified without reporting innocent users), leave a comment for each edit (templates should be available), enter an abuse contact or "auto detect" using tools offered by the Network Abuse Clearinghouse, and send a brief explaination of what the report is about (no more than four sentences) along with abuse desk friendly logs like this like this: 2009-09-16T18:52:10GMT -04:00 src=x.x.x.x dst=208.80.152.2 url=http://en.wikipedia.org/w/index.php?title=Main_Page&diff=314438361&oldid=305264274 abuse-comment=randomly added "my name is Cheer Leader and i love you!!! <3" to the Main Page article against policy after being warned 1 time on his/her talk page. Subject was "ILoveYou" (subject would be the edit summary).  This should be a tool similar to the block function that admins have. There should be templates similar to the ones for blocking. This kind of automated tool would likely be much more user friendly than OTRS which would require every volunteer to provide real life ID, be 18, etc. Replies would be directed to OTRS so that ISPs can get an "official" response from a Wikimedia employee if they desire. The only problem is that such system can't make phone calls, send faxes (unless we use TPC.int), or send letters. Heck, with a system like this in place, we could incorporate abuse reporting into normal procedure for admins, and abuse reponse could be for cases where phone calls needed to be made. As far as I'm concerned, anyone worthy of being blocked once is worthy of being reported for abuse at the same time. Comments?  PCHS-NJROTC  (Messages) 21:05, 8 December 2009 (UTC)
 * What do we want to see? I remember reading that abuse response was necessary only when indef blocking the IP user was unrealistic. I believe the goal of AR is to receive a reply from the ISP that states that they have taken care of the issue. Our only task is to create and send the abuse report, not act on them. I was working on a JS for this, and I think we can work on it together. However, there is no way for us to make the script unless we know the basics of what we're doing, so let's go back to the fundamentals.
 * In that case, the goal of WP:ABUSE isn't even to receive a response, it is simply to send a report. Indef blocking is always an option IMHO so long as a contact is given for an ISP or other network for when they start getting complaints about not being able to edit because of a few pinheads. The "fundamentals" make the project empty and pointless if it means our only goal is to send reports; I believe that what is meant is that we are not here to force ISPs to do something. However, large range blocks would basically be "forcing ISPs to take action" if they're needed on major ISPs. PCHS-NJROTC  (Messages) 22:56, 8 December 2009 (UTC)


 * From what I know, a mailing list offers 2 benefits. It allows us to have an @wikipedia.org email so we don't get ignored. It also lets us check the emails send by other members of the team. Now let's say we don't need it, fine. We could include instructions to directly reply, or to email OTRS if they want to speak to "official" contacts (OTRS is also volunteer run). To check on each other, we could use Google Groups to send the email somehow.
 * For the sake of professionalism, I believe it would be neat to have an @wikipedia.org email address, but I don't think we're being ignored just because of our email domain. I have sent thousands of spam and TCP port scan reports to ISPs about issues on my own network and very rarely do I get a human reply, but I know they do take action because I used to send reports about phishing websites I'd see on anti-phishing website http://www.millersmiles.co.uk, and websites would disappear even when I didn't get "human replies." Also, ISPs will never reveal exactly what they have done without a court order unless they're in a country with less privacy laws than the norm. They wouldn't reveal such information if Jimbo Wales was the one emailing them. PCHS-NJROTC  (Messages) 22:56, 8 December 2009 (UTC)


 * About the deletion of old reports, I see no compelling reason to keep them. However, if they are not deleted, we would have to remove the category from them and replace it with a "archive" category from preventing them from showing up in the category trees on the front page. WP:AOL was kept because of consensus, and the same will be done here. We'll let consensus decide what is to be done with the old reports. Netalarm   talk  22:08, 8 December 2009 (UTC)
 * If reports are deleted, I support keeping archives of some where action was taken, such as the ones related to User:Mmbabies, User:LBHS Cheerleader, and Collier County Public Schools. PCHS-NJROTC  (Messages) 22:56, 8 December 2009 (UTC)

As I previously said, I seriously think an admin tool for reporting abuse on sight to take some of the stress off of the project. Every labeled shared or dynamic IP references to this project, yet out of the thousands only a few are reported as far as we know. The automated tool would use an @wikipedia.org email address and would make abuse reporting simple. Unlike at Abuse Response, blocking admins would only have to research a few recent incidents, and the tool would automatically generate any information an ISP would typically need. The system should also put a template on the IP talk page. We seriously need to stop showing mercey to vandals; sure, vandals are (usually) human beings, and there is real life punishment for the vandals that could affect them in serious ways, but so are cyber criminals, and I don't see very many people taking pitty on Mr. 419 Nigeria trying to steal money from unsuspecting individuals. If they vandalize Wikipedia enough to get blocked, they need to be reported for abuse; maybe if we started cracking down, and it became publically known, we wouldn't have so many long term abusers. The problem is we have way too many abusers and far too few Abuse Response volunteers. PCHS-NJROTC (Messages) 23:12, 8 December 2009 (UTC)


 * Ok, lets be realistic here because it seems like some of us have grand ideas that are never going to happen.
 * The foundation will never give an @wikipedia.org outbound address to anyone that is dipping in legal issues, which is what were doing. And your idea that all RO's will be able to read the same format, which is false.
 * No one will do an admin tool because it would cause way too many duplicate reports (from admins and users alike) hence the idea of this central forum. I also question the idea of making such a tool an admins thing.
 * We can make logs that include all of the information that ROs generally will ever ask for, and most should be able to read. If we make them more like firwall logs, there will be no question as to whether the majority will be able to read them. An admin tool won't be developed and approved over night, but neither did the abuse filter. This project is doomed to be too overwhelmed to be successful if we continue as we are doing. Abuse reporting through an admin tool should take place as the abuse is happening, and a template should be added to the talkpage stating that the abuse has been brought to the attention of the RO when the tool is used to prevent carbon copy reporting. Besides, as it stands people still report abuse independantly without going through Abuse Response or even documenting the report on WP, and there's not a thing we can do about it, at least with this kind of tool we would know when it happens. PCHS-NJROTC  (Messages) 01:24, 9 December 2009 (UTC)
 * I agree there needs to be more organisation and automation, but you wont get this by becoming excessivly offical. What if we took this in an ACC style direction, where we have a mailing list and an interface. We could use a bot to check all recent IP blocks to see if theres a history of blocks and automatically make an entry into the interface to be reviewed. Such a system would achieve much of what we desire, including a greater automation, review and control over the reports. Replies to the reports from the interface could be sent to the mailing list.  « l | Promethean ™ | l »   (talk) 01:07, 9 December 2009 (UTC)
 * I'm not suggesting that we become excessively official, I'm expressing my opinion that there are a lot of incidents that ought to have been reported and are not. Abuse Response is mentioned on the shared, dynamic, and WHOIS templates like we regularly contact ROs through this project, but in reality this project don't even have the capacity to handle all of the eligible cases. This would hopefully take some of the stress off of the project. PCHS-NJROTC  (Messages) 01:24, 9 December 2009 (UTC)

Mailing list/OTRS
Let's deal with this one by one. The mailing list. Do we want one? bsmithme says we already have an OTRS queue setup, but we don't have access to it. That might be the official one, not the project one. Please voice your views on this. Should we attempt to get a mailing list, or just use our own emails? Netalarm  talk  05:40, 10 December 2009 (UTC)
 * This is above in the first topic marked unresolved. I'm still not sure what we need a mailing list for or what it would be used for.  Can someone clarify their thoughts on this?       bsmithme    07:57, 23 December 2009 (UTC)

Stale vandalism
We need a definitive policy for stale reports. Realistically, nothing's being done about a report sent to an ISP or organization if the most recent incident of abuse occured more than a week ago. PCHS-NJROTC (Messages) 02:36, 4 December 2009 (UTC)
 * This is being addressed in the new guideline proposal. Please share your feedback on the proposal on its talk page! Thanks!       bsmithme    07:56, 23 December 2009 (UTC)

For the record: OTRS
I initially contacted Cary Bass (Volunteer Coordinator for WMF and chief at OTRS) who told me that an OTRS queue had already been setup for AR but that it never was followed-through. I've sent a total of three emails to Cary but only ever received one response and never any actual assistance. That was over three months ago. Further, I have also sent two emails to Mr. Wales to which I received one response saying he would look into it. This was over a month ago and I have not heard anything back. At this point, I seriously question if this project has the blessing of the community anymore based on the cold response. bsmithme   02:19, 9 December 2009 (UTC)
 * And I'm seriously considering leaving this project if this is the case. We're trying to help and we're not receiving responses. It's not even that we're asking for something and not receiving it, it's that we're not even receiving a response. It could be a simple rejection of our plans - fine, move on. But no, we don't have any real responses. Netalarm   talk  05:42, 10 December 2009 (UTC)
 * By the way, I added an OTRS administrator onto my Skype a while ago. He said he would look into the queue if needed, but suggested that we run this by Cary one more time. Netalarm   talk  05:43, 10 December 2009 (UTC)
 * Ok, a few things, firstly the lack of response is in no way a lack of blessing. Something you will come to understand is that most people don't care how something works, as long as it works. In this case I would assume that Mr Wales is not familar with this project and has more important matters to attend to, I would argue that emailing him was foolish (going straight to the top isnt always advisable). Secondly, OTRS users require identification (and proof of age). Please take this into careful consideration.  « l | Promethean ™ | l »   (talk) 09:08, 10 December 2009 (UTC)
 * You just made three different arguments which all contrdict each other. I don't think you are grokking what we are saying.  If this function of WP were important To said people, it would garner their attention. It has not.  Also, those are not the only contacts we've attempted. Please don't make such odious assumptions.       bsmithme    10:23, 10 December 2009 (UTC)
 * @Promethean. A lack of response is a lack of blessing. I'm not sure what else you were trying to convey in that statement, but they do contradict each other. Instead of calling actions of people that are working to improve the project foolish, I'd advise you to help out with the team and not sit on the sidelines and critique everything without providing a viable alternative. Netalarm   talk  02:52, 11 December 2009 (UTC)
 * Well, I'm kind of glad it's taking some time to get something settled out on the OTRS end, hopefully it will take at least a month so I'll be 18 when it's up and running. In the mean time, lets see what happens with this here vandal without even running it through Abuse Response. Bet you she's about to lose her internet service despite not being blocked five times. Am I mean? PCHS-NJROTC  (Messages) 03:36, 11 December 2009 (UTC)
 * Oh yeah, and before the "don't be mean to the newbies" police comes after me, this one's a "cheerleader vandal," which means she's either someone following a particular chain letter that distributes on Myspace, Facebook, and other social networking sites telling all cheerleaders to vandalize the site because "Wikipedia hates you (cheerleaders)," or she's just naturally a pinheaded ignoramus. Out of respect, I prefer to assume the first over the latter. Yes, yes, always WP:Assume good faith, but it's abuse one way or the other, very annoying abuse if I say so myself. PCHS-NJROTC  (Messages) 03:43, 11 December 2009 (UTC)
 * What makes you think vandals will lose their Internet access? Their ISP will most likely ignore the report, or if they do act on it, just issue the customer a warning. I don't believe there's anything illegal with vandalizing Wikipedia, aside from ToS violations. ISPs don't care about their customers that take part in stupid vandalism on a site that allows anyone to edit. If anything, this is Wikipedia's fault for taking using soft security. ISPs have a lot more serious abuse cases to deal with, and vandalizing Wikipedia once, or even 5 times, isn't that important to ISPs. This isn't to say WP:ABUSE shouldn' exist, but that we should not expect ISPs to revoke the Internet access of their customers. We're most likely to only get a response from ISPs if we involve the FBI in criminal cases (threats, illegal content, etc.) Schools, on the other hand, will respond. If they don't, we can continue to email them until they do. Netalarm   talk  15:05, 11 December 2009 (UTC)
 * Yes they do actually cut service. They might issue a warning first however. It is completely incorrect to assume that schools are the only one that care about vandalism; schools are usually the first one to "issue warnings;" nobody's getting expelled from school for wiki vandalism unless it's a private school. Suspensions or revoke of computer usage may happen, but ISPs are far more likely to cut service than schools. Of course, this is assuming that the users at the school are students and not faculty, Employers, on the other hand, would likely fire employees if they get abuse reports. Most ISPs are corporations, and many of the abuse staff will go for the throat just because they can. ISPs that warn their customers will likely suspend after one or two ignored warnings (probably for about a year) and will terminate after two or three suspensions. I also want to puke whenever someone cites the fact that "Wikipedia vandalism isn't illegal" as it is indeed illegal; it is seen as harassment by many ISPs I've dealt with, and most will drop them like a hot potato, or threaten promise to if they do it again. At any rate, I doubt that girl's parents will be very happy no matter what action the ISP takes so long as they don't ignore the report (and I'd be tempted to post about their "lack of reaction" all over the internet if I determined they did absolutely nothing). It seems no one on this site has ever worked in or known anybody working in the abuse NOC for a whitehat ISP. PCHS-NJROTC  (Messages) 02:35, 12 December 2009 (UTC)
 * Sigh, I don't think my previous comment contradicts itself at all for it's clearly a series of statements, one elaborating on the other. To summerise it in leimen's terms: People are happy for AR to exist, but may not want to get involved themselves, on any level, because they have better things to do. Its kind of like the tap in your home, you dont really care or think about how the water gets to it, as long as it does, but that does not mean that you dont care wether or not you have water. This is the reason we are making so little progress when we rely on people not directly involved in AR (such as Jimbo or Cary). Sorry if I'm bursting your bubbles Netalarm (et al.) but to say that I'm critiquing and I have not provided a viable alternative shows a supreme lack of listening on your part. It's an unthankable job but I am merely playing devil's advocate, because if you email Jimbo Wales about a specific project that he has no involvement in and expect a meaningful response and/or action then you are sadly mistaken, keeping what I have said above in mind. I have made my alternative clear in above posts amd if you were to read them you would see that I constantly refer to ACC, one of the larger toolserver projects of which I'm a developer of. ACC is a stunning example of something that could have been integrated into wikipedia as an extension or integrated into OTRS but for various reasons (some of which apply to us) wasn't. Rathor, a seperate (purpose built) interface was made and hosted on the toolserver. I have proposed and propose again that we go in an ACC style direction - No OTRS, A mailing list and a purpose built interface - of which I would be more than happy to help with, given my experiance in such areas. Thoughts?  « l | Promethean ™ | l »   (talk) 04:17, 12 December 2009 (UTC)

First of all, please do not mistake facts for opinions. Certainly, whether in the past you have confirmed that an ISP may have terminated a customer’s account in connection to a report you made is relevant, it is still anecdotal and does not itself prove anything. This is not a court of law, we are not here to make conclusions of fact or law. This is especially the case when assertions are made without any factual reference or evidence is included (i.e., “ISPs terminate for vandalism”).

Second, we have already had the discussion of whether Abuse Response was relevant in the way of whether responsible organizations take action or not. That issue was raised by Roux in the past, on this page, and it was generally conceded that past experience has shown that it is helpful and responses and actions taken by ROs made AR relevant in that respect. The question now is not about ROs, but rather whether the Wikipedia community itself values this project enough to warrant spending further time and resources on it. Personally, I seriously question this, and frankly I don’t desire spending my valuable time on something which is perfunctory, not appreciated, and neither noticed or desired by the Wikipedia community. Perhaps, moreover, is the fact that I do not wish to work on a project that will in fact not garner the resources it SHOULD be granted (i.e., OTRS) for a project which I feel does warrant them.

Third, vandalizing Wikipedia IS NOT illegal (at least in the United States) because it does not violate any statute or administrative law which prohibits it. And, even if it were, certainly we are not a law enforcement agency, nor are we working with any law enforcement agencies, nor would we or the Wikipedia Foundation have any legal authority to take any action against an alleged violator or their ISP. Likewise, nor can an ISP terminate a contract with a customer without due process. To be quite honest, I am frankly disturbed by such a basic misunderstanding of the law and the role of what Abuse Response is or ought to be.

Fourth, as I have stated numerous times before on this page, the role of Abuse Response is only to REPORT abuse to ISPs in the hopes that they launch their own investigation. Surely one of our reports alone is not enough for an ISP to take action against their customer, nor should it be. And, even if it were enough for an ISP to investigate, surely it is not enough to terminate a customer’s account. Whether or not they terminate a customer’s account really is inconsequential because that is not the goal of AR.

Fifth, there are different levels of relevance, with regard to AR’s potential impact on abuse. It has the potential in these respects:
 * Deterrent effect. Potential abusers decide not to abuse for fear of being reported and possibly suffer consequences with their RO.
 * Prescriptive effect. Abusers stop abusing due to a report being made and or a warning from their RO.
 * Remedial effect. Abusers are stopped due to having their access otherwise terminated due to a report being made.

Finally, to reiterate, it is my opinion that AR is and ought to be an important part of Wikipedia's overall anti-abuse strategy. It deserves the full weight and resources granted to other projects with that aim. I believe it warrants the attention of Mr. Cary and Mr. Wales. However, if that opinion is not shared by those who can have an affect on AR's status and future, as has seemed to have been demonstrated, then the reality is that this project probably should be terminated. bsmithme   22:59, 12 December 2009 (UTC)
 * Bsmithme is seconded here; it doesn't really matter HOW they respond, but rather that they do indeed respond usually, and hopefully in some way that is effective. My point is that we're not just wasting our time; decent ROs don't simply ignore our reports. A lot of ROs issue warnings, suspensions, terminations, financial penalties, take other various actions. Most ISPs say they took "appropriate action." If the actions are indeed "appropriate," then the report was not a waste. Schools are not the only responsive ROs either. Our goal is indeed to bring incidents to the attention of ROs, not dictate how they will respond. Notice my proposed template asks that ISPs "enforce their AUP," not "terminate the ignoramus that's vandalizing." Also, there's a fine line between violations of law and violations of AUP; we don't care about whether vandalism is "illegal," we're not persuing legal action here (that's the foundation's job if appropriate), and ISPs don't only take action when there's a violation of law. The goal of WP:ABUSE should be preventative, not punative. PCHS-NJROTC  (Messages) 02:02, 18 December 2009 (UTC)

Arbitrary Break
I have archived the above discussion, it was merely becoming off topic and we were making no progress at all towards our goal of revamping and taking AR to a new level. Firstly, I wish to propose that OTRS be disregarded from the revamp, it is an inbound system and will be of no use to us. Further more, the requirements to get an OTRS account are excessive and will shrink our already dwindling userbase. A mailing list would be far more suited, as was the case with ACC. So, can we all agree that OTRS is a dead stick? That disregarding will mean we have to deal with 1 less person (Cary)? And that it will allow us to refocus on other avenues such as a mailing list / interface?  « l | Promethean ™ | l »   (talk) 02:46, 13 December 2009 (UTC)
 * I have unarchived, and unless everyone else agrees please leave it as such. While it may have become a little tense I think that sometimes that is as healthy as can be, people need to be honest with how they think a project should be going or you will lose them all together, which we do not want. I personally still think OTRS should be something that is looked at, while yes it appears that it is used only for incoming tickets with the current WMF system others who have used it for both work and play state that it can be used for outgoing and agent created tickets as well. Also, I believe you misunderstand a bit of what OTRS is used for. All OTRS emails actually have a very clear disclaimer saying that they do not operate under any official sanction from the WMF. I am attempting to get the actual disclaimer... I'll post it when I do. They also generally accept 16+ as far as I know and so users under 18 are not necessarily out of the question. There is of course a little bit of a "procedure" to get access but thats different for each queue and again not out of the question.
 * That of course does not mean it is the only system available and it does not mean that in the end it will be the best system, it is a system. The ACC type system sounds like a good idea to look at, perhaps you would like to post a bit more detailed explanation of what you are thinking about (similar to what you told me on IRC?). As always it is good to talk about lots of options focusing on one is unproductive, but simply pushing one aside is also not productive and again can hurt the project much more then trying to ignore it.  James  ( T | C )  10:18, 13 December 2009 (UTC)
 * "OTRS is an Open source Ticket Request System (also well known as trouble ticket system) with many features to manage customer telephone calls and e-mails. The system is built to allow your support, sales, pre-sales, billing, internal IT, helpdesk, etc. department to react quickly to inbound inquiries. Do you receive many e-mails and want to answer them with a team of agents? You're going to love the OTRS!" - OTRS is made to be inbound, thier website clearly says so and any attempt to make it outbound will only make a clusterfuck and add yet another level of "procedure" (bull shit) people will have to deal with. I cannot express my oposition to enough. Im talking to a few developers atm to see if they will assit me in making an AR interface, I'll get back to you when I get answers.  « l | Promethean ™ | l »   (talk) 10:29, 13 December 2009 (UTC)
 * OTRS does support outbound mails as well. It's geared for and aimed ay volume inbound requests, but outbound mails are entirely possible. Stifle (talk) 12:47, 21 April 2010 (UTC)

Interface development
At this point, I believe a number of us have voiced their support for a new interface on the toolserver that would integrate every component of abuse response. This would allow us to have a centralized location to receive, process, and send abuse reports. We're going to go ahead and develop this and see how it works out. I personally believe this would make the whole project easier. For those of you that were not present, this issue was discussed on Skype, and the general idea was to give this a try. In the mean time, I'd suggest keeping this project active here. Finally, if the interface doesn't work out, we could revert back to this. Could everyone voice their comments on this issue? Netalarm   talk  03:08, 17 December 2009 (UTC)
 * Well it sounds nice, but there aren't really any specifics to be discussed... =)      bsmithme    03:35, 17 December 2009 (UTC)
 * There are some things we would want in there, but ya... no specifics about it yet. Netalarm   talk  03:48, 17 December 2009 (UTC)
 * At present, the interface is currently in planning stages. It will be developed on a non-toolserver enviroment and transfered once its reached RC stage. This will give the added advantage of not having to wait for 3 developers to get toolserver accounts (which can take weeks) before we start developing. Functionaility has been dicussed on Skype and IRC in brief, and specifics will come out in due time.  « l | Promethean ™ | l »   (talk) 07:26, 18 December 2009 (UTC)

I guess we can certainly discuss in general terms some of thing things we'd like to see... Any other ideas? Discussion? bsmithme   22:03, 18 December 2009 (UTC)
 * One of the things that I've wished I could do was use Semantic Forms to have a form interface for the templates that we use. This would drastically streamline and simplify much of the minutia required in case processing. I think that kind of interface if possible on the Toolserver, should be the general goal.  I use Semantic Forms for our corporate wiki and it works beautifully.
 * Automated process which retrieves the WHOIS information and automatically transcludes that into the report.
 * Automated process to count the number of blocks on an account/IP and a summary of all blocks.
 * Automate posting talk back to filers for reporting, opening, rejecting, closing, etc.
 * Automate adding ARTemplate to IP that is subject to investigation.
 * Case status... categorization... etc.
 * Creation of contact records (to document communication sent and replies received).
 * Automated rejection of cases that don't meet criteria?
 * Automated archival? (at least an easy way to add the archive template)
 * A good way of having the system automatically open a new case with the case name appended with ("2nd case", etc) when there is a new report with the same IP but the existing case is closed (otherwise reject).
 * I am in the process of setting up the development enviroment. Including the SVN repo, MySQL server and a full suite of Atlassian applications. There a currently 3 confirmed developers (Chris_G, LP and myself) and I welcome expressions of interest from anyone else who thinks they can help on the coding side - however PHP, MySQL and SVN experiance is required.   « l | Promethean ™ | l »   (talk) 09:43, 19 December 2009 (UTC)


 * Just wondering how this is coming along, would be wonderful to get to use something easier :D Rockyman512 02:30, 27 April 2010 (UTC)

Proposal 1
Just in case you weren't yet made aware, the consolidated AR guideline has been moved to Abuse response/2009 Revamp/Proposal 1 as a unified proposal. Everyone's feedback and discussion is warmly welcomed. While we continue to work on the Toolserver project, we ought to come to a consensus on this proposal so that it may be put into effect. Thanks! bsmithme   07:52, 23 December 2009 (UTC)

Archival of old/stale cases
JamesR set up a bot (EBot) to perform some of the archival functions recommended under this revamp. Unfortunately, it archived many cases in or  that I don't feel should have been archived. While the cases may be old or stale, archival doesn't feel like the right disposition for them. In fact, based on the discussions above, it sounds like the archival function is only meant for closed or rejected cases. A few cases where this happened are: 76.15.216.153, Samlaptop, 203.29.67.82, & 66.4.233.x. Any thoughts? —Zach425 talk / contribs 18:01, 14 January 2010 (UTC)
 * I think something went wrong here, as I thought the bot was only supposed to archive cases under Abuse reports:, while the Abuse response: category would be dealt with us manually. I'll look into this. Netalarm   welcome to 2010!  18:10, 14 January 2010 (UTC)
 * It's true, this was unintentional. Feel free to remove archive template from from any cases you feel should not have been archived.       Thorncrag    19:56, 14 January 2010 (UTC)