Wikipedia talk:Abuse response/2009 Revamp/Archive 1

Abuse Reports on Accounts
Normally, accounts are blocked if they habitually violate WP rules. As an extension to this, sockpuppets of the original user are investigated and tracked through sockpuppetry investigation. However, when there is habitual sockpuppetry, and when user accounts have been linked to IP addresses which continue to be abusive, I believe that the abuse should be reported to the ISP through AR. Discussion? bsmithme   01:49, 26 August 2009 (UTC)
 * I have to agree, IP abuse is important but excessive use of sock puppets by the same IP is just as bad if not worse because it tends to show a much clearer effort to vandalize or abuse and when someone has been continuing to abuse the system they are likely to continue to do so despite efforts we take on our end. When it gets to that point the only real additional option seems to be bringing it to the ISP to see if they will be responsive.Jamesofur (talk)
 * I agree that AR should also contact ISPs about sockpuppets, but our templates and system aren't designed to handle such requests. Maybe it would be a better option to have SPI handle the investigation, and then defer the contacting role to us. Netalarm   talk  22:31, 27 August 2009 (UTC)
 * So, so far we all seem to agree that reporting to an ISP when sockpuppetry moves to abuse from IPs after SPI investigation linking account to IPs. In such cases, the main case should be under the original account name though shouldn't it be?       bsmithme    01:31, 28 August 2009 (UTC)

Filing Criteria
Is number 3 needed? An IP can't be subject to a current block older then 6 months if it has contributed in the past 6 months (number 2). Was the intent that it shouldn't be subject to a current block that has a length longer then 6 months? Jamesofur (talk) 04:55, 26 August 2009 (UTC)
 * You're right, that is redundant isn't it? That being said, there should be some more specific criteria when it comes to ranges or multiple IPs.         bsmithme    06:55, 26 August 2009 (UTC)
 * I removed the third criteria.      bsmithme    20:26, 28 August 2009 (UTC)
 * Do we have a consensus on the filing criteria?      bsmithme    20:08, 8 September 2009 (UTC)

* The IP address has been blocked at least five times * The IP has made abusive contributions within the past six months
 * I once received a response from an ISP stating that they would be unable to take action because our logs were older than six months. We also deal with schools, which do not really have long term IP information. Maybe we could shorten the time frame by a month or two. Netalarm   talk  00:58, 14 September 2009 (UTC)
 * I agree with four months to ensure ripeness. I think any less would be too-short a timeframe, so four is just right.   Any other thoughts from anyone?       bsmithme    21:58, 14 September 2009 (UTC)

support 4 months but may want to make it clear that it's 4 months from report just in case a report doesn't get picked up right away because people are focusing on say active vandals moving around ip's etc. Maybe 4 months from report 5-6 months period to give us leeway? Jamesofur (talk) 00:23, 19 September 2009 (UTC)

Notifying Filers
I propose that editors who file reports should be notified when the case is processed. This would encourage editors to continue filing because it will let them know that something was actually done. Thoughts? bsmithme   20:23, 26 August 2009 (UTC)
 * It would be optional, though. I can whip up a template for it.      bsmithme    21:10, 26 August 2009 (UTC)
 * I think this is a great idea, comments along the way show the whole community that something is being done without forcing them to come and check the status page frequently. I don't think it needs to be a big template just something small. I wonder if we should put an opt-out/in section on the filing template? I sort of feel like it should default to letting the filer know but if someone files a lot of requests they will likely be checking here often and not want more on their talk page. Jamesofur (talk) 18:56, 27 August 2009 (UTC)
 * Agreed, and we should also have templates notifying filers that their report was rejected, so they don't refile thinking we deleted it by mistake. Netalarm   talk  22:33, 27 August 2009 (UTC)

I created a new template with this syntax: IP

Thank you/opened:

Greetings! Thank you for filing an Abuse Report for abusive behavior originating from 192.168.1.1.

Rejected:

Greetings! Thank you for filing an Abuse Report for abusive behavior originating from 192.168.1.1.

Closed:

Greetings! Thank you for filing an Abuse Report for abusive behavior originating from 192.168.1.1.

bsmithme   02:20, 28 August 2009 (UTC)

AbRep version for multi-IPs
So I was thinking the current AbRep template really revolves around a single IP, not multiple IPs. It's a lot of info to tabulate and enter (as Netalarm has pointed out) when you have multiple IP addresses. Should we have a second version of the template for multiple IPs instead? That way we could have a posting button for single and a posting button for multiple. This would probably be ideal. bsmithme   20:22, 27 August 2009 (UTC)
 * Definitely, I do think unfortunately that there will be a lot of information to get for multiple ip's but it will be a little different, I think we want to try and show the same pattern through out a bunch of ip's in the range which is not always easy... Jamesofur (talk) 01:57, 29 August 2009 (UTC)
 * The information we need is going to be spread out an entire range, so it's no going to be easy to collect that information. Our tools and templates were created for a single IP, so we'd have to make an entirely new template for this. Netalarm   talk  02:05, 29 August 2009 (UTC)
 * So I think this needs more discussion. The changes that I made to ArRep which contains a fair amount of details to be entered by the investigator, I think is really suited for single IPs, and I think the info I put in would be really helpful for school's who investigate.  But those are not good for multi-IPs because counting all the vandal edits becomes pointless. That's why a second AbRep-multi template might be called for that trims it down.       bsmithme    22:07, 29 August 2009 (UTC)

Contact Templates
I revised the contact template at Abuse_reports/Boilerplate_messages—Discussion on this? I really would like to make it a strong request that everyone use the same template when contacting ISPs. bsmithme   23:20, 28 August 2009 (UTC)
 * How could I disagree? =] I basically wrote the whole thing. =] Approve Netalarm   talk
 * I like the changes, much better then the old one which to be honest was a little bit messy and seemed to scream that the report should be ignored. I sort of wonder if we want a separate template for schools given that they are a bit of a different animal? I also agree with you on using the templates, I would almost go as far as to require it unless there is a very specific reason not to. Do we want to put any more specific info directly into the warning (i.e. as of *date* the account was warned 56 times and blocked 9 etc.)? That way we can give them a clear understanding of the severity before they go and look at the report?. Jamesofur (talk) 02:11, 29 August 2009 (UTC)
 * Ahh, I apologize for not crediting you before, Netalarm... :-)      bsmithme    21:58, 29 August 2009 (UTC)
 * I've been meaning to get more involved in AR... turns out the place has been getting reformed while I was away! Anyway, I looked over the standard contact templates. Other than a couple of typos (which I corrected) they look great. My only comment is on the use of WP usernames instead of real names. When I sent out abuse reports I would give both, using my real name primarily. I think that added more weight to the reports. I don't see a privacy issue in most situations, so I think that it would be best to suggest providing your real name. Some abuse reporters would also provide their email address and/or a link to the Wikimedia Foundation contact page should the person receiving the report have any questions. I think this also encouraged more compliance from individuals with little or no experience with WP (although answering any responses would require a deviation from the standard templates, for better or worse). Another thought (this is turning in to a longer list than I had planned): I (and I think the old docs recommended this?) would provide a little info on the specific abuse, like the times of day during which it originates or the topic around which vandalism is centered, when I thought it might be helpful to a group like an educational institution, and because it added a sense of a detailed investigation rather than just firing off 30 emails a minute. Well, that's my two cents. Thanks to the people working on this, AR could definitely use some improvement. Master Runner (Talk/Contribs) 05:19, 1 September 2009 (UTC)
 * I generally use my real name when contacting ISPs, but tend to use Netalarm when I'm contacting higher educational institutions. My main concern is that this may have an impact on my future if I chose to attend that school? I don't think it would matter but I do it anyway. One other reason is a pending report is for my high school, so...

Regarding the specific abuse information, it was recommended, but very few contactors actually included that in the email. Right now, that information is provided in Template:AbRep, which we link to in the email. We could provide that in the email too, but I think a link to the comprehensive analysis suffices. Netalarm  talk  02:12, 2 September 2009 (UTC)

Abuse Response
Netalarm had a great idea to change to "Abuse Response" instead of Abuse Reports, and I think it's a good idea because it is a lot more concise. bsmithme   03:22, 29 August 2009 (UTC)
 * I like it for fact that "Abuse Reports" doesn't really describe all we do. AR also investigates, lookes for trends, and responds to abuse to prevent it in the future. Changing the name would allow other people to have a better idea of who we are just from the name. Netalarm   talk  02:57, 30 August 2009 (UTC)
 * Agreed, I think we should just move ahead with this and start rewriting everything. The current system is to outdated and in the past was a disgrace to the community to be totally honest. In the end it's better just to start from scratch with alot of the work we've already done. Jamesofur (talk) 06:16, 30 August 2009 (UTC)
 * See new note on revamp page


 * Agree This is the only way for Wikipedia Abuse Response to effectively fulfill its roll, which hasn't been effectively fulfilled for a long time now. Netalarm   talk  06:15, 30 August 2009 (UTC)

Temporarily Disable New Reports
I Think that we ought to disable new reports from being filed and let folks know that there is a major rebuilding effort going on. It doesn't do much good because new reports are not being processed now as it is, as the system is a mess anyhow. bsmithme   06:49, 4 September 2009 (UTC)
 * Also my next major effort which I hope to be able to start tomorrow will be to have full documentation on how to process new cases.      bsmithme    06:51, 4 September 2009 (UTC)
 * Maybe we can create a holding pen while we revamp. This way we don't let some repeat vandals slip by the system. Netalarm   talk  02:25, 7 September 2009 (UTC)

Note
This sort of thing is largely ineffectual unless Godwin is on board to do the contacting. A letter on WMF letterhead from our legal counsel will get results; a call from a random volunteer user is unlikely to. Also, why are we not using the talkpage per usual Wikipedia practice??? → ROUX   ₪  14:45, 26 August 2009 (UTC)
 * The only thing I would point out in reply is that this project has been around for years, it's not something we setup, and there have been positive results—mostly with educational institutions. Paying an attorney to do this work is impractical.  It certainly does not bother me to spend time on this—I do believe it is important since to abuse Wikipedia is also violate most ISP use agreements.       bsmithme    20:02, 26 August 2009 (UTC)
 * Pay an attorney...? Godwin is already employed by WMF to handle all legal issues. And really, who gives a fig about educational institutions complying? The major concern is ISPs, which you as a random member of this site have no clout with. The lawyer for the foundation that owns Wikipedia, on the other hand--more importantly, a lawyer with decades of experience in online law (here's a hint regarding how long he's been online: you know Godwin's law? It's named after WMF's lawyer)--will get some response. And perhaps we could finally do something about serial abusive sockpuppeteers. I'm well aware of how long this page has been around; I contributed to it very briefly about a year ago, until I realised how much whistling in the dark it was. I note you didn't answer the other question I posed. → ROUX   ₪  22:07, 26 August 2009 (UTC)
 * I am sure that Godwin has plenty of other things to do rather than divert time on this. I am unsure why you are assailing perfectly legitimate efforts to improve Wikipedia. I would appreciate hearing your constructive feedback, not splitting hairs.       bsmithme    22:50, 26 August 2009 (UTC)
 * That is constructive criticism. Here's two scenarios. Which one do you think is likely to have more effect?
 * "Hi, I'm a random anonymous editor of Wikipedia. There's this guy who has been abusing IPs provided by you..."
 * "This is Michael Godwin, legal counsel for the Wikimedia Foundation, the organisation that owns Wikipedia. Someone using IPs provided by you has been violating our terms of service..."
 * Do you see my point yet? No--ok, maybe one or two--ISP is going to bother listening to someone who cannot claim to officially represent Wikipedia. For all they know, you're just trying to fuck with someone. Godwin needs to be on board for this to be functional; this has always been the case and there has long been a weird resistance to even asking him. → ROUX   ₪  16:56, 28 August 2009 (UTC)
 * "Also, why are we not using the talkpage per usual Wikipedia practice???" That mainly applies to just the reports themselves, since we already have a discussion section on the main page. It would be confusing for the responsible organization to have to click around to get all the details. As for the other pages in AR, it's a lot easier to have a centralized location for discussion, because in the past discussions were scattered across all of our subpages. Our goal: Effective, useful, and easy to navigate.


 * WP:ABUSE is setup so that anyone that wants to help may participate, no special rights needed. If an ISP or school refuses to comply, we can file that into the report and forward it to the foundation, but us trying doesn't hurt the project. School's are the major concern, as we are unlikely to get a response from an ISP. Most internet users have a dynamic IP adress, while most schools are static. That said, most reports are for educational institutions since they always have the same IP. Netalarm   talk  22:41, 27 August 2009 (UTC)
 * I meant, why were we not using the talkpage for discussing the proposal. → ROUX   ₪  16:56, 28 August 2009 (UTC)
 * Since this is a major change, I think it's ok then... Netalarm   talk  02:06, 29 August 2009 (UTC)
 * Uhmmmmmmmm... no? There is a proposal. The proper place to discuss it is the talkpage, as we are now doing. You have more or less completely missed the question. → ROUX   ₪  03:09, 29 August 2009 (UTC)
 * I know what you're asking. Talk page discussions for AR are generally done on the main page, but since this will result in major changes, a discussion page of its own seems more appropriate? Netalarm   talk  03:00, 30 August 2009 (UTC)
 * It is more effective than some think; it has been proven to be the most effective way of dealing with the LBHS Cheerleader vandal for example. The system also solved the Mmbabies case, although a complaint to the Better Business Bureau was needed to solve that particular case. Fact of the matter is, there's a lot of people that complain to the ISPs themselves instead of going through WP:ABUSE, that probably explains why you see more cases come here about IPs with some ISPs more than others. PCHS-NJROTC  (Messages) 15:24, 20 October 2009 (UTC)

Flagged Revisions
I know a bit about this, and I know it's coming to BLP articles on English Wikipedia. I think it's pertinent to begin considering how this will affect this project when and if it is implemented across all WP articles. Does anybody have more information? bsmithme   20:38, 15 September 2009 (UTC)
 * As far as I know, flagged revisions means that a "reviewer" has to check any IP edits before they are saved to the mainspace. Correct me if I'm wrong on the above. I believe, however, that this could in fact obsolete WP:ABUSE if it becomes policy on all articles. Would it not stand to reason that all IP vandalism would be disallowed, therefore eliminating the need for us? A user would be blocked indef if they were vandal-only, we just can't do that with IPs. I may probably have gotten something wrong above, so please discuss. MacMedtalk stalk 20:53, 15 September 2009 (UTC)
 * According to http://blog.wikimedia.org/ sounds like it's still pretty much up in the air. Sounds like they are NOT planning on implementing it accross all of English Wikipedia.        bsmithme    20:52, 18 September 2009 (UTC)
 * I would believe that implementing it across the entire project would be counter productive to the stated goals of the project to create a free resource for the world. So in my view, we're not going to be affected that much if it's only applied to BLPs. Furthermore, if our cooperation with SPI and LTA (Long Term Abuse) is approved by the team, we'll also be handling those users. Netalarm   talk  02:28, 4 October 2009 (UTC)

OTRS
How, exactly, is OTRS expected to function here? It's an inbound system, so I'm guessing you're planning on having the ISPs call/email back? That doesn't seem likely. Having OTRS available to verify things, yes! Absolutely. But--oh this poor horse--without the ability to be official in the initial contact to the ISP it is simply going to be ignored nine times out of ten. → ROUX   ₪  20:59, 18 September 2009 (UTC)
 * I've personally gotten a ridiculous amount of responses when I reported abuse as a normal individual on sites that I have no affiliation on at all (or random forum sites I'm just a member of) including not only contact to say they were looking into it but follow up contact when something was done (without personal info of course). I disagree with you that by our very nature we will be ignored. ISPs set up their abuse system EXPECTING random people to contact them when their are problems. Companies themselves often tend to just "deal with it" with blocking etc, it's normal people that get pissed and report it. That being said I do want to try and get it to be more official. The OTRS idea was a start to look at (and evidently from talking to OTRS staff so far a que actually already exists but was never put into use). I definitely want to open an RfC and talk more with WMF to get it even more official as well because tbh I think they will agree. There is already an allowance in the checkuser policy to share IPs with someone to help contact ISPs for abuse reports we just need to work on what to do. I think we're starting to get organized enough it won't be long before I'm at least comfortable showing what we've done to the community.Jamesofur (talk) 22:02, 18 September 2009 (UTC)
 * Having an official @wikipedia.org email would help out greatly, but it is not an absolute requirement. Regarding being ignored, the majority of emails send from my personal email have NOT been ignored. Netalarm   talk  02:41, 4 October 2009 (UTC)
 * Most ISPs I've dealt with don't care who's pointing it out, they just care that it's happening. Heck, some organizations monitor activity themselves using remote desktop, and all we're doing is telling them what to look for. Any ISP or organization that wants to see an offical complaint from the foundation does not care about abuse, and they can only blame themselves if viruses start targeting their customers because they get a reputation for being unresponsive. PCHS-NJROTC  (Messages) 15:32, 20 October 2009 (UTC)

Where have I been?
Just a note to all ye faithful to this project, you may be wondering where I am. Well, I've been super swamped at work (where I primarily contribute to WP) between the recent hiccup and being the primary administrator for a corporate mediawiki project that is now going forward. I have not abandoned WP or AR but I will be absent for some time that is as yet undefined. As always if you need to contact me please drop me an email. I have one open case that I request someone to make contact on for me. Cheers! bsmithme   23:34, 3 November 2009 (UTC)

Thanks and Reminder
Just a thank you to you all who have come onboard and contributing to the project. Just a quick reminder, especially with more folks working on the project, that in order to coordinate activities, please remember to post proposals for changes here so that they can be discussed prior to being implemented. This will, among other things, help eliminate double-work and confusion. bsmithme   21:55, 14 September 2009 (UTC)

Clerking
I've asked about this on IRC, but I'm still not really sure what the plan is. Are we planning to have a clerk system similar to the one at WP:SPI? Also, I was wondering if we should maybe have a few users who can contact ISP's, schools, etc. As Roux said above, it may be difficult for us to garner the necessary attention from organizations without the WMF behind us. If the OTRS queue ends up falling through, perhaps Godwin or another WMF executive could screen different users and authorize them to say that we are contacting on the behalf of the Wikimedia Foundation. Finally, which of our active users has OTRS access? Will there be only one person handling all contact, or would we have to have more users apply, or would current OTRS users (not necessarily an Abuse Response Team member) handle the queue on our behalf? With a touch of curiosity, MacMedtalk stalk 02:58, 15 September 2009 (UTC)
 * I agree that an arrangement to speak in the name of the Wikimedia Foundation would definitely be more effective. Unfortunately I have little to contribute besides enthusiastic encouragement. On the clerking issue, I'm not sure that it's necessary. Regular volunteers can just make a habit of checking that things are tidy. Master Runner (Talk/Contribs) 04:51, 15 September 2009 (UTC)
 * As far as SPI, it wasn't planned but I'm open to anything that could improve the project. As far as OTRS, the queue has already been setup, but I am awaiting further details.  Although I want to point out something, and that's that most abuse lines are setup as tip lines (much like the FTC's or FBI's  fraud tip lines) so while they may not incur replies which is an unrealistic expectation from the beginning, it is still reasonable to expect that the information we provide would be helpful to ROs.  Let's also not forget that when users abuse Wikipedia, they are committing a clear-cut violation of most acceptable use policies which ISPs and schools typically take very seriously, especially since escalating violations could make them liable in rare cases.  The function of this project is not and should not be official action taken by the Foundation.  Those types of actions are, and ought to be limited to sensitive and serious issues which have legal implications (e.g. BLP, stalking, etc). It is not realistic to expect the Foundation to implement any serious response system for what basically comes down to vandalism.  While abusing Wikipedia and violating acceptable user policies is irritating, it is in reality not a very serious infraction. The purpose of the project is to provide evidence to the ROs that a user violated those policies with the hopes that they will look into it and be able to verify it with their logs and take action against the user. With this we have seen that there has been some success.       bsmithme    20:32, 15 September 2009 (UTC)
 * Can you quantify the success? E.g. of X reports to AR, Y resulted in contacts with the relevant ISP, of which Z resulted in termination of service to the offending customer. The last bit is key. → ROUX   ₪  20:37, 15 September 2009 (UTC)
 * Hello? Anyone out there? → ROUX   ₪  20:36, 18 September 2009 (UTC)
 * No, we can not, likely will not be able to. I don't think an ISP would tell us that regardless of who we spoke for. Would they do it? probably if it got bad enough but would they tell us? I doubt it would happen very often. Jamesofur (talk) 22:12, 18 September 2009 (UTC)

The termination of the customer has nothing to do with us - thats why be contact the ISP. The operation of AR does not include the confirmation of action by the ISP against the customer. To illustrate my point: Editors of Wikipedia find an offendng IP number and report it to AR (End of reporter involvement, AR takes over). AR investigates it and sends a report to the ISP (AR ends involvement, ISP takes over). ISP takes action against customer or whatever they deem necessary. We have to defer that task to the ISP and trust that they will take action on our behalf. Netalarm  talk  02:45, 4 October 2009 (UTC)

Idea for log format
Some ISPs, particularly those that use shared proxies, like to see detailed logs with exact timestamps. I have actually seen ISPs reject abuse reports because the logs were not satisfactory for them. Logs that resemble firewall logs would probably be most satisfactory to ISPs since that's what they're used to reading. Here's the type of logs that I have found to be most effective. YYYY-MM-DD(T)HH:MM:SS GMT -HH:MM (depends based on settings) src=192.1.1.1 dst=http://en.wikipedia.org/w/index.php?title=ARTICLENAME&diff=prev&oldid=12345678 info=randomly added "HI! :)" to the ARTICLENAME article An example of an abuse report this log format: A user at 194.83.245.89 has violated your Acceptable Use Policy by adding random nonsense into articles at http://en.wikipedia.org. The user's actions are disruptive to the project and can no longer be tolerated. Please investigate the logs below and enforce your AUP. 2009-10-15T04:06:26 GMT -04:00 src=194.83.245.89 dst=http://en.wikipedia.org/w/index.php?title=Cheerleading&diff=prev&oldid=319978251‎ info=randomly added "(name removed, would be included in actual abuse report) IS AMAZINGLY HOT! AND I LIVE IN (location removed, would be included in actual abuse report)" to the Cheerleading article Comments? PCHS-NJROTC  (Messages) 15:57, 20 October 2009 (UTC)
 * I apologize but I really don't know what it is that you're asking. Could you clarify?      bsmithme    02:50, 11 November 2009 (UTC)
 * What I'm getting at is that ISPs want logs of the abuse included in abuse reports, and they want them included a certain way. Most ISPs insist on logs including the offending IP, a precise timestamp, the GMT that the logs are in (UTC is GMT +00:00; I have my personal settings set so that logs show up as GMT -04:00) and an explaination of what's being done. They do not want to have to follow a bunch of links to find find logs; they basically want it to resemble either a firewall log or an email full header. I propose that we have a log template that closely resembles firewall logs for use with abuse reports. This template is designed to closely resemble the firewall logs produced by 2wire gateway firewall logs, which are acceptable for ISP abuse desks. It is not, however, an exact copy, so it's copyright violation. What I've been seeing is a lot of people around here just saying Hi, we've blocked 10.0.0.0 twelve times because of out of the 100,000 edits it has generated, 90,000 have been vandalism which isn't going to fly when dealing with the larger ISPs who will simply throw such an abuse report out thinking I wonder what Wikipedia vandalism is. PCHS-NJROTC  (Messages) 21:14, 16 November 2009 (UTC)
 * I see what you mean now, and I concur--the report template has been something we've been looking to overhaul for some time. Presenting the information in a clear-and-concise manner for ISPs to take a quick look and instantly know what to do is a goal that we should have. I think perhaps we should start a new subpage, start with a list of things that are required, and the things that we want, on the report page.  Indeed, there are so many things left to do.       bsmithme    00:05, 18 November 2009 (UTC)

Archival of this talk page
I propose archiving this talk page for resolved issues or issues that have reached consensus. WP standard asks that archival of talk pages be discussed so please share your comments on this. bsmithme   21:27, 4 November 2009 (UTC)
 * Also, if someone wants work on archiving threads on this page, make sure that all of the consensus issues have been transitioned to the revamp page before archiving them so that they don't get lost.     bsmithme    21:29, 4 November 2009 (UTC)
 * I support archival of this talk page, and if no one objects, I'll complete that task soon. Also, could everyone consider watch listing this page? Netalarm   talk  02:28, 16 November 2009 (UTC)

Additional AR Guidelines
Discussion on this?       bsmithme    19:50, 6 November 2009 (UTC)
 * AR is meant as a response to persistent abuse, it is not meant to be a direct and absolute deterrent to vandalism, nor as a bludgeon to be used on persistent abusers. As such, users should not be "bitten" or "threatened" with a report to their ISP. It has been fairly-well established that users who will respond at all to any such threat of the type are not likely to be effectively deterred by it--in fact, it is more likely that any such threat would increase the volume of abuse from the user.
 * I'm not sure what you want here. Are you talking about additional guidelines to be met before we agree to handle a case, or guidelines on clerks, or guidelines on threats of reports to us, or what? Regards, MacMedtalk stalk 22:21, 6 November 2009 (UTC)
 * No this is just meant as a general guideline for AR. We don't actually have a general guideline page, but they are mostly contained on the WP:GTAR page.       bsmithme    02:49, 11 November 2009 (UTC)

Query
Hi there,

I notice on your main page it says "Wikipedia:Abuse Response is a community initiative for the reporting and investigation of abuse originating from anonymous IP addresses. Those IP addresses are then reported to the service provider with jurisdiction over the IP address in hopes to counter and even deter abuse to Wikipedia."

Do ISPs ever respond to reports of Wikipedia abuse through anyonymous and reusable IP addresses? Your blurb kind of suggests that they might, which I find quite surprising. I'm just curious to know whether they ever assist, and, if they do, what form that assistance takes. 86.140.131.205 (talk) 14:07, 13 November 2009 (UTC).
 * ISPs do respond occasionally, though most personal responses come from schools. In either case, it is considered a success when a reply is received from a person who says that they will investigate, or even sometimes take action.      bsmithme    19:28, 13 November 2009 (UTC)
 * Thanks for the reply, bsmithme. I know in the UK, ISPs are very reluctant to take on any sort of "policing" role even when cajoled by the authorities. They don't really want to play ball with the in identifying and "punishing" things like file-sharing copyright violation, an activity which can actually be illegal, so I was surprised they would get involved in helping with something (Wikipedia abuse) that, presumably, often isn't even illegal. 86.152.242.27 (talk) 21:00, 13 November 2009 (UTC).

Consensus reached
Please see Abuse_response/Consensus for a list of changes. Netalarm  talk  02:51, 16 November 2009 (UTC)
 * Full archive is here Netalarm   talk  02:58, 16 November 2009 (UTC)
 * Good work. Looking good.       bsmithme    00:01, 18 November 2009 (UTC)

Notice Server
Hey guys,

I was looking at some MedCom stuff today and noticed that they have a nifty little tool for notifying editors that they have been included in a RfM. I'm gonna see if I can make something similar with options to reject, open, or close the case. Does that sound okay with everyone? Regards, MacMedtalk stalk 03:32, 16 November 2009 (UTC)
 * Not exactly sure what you mean, but anything to streamline will probably be welcomed. Also, another thing about MEDCOM is the list of active mediators, etc., well we need an updated version at our Volunteer page as well. If anyone feels like taking a stab at that feel free.  I might get to it soon myself.       bsmithme    03:39, 16 November 2009 (UTC)
 * I think it's pretty much complete. Check out WP:ABUSENOTIFY to see if you like it. You can test it on User talk:MacMed/test. If we come to the consensus to keep it, we can include it in WP:GTAR. I am open to any suggestions on improvements. Regards, <b style="color:green;">MacMed</b><sup style="color:red;">talk <sub style="color:black;">stalk 05:08, 16 November 2009 (UTC)
 * This looks good--just what I had in mind. Good work.        bsmithme    00:41, 17 November 2009 (UTC)
 * We can set this up under a new "Dashboard" for AR - I've got a feature to add too which is on User:Bsmithme/AR_dashboard.      bsmithme    00:00, 18 November 2009 (UTC)