Wikipedia talk:IP block exemption

The project page associated with this talk page is an official policy on Wikipedia. Policies have wide acceptance among editors and are considered a standard for all users to follow. Please review policy editing recommendations before making any substantive change to this page. Always remember to keep cool when editing, and don't panic.

Please log all grants of IP block exemption at Wikipedia talk:IP block exemption/log.

Archives:

• /Archive 1 - policy creation up to enabling of IPEXEMPT, May 2008.

Templates such as "checkuserblock", mediawiki interface pages such as the various "block messages", and the WP:BLOCK, WP:IP and WP:APPEAL pages may need updating to reflect roughly, that "IPEXEMPT is now an option if you are a well behaved user affected by a block. You should read WP:IPEXEMPT to understand the conditions on which this is granted before requesting it in your unblock request, if applicable."

We don't want heavy traffic, but we do need to consider that very problematic IP ranges will more often be hard blocked with exemption now (not previously possible), and ensure good-faith users are really quickly directed to IPEXEMPT if this happens to them. FT2 ^{(Talk | email)} 00:28, 9 May 2008 (UTC)[reply]

We can do this in a little while I'd like to make the uptake of this slow but smooth. :-) --Kim Bruning (talk)

Yes. FT2 ^{(Talk | email)} 00:53, 9 May 2008 (UTC)[reply]

Special:AllMessages. In case you weren't aware. : - ) --MZMcBride (talk) 01:27, 9 May 2008 (UTC)[reply]

Yes. I was actually thinking of Mediawiki:Blocktext more... which I drafted ;-) (and Mediawiki:Autoblockedtext etc which I didn't). FT2 ^{(Talk | email)} 02:33, 9 May 2008 (UTC)[reply]

One notable change: blocked users using Template:Unblock-auto (edit | talk | history | links | watch | logs) won't have to reveal their IP addresses. The template's probably not needed anymore, actually—blocktext can point directly to unblock-l. Gracenotes^T § 01:37, 9 May 2008 (UTC)[reply]

Why? (Sorry I'm coming late on this part) I mean, if we want to be able to decide whether or not ipblockexempt is a good idea, we might need to check which range is affected first and why? -- lucasbfr ^talk 09:32, 10 May 2008 (UTC)[reply]

/log <- Can folks who have applied this flag leave a short description here please? This is not a requirement, just a friendly request so you can help us help you help us. --Kim Bruning (talk) 02:44, 9 May 2008 (UTC) and then there will be cake[reply]

IPEXEMPT means a user can bypass any IP block at all - only a block specifically on their username will affect them. There are two main situations it'll be most useful - constructive users who edit via a vandalism range or shared IP we would like to hard-block, and users who would like to edit anonymously via Tor or another hard-blocked open proxy.

The main risk area with IPEXEMPT is it is wiki pixie dust to avoid checkuser. So it's likely to be a highly desired flag by wiki-abusers for its WP:GHBH and WP:SOCK deniability potential. Fortunately most uses will not be for anonymous access, but for hard IP block bypassing.

• Users who want IPEXEMPT to bypass a hard IP block on their usual IP, aren't a problem. They don't especially want to edit via proxies, it just happens IPEXEMPT would let them if they did. To keep it simple, the suggested policy is that a user in this position who just wants to use their normal connection but there's an IP block on it (schoolblock, vandalism, etc), can be given IPEXEMPT by any admin, but there's a condition they may not use it to edit via blocked proxies, or else it'll be removed.
  Logging of the right, may be needed to track when the right should be removed (ie, end of block), perhaps. Nothing much more. Making non-proxied use a condition means minimal scrutiny is needed and avoids loads of needless inquiry and such. It also means most requests don't need anything more than a quick check it's justified (ie, due to an IP block on their native IP), since the right will be removed if used to edit via a proxy. Easy.

• Users who want IPEXEMPT to edit anonymously need more scrutiny. That's still being discussed. Main risk - Admins might quietly give the right to socks or friends on a pretext (send self email). We've had a few sock-admins and some abuse proxy access and unblock methods.
  This should be a rare request, and it requires a high level of trust of the user, and certainty of uninvolved admin scrutiny (IPEXEMPT is effectively an admin level tool). But if there is a bona fide need for anon proxy access by a non-admin, and sufficient trust, then we now have a way to let them.

FT2 ^{(Talk | email)} 03:01, 9 May 2008 (UTC)[reply]

For usage where no anon proxy is involved, there's not anticipated to be many problems. But in the rare case that anonymity is requested, a tight control is needed to ensure scrutiny and close means of abuse (this is a highly abusable access). Draft from archive 1:

=== Using IP block exemption for anonymous or proxied editing ===

Editing via an anonymous proxy can be easily abused, so it is only granted under exceptional circumstances. Typical users who may reasonably request an exemption include users who show they can contribute to the encyclopedia, and (for existing users) with a history of valid non-disruptive contribution, but are either being hindered by restrictive firewalls, or for exceptional reasons must edit via anonymous proxies. Note that avoidance of checkuser, or specific checkusers, is not usually considered a sufficient reason - concerns over checkusers should be discussed with the Arbitration Committee or Ombudsman. There are strict requirements for determining whether a user can use IP block exemption to edit anonymously. Granting or reinstating exemption without following these would usually be considered a serious misuse of administrative tools:

• Exemptions are not given without clear need, and a high level of user trust to not abuse the flag.
• All exemptions must be posted for scrutiny and discussion to a reputable administrative mailing list or wiki-page. Typical venues include the unblock-l, checkuser-l, otrs-en-l, and arbcom-l mailing lists (contact details below), and WP:ANI. Administrators are prohibited from assigning IP exemption with permission to edit anonymously, to any user, without such a list being made fully aware, non-neutrality (if any) being disclosed, and a reasonable opportunity for review.
• All exemptions are subject to review and repeal. Exemption may be, and will usually be, withdrawn if there is credible evidence or concern of abuse, or the exemption is no longer necessary.

Who may request -- A user who has genuine and exceptional need, and can be trusted not to abuse the right. This is a level of trust equal to that given Administrators, as IP block exemption is an administrative tool.

How to request -- Request to an appropriate administrative mailing list or venue (see above). Uninvolved administrators will discuss your request.

FT2 ^{(Talk | email)} 03:01, 9 May 2008 (UTC)[reply]

I made a few changes for it to read better (diff). Neıl ☎ 10:37, 9 May 2008 (UTC)[reply]

Fixed an address; there's no list named "otrs-l". - Jredmond (talk) 14:23, 9 May 2008 (UTC)[reply]

Added disclosure of non-neutrality if any. FT2 ^{(Talk | email)} 02:53, 10 May 2008 (UTC)[reply]

We should create this on the Wikipedia:IP block exemption page at something like Wikipedia:IP block exemption#Suggested proxies. That way, people exempted don't end up using some crappy one that will get them hacked or leaked. Lawrence Cohen § t/e 17:07, 9 May 2008 (UTC)[reply]

I would be extremely hesitant to make any recommendations about which proxy to use. There is no evidence whatsoever that any open proxy is any better (more secure, whatever) than any other. There is not even any evidence that something like Wikipedia:WikiProject on closed proxies is secure (no offence guys). Users on anonymity networks should ensure the security of their login credentials by using the secure server. Anything else is a personal choice of risk. -- zzuuzz ^(talk) 19:52, 9 May 2008 (UTC)[reply]

This also makes the flagged account immune to autoblocks, rite? This should probably be plugged on bots running on the toolserver so that they don't get whacked by an admin carelessly blocking another malfunctioning bot... Миша13 19:56, 9 May 2008 (UTC)[reply]

Yes, it's immunity from absolutely all blocks (IP, IP range, autoblock, etc) except those directly on their usernames. IPEXEMPTing bots is an interesting idea. I guess you mean, to protect bots from accidental IP blocks of the toolserver? If that's really a problem, it would solve it. But does the toolserver get IP blocked often? I don't know much about it. FT2 ^{(Talk | email)} 22:47, 9 May 2008 (UTC)[reply]

I mean one of two things: either an inexperienced admin hardblocks a malfunctioning toolserver bot (that did happen often in the past) or a bot logs out and starts to edit under TS IP, in which case the policy used to say the IP should be blocked. Миша13 10:02, 10 May 2008 (UTC)[reply]

Discussion of IP block exemption generally, for bots, moved to Wikipedia:Bot owners' noticeboard#WP:IPEXEMPT. FT2 ^{(Talk | email)} 01:16, 11 May 2008 (UTC)[reply]

I was just looking over the list (currently 4) of those who've already received this.

I think it would be helpful if those who have would have some note on their userpage as to why they have received this. (Some do, somewhat, already.) - jc37 20:38, 9 May 2008 (UTC)[reply]

Not a bad idea at all. A template would probably be voluntary - so it might be a bit self-defeating. But what about some site code that puts an icon on a user's page if they have ipexempt, like admins have a little mop in the title bar? FT2 ^{(Talk | email)} 22:47, 9 May 2008 (UTC)[reply]

I wouldn't oppose that. However, I think it should be a requirement of receiving it that an explanation of it being granted is posted on the person's userpage. (Or, in rare cases, a link to the person who granted it, who "may" explain it's granting, if appropriate. - this exception due to possible anonymity concerns that we may not foresee.)

No explanation (or no link to explanation/explainer), then no IP-exempt. - jc37 00:04, 10 May 2008 (UTC)[reply]

Why not a central list of them all? Lawrence Cohen § t/e 00:07, 10 May 2008 (UTC)[reply]

I don't like the idea of a little icon, as that makes it start to seem like a status symbol, which it absolutely is not. I think a central list might be a good idea. My original thought was that it would be too much work to maintain such a list, but I don't think it would, given the limited amount of users that are likely to be assigned this flag. --Deskana (talk) 00:09, 10 May 2008 (UTC)[reply]

If you provide crackers and cheese, they'll line up to eat : )

As for a list, we already have one: Special:ListUsers filterable by userrights.

And a list of explanations isn't going to be useful to someone who may just be coming to the user's page. - jc37 00:19, 10 May 2008 (UTC)[reply]

This guy knows what he's talking about. Concur on the crackers, cheese, and list. We have all that's needed, except a quick way to review for expiry/reasons/abuse, really. And reasons will be in their user rights log. Ideas that avoid crackers and cheese? FT2 ^{(Talk | email)} 02:49, 10 May 2008 (UTC)[reply]

(Hmm... what if the icon was only visible (like the DELETE/PROTECT tabs), if the viewer was a sysop? Zero cheese?) FT2 ^{(Talk | email)} 02:59, 10 May 2008 (UTC)[reply]

Then let's pummel those giving this that they need to make sure the reason is explictly clearly explained in the user rights log. - jc37 03:05, 10 May 2008 (UTC)[reply]

Ok, I'm apparently lost. Where does one find these logs? : ) - jc37 03:11, 10 May 2008 (UTC)[reply]

Ok, I found [1], but is there really no listing of this linkable by user, from the user's page? - jc37 03:18, 10 May 2008 (UTC)[reply]

Re "pummelling"... agree. (But gentler!) FT2 ^{(Talk | email)} 01:19, 11 May 2008 (UTC)[reply]

{{minnow}} ?

(Or perhaps the S. S. Minnow : ) - jc37 01:32, 11 May 2008 (UTC)[reply]

Maybe better not to show people's flags. :-) --Kim Bruning (talk) 13:18, 11 May 2008 (UTC)[reply]

Hi, I was just wondering, that if possible, could we advise users considering getting IP exempt to have a look at Wikipedia:WikiProject on closed proxies (provides access to password-protected Wikipedia-only no-account-registration or anonymous editing proxies specifically for Wikipedia editors who need to bypass filtering) and trying that out before requesting exemption?  Atyndall93 | talk  11:59, 11 May 2008 (UTC)[reply]

Sounds like a plan. --Kim Bruning (talk) 13:17, 11 May 2008 (UTC)[reply]

I'm not sure what the advantage is. Ip block exemption allows the user's native IP to remain unchanged, a valuable safeguard against attempts to abuse that are inherent with all kinds of proxies. See above for concerns over controls for proxy usage of any kind. The same issues would exist with closed proxies or open ones. Given exemption is available, do we need closed proxies any more, or can we make do with tor + exemption alone? And can someone clarify how abuse possibilities are addressed by the wikiproject? FT2 ^{(Talk | email)} 14:44, 11 May 2008 (UTC)[reply]

Well basically, there are several user's that are hosting proxies on servers whose names are not disclosed, these proxies require a username and password to access (you contact the proxy operator to setup an account and find out the proxy's address) and only access the Wikipedia website. They automatically block account creation, so you must contact an admin or the proxy operator to create yourself a Wikipedia account. Accounts using the proxies will have their user talk page's periodically checked (about every 3 days) to see if they are vandalizing or doing bad things, if they are, their proxy username and password are revoked, thus stopping them from using the proxy. The proxy will either prevent anonymous access via its own interface, or I will see if an admin can softblock the proxy's IP address.  Atyndall93 | talk  22:10, 12 May 2008 (UTC)[reply]

Also, in response to the security of the proxy discussed above, the proxies all must use SSL between the user and the proxy and can be programmed to access the SSL version of Wikipedia, stopping packet sniffing and other security problems. As to the security of the proxy itself, the proxies are hosted by people who have made significant contribution to the Wikipedia project and who would receive a very bad reputation if they were found to be using the proxy against policy.  Atyndall93 | talk  22:17, 12 May 2008 (UTC)[reply]

How does a new editor behind a firewall come up with the 3,000 edits needed for a closed proxy account (according to Wikipedia:WikiProject on closed proxies/Criteria)? Please see discussion. --Damian Yerrick (talk | stalk) 21:29, 10 July 2011 (UTC)[reply]

I have a gnome account (User:Proto) that I use when I don't want to be bothered. I also use Opera Mini quite a lot (thank you, long train journeys) - Opera Mini is currently hardblocked, though, as it doesn't forward XFFs properly or something. Now, this isn't normally an issue as my main sysopped account is exempt anyway, but I have granted the same exemption to my gnome account, reasoning that it's still me anyway, so I can edit using it on Opera Mini. Is that sort of thing okay? Neıl ☄ 11:40, 14 July 2008 (UTC)[reply]

You might send a note to OTRS, unblock-en-l, or arbcom-en-l for record. Best, NonvocalScream (talk) 04:24, 15 July 2008 (UTC)[reply]

OTRS and arbcom-l have nothing to do with this. I contacted unblock-en-l to request my exemption but you don't need to inform them; just add a note to Wikipedia talk:IP block exemption/log. —Giggy 04:31, 15 July 2008 (UTC)[reply]

Oh, I stand corrected. The policly has changed a bit since I first proposed this. Very best, NonvocalScream (talk) 05:40, 15 July 2008 (UTC)[reply]

Thanks gents. Neıl ☄ 11:11, 15 July 2008 (UTC)[reply]

I'm going to edit this page and Wikipedia:Advice to users using Tor to bypass the Great Firewall to recommend tor users ask for IPBE. I can not think of any possible harm; since IPBE only applies to the one account with the flag set, at best this will enable someone to use tor with their "good hand" account, while maintaining non-exempt vandal accounts. And anyone who really wants to do this has many other ways available to them already. IPBE really can't be used to enable abuse of tor in any way I can think of. Thatcher 15:49, 19 July 2008 (UTC)[reply]

Agree here. This was my intent when I first proposed the policy exemption. NonvocalScream (talk) 16:17, 19 July 2008 (UTC)[reply]

Good plan! I support that - Alison ^❤ 16:25, 19 July 2008 (UTC)[reply]

Can you assign the permission to VFMAC (talk · contribs · count). This account will be used by an individual to ensure cadets or alumni do not make inappropriate changes to it. Referenced in otrs:1769832. Best, NonvocalScream (talk) 03:36, 29 July 2008 (UTC)[reply]

Y Done —Animum (talk) 03:39, 29 July 2008 (UTC)[reply]

Don't believe it. Ask for checkuser confirmation. I saw this line used by the Avril vandal and another suspicious account. Thatcher 01:38, 1 August 2008 (UTC)[reply]

See my below comment regarding the foundation privacy policy. NonvocalScream (talk) 22:48, 15 August 2008 (UTC)[reply]

As evident by the above comment, is it standard practice to perform a checkuser request on an account requesting IP block exemption to confirm that they are actually in China and not just lying? Does this not violate a users privacy? Laurence 1 16:05, 15 August 2008 (UTC)

I don't know if its standard practice, but I don't see how it would be a privacy violation. It would either A) confirm what they've already said and provide no, or very little, new information or B) establish that they are lying and prevent disruption. Mr.Z-man 18:26, 15 August 2008 (UTC)[reply]

Such a disclosure to a third party outside checkuser would not be permitted. So if I were an admin and I asked for a check to verify this use is from china, the checkuser would not be able to disclose the result. However, if the requester gave consent, then the result can be disclosed. If the user *is already abusing* a check's results can only be disclosed to formulate IP blocks and formulate ISP abuse reports. Other than that, a check result could not be disclosed to verify the user is from china. The check can be run and the checkuser can set the right. But... the check's result could not be disclosed for a different admin outside checkuser group to set the right. The applicable sections of the privacy policy for this context "ask for checkuser verification" is partly the data derived from page logs sections two and five. NonvocalScream (talk) 22:41, 15 August 2008 (UTC)[reply]

First of all, once a user has volunteered the information about themselves, "I am editing from China," it is not a privacy violation to confirm whether that person is telling the truth or lying. Further, note that the privacy policy governs release of personally identifiable data. Generally, information about use of a network in general terms does not constitute personally identifiable information. So, "editing from China" or "editing from Comcast" does not constitute a violation, because the networks are large and that information alone is insufficient to identify someone. The checkuser policy does recommend disclosing a the minimum amount of information needed. So while an answer like, "User:Smith is editing from Comcast on the East coast while user:Jones is editing from AT&T on the West coast" is permissible, a better answer is, "unlikely; different networks in different cities" or even just "unlikely". Regarding tor and "missionaries in China", the "minimum information" rule of thumb suggests that the best answer would simply be to tell the editor or admin that the request should either be granted or denied. But there is no privacy violation in confirming information that an editor has voluntarily released about themselves. Thatcher 00:30, 16 August 2008 (UTC)[reply]

In addition to what Thatcher said, if they are already editing from China, admins should be wondering why they would require the exemption at all. The user may claim that they are already using open proxies, and there would therefore be no personal information at all, even with specific IPs (not that I'm suggesting checkuser should release this info). -- zzuuzz ^(talk) 00:57, 16 August 2008 (UTC)[reply]

Thatcher, where in the foundation privacy policy does it permit disclosure of information already apparently disclosed by the user? NonvocalScream (talk) 01:09, 16 August 2008 (UTC)[reply]

m:CheckUser policy, "On Wikimedia projects, privacy policy considerations are of tremendous importance. Unless someone is violating policy with their actions (e.g. massive bot vandalism or spam) and revealing information about them is necessary to stop the disruption, it is a violation of the privacy policy to reveal their IP, whereabouts, or other information sufficient to identify them, unless they have already revealed this information themselves on the project." (emphasis added) And both the privacy policy and checkuser policy talk about "personally identifiable data;" "editor is in China" is certainly not personally identifiable. Thatcher 01:26, 16 August 2008 (UTC)[reply]

I've done some research into "personally identifiable data". It seems that I have been applying a looser definition, than what it actually is, in the IT sphere. You are correct, and thank you for taking the time to explain better. NonvocalScream (talk) 01:53, 16 August 2008 (UTC)[reply]

I realize that this isn't the right place to ask, but I've emailed unblock-en-l@lists.wikimedia.org five times now and I haven't received a response, not even an automated reply that my message is going to reviewed by the list admim or whatever, so I think they are not getting through. Does Wikipedia's email system automatically block emails from Tor connections like Wikipedia does? Anyway, could someone here email them for me with the following:

I'd like to request IP block exemption for my account User:Jessica Thunderbolt. I have read Wikipedia:IP block exemption but I'm not sure if I meet the criteria because it says editing via proxies is not allowed except in "exceptional circumstances", so I'll ask anyway and if it can't be done I understand. I'm requesting this because I connect to the internet through a wireless hotspot but it requires a password which I do not have. I can connect to the wireless hotspot but after that it blocks all normal connections, for example google.com, and directs me to the welcome landing page where it asks for credit card details. However, I have discovered that for some reason if I use Tor I can get an connection, I think because Tor encrypts it's traffic and sends it in a non-standard http protocol and multiplexing which the hotspot doesn't notice, so I have to use Tor for all my internet usage. Why, you ask, don't I just use a normal connection? Well, at least this way I don't have to pay for the internet connection, and although Tor is slow it serves my needs quite well. Anyway, I've been able to edit Wikipedia this way but finding an unblocked Tor node if difficult and I'm at the point now that I'm literally pulling my hair out when I get the "your blocked 'cause your editing through Tor" message. It would really save me a lot of time to just be able to edit and not constantly be searching for unblocked Tor nodes. JessicaThunderbolt 17:36, 2 September 2008 (UTC)

I've got the reply, thanks. JessicaThunderbolt 13:47, 4 September 2008 (UTC)[reply]

I am considering running a Tor exit node over my residential Internet connection. Of course, this will likely get my static IP banned on Wikipedia as soon as someone abuses it. I still wish to retain the ability to participate in Wikipedia (through an un-proxied connection), so I am wondering: is the ban only for anonymous users, or for logged-in accounts too? If yes, why? And is there a special exemption category for those running intentional proxies? Can I apply for exemption preemptively? I noticed Wikipedia_talk:Blocking_policy/Tor_nodes, but it is long and inconclusive. Wikipedia should certainly not discourage taking part in a project such a Tor, even if they block edits from Tor. --Dandin1 (talk) 00:03, 18 December 2008 (UTC)[reply]

You can completely avoid your IP address being blocked by denying access to Wikipedia's servers in your exit policy. Someone over at WP:VPT will be able to provide the details. Alternatively, if you insist on allowing edits from Tor via your IP address, I am not sure you will find much sympathy. -- zzuuzz ^(talk) 00:45, 18 December 2008 (UTC)[reply]

Discussion about policy subcategories for several pages, including this one. As far as I know, this doesn't make any difference, except as a help to people trying to browse policy. - Dank (push to talk) 03:17, 9 July 2009 (UTC)[reply]

If you really want feedback on IP block exempt, look no further than Chinese Wikipedia. This permission is granted to users on a nearly daily basis due to Great Firewall of China OhanaUnited^{Talk page} 04:42, 3 September 2009 (UTC)[reply]

This page might get a new policy category; the discussion is at WP:VPP#Wikipedia administrative policy. - Dank (push to talk) 01:01, 26 November 2009 (UTC)[reply]

I've noticed that the third sentence is a bit confusing when it claims that 'admins are always exempt'. This statement most likely leads to things such as this, where multiple admins remove the IPBE as it's thought to be redundant for those with the admin bit. Would there be a way to clarify the true position a little better, particularly in what situations IPBE would truly be needed for admins? NJA (t/c) 12:04, 7 December 2009 (UTC)[reply]

I'm curious why you would go ahead and remove the rights from these folks, apparently without asking them first (although I note you said you'd e-mailed them that you were doing it). Did you check to see if the IPBE was added after they became administrators, or confirm with anyone first that the rights overlapped completely? Nathan ^T 16:15, 7 December 2009 (UTC)[reply]

It's been removed many times before, particularly before the Tor block, as an apparently obvious thing to do. As I understand it "torunblocked" is not included in the sysop package, or with the ipblock-exempt right, but only the ipblock-exempt group. As a mere sysop I have tried it and cannot edit with Tor. Thus admins using Tor might want this right. -- zzuuzz ^(talk) 16:49, 7 December 2009 (UTC)[reply]

Nathan, that's honestly between me and the admins in question, all of whom have been completely understanding of my housekeeping, and of all only two actually still needed the rights. My query was about clarifying the page, not to discuss private issues. Thank you zzuuzz for understanding my query and doing a decent job clarifying the page with just a few words! NJA (t/c) 21:03, 7 December 2009 (UTC)[reply]

Two out of five - forty percent isn't what I'd describe as "only." At any rate, while I disagree that somewhat haphazard "housekeeping" with user rights constitutes a private issue, further discussion probably isn't necessary - assuming you exercise a bit more restraint in the future. Nathan ^T 22:04, 7 December 2009 (UTC)[reply]

Aiye sir. NJA (t/c) 07:03, 8 December 2009 (UTC)[reply]

Whilst some admins are using the log, I see from the user rights log that a few are not. Should we alert the admins in question to use the log, or is the log becoming redundant? I think logging is important to monitor potential abuse of this user right. Comments? NJA (t/c) 07:36, 16 December 2009 (UTC)[reply]

Today, I tried to log in from a public computer, but the computer was blocked, so I couldn't edit anything, even though I was logged in. If were in the IP block-exempt group, then could I edit from blocked computers? --The High Fin Sperm Whale 20:42, 28 January 2010 (UTC)[reply]

Yes. –xeno^talk 20:46, 28 January 2010 (UTC)[reply]

Were can I ask for it? --The High Fin Sperm Whale 23:43, 28 January 2010 (UTC)[reply]

I believe standard practice is to ask a checkuser to add it. –xeno^talk 02:31, 29 January 2010 (UTC) —Preceding unsigned comment added by Xeno on an iPhone (talk • contribs) [reply]

Is there a category of CheckUsers willing to grant it? --The High Fin Sperm Whale 03:09, 29 January 2010 (UTC)[reply]

Try asking User:Alison –xeno^talk 14:10, 29 January 2010 (UTC)[reply]

I have added a link at WP:IPBE#Administrators guide which points to Wikipedia talk:IP block exemption/log because I couldn't find the log last time around. EdJohnston (talk) 18:12, 13 January 2011 (UTC)[reply]

There's a link to a disambiguation page under "Used for anonymous proxy editing", namely the "firewalls" link. Anyone mind if I correct it to firewalls? Allens (talk | contribs) 13:35, 8 April 2012 (UTC)[reply]

I've had a request on my talkpage from an editor who wants this right, and I'm struggling a bit to work out what I as an admin who has never awarded this userright need to do to respond. For starters how would I know whether the IP involved had been blocked by a C/U? In fact I'm not comfortable with admins knowing the IPs of editors - if the process relies on the editor saying which IP they've been blocked with then surely that is information that should only be available to people who have been through C/U vetting? ϢereSpielChequers 11:01, 22 January 2013 (UTC)[reply]

You should ask this user to forward you the full text of the block message. Ruslik_Zero 11:50, 22 January 2013 (UTC)[reply]

I thought that something like that might be needed, but presumably that includes the IP address? If so is it right that all admins can handle these, surely it should only be check users who have access to people's IP addresses? ϢereSpielChequers 12:21, 22 January 2013 (UTC)[reply]

If a user voluntary provides you with this information, that is fine. Ruslik_Zero 13:26, 22 January 2013 (UTC)[reply]

Indeed. As someone who has dealt with the privacy policy for many years now, I can assure you the privacy policy does not apply to information voluntarily given to you by the affected user. Anyway, you can always advise the user to email the functionaries (or email me directly) if you'd rather we handle it. We're happy to do so. --(ʞɿɐʇ) ɐuɐʞsǝp 13:32, 22 January 2013 (UTC)[reply]

Thanks, will refer them accordingly. ϢereSpielChequers 14:22, 22 January 2013 (UTC)[reply]

Per multiple comments from Coren (talk · contribs), Risker (talk · contribs) and CBM (talk · contribs) at Wikipedia talk:Arbitration Committee#I demand you all step down, it has been suggested that this policy be updated to include a warning to all users requesting IPBE that they will be CUed and possibly blocked if mistaken as an abusive editor. Perhaps the notice below should be placed at the top of the page.

Editors requesting IP block exemption are warned that they will be subject to ongoing sock puppet investigations and CheckUser investigations and may be mistakenly blocked if they are confused with a disruptive editor.

I'm not attached to this specific wording, so suggested improvemnts are welcome. Does this sound acceptable to everybody? 64.40.54.87 (talk) 20:03, 2 March 2013 (UTC)[reply]

One of the two reasons for IP block exemption is: "An editor who is unfortunately affected by a block intended to prevent vandalism or disruption, can be given the flag. They will then be able to edit without being affected by any IP address blocks." The section explaining this only mentions IP range blocks. Sometimes users are repeatedly affected by individual IP blocks or autoblocks of those IP addresses, partilcularly on networks where all edits go through one or a small number of IP addresses. Should the policy also allow exemption in these circumstances? Peter James (talk) 17:38, 1 March 2014 (UTC)[reply]

It seems to me that this usergroup is really about two different needs, one for avoiding hard blocks of regular IPs or IP ranges (relatively common), implemented by ipblockexempt, and one for avoiding tor blocks (needed for editors in China for example), implemented by torunblocked. The second one is much more sensitive and open to abuse, according to the page and to those comments, however two checkusers agreed that it wasn't that sensitive. It's clear that admins are not allowed to edit through tor (proxyunbannable has no use on WMF wikis, see Mr.Z-man's comments and here). My point is, is this really open to significant abuse, and should we be concerned that some editors in the high risk template editor usergroup have IP block exemption ? If it is that sensitive, wouldn't it be more appropriate to split this usergroup into two : IP block exemption with ipblockexempt and Tor block exemption with torunblocked ? This would also likely reduce confusion and ease maintenance. Cenarium (talk) 22:46, 12 November 2014 (UTC)[reply]

On one level a split makes sense, but I'd like to raise a few issues in answer to your questions. Admins are able, both technically and in policy, to add themselves to the IPBE group if they have a need. This effectively allows them to grant themselves only torunblocked. Related to this is that I suspect the lack of concern you're hearing from checkusers is because accounts can be quickly blocked and banned. A user is highly unlikely to have a collection of IPBE accounts due to the scarcity of the flag. This and other issues make it a high cost vandal vector, usually cheap for us to deal with.

A split will create a new list of users who specifically use Tor. I suspect users of Tor as well as checkusers/admins who have granted it may not like that. From another perspective, while it may be good for monitoring Tor users, it does not cover all users granted IPBE to use anonymous proxies. Many users find Tor slow and inconvenient and prefer to use VPNs or open proxies. In my experience the famous Tor user behind China's firewall is largely a myth (there was one once). Furthermore, not all users granted IPBE because they are affected by Tor blocks are actually using Tor. They need torunblocked because they are collateral. Lastly, ipblockexempt is a technical licence to use and abuse proxies anyway. We ultimately have to trust the user with flags to stick by policy, or start removing things from them. All in all, I think this leaves me unconvinced about the need for change, only the need for discretion and vigilance. -- zzuuzz ^(talk) 19:54, 13 November 2014 (UTC)[reply]

It's pretty rare to see IPBE abused. If an account with IPBE starts vandalizing, then you can find and revert the vandalism like any other account. It can let users avoid IP blocks, yes, but any dedicated vandal who understands how Wikipedia works could just use a proxy instead (or a mobile IP range, blarg). Rather than being more restrictive in giving it out, as might happen with multiple groups, it might be better to be less restrictive and give it to users in good standing who want some privacy. Ajraddatz (Talk) 07:31, 21 February 2016 (UTC)[reply]

This topic needs to be discussed again, as some editors in good standing are being unduly affected by the current rules.

For example, there is mention of exemptions for people with "restrictive firewalls", but I suggest it be strengthened to include other similar issues like ISPs that insist on breaking connectivity. I've had issues that affect my ability to edit, which I won't go into at length here, and regularly use a VPN service to fix them. More over, many people feel it is increasingly necessary to use VPN and similar services to prevent data collection (spying) by ISPs and other agents.

For editors in good standing I see no reason why they should not be able to request and maintain an exemption indefinitely. Editors who have been registered for a long time and made many unproblematic edits over the years should be supported when they find they have connectivity issues or feel the need to enforce privacy/security.

There are two issues that need to be addressed, based on the results of the previous debate.

1. What is "good standing", or more precisely what should the requirements for an editor seeking such an exemption be? Could some kind of trial period be implemented?

2. Personal preference alone should be enough, if the editor does not abuse the exemption. Users who hold certain values, such as the value of privacy, or who have no choice but to use an abusive ISP, should not be penalized. I think there would need to be a very good reason to deny such users an exemption.

I hope we can find a way forwards. At the moment I am only able to edit Wikipedia from work on on mobile, not at home, due to this issue. ゼーロ (talk) 10:36, 19 February 2016 (UTC)[reply]

IPBE requirements should absolutely be less restrictive. This business of checking accounts requesting it and re-checking them at random times to see if they still need it is, to me anyway, quite strange (though not necessarily wrong). An editor in good standing should be able to edit. If they say that they can't, then this should be rationale enough to grant them an exemption so that they can continue. The two main arguments against handing these flags out are a) hat collecting and b) abuse. A) if the editor wants to feel special by gaining some minor right on an internet website, then they will find ways to do that anyway - this shouldn't be a significant concern, as it is clearly a vast minority of cases. B) Any abuse of the IPBE flag is still visible. Very visible. CheckUser can (and should) be used to investigate requests for exemption from users who have engaged in patterns of disruptive behaviour, if the flag isn't denied to them outright. But being a bit liberal with assigning it means that more people who are subject to blocks which did not target them intentionally are allowed to get back to editing, or users who want more privacy can get that, and these both clearly fit within the mission statement of the Foundation and the five pillars here ("Wikipedia is free content that anyone can use, edit, and distribute"). Ajraddatz (Talk) 07:37, 21 February 2016 (UTC)[reply]

I concur. As long as I'm an editor in good standing, what difference does it make if I have IPBE but don't currently need it? With the proliferation of WiFi hotspots and and the fact I don't have an internet cell phone, I don't know where I'll be denied access, and shouldn't be inconvenienced by an unexpected IP block. In addition, I don't like the idea of some random admin running a check user on a bunch of editors without serious cause or prior notice. Wikipedia is not the US Federal government, and shouldn't be acting like it. - BilCat (talk) 07:57, 21 February 2016 (UTC)[reply]

I agree with all that, and would just add that I actually do need an exemption. I'm currently using my neighbour's WiFi (with permission) to edit from my phone, because my home broadband connection is unusable. ゼーロ (talk) 10:28, 21 February 2016 (UTC)[reply]

I think it should be given to any user in good standing who claims a need. However I also think that any CU should be able to remove it if they find that it is interfering with an actual investigation. I don't think it should be removed unless it is interfering with a checkuser investigation. Really who cares if a good user uses a bad IP? HighInBC 17:08, 23 February 2016 (UTC)[reply]

Technical question: what is the mechanism whereby IPBE interferes with an investigation and removing IPBE fixes the problem? --Guy Macon (talk) 18:02, 23 February 2016 (UTC)[reply]

I suppose if a CU checks a user as part of an investigation and find that they cannot check their IP because they are using blocked proxies it would be a good reason to remove the right. Particularly if there is no record of a proper IP being used. HighInBC 05:33, 24 February 2016 (UTC)[reply]

The how concept of differentiating between a "proper IP" and a VPN endpoint / Tor exit node is flawed. IP addresses are a blunt tool and many people wish to obfuscate their use of one for perfectly legitimate reasons. Consider that if an IP address is at all useful to some random admin doing an investigation, there are good reasons to avoid it being traceable to yourself (that have nothing to do with WP). ゼーロ (talk) 12:01, 24 February 2016 (UTC)[reply]

We don't let admins look at IPs. Only checkusers. Our checkuser policy allows for this sort of checking and determination. There is no right to obfuscate your IP here, just a privilege we allow some people for special circumstances. As it stands it can be taken away simply if there is evidence it is not being used, I am suggesting it be taken away only if there is any evidence it is being misused. HighInBC 16:47, 24 February 2016 (UTC)[reply]

I agree. Re: "As it stands it can be taken away simply if there is evidence it is not being used", please see Wikipedia talk:IP block exemption#Removal without warning or discussion, where I clearly show that "not being used" does not equal "not needed". --Guy Macon (talk) 18:11, 24 February 2016 (UTC)[reply]

I appreciate what you are trying to say HighInBC, but I don't have an IP address. The one I use at home, that I can't edit WP properly from, is shared and seems to change often. Sometimes sites think I am outside the country and won't let me access services for a few days until it changes again. The whole concept is flawed. ゼーロ (talk) 17:03, 25 February 2016 (UTC)[reply]

You do have an IP address, even if it changes often and is shared with other users it can still be seen as a residential IP and not a proxy. In my scenario your changing home IP would be related to an ISP and would be seen as a legitimate set of IPs, as opposed to a proxy server or commercial public IP. HighInBC 16:44, 9 March 2016 (UTC)[reply]

I read through the past discussions on this page and I still don't quite get it.

• What makes IPBE so dangerous that it cannot be retained by trusted members of the community who have at some point needed it?
• Is it the fact that it allows editing through Tor? If so, would it make sense to unbundle ipblock-exempt and torunblocked?
• If the issue is that lots of people having IPBE would make checkuser difficult, perhaps it should still be granted only if absolutely needed, but why does it make sense to take it away from people?
• Would a compromised account with IPBE be significantly more dangerous (or difficult to detect) than a compromised account without it?

If the main reason is just "people who don't need a user right shouldn't have it", then I think the reaction to the recent IPBE review shows that the advantages may be outweighed by the social costs. wctaiwan (talk) 00:41, 22 February 2016 (UTC)[reply]

What about the social costs of allowing the number of IPBE users to slowly grow forever (it makes the rest of us wonder why we don't have that right)? Procedures like WP:OWN tell us that our feelings aren't as important as fitting in, and there is no reason people should have IPBE unless it is needed. Johnuniq (talk) 02:04, 22 February 2016 (UTC)[reply]

WP:OWN isn't scripture, and there is social cost to not doing it. If you want people to contribute, it makes sense to help them so do. I'm now unable to edit from home, so my contributions are heavily reduced.

To address the issues raised by wctaiwan, I think separating out Tor blocks is likely to be problematic, because people can run Tor exit nodes through VPN services. Some VPN services use the same servers to host Tor exit nodes too. To me the more interesting question is why do we block registered users who have been active for a number of years from using Tor? The goal is to block spam and vandalism, not to block Tor.

I agree that taking exemptions away from people makes no sense, unless there is some specific abuse it is dealing with. ゼーロ (talk) 09:15, 22 February 2016 (UTC)[reply]

I am a bit concerned about removals of IPBE with no warning or discussion on the user's talk page. I have IPBE because when I am in China I usually work under a consulting contract that specifies that I must access the Internet is through Tails and Tor (I do consulting work work in the toy industry, where industrial espionage is a real problem). I also use Tails and Tor here in California if I am accessing the Internet through a corporate network at a remote jobsite. I often end up waiting around for someone at the remote site so have plenty of time to edit Wikipedia.

The thing is, I might go nine months without needing IPBE (thus meeting the "editor has access to Wikipedia through a non-firewalled IP address" criteria for removal) then suddenly need it very badly. I don't see how a checkuser alone would reveal this, and I don't want some admin to remove the right without first discussing it with me and giving me a chance to explain my situation.

Note: I hereby give my full permission to anyone to run a checkuser on me and reveal the results for any reason or for no reason at all other than going on an ordinarily unjustified fishing expedition. I don't care who knows my IP, and I have nothing to hide from anyone on Wikipedia. Also, I cannot be possibly be outed, because Guy Macon is the real, legal name I was born with. The WMF has proof of my identity on file. --Guy Macon (talk) 23:16, 22 February 2016 (UTC)[reply]

(...Sound of Crickets...) --Guy Macon (talk) 01:54, 25 February 2016 (UTC)[reply]

There's obviously a range of views on the best way to manage this right. Why not start an actual RfC about it? Opabinia regalis (talk) 02:11, 25 February 2016 (UTC)[reply]

^ This sounds like a great idea. Might as well get people together to make a decision, rather than arguing back and forth about it. I'd be glad to help set it up, if needed. Ajraddatz (Talk) 05:30, 25 February 2016 (UTC)[reply]

Please do that. ゼーロ (talk) 17:05, 25 February 2016 (UTC)[reply]

Sounds like a plan! I'm pretty busy until after the weekend though, so I'll set it up sometime next week unless someone else has before then. Ajraddatz (Talk) 03:22, 26 February 2016 (UTC)[reply]

Let's decide on the proposed questions for an RfC. I suggest:

1. All editors should get an IP block exemption after being registered for six months and having made >10 edits without sanction during that time. Editors may also request an early exemption.

2. Exemptions shall only be removed in cases where there is abuse.

Discussion: The purpose of IP blocks is to stop spam and vandalism. Unfortunately, they are a blunt tool that cause a lot of collateral damage and work for administrators. They are also anti-privacy and discriminatory against editors from areas where exemptions are necessary. Such editors essentially have to beg to be allowed to edit, and then keep editing regularly from a blocked IP range or have their exemption removed and go back to begging. The process for evaluating eligibility can also include an unwarranted invasion of privacy.

A better solution would be to simply grant all editors an exemption by default once they become established, which I define (somewhat arbitrarily) as being registered for six months and having made at least 10 edits without sanction for spamming etc. That should be more than enough to deter spammers and vandals, who would have to expend significant energy improving Wikipedia and wait six months before being able to vandalize anything. Users who need an exemption from day one can apply for a special exemption.

Following on from this, it makes sense that the only reason to remove an exemption is as a sanction for bad behaviour.

Please comment on the questions. This isn't the RfC, we are just trying to make a concrete proposal that can be implemented from a technical point of view and which is likely to address any major concerns (i.e. stand a chance of being accepted). ゼーロ (talk) 09:48, 29 February 2016 (UTC)[reply]

I think that is far too aggressive. It would be trivial for sock farms to create accounts that meet that requirement en-masse, wait for them to activate, and then CU would become worthless. If its going to be automatic, I would think something more like the GamerGate restriction would be better (500 edits, 6 months?). I'd say it should be on request, granted unless suspicious, except with the reduced requirements, that might be too heavy of a workload.Gaijin42 (talk) 14:29, 29 February 2016 (UTC)[reply]

Agree with Gaijin. There's no way that's going to work. (10 edits, is that a typo?)

I suggest something along the lines of:

• IPBE may be granted on request to experienced editors who are affected by hard blocks or who otherwise describe a reasonable use for the right. Administrators should consult with a checkuser if they are uncertain about a particular request.
• Editors who hold this right should be aware that the index of suspicion for sockpuppetry or other misbehavior may be higher for IPBE holders than for other users, and they may be checkusered when reasonable suspicion arises.
• IPBE may be removed when:

1. The holder of the right requests its removal.
2. The account is inactive for more than a year.
3. Reasonable suspicion of misuse substantiated by checkuser evidence has arisen.
4. The user has been banned or has otherwise been subject to sanctions that are incompatible with the level of trust needed to retain the right.

It can't be automatic - that's too easily gamed - and while I personally think we should be much less restrictive with this right, there is a real danger of inadvertently turning it into a "trusted user flag", which would cause all kinds of unpleasantness in the event that it needed to be removed from an established user for whatever reason. But the evidence Mike V posted in his audit is that 269 cases turned up a single, disputed incident of misuse, which suggests that it's reasonable to be less strict with this. Opabinia regalis (talk) 18:18, 29 February 2016 (UTC)[reply]

Opabinia regalis's suggestions are much more in line with what I am thinking, but I do think it would be better to give a (non exclusive) list of examples about what might be "reasonable use". Is just general desire to use VPNs for security/privacy sufficient? Occasional travel to China? etc. Gaijin42 (talk) 18:43, 29 February 2016 (UTC)[reply]

• That seems reasonable to me, though I'd still like a checkuser (or someone else who is knowledgeable on this) to explain what it is the current strict guidelines are intended to protect against. It'd really help in reaching a better informed decision. wctaiwan (talk) 19:21, 29 February 2016 (UTC)[reply]

• The current guidelines are partly designed to prevent one user building up a 'good hand' account, which cannot be connected by normal means to the primary account. If a user only uses anonymising proxies, they are basically checkuser-proof (any admin doing this would certainly raise more than an eyebrow). We have seen whole admin accounts created using this method before. IPBE also allows users to log in to override an IP block intended for them, which would otherwise have been anonymous. -- zzuuzz ^(talk) 20:13, 29 February 2016 (UTC)[reply]

• How effective are these measures? And how are they balanced against the needs of other editors? ゼーロ (talk) 10:29, 1 March 2016 (UTC)[reply]

I like Opabinia regalis (talk · contribs)'s suggestion, especially when it comes to removal of the right. IPBE shouldn't be automatic, and should still be held by people that have a use for it. CheckUser should also be used to investigate cases where disruption is possible, given the appropriate rationale for doing so. Wctaiwan (talk · contribs) the basic argument is that it lets users sockpuppet without detection, since you could run an account with IPBE on an open proxy, and another on your main IP. The argument against this is that it is possible anyway using mobile ranges, and ultimately the behavioural evidence will be telling. Ajraddatz (Talk) 20:10, 29 February 2016 (UTC)[reply]

I suppose, on rereading, that should also say something like "Editors who discover that they no longer need IPBE are encouraged to request removal of the right." and "IPBE may also be removed at the direction of the Arbitration Committee." (Not to power-grab, but I can imagine cases where removing is warranted but no other details should be made public.)

As for Tor et al, there's a proposal floating around somewhere that the torunblocked right should be granted separately from general IPBE. I think that's a bad idea, in part because it would give snoops a handy list of users we've judged to have "extraordinary" circumstances. Personally I think we are being bad free-culture citizens by being so fussy about what are otherwise reasonably common personal-security measures (recommended by the EFF, even). We should just say something like "Tor, other proxies, VPNs, and similar services are frequent sources of abuse. IPBE holders who use such services are warned that their account might come under checkuser investigation, in which case IP addresses recently used by their account may be revealed to a checkuser. In some cases the account may be blocked if it is not possible to rule it out as a source of abuse. Be careful; we're not your mother."

That said, what would be more likely to actually get a reasonable proposal passed would be giving simple examples like "a need to edit through a firewall, even if the need arises only intermittently". Opabinia regalis (talk) 20:48, 29 February 2016 (UTC)[reply]

My personal reason is "Desire to use VPN for security while on hotel/airport/starbucks public wifi as recommended by virtually every security expert on the planet." (I can provide sources for the recommendation if needed). The reading I have done over the last few days suggests to me that the TOR right is separate right now. But I agree with Opabinia regalis's concern that that gives people an easy to use list. Are there such things as secret rights that aren't visible to regular users or admins? Gaijin42 (talk) 20:53, 29 February 2016 (UTC)[reply]

They haven't been separated yet; see Special:ListGroupRights. I agree that occasional use is still justification for the flag, and that makes unwarranted CheckUsers on accounts with the flag even more concerning (since the CU is then seeing the proxy and their main IPs). As an aside, I also support keeping IPBE and torunblocked together, since they are generally used for the same thing and it's easier to manage then. Ajraddatz (Talk) 20:58, 29 February 2016 (UTC)[reply]

Ajraddatz Ah, I was ambiguously referring to the split between the lower level "ipblock-exempt" and "torunblocked" permissions. Although we don't give normal users one without the other, the admins and bots all get ipbe but not torunblocked currently. (That would let you currently find admins who are in a sensitive location maybe? since they would explicitly be in the IPBE group to get tor, even through they already got the ipblock-exempt permission from being an admin?) Gaijin42 (talk) 21:10, 29 February 2016 (UTC)[reply]

I'd like to see the requirement for a "good reason" removed, because privacy and security are good reasons for all editors. As others have pointed out VPN use in particular is considered pretty much mandatory when using public networks, and when using private ones by many security experts. ゼーロ (talk) 10:36, 1 March 2016 (UTC)[reply]

• Thanks zzuuzz and Ajraddatz. If good hand/bad hand accounts are the main reason, then I'd be pretty strongly in favour of loosening restrictions on granting and retention. As you mentioned, IPBE doesn't really make it that much easier these days. wctaiwan (talk) 23:18, 29 February 2016 (UTC)[reply]
• The removals for not using a blocked IP for X amount of time and the removals with no warning really need to go. See Wikipedia talk:IP block exemption#Removal without warning or discussion. --Guy Macon (talk) 04:32, 1 March 2016 (UTC)[reply]

New proposal, based on feedback

1. Editors may also request a IP block / Tor exemption without needing to provide a detailed reason, as privacy & security are considered valid reasons for anyone.

2. Exemptions shall only be removed in cases where there is abuse.

Are these more acceptable? ゼーロ (talk) 10:44, 1 March 2016 (UTC)[reply]

I think this is still too broad. You are jumping from basically completely restricted, to completely unrestricted. There is a happy medium. Making it too broad will cause heavy socking disruption

I think we should require a reason, but give guidelines that privacy and security are valid reasons. I think that we should still have some time/edit guidelines as well. For users who meet those guidelines the right should probably be granted absent other issues. If they do not meet those guidelines, additional scrutiny and or justification may be needed as the discretion of the grantor. (This is similar to the restrictions that we place on AWB Wikipedia:AutoWikiBrowser#.281.29_Register, or Rollback Wikipedia:Rollback#Requesting_rollback_rights). AWB and rollback have much less potential for long term disruption. We should not be making ipbe easier to get than these.

For number 2, "Shall, abuse" is too strong. especially as a jump from where we are now where it is removed by default. Perhaps removed (or request rejected) when there is reasonable suspicion of misuse.

Also, the right may need to be temporarily removed during the course of an investigation in which the person is presumed innocent, just to reduce the noise/question of unrelated users. Once this right is in general use, VPN/Tor collisions are going to become more likely and they may need to temporarily shut things down to identify the culprit. The right should be restored to those uninvolved afterwards tho. Gaijin42 (talk) 13:47, 1 March 2016 (UTC)[reply]

I don't see the point of requiring a reason if the reason can be "privacy/security", because anyone making sock puppet accounts will just say that. Socking should not take away every user's right to privacy and security.

As for "shall, abuse", the problem with softening it to mere suspicion is that once the block is removed it may be difficult for the user to challenge the accusation. It's also open to abuse. I don't see a problem with requiring there to be the usual level of investigation and oversight for sanctioning users. ゼーロ (talk) 15:35, 1 March 2016 (UTC)[reply]

The proposal won't pass without more broad grounds for removal. It should be removed for general inactivity as well, and I would be OK with routine audits that ask users if they still need it (without mass CheckUsering a bunch of trusted accounts) Ajraddatz (Talk) 18:18, 1 March 2016 (UTC)[reply]

By inactivity, do you mean of the account as a whole (regardless of if the IPBE right is being exercised or not)?Gaijin42 (talk) 18:22, 1 March 2016 (UTC)[reply]

Yeah. The one year timeframe mentioned above makes sense. Routine asking audits can also help to remove it from those who no longer need the exemption, but are still active. Ajraddatz (Talk) 18:24, 1 March 2016 (UTC)[reply]

The "one year" from my earlier post is arbitrary, but it's true that IPBE could make it difficult to detect a compromised account, and thus increase the potential damage from compromise, so there should be a mechanism for removing it from inactive accounts that could be compromised without the owner noticing.

One reason to ask for a reason is to prevent the use of this user right as a general "trusted user" label, which will make it more difficult to keep track of and will cause a lot of drama when the right is removed, regardless of circumstances. I do like the idea of "auditing" by routine mass message. As for #2 above, I think the best we can do is offer a standard along the lines of "reasonable suspicion of abuse" - the whole point is that actually making use of the IPBE right makes it more difficult to demonstrate abuse with the degree of certainty #2 seems to be seeking. Opabinia regalis (talk) 21:39, 1 March 2016 (UTC)[reply]

Auditing via email sounds good, perhaps with some alternate behaviour if the email address on the account changes. If there is to be a hard time limit, there should a warning email a month before so people can access their account to extend the deadline. The removal without warning is an issue for a lot of people.

To reiterate, the main issue for me is that "privacy/security" are considered valid reasons. I need the exemption to edit from home in any case, but when when on mobile etc. I'd prefer to use a VPN for privacy and security. ゼーロ (talk) 09:37, 2 March 2016 (UTC)[reply]

You already have a fairly high level of privacy and security... by having an account, and thus ensuring that your IP records are only accessible to a very small group of trusted users under a restrictive policy (i.e. checkusers). (They're also available to anyone monitoring your network traffic, but IPBE doesn't help with that either.) Given that the reason the checkuser mechanism exists is abuse prevention, I don't see it as appropriate to give it out to anyone who asks if they can edit just fine without it. (In particular, VPNs that are not open proxies should work without IPBE?) In the future the community may decide to allow editing through Tor, but let's take this one step at a time. wctaiwan (talk) 18:24, 2 March 2016 (UTC)[reply]

Wctaiwan Corporate VPNs will likely work, but most of the for-pay VPNs are blocked as open proxy (though they do not actually meet that definition) For example, the one I use is TorGuard, which is completely blocked. Gaijin42 (talk) 19:02, 2 March 2016 (UTC)[reply]

It's not so much privacy from WP admins, as privacy from ISP level spying and government spying. It wouldn't be the first time that access to certain Wikipedia pages is used against someone. There is also the issue of ISPs monitoring for targeted advertising and "content control". Many mobile ISPs do keyword filtering, for example. More over, everyone has a basic human right to privacy, and some people need to use a VPN to block ISP level interference like advert injection. I think it's important to see VPN use as like having a firewall or anti-virus. ゼーロ (talk) 09:09, 3 March 2016 (UTC)[reply]

Comment: On WP:AN, Risker mentioned previous audits ("Having participated in one or two similar audits over the years..."). On the current AN page the term "IPBE" is mentioned more than 100 times, "block exemption" 15 times. In the 279 AN archives the term "IPBE" appears only 32 times in 20 archives, "block exemption" less than 50 times in 34 archives. These previous audits apparently didn't cause (many) problems, and I don't think the policy has changed much since then? Seems to me the current problem is caused not so much by the policy, but by an admin making wrong decisions (note that LouisAlain is still blocked for supposedly using a web host, despite all evidence suggesting his IP is a freebox modem) and based on an overly strict interpretation of the policy. Prevalence 15:21, 2 March 2016 (UTC)[reply]

That's why I'm keen to re-word the policy in a more permissive way, where the default action is to allow and keep exemptions in place unless there is some specific reason to remove them. ゼーロ (talk) 09:11, 3 March 2016 (UTC)[reply]

Moving forward

It seems that there is general support for something like what Opabinia regalis proposed. (At least one person thinks it's still too restrictive, but this doesn't preclude an even less restrictive policy later.) @Ajraddatz: since you previously said you'd be willing to set up an RfC, would you be interested in starting one based on the proposal at some point? Thanks. wctaiwan (talk) 19:45, 3 March 2016 (UTC)[reply]

Yes, I would. I'd like to wait a few days though - After getting non-answers from the local CU team here, I've asked the ombudsman commission to look into the practice of mass-checking as part of IPBE audits, and I want to make sure that the new policy reflects their interpretation of how CU can be used in those cases. It may be that my own interpretation is off, and mass checking is OK, and if so that should be included in the policy somewhere - or totally removed if it is not acceptable. Ajraddatz (Talk) 21:24, 3 March 2016 (UTC)[reply]

Alright. Thanks for the follow up. wctaiwan (talk) 23:25, 3 March 2016 (UTC)[reply]

Good idea, thanks Ajraddatz. Opabinia regalis (talk) 00:23, 4 March 2016 (UTC)[reply]

Okay then. Am I interpreting this correctly if I propose:

1. Privacy and security are valid reasons to request an exemption.

2. Exemptions shall be removed if there is reasonable suspicion of abuse, or if the user does not indicate they wish to retain it in response to a regular email. The email would be sent once a year. In cases where abuse is suspected, care should be taken to avoid preventing the user from participating in discussion of the issue.

Is that what had had in mind? ゼーロ (talk) 11:55, 7 March 2016 (UTC)[reply]

This sounds better than what we have now. Though I would like to hear from CUs as they are going to be the most affected by this. HighInBC 16:46, 9 March 2016 (UTC)[reply]

That is essentially what I am thinking it will be. An expansion of the "valid rationale" section to include privacy/security for users who are obviously trusted to not abuse it, at the discretion of the granting admin, and perhaps with an edit count / account age requirement. It should also include that periodic use of proxies, etc is a legitimate use for requesting the flag: One need not be using the flag constantly to retain it, only have a continuing need for it.

In terms of removal, auditing is allowed and encouraged, but should be done by contacting users through their talk page or email and asking if they still need the flag. If there is any suspicion of disruption, then the user may be checked to prevent disruption to the project. (Depending on the result of the OC deliberations, checks may be permitted in general to help checkusers determine the continued need for the right, but should still be done in consultation with the user).

I too would like to hear from local CUs on this. My own experience with the right is on the global scale, usually dealing with cases of obvious cross-wiki vandalism and rarely the kind of in-depth sockpuppetry that happens here. And when that does happen, they always seem to be editing from the same mobile ranges as half the admins on the project. I've tried to ask about this on AN, but I fear my comment was misinterpreted as badgering over the actions taken, when I'm actually not concerned with what happened, just on how to best move forward here. Ajraddatz (talk) 08:32, 10 March 2016 (UTC)[reply]

I've been following this, but have been reluctant to comment. With a case being before the Ombuds, a group who have been known to mess up their reviews of CU usage, I feel urged to tread even more lightly. Ajraddatz, specifically your request posed to me in private really did seem like your were concerned with what happened vs. moving forward, and I don't think it's hard to see that. So I have not commented.

I get that stewards have a more stricter view of policy use in general, and that IAR, as far as I am aware is non-existant on a global scale. Being the biggest wiki, and the most targetted wiki, things that work on a global scale, do not work locally and vice versa. I can't count on two sets of hands (aka 20 cases) the amount of cases that I've dealt with users with advanced rights and "trusted users" violating the sockpuppetry policy in significant ways. That's just off the top of my head, and i'm only one checkuser.

If I look to the proposal, and "privacy" and "security" are the only words someone has to drop and they are given IPBE, then we've lost the battle to combat sockpuppetry already. We've had administrators on this project give out IPBE 1) When the user is affected by a block...but they don't provide any details about the block 2) Haphazardly to "trusted users" with less than 1k edits and a couple of weeks on the project. With the amount of abuse we have on this project, those are very dangerous things. When IPBE is granted it gives the user the ability to edit via proxy, and we never know their original location via Checkuser once that data drops off the map for more than we can check back. So when a sockpuppetry case comes up with their name in it, checkuser is utterly useless to combat sockpuppetry and it dives down to behaviour. Behavior is a lot harder to prove, and your mileage varies by administrator. That is why checkusers don't accept privacy and security as valid reasons without more details, and likelihood of issues arriving if they don't use a proxy. -- Amanda (aka DQ) 02:32, 11 March 2016 (UTC)[reply]

My objection to this is that the current level of strictness seems highly excessive considering that there's no evidence IPBE is being actively misused, or that lowering the requirements somewhat would change that. I don't think we should necessarily grant it to people who have been around only for a few months, but is it really better to err so far on the side of caution when it comes to well-established members of the community just to mitigate an utterly minuscule risk that they would sock? To me it's doing more harm than good. wctaiwan (talk) 03:08, 11 March 2016 (UTC)[reply]

The problem with this view is that IPBE is a social right versus a tool, as it should be viewed. The reason that it's granted is so that the user is able to continue editing, which is a right of Wikipedia. If it's not needed any longer, then why does it need to remain? We can discuss removal/retaining methods (which I think would benefit from a discussion) in another discussion. More well established users sock than I feel your aware of. While it's a small percentage, if it's something that can be prevented by removing an unneeded IPBE, then why not do that? -- Amanda (aka DQ) 07:04, 11 March 2016 (UTC)[reply]

If we want to just let this be used all over (which I oppose) then perhaps it could be bundled to the soon-to-be created usergroup for 500edits+30days (tentatively named extendedconfirmed). — xaosflux ^Talk 00:34, 12 March 2016 (UTC)[reply]

While technically possible, I agree that adding it to the new usergroup would be a bad idea. Ajraddatz (talk) 20:29, 12 March 2016 (UTC)[reply]

The main objection is that it creates a burden for the user. I've had to apply twice for an exemption now, due to premature expiry. It just happens that the VPN service I use, which I have to use to edit from home, isn't blocked by WP at the moment. Eventually someone might notice it's shared and add it to the list, and I'll have to explain the whole thing a third time. I really don't think automatic revocation is going to have a significant effect, compared to the burden it creates and accounting for the fact that it can be removed if abuse is detected. The issue is basically that if someone stops editing for a few months or their endpoint switches to a non-blocked address for a while they end up having to re-apply, wasting everyone's time. ゼーロ (talk) 09:44, 11 March 2016 (UTC)[reply]

Thanks for the reply. I do apologize if it seems like I'm here to beat a horse or pillory Mike V in particular. Regardless of what you may think, I assure you that isn't the aim. My question to you in PM was more directed at the rationale behind the practice of mass checking, to see if there was historical context or discussion around the justification for it, but I understand why you wouldn't want to reveal that. As was my question on WP:AN. Unfortunately, with non-answers from both venues, the OC was the next step for me to take. I didn't want to move forward with a proposal without understanding the local context behind the actions, and the local justification for them - to some extent, that still hasn't happened. m:Ignore all rules is a thing, though not really a policy, and in general you are right that we take a more restrictive approach to using tools - especially with privacy considerations. That is one of the reasons why I was asking around locally, because I know that attitudes here could be different, though I wanted to see how those attitudes stood up with the global policy surrounding the use of the rights.

It's interesting (and useful to know) that so much abuse of multiple accounts comes from trusted users, and if that is a real problem, then it's definitely something to consider when suggesting any changes to the policy. Ajraddatz (talk) 03:12, 11 March 2016 (UTC)[reply]

In the standing of global policy, I feel the checking of accounts is justified by "and to limit disruption of the project. It must be used only to prevent damage". We are preventing damage by checking to see if the block is still needed. As for the method of mass checking, I think we can make efforts to contact people first before using the tool. If no response is garnered from that, and there are recent edits, I'd then run the CU, else I would remove the flag for inactivity. If they still claim there are active blocks, i'd make a cursory check to verify the story at hand. If they don't need it, then they don't need it. That minimizes the impact on privacy.

Also the local Arbitration Committee is able to handle abuse/improper of priviliges complaints. Would your concerns not also fit within the local policy on checkuser use? Cause the committee does deal with the granting and removal of tools. But maybe that's the confusion with the m:CheckUser policy. It says local wikis should investigate first, and gives them the option to remove the bit, but then says all complaints of infringement go to the OC. -- Amanda (aka DQ) 07:04, 11 March 2016 (UTC)[reply]

That justification does make sense, if it is being used selectively rather than applied to anyone holding the IPBE flag - it seems counter-intuitive to say on the one hand that users with IPBE are trusted to not be disruptive, but on the other to say that having the IPBE flag is justification for being checked at any time. But what you suggest, with using it as part rather than the basis for the audit, makes sense. Removing CheckUser from the equation altogether is also obviously not an option, since it would remove any evidence-based handling of IPBE cases. Contacting people beforehand should also minimize the fallout, since there is less of a shock factor for it, and people who still need it can explain why before rather than after. This sounds like a good basis for an RfC, at least with regards to the removal of the flag. Per your last comment, I'm not sure about allowing broad access to it, though some privacy-related cases could be legitimate.

My concerns would fit within the local policy, which must be no less restrictive than the global one. Arbcom might have been a better route to go through for this for me, especially since I am looking for the local experience with these practices and what impact a change would have. You're right that there is a bit lot of jurisdictional overlap, mainly because most projects don't have a local arbcom, and not all local arbcoms handle CU/OS investigations. I guess what I was mainly going for was the OC's role in investigating local compliance with global policies, as per the opening paragraph here. If some sort of workable proposal comes out of this, then there is no need for them to get involved. Thanks for engaging in a conversation - that's what I wanted the whole time, and again I am sorry if it didn't seem that way. That's on me. Ajraddatz (talk) 07:32, 11 March 2016 (UTC)[reply]

Re "1. Privacy and security are valid reasons to request an exemption.", I just can't get around the problem that this lets anyone who is willing to say the magic words would get IPBE. I think something like this would be better: "has to convince an administrator that IPBE is needed. The admin may grant the user right based solely on a desire for privacy and security, but this should involve a conversation with the user to determine whether they understand in what way IPBE does and does not increase privacy and security, and should be balanced against the user's history (new accounts and accounts that have multiple blocks or complaints would be less likely to get IPBE, accounts in good standing with years of experience, few blocks/complaints and many edits, and which show knowledge and a willingness to follow our policies would be less likely to get IPBE.)" That's rather long and wordy and certainly could be condensed, but you get the idea.

Re: "2. Exemptions shall be removed if there is reasonable suspicion of abuse, or if the user does not indicate they wish to retain it in response to a regular email. The email would be sent once a year. In cases where abuse is suspected, care should be taken to avoid preventing the user from participating in discussion of the issue." This seems like a no-brainer. There should be a central page that anyone can watch that will indicate who hasn't responded after, say, a month. --Guy Macon (talk) 03:53, 12 March 2016 (UTC)[reply]

I think something like this certainly needs to be done. I do agree that it shouldn't be automatic, but that it should be much more readily granted to editors in good standing, and that a simple desire for privacy and security is sufficient reason for requesting IPBE to use a VPN connection or the like. I use a VPN on my phone and often on my computer, and certainly always if I'll be editing from a public location. That's not an indicator of malicious intent, it's just good security and privacy practice. I broadly agree with Obabinia above that we aren't being very good Internet citizens by actively discouraging the use of such privacy measures, and that we should make it reasonably straightforward for good-faith editors to do so. Seraphimblade ^{Talk to me} 00:13, 13 March 2016 (UTC)[reply]

• I'm going to state the obvious here. The most logical reason to explain why we aren't seeing significant abuse of IPBE is because it is not handed out like candy. People actually have to ask for it and explain their reasoning, and they have to have an editing history that is sufficiently positive to justify the risk involved. I strongly discourage dropping that level of expectation. "Security or privacy" - well, hell. We regularly get people wanting to open up the project to the entire Tor network because someone they know and like uses Tor (I'm not kidding, it comes up at least once or twice a year from WMF staffers, not to mention others.) All of these suggestions and desires come from people who don't deal with the messes that are caused. I don't mind the idea of dropping regular screening checks. Any significant loosening of requirements wwill have a net result of a lot more hardblocked VPNs (with good reason, since they're being used for otherwise-uncontrollable vandalism), and probably the removal of IPBE from those who use those VPNs because we can't tell them from the trolls. Keep that in mind, too. Risker (talk) 00:50, 13 March 2016 (UTC)[reply]

How would you feel about allowing long time users in good standing to request an exemption for VPN use, and adding the email polling before removal? That seems like it wouldn't create an undue burden, and in fact might lessen the burden somewhat. I'm on my third exemption now, and every time it requires wasting my time and an admin's time to set up again. ゼーロ (talk) 13:15, 14 March 2016 (UTC)[reply]

How about this wording?

1. Users with good standing (many sustained good edits over a considerable period of time) may request exemption on privacy/security grounds, without need for further justification? 2. Before removing an exemption, the account owner should be emailed and allowed to request an automatic extension simply by replying.

ゼーロ (talk) 16:16, 14 March 2016 (UTC)[reply]

I'm not so sure if that's a good idea. The idea of an editor in "good standing" has never been solidified by the community. Some administrators have high standards and expect thousands of edits with months of editing, while others only require a handful of good faith edits and a couple of weeks on the project. The ambiguity also allows users to cherry pick which admin(s) they'd like to ask so they can receive a favorable response. I'm not a fan of granting it carte blanche to anyone that says it's for "privacy/security reasons". As Risker pointed out, sometimes these "security" reasons are really just editors are using an anonymizing service in a different country so they can access a different Netflix catalog. They simply don't want to turn it off while editing. We should have some form of confirmation that there is a legitimate need, whether this is through CU or discussion with the functionary team. The automatic renewal via email poses another issue. As I've noted in my original post in February, most users had it removed because they were no longer affected by a hard block. If a user is no longer affected by a hard block, it doesn't make sense to extend the permission. As for users that are using for exceptional circumstances, we should determine if the reason for granting it is still in play. Some users are no longer editing from an area of concern and occasionally, others have been misleading with their request. With a user right that does have the ability to be misused (as noted by DQ above), we shouldn't keep it enabled on just their word alone. Mike V • Talk 21:24, 14 March 2016 (UTC)[reply]

Can you see any way to facilitate or at least reduce the burden on users who either choose to use or require a VPN service? ゼーロ (talk) 09:47, 15 March 2016 (UTC)[reply]

As no-one seems to have anything else to add, I suggest starting the RFC with the questions above. Any objections? ゼーロ (talk) 11:02, 17 March 2016 (UTC)[reply]

We are close, but I would like to see and comment on the exact wording that is going to go into the RfC first. Right now I am not sure whether you are proposing that a talk page notice (possibly asking for an email reply) would be used to see if I still need IPBE (this is the usual method) or whether for some reason it has to be by email. I would also like to confirm that the "desire for privacy or security is enough" question is a wholly separate question and not bundled with some other question. --Guy Macon (talk) 14:06, 17 March 2016 (UTC)[reply]

Okay, how about two separate questions then:

1. Before expiry of IPBE a notice will be placed on the user's talk page, with an opportunity to request extension there. Extension should normally be given upon request.

2. Users with good standing (judged by the admin, based on having made a positive contribution over a considerable period of time) may requset an exemption on privacy/security grounds, without the need for further justification.

It makes sense to use the talk page. ゼーロ (talk) 14:37, 17 March 2016 (UTC)[reply]

I like it. --Guy Macon (talk) 14:41, 17 March 2016 (UTC)[reply]

#1 seems reasonable to me, as well. This is basically how desysopping and removal of Crat rights for inactivity already works, so a warning message, say, 1–2 weeks before removal seems perfectly acceptable. Not sure about #2, as I'm generally against the granting of any rights "in perpetuity". --IJBall (contribs • talk) 19:48, 19 March 2016 (UTC)[reply]

CUs Giveth, CUs Taketh Away

Out of curiosity, would it make it easier to follow policy if CheckUsers were the only ones who could add and remove the permission?They're the ones that have the information anyway, and administrators need to consult them... It would also provide a barrier from admins self-applying it so they can use Tor and reduce conflict. I don't know, what do people think? Kharkiv07 (T) 14:46, 17 March 2016 (UTC)[reply]

Since admins place ip blocks (including rangeblocks) they should be able to resolve collateral damage with IPBE. — xaosflux ^Talk 14:51, 17 March 2016 (UTC)[reply]

"Requesting an IP address block exemption, because of the equality of status." According to your given information in "/wiki/Wikipedia:About" and in your Terms of Use: "Allowing anyone to edit Wikipedia means that it is more easily vandalized or susceptible to unchecked information, which requires removal." and: "Empower and Engage people around the world to collect and develop educational content and either publish it under a free license or dedicate it to the public domain", you are allowing ANYONE to edit Wikipedia and it would seem that you asked people world wide for getting involved, which does not apply to people who cannot edit Wikipedia by using Proxy that shelter themselves from attacks by any authorities (such as those that attempting on somebody's life or seeking somebody's freedom, eg.).
So, where do we go from here? Isn't it contradicting itself, to exclude those individuals who have an tremendous demand for support like that??
Greetings from Greece. — Preceding unsigned comment added by 212.38.166.23 (talk) 22:10, 16 April 2016 (UTC)[reply]

I agree. People who have to or want to use proxies/TOR/VPNs for whatever reason are second class citizens on Wikipedia. I understand the argument that there is a lot of abuse from people using those services, but I also find the lack of will to even try to accommodate people who can't show an immediate and dire need a bit disappointing. ゼーロ (talk) 14:12, 18 April 2016 (UTC)[reply]