Wikipedia talk:Protection policy/Archive 19

• Support, I think this would me an improvement in stopping some of the worst abuse and disruption. ScottishFinnishRadish (talk) 21:54, 22 September 2025 (UTC)
• Support, obviously. This is a no brainer.—S Marshall T/C 23:18, 22 September 2025 (UTC)
• Support, obviously per above. -- Sohom (talk) 23:46, 22 September 2025 (UTC)
• Support, as an EFM. – PharyngealImplosive7 (talk) 00:56, 23 September 2025 (UTC)

• Comment (Summoned by bot): I'm leaning support, but reserving my final !vote until I've mulled over implications of the technical changes, which are not as second nature to me as perhaps they are to the admins and functionaries who have responded already. That said, I do have some procedural concerns. First and foremost, is this really the appropriate place for this discussion? It is not concerned with making changes to the protection policy but rather user rights management. Of related concern, is this proposal being advertised in appropriate community fora? This would be package of non-trivial changes with implications to the threshold at which new users gain important indicia of initial community standing. I think it is very much deserving of a WP:CENT listing, and at the very least should be promoted via WP:VPP. SnowRise ^{let's rap} 05:41, 23 September 2025 (UTC)

  @Snow Rise: Immediately after posting this RFC, I posted notices on both WP:EFN and WP:VPP. As the changes are focused on the extendedconfirmed group which is only used to allow edits to extended-confirmed protected pages (see Special:ListGroupRights), this page seemed like the most appropriate place. I also considered WP:EFN. This page is also watched by more people (2,447 compared to 351 for EFN). Daniel Quinlan (talk) 06:17, 23 September 2025 (UTC)

  Thanks for the extra info, Daniel. I still think WP:UG was probably the right place for this discussion, but insofar as there is a listing at VPP, I think that is the more important piece. That said, I have some reservations in the discussion section below about the ambiguity concerning how the filters would be adapted; perhaps you could shed some light there? SnowRise ^{let's rap} 21:49, 23 September 2025 (UTC)

  I've posted a notice on WP:UG, and I've responded below. Daniel Quinlan (talk) 00:56, 24 September 2025 (UTC)

  Thank you again, Daniel; I appreciate the indulgence. I respect where this proposal is coming from (I've seen some flabbergasting displays of organized disruption of late that are almost off the charts compared to what I have historically observed in my time with the project), and I don't mean to be a spanner in the works just for the sake of it. I just want to make sure we are not moving so fast on this as a solution that we fail to create appropriate safeguards to prevent unintended consequences. SnowRise ^{let's rap} 01:31, 24 September 2025 (UTC)

• Support I have seen people who created several accounts, waited 30 days, then made 500 edits in a very short time. They then run wild. More tools are needed. Johnuniq (talk) 09:31, 23 September 2025 (UTC)
• Support given the nature of the LTA disruption this is intended to combat I've feeling this will only end up being one part of a more extensive solution, but it's a good start and the implementation costs are low. 184.152.65.118 (talk) 00:52, 23 September 2025 (UTC)
• Support, the background suggests a need for changes. --TenWhile6 21:37, 23 September 2025 (UTC)
• Oppose. I agree that the background suggests a need for change. Per SnowRise, however, I am unconvinced that the proposed change in its current form is the correct and proportionate response to that need. I'm concerned we've got a case of the politician's syllogism here. Thryduulf (talk) 23:41, 23 September 2025 (UTC)
• Support points 1&2. Only support point 3 if there's no other option. Removing the throttle on autoconfirmed revocations would remove a major failsafe. A single misconfigured filter could lead to up to 100% of autoconfirmed users having the permission revoked upon edit. Yes, we could fix that relatively quickly, but it seems like something to be avoided if at all possible. Otherwise this is an xkcd:2677 problem. I've talked to Daniel Q by email and it seems to me—I'm not 100% sure—that the throttling issues that justify point 3 could equally be fixed by splitting the AC-revocation logic from other functions of the filter in question. I think how we should approach it is this: Consensus in this RfC should constitute community consensus to allow removing blockautopromote from wgAbuseFilterActionRestrictions, but whether we actually do this should be decided in a private Phabricator ticket where edit filter managers and sysadmins can discuss the use cases that might necessitate the change, and whether alternative options exist. -- Tamzin^{[cetacean needed]} (they|xe|🤷) 01:44, 24 September 2025 (UTC)

  I think that's reasonable, and the RfC should certainly not be invoked to hand-tie details if problems emerge or a better technical implementation becomes available that achieves the same objective. Authorizes if necessary, but does not require. 184.152.65.118 (talk) 20:52, 25 September 2025 (UTC)

  IP, For what it is worth, these RFCs are considered advisory, the sysadmins/deployers take the final decisions and if there is a strong technical reason to not do something, it will be brought up. Also, another thing to note is that the way the process works within the technical community works is that RFCs are mandatory/heavily encouraged for these kinds of configuration changes. (See Requesting_wiki_configuration_changes) If a better technical implementation surfaces that is significantly different, consensus would typically be required if it is a long-term configuration option change. (There are obvious exemptions for security and WMF reasons but for the purposes of this RFC it is better to think of it as authorizing this specific way to be used if required rather than a "do what it takes" scenario). Sohom (talk) 02:50, 26 September 2025 (UTC)

• Support. I admit I don't fully understand what's going on here, but I understand enough to see that these changes could be beneficial and I trust that Daniel and the EFM team knows what they're doing. Per Tamzin this should be seen as consensus allowing these changes, not requiring them. Toadspike [Talk] 11:20, 24 September 2025 (UTC)
• Support it's definitely better than what we have now, and I also recommend having someone review the edits before granting extended confirmation to users (partially to ensure no sleeping before activity begins). SNUGGUMS (talk / edits) 12:29, 24 September 2025 (UTC)
• Support I do agree with Toadspike, this shouldn't be seen as a requirement. If we can't make a filter that is sufficiently free from false positives, we shouldn't have one set to revoke autoconfirmed at all. At the same time, this is a pressing issue on a scale that isn't feasible for our current admin numbers, and frankly is overwhelming for anyone trying to slow down the disruption, so I'm not opposed to revoking autoconfirmed with very finely-tuned filters. EggRoll97 ^(talk) 23:41, 24 September 2025 (UTC)

  The question is, what does a 'finely tuned' tuned filter look like? Part of the issue here is that a substantial portion of the general community has adopted an aggress posture on "gaming ECP status", but the community at large has never bothered to work through what exactly that consists of, let alone define clear metrics for detecting it in a consistent and reasonably fair fashion. It's a very nebulously defined problem. We have a crystal clear, community-sanctioned standard for the thresholds that are meant to normally trigger ECP: 30 days, 500 edits. But the idea that some people are doing wrong by complying with the word of that standard, while actually engaged in block evasion (or otherwise planning disruption), while reasonable in the abstract, leads to some rather obvious issues since distinguishing these motives through edit data is no simple task, with few super reliable metrics.

  We have people saying that this can be done with well-calibrated filters, but there has always been a dearth of evidence as to why we should treat these tests as based on empirically valid analytics. Certainly there has been no public facing research (or even detailed reasoning) that I have ever seen in any of the discussions on this topic to prove (or even indicate) why the "evidence" relied upon to distinguish bad actors from run-of-the-mill new users are reliable. Worse, I'm not even certain that many of the most strident activists for relying on these tools even know precisely how they function. I'm more than a little concerned that every time I have asked for even a bare bones description of the filters, I have been met with utter silence. There are plenty of innocent reasons why that may be happening, but I do worry it is entirely possible that many supporting this proposal (and others that have gotten us to this point) don't even really know how they operate, and can't give a cogent, detailed answer on why we can be confident on their reliability in catching bad actors or avoiding false positives. Or for that matter, some may be aware that the false positives are actually non-trivial (or highly unknown and subject to speculation), but are not eager to relay that fact, because they have decided themselves that the cost-benefit is worthwhile, in their personal views on the broader-level issues.

  This whole process is very insular and non-transparent so far, and that should be serious reason to consider pumping the breaks on going further whole-hog on letting an automated system slow down full authorization of new editors, given the implications for the project, ideological and practical. That's all the more a concern where ArbCom has independently expanded the implications/applicability of ECP massively in the last two years. I really think we need clearer answers on how all of this works before we just rubber stamp a proposal like this. There's a rush to do something, because something is clearly needed (believe me, I've seen it; the manner in which huge swarms of sock- and meat-puppets can be readily organized to overwhelm regular good faith editors has led to some astounding displays of disruption lately). But we could end up doing more harm than good if we don't base this particular decision on sound data. And meaning no disrespect to those who have supported this proposal already, but where is it? It really should come with or parallel to the proposal, and there should be no rush to greenlight this 'solution' until we have some more significant proof that it will do what is claimed, and that we have a clear idea of what the collateral consequences might be. SnowRise ^{let's rap} 17:40, 25 September 2025 (UTC)

  @Snow Rise, with respect, you're bringing some almost completely unrelated anxieties into this discussion. The EFMs are talking about ways to reduce bot-facilitated vandalism, not humans who might maybe be gaming to get into PIA. -- asilvering (talk) 18:39, 25 September 2025 (UTC)

  Well, I don't see how we could reasonably describe the concerns as unrelated; these filters (however they are calibrated) are going to impact all users who match a certain use profile. The rate of false positives will be a constant, relative to the coding of the filters, regardless of what the ultimate motives of the bad faith actors are, and regardless of what our motives are for implementing or altering the system. If there's something in the detection algorithms that specifically looks for conduct highly-indicative of machine-assisted gaming, that's great; I'd love to see that as it would be one point in favour of a presumption of a system that is conservative in its flagging and well-engineered to avoid false positives.

  The problem is, we haven't had confirmation of that here. It should really have come with the proposal, and its not heartening that no one with that knowledge has stepped up to provide it since. And there's another concern here: once the community greenlights this change, it takes oversight substantially out of the hands of the general community, unless this proposal is augmented to include periodic review of the filters themselves. If not, the filter devs and maintainers have functionally unrestricted ability to change the criteria by which people get ECP status and depending un just how drastic the changes are, it is unlikely that almost anyone in the community would even be aware, let alone someone inclined to question these changes. That's an awful lot of influence over the gates to full participating in the project consolidated in a few hands with essential no community review. And even if we presumed that every one of those devs was so committed to community transparency that they would hold a meaningful community consult for every change (and come on, unlikely, right?), there would still be pretty significant potential for human error (per Tamzin's concerns raised above).

  So, regardless of the category of bad actor this proposal is meant to target, the implications about the potential side effects remain a serious concern, because we just don't know what the net itself looks like. I'm by no means per se opposed to this proposal: I've tried to make that clear. But we really should have some more answers about the current technical implementation of the filters before we rubber stamp it. And very possibly some back-end protections to that once this system becomes automated, technical decisions which further clamp down on when new users become full-rights users have some sort of transparent review process, be it automatic or periodic. SnowRise ^{let's rap} 19:04, 25 September 2025 (UTC)

  Non-admin EFM here. Without revealing too many details of private filters, the filters we are talking about enabling blockautopromote are exceptionally accurate. Some of them have had no false positives for months at a time.

  The edit filter community already requires a very low amount of false positives and consensus either at WP:EFN (public filters) or the mailing list (private) to enable a disallow filter, which stops the action (edit, move, etc.) without removing any permissions. In that way, we are already quite conservative. For anything removing rights, we would probably be even more cautious and ensure that the filter has had almost zero or no false positives.

  Besides, all admins and non-admin edit filter helpers have view access to private filters, so it is quite likely that if anything is being changed unfairly, someone will speak up.

  A transparent review process would be nice for these filters; I know, but the problem is LTAs are also looking at the filter logs and would use any opportunity to make the efficacy of the filters lower, potentially leading to false positives.

  Hopefully this has clarified how these actions would work without revealing the fine machinery of the filters themselves. – PharyngealImplosive7 (talk) 01:00, 26 September 2025 (UTC)

  Thank you, Pharyngeal--that is indeed helpful. Honestly, I still have misgivings. Combining a lack of transparency on the specific functionality of the edit filters themselves (even for reasonable WP:OPAQUE reasons) with the grant of a blank check to make those same filters automated in perpetuity (because let's be honest, once greenlit, this way of doing things is all but certain not to ever be rolled back) leaves a lot of uncertainty and more or less permanently commits the project to a more hardline approach to ECP enforcement without corresponding oversight checks from the general community. I have nothing but great faith in the EFM community's intentions to act in good faith in the project's best interests, but at the same time, you all might make decisions hardening access to EC status that the larger community would not support, but can't object to, because only the EFMs and admin corps would ever know about them.

  And I'd probably be a lot less nervous about that, if this were not coming so close on the heels of ArbCom essentially making every CTOP topic subject to ECP. For years a vocal minority has been trying to convince this project to adopt a "registered editors only" policy, which has been roundly rejected by the broader community. And yet, so much access to the project has been made into the exclusive purview of the veteran editor, bit-by-bit in ArbCom decisions and arguably overzealous proposals meant to protect against disruption, that the distinction has increasingly less and less meaning. The community nominally continues to be strongly committed to the "encyclopedia anyone can edit" ethos, and continues to generally affirm the rights of unregistered editors to contribute, but in practice it does not want to do anything to put the brakes on ArbCom's increasingly sprawling remit as it places every half-way-controversial subject matter under CTOP and ECP. And the same time, our fears of the barbarians at the gates cause us to increasingly support more and more restrictive measures in general community proposals as well. And the most frustrating part? I can't even bring myself to oppose this proposal outright, because despite my reservations, I also can't convince myself it is unnecessary, in light of some of the disruption I have seen lately.

  All I know for certain is that I am deeply depressed that these are our options. I know it's not a 1:1 relationship by any means, but I'm distressed that the slow but steady roll-back of the open participation and diversity of perspective principles on this project are such a mirror of what is happening in our societies at large. I just don't like this feeling. And while I don't feel that the perspectives of the support !votes are unreasonable, I am bothered that I seem to be part of such a small minority of community members who have such heavy reservations about this increasing consolidation of access to shaping our content and even participating in the consensus process. Each individual step we take on this road might seem entirely reasonable in the context in which it is taken, but I cannot shake the feeling that they are collectively slowly choking the life out of the future of the project as a whole. Anyway, that's my last word on the subject. I am officially, but ambivalently, Neutral. SnowRise ^{let's rap} 05:42, 26 September 2025 (UTC)

  Sometimes there is no good option. We want to be open and transparent. Trolls want to troll. Denying tools to combat the trolls ends up driving away good editors who are fed up with wasting their time on a project that can't defend itself. Johnuniq (talk) 05:56, 26 September 2025 (UTC)

• Support all 3 per nom FaviFake (talk) 18:47, 25 September 2025 (UTC)
• Support points 1 & 2 per nom. Neutral on point 3 as I don't think I'm knowledgable enough to comment. Graham11 (talk) 00:22, 1 October 2025 (UTC)
• Oppose items 2–3 as written, prefer a bright-line cooldown – I share the goal of stopping ECP gaming, but items 2–3 effectively change a clear, predictable 30/500 threshold into 30/500 + pass an opaque, evolving “authenticity” test. Several experienced editors in this thread explicitly say they can’t evaluate how these filters work or their false-positive rates, and others raise oversight concerns about revoking autopromotion before admin review. That should give us pause.

Alternative (an ECP cooldown period): If the core problem is that EC can be gamed and acted upon before a human reviews filter reports, a simpler and more transparent fix would be to introduce a short cooldown after 30/500 (e.g., 72 hours–1 week) before EC is granted. During that window, filters can still flag and admins can act. Absent action, the account is automatically promoted. This preserves a bright-line rule new editors can understand, avoids a hidden moving target, and directly addresses the reaction-time gap without relying on complex filters or vesting gatekeeping in a small technical cohort. spintheer (talk) 05:16, 5 October 2025 (UTC)

@Spintheer: The problem with a cooldown or delay approach (which was discussed prior to this proposal) is that it would require rather significant code additions to MediaWiki. I think it's a great approach (I may be biased as one of the people who proposed it), but it's also not an option any time soon. And under this proposal, even if there is a rare mistake, it will be easily remedied on WP:EFFPR (users will receive a notification with links on how to appeal). In addition, because these accounts will be reported to WP:AIV, administrators will also have an early opportunity to undo any mistakes. And the goal is zero mistakes. The alternative and status quo is full protections. For example, the Donald Trump article was fully protected for a week in September because the ECP gaming and vandalism was so bad, and other articles have had the same issue recently. We have an option right now to remedy that without any code changes. Daniel Quinlan (talk) 06:38, 5 October 2025 (UTC)

@Daniel Quinlan:

Technical: If there’s a public link to the earlier discussion, could you share it? My understanding is that we can get the desired cooldown without core changes by adding another AbuseFilter: match when an account first meets >=500 edits and >=30 days and is not yet in extendedconfirmed, then apply blockautopromote for 5 days. AbuseFilter actions run in the same request, so the hold is in place before the edit completes; after the hold expires, the normal autopromotion would grant EC on the next edit. If I’m mistaken about that sequencing, I’m happy to be corrected.

Policy: I agree the underlying problem is real and urgent. My concern is that items 2–3 would move a major (and increasingly broader) gate behind opaque, freely-changing criteria maintained by a small technical cohort. Even with the best intentions, that risks turning the practical EC requirement into “30/500 + pass an undisclosed authenticity screen,” which is hard for newcomers to understand or review. If we use filters at all: (1) could we keep it deterministic and transparent (i.e., a fixed short cooldown)? (2) publish basic running hit/appeal stats? (3) time-box this whole idea pending a real cooldown fix (which you agree makes more sense)? That would help address the abuse without permanently turning EC into an opaque moving target. spintheer (talk) 13:05, 7 October 2025 (UTC)

Appeals (and thus hit rates?) will be onwiki and transperant at WP:PERM/EC. If the community feels there are too many of them, folks will scream. To reiterate, the number of false positives we want (and have) from the aforementioned filters is 0 and we do not expect to use it outside of cases of persistent abuse. The cool down idea while it sounds great on paper is going to either devolve into a "existing EC deadline + 7 days" (and nobody looks at the accounts) or a massive backlog for administrators having to go through every single EC promoted user's contribution history which imo is unworkable. Sohom (talk) 14:11, 7 October 2025 (UTC)

Thanks for the reply, but I think we’re talking past each other on what a cooldown would do. In the version proposed, the 3–5 day window doesn’t mean admins must vet every new EC candidate. It’s either:

(A) A targeted hold, where a short blockautopromote is applied only when an EC-gaming filter matches. That gives admins time to act only on the flagged accounts. If, as you say, filters are near-zero FP and used sparingly, the volume should be tiny and not create a backlog.

(B) A deterministic hold, which is a neutral, short hold for everyone who first meets 30/500, with automatic promotion when the window expires.

In either case, admins only attend over people for whom the hand-crafted admin filters triggers, not everyone.

I agree we should act quickly on abuse, but I’m wary of turning EC into "30/500 plus pass an undisclosed authenticity screen." I’d be willing to reconsider my !vote if items 2–3 are made a time-boxed stopgap (with published metrics and a scheduled community review/sunset) while we pursue a proper cooldown solution. spintheer (talk) 14:08, 10 October 2025 (UTC)

@Spintheer, How is the targeted hold different from the current proposal ? Again to remind you whenever the right is yanked, folks will get a big red notification in their notification box. If they feel like they have done nothing wrong, they can rush to WP:PERM/EC (which will be linked to in the notice) and get their rights back. The "undisclosed authenticity screen" does not exist, because a edit filter hit will be disclosed to them, and will show up in the technical logs which can be accessed by every administrator. This is not to mention that the logs are typically monitored by EFM and technically minded admins who also scan for false-positives themselves. I don't see a valid reason here to let the vandals in this context have any leeway of being able to game our system by waiting 7 days and hoping a admin misses them especially considering the damage they have done. Remember, the vandals in these context are using automated tooling, if we try to add a "human check" element, they are gonna be able to bypass it purely by sheer luck, by evading manual checks or by throwing numbers at the problem and we are back to square one with a actual "undisclosed authenticity screen" because now a admin needs to use their discretion to weed out the vandals during the 7 day period. Sohom (talk) 13:46, 15 October 2025 (UTC)

There will also be an entry at WP:AIV/TB2 which will be reviewed by an admin when checking if the account is actually gaming and needs to be blocked, so there's essentially an automatic review. ScottishFinnishRadish (talk) 13:51, 15 October 2025 (UTC)

I hope that this clarifies:

• What the RFC proposes now (revocation model): EC is granted at 30/500, and then a filter can revoke it. Restoration depends on humans (PERM/EC, AIV/TB2). That creates an open-ended gate whose duration is whatever the current backlog happens to be.
• What I’m proposing (targeted hold model/cooldown): When a filter matches on an account that has just met 30/500, apply a short hold (e.g., 3–7 days) before EC is conferred. During that fixed window admins can act; if no action is taken, EC is granted automatically.

The two approaches use the same tooling, but the targeted hold model has a guaranteed off-ramp: revocation has no time guarantee. Good-faith editors can sit in limbo until someone reviews their case. A hold has a predictable, auditable window (e.g a week) after which rights are granted if no action is taken. That preserves a bright-line, newcomer-comprehensible rule: 30/500 -> short wait (if flagged) -> EC.

On the "vandals will just wait 7 days" concern: during the hold they cannot use EC-only tools or edit ECP pages, which is the immediate harm that this RFC is aiming to prevent. If there is somehow no admin action within 7 days, that is a signal that (i) the filter's flag wasn’t actionable enough to justify continuing to withhold a core right or (ii) there is a backlog, which we received assurances won't happen because the filter is very good.

On filter health metrics: Notifications are good, but appeals volume alone won’t tell us if calibration is right. Hoping that newcomers will have the confidence, patience, and knowhow to appeal is optimistic. Whatever path we take, we should commit to basic rolling metrics (hits, upheld/overturned, median time to resolution) and a scheduled community review.

Again, I recognize we may need a near-term fix. If the community prefers the current revocation model, I’d support it only as a time-boxed stopgap (with published metrics and a sunset/review), while we pursue the deterministic hold as the longer-term, more transparent solution. spintheer (talk) 19:42, 18 October 2025 (UTC)

• Support 1 & 2, conditional 3: 1 is unobjectionable groundwork and makes hierarchical sense. 2 has a potential for causing issues in the form of false positives, but my fears are alleviated by three factors: I trust that the edit filter team can construct filters with a low false positive rate, when fps occur the impact to an individual editor will be generally low, and when fps occur they will be entirely correctable with no side effects upon petition and review. 3 I will support in the same conditional manner as Tamzin. fifteen thousand two hundred twenty four (talk) 06:33, 5 October 2025 (UTC)
• Support per nom, this seems reasonable. Dr vulpes (Talk) 02:35, 8 October 2025 (UTC)
• Support All Three We need to limit disruption and this should do a good job in doing tackling the issue and the edit filter managers points above allayed any concerns I had on false positives. GothicGolem29 (talk) 23:54, 12 October 2025 (UTC)
• Support. Just to be clear, I support all three points as the proposer. Daniel Quinlan (talk) 01:05, 29 October 2025 (UTC)

• Are we sure that third bullet point is necessary? Is the match rate really so high it'd hit a throttle based on a percentage of all recent edits? -- Tamzin^{[cetacean needed]} (they|xe|🤷) 21:58, 22 September 2025 (UTC)

  Yes, 100%. I'll send you some details via email. Daniel Quinlan (talk) 22:17, 22 September 2025 (UTC)

• "We allow several high accuracy edit filters to revoke autoconfirmed." – This is the most vague part of the proposal, as a general idea what would such edit filters look like? fifteen thousand two hundred twenty four (talk) 08:25, 23 September 2025 (UTC)

  I'm years behind current edit filters but they would be standard filters that detect certain patterns of edits or behavior, and which have the ability to remove the autoconfirmed status of the editor as a response. The comment about accuracy would mean that manual checking of what the filter decided has shown that the filter is very accurate. Johnuniq (talk) 09:33, 23 September 2025 (UTC)

  Wouldn't it make more sense to have the filters trigger a notification which admins could then decide whether or not to act on? While I think there is a principled argument for tightening scrutiny of the EC confirmation process, I'm more than a little concerned about the degree of automation involved here, and the fact that respondents are being asked to provide blanket endorsement of the filters involved without the specifics of those filters being worked out for vetting in advance of authorizing the proposal. It seems to me that there is substantial possibility of false positives or just far too onerous a standard for qualification of EC status in a manner that could have broad implications for new user involvement and retention. Shouldn't we at least make sure that an actual human signs off on each denial of EC status to an account that otherwise meets the agreed community metrics for the granting of said status? Maybe I am just lacking the technical background on these filters and missing something obvious as a consequence, but taken as a whole, with the ambguities in the current version of the proposal, this feels a little calvalier. SnowRise ^{let's rap} 21:43, 23 September 2025 (UTC)

  That's how the filters work now (with scant few false positives), and then we have to full protect major articles for days at a time. The issue is that they're gaming EC before anyone has a chance to review the filter reports. ScottishFinnishRadish (talk) 21:47, 23 September 2025 (UTC)

  So no amendments to the filters themselves are immediately contemplated? We're just talking about changing the process so that technical revocation happens before admin review, rather than the other way around? SnowRise ^{let's rap} 21:54, 23 September 2025 (UTC)

  The filters are constantly being adjusted, tuned, and created. It's insufficient. ScottishFinnishRadish (talk) 22:20, 23 September 2025 (UTC)

  You don't have concerns that asking for the admin approval of withholding a user right (the usual criteria for which is defined by substantial community consensus) to be moved to the end of the process (or possibly obviated altogether, if admins/functionaries just stop keeping up with the log), creates a situation where there is a complete deficit of oversight here? This would mean that a small number of editors maintaining the filters would be able to put a very heavy thumb on the scale of who gets extended confirmed status. This in turn would put them in a position of substantially restricting the access of the new users to significant portions of the encyclopedia, since ECP has vastly expanded in scope of application under ArbCom rulings and other developments on the project over the last couple of years.

  If we are not going to couple this proposal with some sort of more robust vetting of the development of the filters, this strikes me as too much idiosyncratic decision making vested in too few hands (that are not expressly authorized by the community to make these kind of broad decisions about what looks like suspicious/gaming behaviour). At a minimum, I think we need to discuss what happens if no admin reviews the filter log on an automated withholding of the user group membership, after x amount of time. I also think we need way more public discussion of what the current filters look like and what 'scant few false positives' look like, and how we can even be confident of such an appraisal with limited insight into whether a given user's actions were good or bad faith, other than begging the question on the assumption that they were attempting to game the system.

  Understand that I have seen a lot of the type of abuse that this proposal is attempting to address, so I appreciate both the motivation and the need, and I'd like to support on that basis. But we have, between community discussions and decisions implemented unilaterally by ArbCom, already greatly restricted access to huge swaths of the project, including essentially the entirety of CTOP areas. This is yet another heavy step in the direction of locking down the project increasingly as the sole purview of veteran editors, with huge consequences to diversity of view points, editor recruitment, editor retention, and the workload deficit. I'm a little concerned about how light all of the details are for this proposal, considering the breadth of likely implications for all of those practical concerns. SnowRise ^{let's rap} 23:03, 23 September 2025 (UTC)

  We wouldn't enable the blockautopromote action except for filters verified to be exceptionally accurate. The goal of this proposal is to make Wikipedia more welcoming and open, not less so. Right now, it's possible to game ECP and disrupt a high-profile article to the point where nobody can improve it. It's possible to game ECP so that you can keep harassing someone indefinitely on their talk page. And our only recourse is to cut even more editors off from editing those pages. And those issues have gotten much worse in the last year.

  Some people are already clamoring for an even higher level of protection than ECP, and I don't blame them because of how bad these issues are, but I think a better approach is to take aim at the small number of bad actors who are gaming ECP to be disruptive and abusive. These filters will only take action on accounts which are extreme outliers compared to typical new editors and not on ordinary contributions. When accounts trigger these rules, they are already posted to AIV for review, false positives can be reported to WP:EFFPR, users will also be able to appeal any revocation at a noticeboard, and administrators, edit filter managers, and edit filter helpers all regularly review filters and filter hits. All of these mechanisms have been in place for years to make sure filters are working properly and are being used properly, and I believe these mechanisms will continue to be effective. Daniel Quinlan (talk) 23:47, 23 September 2025 (UTC)

  I don't disagree that what you describe is a reasonable strategy for trying to serve the twin aims of short-circuiting disruption while simultaneously preserving access to as many editors as possible--at least in the broad strokes. But I'm still none the wiser on the specifics that I for one would say are crucial to making sure that the cure doesn't become more problematic than the disease. What are the criteria by which these filters assess contributors as bad actors, based on 'extreme outlier' metrics? Where should I be looking to understand the present analytics by which these filters operate? Or better yet, can you summarize the behaviours which would typically trigger the filters? I can't imagine I'm the only respondent who would have these reservations and is not a complete technical dope, but would nevertheless benefit from a more detailed explanation of the current criteria / rules by which the filters parse the data.

  Again, believe me, I see the need. And if the responses so far are any indication, you won't need my !vote for a consensus here. But personally, I can't rubber stamp this with my support without a more thorough understanding of under what conditions the user rights would be denied. You have spoken about protections on the back end, but let's bear in mind that when we are considering unintended negative consequences here, we are specifically talking about the community members who will have the lowest level of understanding of how to challenge an error. SnowRise ^{let's rap} 01:22, 24 September 2025 (UTC)

  @Snow Rise, currently we are dealing with a particular vandal who makes 500 edits in mere moments, 30 days after account creation, by adding numerals to their sandbox. They move so fast that in the time it takes a human admin to look at their edits, they've already reached extended confirmed. When I was unfamiliar with this particular vandal and someone reported an ongoing run-up to me, they got from 100ish edits to 400ish edits in the time it took me to check my Discord messages and open the "editor's" contributions history to show 500 edits. I assure you that this behaviour is not even remotely like any human editor who could plausibly be operating in good faith. -- asilvering (talk) 18:44, 25 September 2025 (UTC)

  That's great, and if the filters are substantially engineered towards sending up a flag in only those kinds of situations, that's the kind of detail which could reassure me that the system is well-calibrated towards catching obvious bad actors with minimal false positives. The problem is, no one who has the requisite familiarity with the technical implementation of the filters at present has yet spoken up in this discussion to give even a basic description of how they operate. And until they do, I for one do not feel comfortable supporting the proposal. And if they do, it may be enough to shift my !vote, but it won't exactly dissipate my concerns altogether, since there is no oversight function (that I am aware of, anyway) for reviewing changes to those filters by the general community. Meaning once we authorize full automation of the withholding of EC status, the rules by which that automation is conducted could be radically changed to not be consistent with the status quo we had in mind when we permitted that change. SnowRise ^{let's rap} 19:14, 25 September 2025 (UTC)

  The LTA that asilvering is referring to is Salebot1 (WP:LTA/SB1), in case you didn't already know. SuperPianoMan9167 (talk) 21:11, 25 September 2025 (UTC)

• Question EC happens after 500 edits plus 30 days. How are editors getting EC not already autoconfirmed? I think I missed something. RudolfRed (talk) 00:24, 24 September 2025 (UTC)

  Currently, EC is granted solely based on edit count and account age. It doesn't matter whether the account is autoconfirmed. If we add autoconfirmed as a requirement for EC being granted, it would mean that we could automatically revoke AC from accounts in the process of gaming EC via rapid edits, and keep those accounts from gaining EC until they can be reviewed by an administrator. For good faith users, it will have no effect because they will still have autoconfirmed when they reach the standard EC requirements. Daniel Quinlan (talk) 00:51, 24 September 2025 (UTC)

  Thanks for clarifying it for me. RudolfRed (talk) 01:50, 24 September 2025 (UTC)

  @RudolfRed: Also, admins are able to grant various rights to users, even to newly-registered accts with no edits yet. There are about sixteen of these, and they include: confirmed user; extended confirmed user; template editor. --Redrose64 🌹 (talk) 20:24, 24 September 2025 (UTC)

• Question: What kind of edits do users typically make when they're gaming the system? If they are mostly userspace edits, would it be helpful to change the requirements for the EC user right to a minimum number of mainspace edits? If they are mainspace edits, are they constructive? Are the filters just catching them because they are made quickly, or are the edits vandalism or something repetitive like adding an extra space where it's not needed? I can envision a scenario in which someone who is really determined to vandalize a high-profile page could get around these proposed changes by, for example, making a small number of inconsequential grammar changes per day until they reach 500 edits. I think the only foolproof way to prevent this from happening would be to create a new protection level above ECP that requires users to have an administrator-granted permission (e.g. rollback, or create a new one for this purpose) to edit the highest-risk pages. I₂Overcome ^talk 06:13, 24 September 2025 (UTC)

  Sometimes they edit main space articles with more innocent-looking contributions, and other changes are to sandboxes. I haven't seen user page edits as often prior to being granted auto-confirmed rights or extended confirmation. SNUGGUMS (talk / edits) 12:29, 24 September 2025 (UTC)

  Trolls can and do choose to attack any kind of page, not just high profile ones. Edit filters can detect many of the persistent trolls but they cannot currently stop a troll from gaming their way to EC. This proposal is for some simple changes which could be implemented quickly. The result would that edit filters could stop a new editor from reaching EC. People who maintain those filters will check what they do and ensure that false positives are rare. The penalty of a false positive would be that someone reaches 500/30 but is not extended confirmed—they can still keep editing and become EC after a manual review. Other plans (such as altering the way EC works) could take over a year to implement and would have zero flexibility. Johnuniq (talk) 01:45, 25 September 2025 (UTC)

• I want to say that continuing to rely on humans to play King Canute against this incoming tide is not a viable option, and that doing this is not going to resolve the problem. It will suppress some of the ECP gaming but a significant chunk of it will just be displaced or delayed. At some point, we will have to give up and make EC a right to be granted or revoked by humans.—S Marshall T/C 07:28, 25 September 2025 (UTC)

  So sort of like encyclopedia Brittanica, except without the free market incentive structure to produce a superior product. That's a concerning combination. spintheer (talk) 13:25, 15 October 2025 (UTC)

• Slightly tangential, but it may be worthwhile to assess potential collateral if the max permissible non-XC rate were reduced to the max permissible non-AC rate, assuming something to that effect has not already been done. 184.152.65.118 (talk) 00:52, 23 September 2025 (UTC)
• Honestly, whatever makes admin's work easier based on tweaking configurations sounds good to me, even if technicals go slightly over my head at the same time (hence I'll refrain from survey for not being clued up enough). Overall I'm much more interested in filling the protection level gap between ECP and Full Protection, or even understanding why there is such an enormous gap in the first place, but that's a completely different another topic. CNC (talk) 21:42, 26 September 2025 (UTC)

  I always felt that ECP should have a higher threshold to move it more midway between semi and full. ~Anachronist (who / me) (talk) 23:16, 26 September 2025 (UTC)

While we're waiting for a close, I wanted to add a few technical notes:

1. It's worth clarifying that blockautopromote doesn't technically "revoke" permissions in the way people are used to thinking about permissions. As background, it helps to understand that autopromotion doesn't actually add users to a group. MediaWiki dynamically checks whether a user meets the conditions for autopromotion when it's checking a user's rights or groups. The blockautopromote action prevents those conditions from being met for a temporary period of time (five days). The rights are effectively revoked during that period, but once the period ends, autopromotion works normally and the "revoked" rights are restored to the user. The confirmed permission can also be granted manually during that period. Additionally, as mentioned above, edit filter managers have an interface to undo blockautopromote mistakes.
2. With some help from other editors, I did some testing on test.wikipedia.org and verified that blockautopromote works as expected and that with the current site configuration, it unfortunately won't prevent extendedconfirmed from being granted (which is the reason for point 1 of the RFC).
3. Also relevant to point 2 of the RFC, enabling blockautopromote for one or two filters as proposed here will have another immediate effect (i.e., without any additional configuration changes): it will lower the edit rate throttle for the five day period from the user edit rate limit to the newbie edit rate limit. Based on the current settings, that would shift the rate limit from 90 edits per 60 seconds to 8 edits per 60 seconds.
4. While I believe there's consensus for point 3 without any conditions (and even stronger consensus for points 1 and 2), we will assess whether it's technically necessary once we begin implementation. If it doesn't prove necessary for a solid implementation, there's no reason to move forward with that change.

I've done my best to explain a few additional technical details in a straightforward way, but the code is complex and corrections are welcome! Daniel Quinlan (talk) 01:15, 29 October 2025 (UTC)

When blocking autopromotion happens, it shows MediaWiki:Abusefilter-autopromote-blocked, not MediaWiki:Abusefilter-degrouped (Remove from groups). Codename Noreste (discuss • contribs) 03:00, 29 October 2025 (UTC)

Not sure how I made that mistake, but thanks! That error message is definitely more appropriate already too. I'm not sure it even needs to be changed, but I'd be open to softening it a bit. Daniel Quinlan (talk) 04:06, 29 October 2025 (UTC)

@Daniel Quinlan: I'm curious, what exactly is the configuration change for point 1? At a quick glance I'm not seeing anything that would allow for requiring membership in an autopromoted group. APCOND_INGROUPS calls getUserGroups(), not getEffectiveUserGroups(), so it can't check for an autopromoted group like autoconfirmed, and I don't see any other condition that seems relevant. Anomie⚔ 03:26, 29 October 2025 (UTC)

@Anomie: That was the next thing I was planning to test, but it sounds like a small code change will be needed to allow point 1 to work. Obviously, that means that even if point 1 of the RFC passes, it will not be something we can do soon, but it's still good to have an RFC to refer to in an enhancement request. Thanks for pointing this out. Point 2 will still be a significant improvement that doesn't require code changes because of the newbie rate limit. Daniel Quinlan (talk) 04:03, 29 October 2025 (UTC)

@Daniel Quinlan: Regarding the code change, I'd suggest requesting that AbuseFilter add a condition for "autopromote is blocked" rather than trying to request that APCOND_INGROUPS look at getEffectiveUserGroups(), as the latter seems likely to wind up in a loop where the code might have to know the autopromoted groups to evaluate whether autopromotion should happen. Or you could request that AbuseFilter's blockautopromote block wgAutopromoteOnce directly. Anomie⚔ 04:15, 29 October 2025 (UTC)

I was planning to define the problem first and mention possible solutions second, but that sounds reasonable. I hadn't considered your first alternative, but I was planning to mention the second alternative as an possible solution. Thanks again. Daniel Quinlan (talk) 04:26, 29 October 2025 (UTC)