Talk:Wikimedia Foundation/Legal/Community Resilience and Sustainability/Trust and Safety

@Kbrown (WMF): Where is the history of this page? It seems to have been moved from 3 May 2018. Blue Rasberry (talk) 13:52, 23 May 2018 (UTC)Reply

@Bluerasberry: Hi Lane, you can find past versions of this department's info page at "Support and Safety" (which now redirects to this page since our team was renamed). Kbrown (WMF) (talk) 14:31, 23 May 2018 (UTC)Reply

@Kbrown (WMF): May I arrange for a history merge of that content to this page? Otherwise I might mark the other page as a historical archive. My aim is to make the older content more accessible. Blue Rasberry (talk) 15:08, 23 May 2018 (UTC)Reply

@Bluerasberry: This is regretfully not easy because of translation woes, but it's also not something we want to do since it would give the impression that this is a name change only - the workflows and such for the team are functionally different. I have instead linked to the old SuSa page from the lede which hopefully should tie it back. Joe Sutherland (Wikimedia Foundation) (talk) 17:38, 23 May 2018 (UTC)Reply

@JSutherland (WMF): That is helpful but is still a nonstandard way to archive. It does not help the image of this group to have that link hanging in the lead and I imagine that in within years the link would need to go.

I do not feel too strongly about this and I cannot read the motivation here about whether this is a bureaucratic issue or whether there is a reason for pulling the content out of the standard archiving practices. If I were doing this I would probably choose one of these common options:

1. history merge - put the old records in front of these new ones. There is a one-day, one-edit overlap but I think it works.
2. make the old page live, put it out of the way, and put {{Historical}} on it

I think I will not comment further. This struck me as a ~1 in 10,000 strange incident so I spoke up about it, but I do not have so much of an opinion at this time. Thanks for your responses. Blue Rasberry (talk) 18:35, 31 May 2018 (UTC)Reply

Hey Bluerasberry - Option 1 would be the best option but because of how the translate extension works, it's not really feasible. I agree the solution at present is suboptimal and I can only apologise about that. I think making the old page live is simply going to generate more confusion than a redirect. Joe Sutherland (Wikimedia Foundation) (talk) 00:12, 1 June 2018 (UTC)Reply

@JSutherland (WMF): Is this new way of archiving becoming routine? Do you expect that every time any page on meta gets a revision and has used translation extension then it will be necessary to turn the old page to a redirect, start a new page, and break from the natural MediaWiki archiving systems?

If there is something weird about this case, then that is unfortunate. If this is the new normal for some reason, and this has been happening and is now routine in many places, then I hope we have Phabricator tickets documenting this as a problem in conflict with community norms for archiving, if in fact this is a problem. Do you know of a Phabricator ticket on this issue? Should I file one and post here? I know nothing about this.

Again, I only care a little about this. I did not expect this to be a discussion but I just saw something strange. I would like to resolve this somehow and exit my part in this discussion. Blue Rasberry (talk) 15:55, 1 June 2018 (UTC)Reply

Actually, this is not urgent. I want to step away for now. Thanks. Blue Rasberry (talk) 15:57, 1 June 2018 (UTC)Reply

Hello.
Of the four sysops’ accounts locked on June 10 only one Perhelion is unlocked by now – the very acc which presumedly infected Commons for the first time, causing other users to be exposed to a malicious script. What do you want from the remaining three guys – to come on foot to your California and submit humble petitions to the Office directly? Is this “safety”? And when will trust return here? @Rxy: also for your information. Incnis Mrsi (talk) 06:00, 12 June 2018 (UTC)Reply

Hi there Incnis Mrsi. All but one of these accounts is now unlocked, since they emailed into us and we could confirm their identities. I would greatly appreciate that, if you know Schekinov Alexey Victorovich, you ask him to email us at cawikimedia.org from the email address associated with his account and we can get that one unlocked as well. (See Wikitech for why this process is how it is.) Joe Sutherland (Wikimedia Foundation) (talk) 14:55, 13 June 2018 (UTC)Reply

@JSutherland (WMF): I’m in process of negotiating an intermediary to post a message to his vk.com profile. Would you provide specific instructions to the user? Such as “to clear the browser cache”, “to log on from another device”, or so. Incnis Mrsi (talk) 15:52, 13 June 2018 (UTC)Reply

@Incnis Mrsi: I would just ask him to email us from the email he signed up with if that is possible. It is okay if he does that in Russian. He will not be able to log in until his account is unlocked no matter his browser, cache etc. Joe Sutherland (Wikimedia Foundation) (talk) 18:26, 13 June 2018 (UTC)Reply

The procedure at wikitech:Password reset/Confirming identities was probably developed by competent people, but they assumed some evil-doer who succeeded in stealing or guessing the password, and unlikely envisaged the current situation. No password stealing took place, at least for the three accounts locked after 10:50 (UTC). The accounts were compromised with a backdoor in Special:BotPasswords, and the residual danger is not about the main password, but about malicious scripts which can be inadvertently activated by the rightful owner. It is unfortunate that Trust_and_Safety undertakes some measures which ignore nature of the threat. Incnis Mrsi (talk) 11:40, 14 June 2018 (UTC)Reply

@JSutherland (WMF): Schekinov can’t remember which Email was specified in his main account,[1] whereas Special:EmailUser is disabled for locked accounts. Can you unlock the account for few seconds, use Special:EmailUser/Schekinov Alexey Victorovich and then lock it again? Incnis Mrsi (talk) 18:11, 18 June 2018 (UTC)Reply

Does the Trust and Safety team have a general email address for public (non-Wikimedia community) inquiries? There does not seem to be one posted. Blue Rasberry (talk) 13:28, 29 June 2018 (UTC)Reply

Thank you @Bluerasberry:, the vast majority of inquiries our team gets are from within or directly tied to the communities. So there currently is no inbox more general than those serving such purposes. We are also modestly restraint about the public profile the existing ones as the example of answers/business@ demonstrates the considerable spam coming along with having them posted in public. That certainly should be fixed but would probably involve changing the input interface approach to something less ancient than publicly available raw email addresses. Best regards, --Jan (WMF) (talk) 21:15, 1 August 2018 (UTC)Reply

@JEissfeldt (WMF): Thanks. If I understand correctly then anyone seeking escalation to the WMF regarding safety concerns should either reconsider and engage with wiki volunteers or write to [email protected] as the only path to speak with WMF staff. Correct me if there is any other procedure in place. This seems resolved though. Blue Rasberry (talk) 22:33, 1 August 2018 (UTC)Reply

Not quite, @Bluerasberry:, as there are workflows where it is very advisable to escalate to the team directly, notably those falling within the scope of emergency@ based on the instructions there. Most daily disagreements of Wikipedian community life, however, fall within the scope of the communities self-governance detailed in the Terms of Use. Respecting the autonomy of a community is important and those cases only reach us if they turn out to be fairly severe, usually meaning the communities can't resolve them on their own. The main pathway for such issues has traditionally been via the functionaries --Jan (WMF) (talk) 16:44, 10 August 2018 (UTC)Reply

Resolved.

Okay, that works. Blue Rasberry (talk) 16:48, 10 August 2018 (UTC)Reply

Hi - I was told that I need to contact Trust and Safety by the Stewards (re compromised account), but I don't see a form or contact link. How do I do this? Thanks!

Hi there - you should email us at cawikimediaorg, preferably from the email associated with your account. Thanks. Joe Sutherland (Wikimedia Foundation) (talk) 17:53, 25 February 2019 (UTC)Reply

See de:Wikipedia Diskussion:Wiki 2019/Gesundheit der Community.Mautpreller (talk) 11:55, 12 June 2019 (UTC)Reply

This should be discussed in public. I won't write a mail, the whole "Trust & Safety" question absolutely requires an open discussion. If this is not the right place, tell me where it is. In my view, the whole institution as well as the processes are generally severely flawed, there is neither trust nor safety left.Mautpreller (talk) 12:42, 12 June 2019 (UTC)Reply

There are five conditions as minmum standards for a fair process:

• More than one small institution (as T&S) has to be involved, most notably the community (maybe in form of some representative). Self-empowerment of T&S is not acceptable.
• Non-publication must be restricted to privacy issues. Allegations, verdicts, case accounts and reasonings have to be made public, with the sole exception of things that could infringe on privacy in the specific case.
• There has to be a public, accountable and clear procedure, including clear criteria for necessity of WMF intervention, immediate danger, possible reasons for decisions.
• The persons accused of wrongdoing must have full possiblities to defend themselves and plead their cause. If this is not fully possible because of specific privacy reasons, they need a representative to protect their rights (kind of advocate). This person may come from a relatively small number of trustworthy users. (Maybe the other side could also need such a representative.)
• An appeal has to be possible. It has to be decided by a different gremium. A decision without appeal is unworthy of a civilized community.Mautpreller (talk) 18:35, 12 June 2019 (UTC)Reply

Support - agreed with the rationale behind these actions. This is the way the community should go. Starship.paint (talk) 09:02, 13 June 2019 (UTC)Reply

Support - Something is seriously wrong with how T&S is operating, and it can't be explained by legitimate privacy concerns, given that they're claiming privilege on literally everything - including things that should in no way implicate the safety or privacy of accusers. Jéské Couriano ^{(v^_^v)} 10:04, 13 June 2019 (UTC)Reply

Support - I particularly like point 4. The WMF claims that individuals can't see evidence against them as it risks more harassment (and breaches their overly broad privacy offerings). A small group of advocates, voted then vetted in the same way as Stewards, would work as a good compromise. Nosebagbear (talk) 10:19, 13 June 2019 (UTC)Reply

Support - I agree and support all points however the main one for me is #4 - In the case of Fram it would seem they were banned with no notification, no well ... nothing ...., If I'm about to face a T&S ban I sure as hell would like to know about it first and I sure as hell would want to defend myself too. Anyway support. –Davey2010^Talk 11:45, 13 June 2019 (UTC)Reply

Comment I can't fully support the conditions as stated although I'm very sympathetic to the majority of them and definitely to the underlying concerns. My particular problem with the last point is that I can imagine situations (typically involving legal — will elaborate if not obvious) where an appeal is not an option. I do disagree that the general concept that all office actions are nonappealable is too broad but I equally disagree that the opposite position – "all office actions ought to be appealable" — is viable.--Sphilbrick (talk) 16:57, 13 June 2019 (UTC)Reply

Support the first sentence in that there needs to be discussion about this. As far as the specific bullet points, I think that is what needs to be resolved through that discussion. I can foresee merits for both sides on several of the issues at hand, and would like to see cases laid out for them. Ched (talk) 17:23, 13 June 2019 (UTC)Reply

Support - to all points. --Kein Einstein (talk) 19:41, 13 June 2019 (UTC)Reply

Support - all points. Carrite (talk) 13:10, 19 June 2019 (UTC)Reply

Discussion

*"Allegations, verdicts, case accounts and reasonings have to be made public, with the sole exception of things that could infringe on privacy in the specific case" - the problem is that they'll just claim that none of allegations, evidence and probably reasonings, can be given without infringing the privacy of the accuser. They may be right. However transparent justice is important - privacy of victim/accuser should only be maintained where an argument can be made that it's needed to protect them. An accusation should be accompanied, however, by a 2-way IBAN between accuser and accused. Nosebagbear (talk) 10:19, 13 June 2019 (UTC)Reply

I refuse to accept that nothing can be made public. I simply don't believe it. They could omit certain things, as name of alleged victim, concrete situation, if necessary, but there should be a reason for this in the specific case. Look at that Fram case. I cannot see that anything in the way of privacy was at stake there. And if there was, why should this be a reason not to publish a verdict with reasoning(s)? If they want to say, Fram generally has an intimidating manner and this can't be managed by the community, why don't they do so? Why don't they give any justification for their action? Why is it impossible to give any particulars? Like that, it is a situation reminding me of Kafka's Process. This can't be right.Mautpreller (talk) 11:15, 13 June 2019 (UTC)Reply

Every defendant has the right to see his plaintiff. --Informationswiedergutmachung (talk) 12:15, 13 June 2019 (UTC)Reply

I think the right place for this discussion on meta would be Wikimedia Forum. --Count Count (talk) 14:09, 13 June 2019 (UTC)Reply

Are you sure? There should be an open (global!) discussion on Meta, but I'm not an insider of Meta and don't know where it will be best noticed.Mautpreller (talk) 12:46, 14 June 2019 (UTC)Reply

@Mautpreller: Hmm, on second thought I think opening a new RfC would be even more appropriate. There was Requests for comment/Superprotect rights for example. --Count Count (talk) 20:11, 15 June 2019 (UTC)Reply

Thanks. Maybe I'll do that as soon as the extended documentation of the T&S process is online, as User:JEissfeldt (WMF) announced.Mautpreller (talk) 18:55, 16 June 2019 (UTC)Reply

Under the 'What we do/Trust and Safety' header, the link for "Wikimedia Foundation bans of users" leads to WMF Global Ban Policy, which I believe is... incomplete, or could/should link to a broader page, reflecting the capabilities of temporary, and site/project-specific bans. Perhaps the wordage of the landing page simply needs updating with respect to this? Cheers! Elfabet (talk) 15:30, 13 June 2019 (UTC)Reply