This is not the page to request an account on Wikipedia. This page is for discussion of the Request an account page and its process. Please go back to the request an account page to read how to request an account. This page is automatically archived by MiszaBot II. Any sections without comment in at least 18 days will be moved to the archive.

Archives

Archive 1: Feb 07 - Nov 07 Archive 2: Nov 07 - Feb 08 Archive 3: Feb 08 - Aug 08 Archive 4: Aug 08 - Dec 11 Archive 5: 2012 - 2019 Archive 6: 2019 - 2021

This page has archives. Topics inactive for 18 days are automatically archived by Lowercase sigmabot III.

can I create a User:Venustas 12/Request an Account page where I.P addresses go give me there email address ( I send them a five letter code send it to their email and ask them to type it on the User:Venustas 12/Request an Account to confirm the email) and I create their accounts?

Could someone with admin access on the account creation request interface approve my account please, as no-one seems to have approved it yet. Thanks Paul2387 22:05, 10 March 2010 (UTC)[reply]

I am requesting a review of my Suspension, I had been Suspended I believe in Fall 2008, Maybe the Start of 2009, I cannot remember why though, I have tried requesting to create another account using my Wikipedia Username "Arctic Fox", But it is already in Use, I have just recently come back to Wikipedia and start contributing again after my Wikibreak, And I would like to request using ACC again if permitted to,

Thanks, Arctic ^Fox 09:59, 22 April 2010 (UTC)[reply]

This system has many fundamental flaws of the privacy policy.

The interface is on the toolserver and releases IP information about users requesting accounts. By policy, these users should all be 18 and older and identified to the Wikimedia Foundation. To have access to such information, they must have the agreement of the Wikimedia community and/or the Arbitration Committee.

Second point: There is no governance for this access other than admins granting users the rights. This should at least be discussed by the Arbitration Committee or by another community source to determine access rights if this will continue to be hosted on the toolserver and not locally.

Third point: We have no on-wiki trail of process. I don't know if and/or/why an unblock has occurred if I don't have a ACC account on the toolserver. This defeats transparency and is not appropriate for the administration of the English Wikipedia.

Keegan (talk) 06:00, 22 May 2010 (UTC)[reply]

Oh, I also notice that the project uses an @wikimedia.org email reply, without being a part of the volunteer response team system. Keegan (talk) 06:04, 22 May 2010 (UTC)[reply]

In short, I'm not seeing it.

1. First, IP information about users requesting accounts is nothing special. If someone asks unblock-en-l to create an account for them, we routinely ask for their IP address to determine the nature of the block. I'm fairly sure a number of admins on that list are not identified to the foundation; I, for one, am not. WMF privacy policy applies only to WMF sites, which Toolserver is not. The user is informed that their IP address will be disclosed, and I see no problem. That another site collects IP information and does not follow WMF privacy policy does not mean that we cannot link to it, or there would be no external links at all. (The alternative is to have all account creation requests sent to the checkusers...not an appealing idea, surely?)
2. Why is that necessary? I fail to see how this is somehow more dangerous than, say, rollback, for which we have no discussion process.
3. Nor does unblock-en-l, which as far as I can see no one has challenged here.
4. That address is what MediaWiki uses when you have the password sent by email. Tim Song (talk) 04:09, 23 May 2010 (UTC)[reply]

While the toolserver is WMDE not foundation, the rules dictate, that the toolserver does indeed fall under the guise of the Foundation privacy policy. Q ^{T C} 04:57, 23 May 2010 (UTC)[reply]

^That. In respect to Tim Song's remarks, we've been talking about it and perhaps my issue is not proper to the point. OverlordQ's point, as well as the checks and balances system that is in place. Also this is all just issues that I perceive. I have no problem being wrong to points; I'm just raising these issues for discussion. Keegan (talk) 05:06, 23 May 2010 (UTC)[reply]

Hmm, I missed that; regardless, since the user is informed that their IP is recorded and displayed, I'm not seeing a problem. Tim Song (talk) 05:22, 23 May 2010 (UTC)[reply]

Playing devils advocate here, but:

1. The privacy policy does stipulate that a users private information may be given out with the users permission. The form to request an account does say that Note that if you use this form, your IP address will be recorded, and displayed to those who review account requests. By submitting the form, it could be said that the users have implicitly given permission for their user information to be released to those handling the requests.
2. Which rights are you referring to? The accountcreator right, or access to the tool? I would have to disagree and say there is more governance now, then there ever was. When it was on-wiki, any random user could come across and create the account, with the current ACC system it's generally made sure that the users have some inkling to Wikipedia policies before given access.
3. I'm confused as to what blocking has to do with this, ACC does not unblock anybody. The vast majority of requests involving blocks fall into these categories:

1. Declined
2. Vetted through a CU
3. The block itself tells people to request an account through this tool.

Q ^{T C} 05:18, 23 May 2010 (UTC)[reply]

I'm a little confused by this. Is the claim that the toolserver is retaining this IP address indefinitely while the normal account creation process gets rid of the address after a few weeks? Is it that the addresses on toolserver are visible to users who aren't checkusers or had similar vetting? Neither of these should be happening if the toolserver is following the privacy policy. Or if it's comparable to regular account creation, then is there still a problem? I don't think it's that useful to show the address to non-checkusers, since if there's going to be any investigation of other activity from the address, it should include checking for edits under other accounts. I'm not keen on Q's argument that the user has given permission for disclosure or retention beyond what's involved in normal account creation. WP should not want such additional disclosure/retention in the first place, unless there's a good reason which I'm not seeing so far. 69.228.170.24 (talk) 18:25, 23 May 2010 (UTC)[reply]

The addresses on the toolserver are only viewable while the request is open. Once the request is handled, the IP is no longer displayed (with a few minor exceptions).

I don't think it's that useful to show the address to non-checkusers, since if there's going to be any investigation of other activity from the address, it should include checking for edits under other accounts.

What about checking for edits made by that account. Being able to see if that IP was used solely for vandalism is most certainly not useful. Helping people sock is a good thing.Q ^{T C} 01:25, 24 May 2010 (UTC)[reply]

I don't understand this answer. Maybe I have a wrong impression of the workflow of these requests:

1. User requests account => since account doesn't yet exist, there are no edits from that account to check.
2. Looking at edits from the non-logged-in IP might reveal some obvious abuses, but if this is a concern, then checkuser should be routine, to find less obvious multi-account socking.
3. Account is created and request is closed => IP no longer visible, "except"... Question is how long the IP is retained after the request is closed. I'd expect it to be kept no longer than for normal editing, 1 month or whatever. Do you know if it's kept for longer than that?

69.228.170.24 (talk) 02:05, 24 May 2010 (UTC)[reply]

There is also a different issue: the account creation page uses http instead of https, making the account name/user IP combo susceptible to interception. Of course the emailed response is also potentially interceptable, but it might travel by a more secure route than the web page, so the unencrypted toolserver page increases exposure. I think the toolserver page should use https instead of http. This actually has much wider implications than are on-topic for the present discussion. 69.228.170.24 (talk) 22:13, 23 May 2010 (UTC)[reply]

As it stands at the moment, https is not available to users on the toolserver. Of course, if we moved it off the toolserver, then we could provide https (assuming a server owned by a wikimedian, or someone else). HOWEVER, that causes more privacy concerns than just being not https. I'll agree that https is a good thing, but we have few options here as far as I can see. Stwalkerster [ talk ] 01:34, 24 May 2010 (UTC)[reply]

What is the issue with running https on the toolserver? I also notice toolserver.org is running a closed-source web server (Zeus), which I thought wasn't in keeping with WMF practice. 69.228.170.24 (talk) 01:52, 24 May 2010 (UTC)[reply]

Firstly, The Toolserver is an entity of Wikimedia DE. What the Wikimedia Foundation do for their own servers is up to them, its purely a choice they made to use a particuler httpd. To call it WMF practice implies that the toolserver is out of line, which it isnt. Regarding the question of http / https on the toolserver, this would be best directed at River Tarnell (The co-ordinating admin of the TS) Im sure he will be happy to answer your questions.   «l| Promethean ™|l»  (talk) 02:20, 24 May 2010 (UTC)[reply]

I believe WMF practice has been to use FOSS software whenever possible. For a long time, secure.wikimedia.org popped browser warnings because WMF wasn't even willing to use commercial CA's, much less proprietary software (it had a cacert.org cert instead, which has weirdness of its own). Unless something has changed, I'd have thought that meant if the TS is WMF-operated, then it is indeed out of line (and if it's independently operated, then it's seeing way too much private data). I don't have it in me to hassle the folks running it over this either way, but using Zeus just seems like a surprising choice on all kinds of grounds. I may try to ask River about https. [Edited]. 69.228.170.24 (talk) 05:53, 24 May 2010 (UTC)[reply]

By the way, folks, I do appreciate the ACC team's work. Keegan (talk) 04:39, 24 May 2010 (UTC)[reply]

<-- I'm not going to repeat everything and I know I've said some of my things on IRC with Keegan earlier. First off (and it's kind of said above but just to make it clear) the return address used by actual emails from the team is the mailing list Account-en-llists.wikimedia.org the only @wikimedia.org email is the email automatically used for temporary passwords that an account creator gets no matter how their account is created (and we don't see). As I said to Keegan there are definitely issues with the way ACC is done both privacy whys and plain efficiency whys and we have the same (if not worse imo) issues with how unblock-l is run. Personally I think we need to take a look at how otrs is done but this isn't the exact location for that discussion. At the simplest we have a current issue with allowing mass people onto OTRS because they ALL need to be fairly vetted because they all get access to OTRSWiki which has some personal info. We need to find a way to allow groups on to the system who are trusted to do certain tasks but not see everything.

Both ACC and the unblock list are better then a lot of options but far from perfect. Options from all sides should be welcomed and looked at. James (T C) 06:50, 24 May 2010 (UTC)[reply]

Forgive my cynical point of veiw, but more abuse has come of the Checkuser and Oversight tools (which are included onwiki) than that of ACC and Unblock-EN combined (which are off wiki). I'm no einstien but I think im onto something! Oh, and if that didnt make you laugh, perhaps we should redirect all account requests to the checkuser mailing list. I'd really like to see them keep up with the (up to) 2500 requests a month from ACC alone neverloan unblock-en!   «l| Promethean ™|l»  (talk) 10:05, 24 May 2010 (UTC)[reply]

Regarding HTTPS on the toolserver: http://lists.wikimedia.org/pipermail/toolserver-l/2010-May/003161.html . Also, the toolserver gets a direct copy of all the wikimedia databases afaik. However, the only people who can see the full databases are the toolserver admins, who are all vetted by the WMF. Apart from that, the toolserver is a separate entity from the WMF, and therefore doesn't abide by the same FOSS idealism that the foundation uses - and the foundation FOSS thing is an idealism (they'll use FOSS where possible, but it won't stop them from using propriety stuff when it's better or they have to. Stwalkerster [ talk ] 11:57, 24 May 2010 (UTC)[reply]

Aren't blocked users unable to use ACC and referred to unblock-en-l anyway? Stifle (talk) 19:57, 24 May 2010 (UTC)[reply]

Why would blocked users be unable to use ACC? Using it doesn't involve making any edits. The user just clicks a link to an off-wiki url. 69.228.170.24 (talk) 20:09, 24 May 2010 (UTC)[reply]

Because the tool prevents users who are blocked from creating an account. They are redirected to unblock-en-l so the people with more experience with blocks can deal with it. Stwalkerster [ talk ] 20:12, 24 May 2010 (UTC)[reply]

The only exception to that is Range Blocks we still accept, but they are only created after a Checkuser has given the all clear.   «l| Promethean ™|l»  (talk) 03:42, 25 May 2010 (UTC)[reply]

Sorry if there's a better venue for this, but for a little while now when I come across IPs that are either directly or rangeblocked anon-only + account creation blocked I have advised them to either log in if they have an account already or come here if they don't. Is that correct? Syrthiss (talk) 12:26, 19 July 2010 (UTC)[reply]

Over the last few days, some drama has broken out on ACC regarding account suspensions. While the details of the aforementioned drama are beyond the scope of this proposal, it would seem that the conflicts have at least partially been fueled by the fact that one of the users involved, despite being involved in the ACC project, never subscribed to the accounts-enwiki-l mailing list. To me, the mailing list is the ideal place for on-the-record discussion amongst ACC users, a task which I believe the #wikipedia-en-accounts IRC channel unfit for due to its no public logging policy. Therefore, I am proposing that it be made mandatory for all users to be approved to access the ACC interface on the toolserver to subscribe to the accounts-enwiki-l mailing list, and final approval for their ACC tool account not given until it can be verified that they are subscribed. In addition, I propose that the mailing list be made the official medium for dispute resolution between ACC members and discussions regarding account suspension (that is, ACC tool account suspension).

As I mentioned, there are many benefits to doing this. Foremost is that the mailing list is an official and on-the-record form of communication. If all ACC users were to be compelled to subscribe to it, its archives would be freely available to all ACC users. IRC, on the other hand, is comparatively off-the-record, mainly because of its no public logging policy, and, to be "on-the-record," would require each ACC user to maintain a persistent connection to IRC and maintain their own log files. In addition, making accounts-enwiki-l subscription compulsory and including dispute resolution as one of its uses would help avoid angry outcries against such emails when they do appear, for they would, for lack of a better phrase, be included in the job description.

Of course, this isn't without its problems; for example, what's to prevent someone from unsubscribing from the list immediately after their ACC tool account is approved, and exactly how would the process of ensuring that a prospective user is subscribed to the list before their account is created would work. The unsubscribing problem is, admittedly, a little hard to prevent; most likely, it would be a "you'll get suspended if we notice that you're unsubscribed" sort of thing. And, in my mind, the process of ensuring subscription would work something like this:

1. User requests access to the ACC tool
2. As currently done, talk page interaction would occur to ensure that the user actually requested access
3. Standard discussions between admins (perhaps on the mailing list?) and/or admin decision
4. If the admin decides to approve, they leave another message on the requester's talk page, saying that their request will be approved once they are confirmed to have subscribed to the mailing list. Message would include links to the mailing list, etc., and ask the user to reply on the admin's talk page once they've subscribed
5. Once the admin verifies that the user has subscribed, their account is approved

Another problem is how do we ensure that the user has subscribed? Specifically, how do we link the username to the email address? Well, the mailing list does request verification of your identity before allowing you to subscribe, so perhaps something could be done here (such as a mailing list admin "tagging" the ACC tool account request as "confirmed to have subscribed to the mailing list") to achieve that. Of course, the above procedure is completely unrefined, and I'm sure there could be some way to improve it, perhaps by modifying some code somewhere.

And, for all of this, there is another alternative, which is making the #wikipedia-en-accounts IRC channel publicly logged, but this could cause problems in terms of logged messages from ACCBot and such. --FastLizard4 (talk•contribs) 07:47, 26 August 2010 (UTC)[reply]

While I am no longer a member of the team (eh, maybe again one day), this strikes me as smart. Public logging of the channel is smarter, just write a script to have ACCBot be ignored, or have it work via /notify (and have the logging account /ignore ACCBot). →ROUX ₪ 08:06, 26 August 2010 (UTC)[reply]

As a moderator for the mailing list (at the moment - given the current drama etc), I get a message every time someone subscribes, is approved, or unsubscribed from the mailing list (as well as every time a message is caught for moderation). Good idea. [stwalkerster|talk] 12:03, 26 August 2010 (UTC)[reply]

(edit conflict)::I support FastLizard4's proposal. But, is there a way for mailing list admins to closely monitor the list of subscribers? Maybe some kind of system could be created where they'll be notified if someone leaves the list? I don't know if that's possible on the technical part though. Public IRC logs should also be considered... because some vital parts of the you-know-what-drama occurred in the IRC channel and not everyone will always use the mailing list for communication purposes. Bejinhan talks 12:08, 26 August 2010 (UTC)[reply]

Public logging seems OK, but half of what we discuss is off-topic. Mandatory mailing list subscriptions should be a definite. Not everyone is on IRC all the time, but mailing lists are easier to get big announcements up for everyone to see, and there's no need to go through logs and such. —fetch·comms 21:41, 27 August 2010 (UTC)[reply]

• I'd support mandatory membership on the mailing list -- PhantomSteve/talk|contribs\ 19:43, 1 September 2010 (UTC)[reply]
• I'd support mandatory membership of the mailing list (and suggest we have a couple more mailing list admins to relieve the increased workload) whilst completely and utterly opposing any public logging of IRC logs in any shape or form whatsoever Alexandr Dmitri (talk) 08:23, 2 September 2010 (UTC)[reply]

Alexandr: I should be more active from now onwards, so hopefully we won't need any more mailing list admins (I'm sure Stwalkerster would appreciate the help! ;)), that said, I've not been seeing how big the workload is recently. The Helpful One 17:03, 2 September 2010 (UTC)[reply]

Extra workload will just be a case of sitting on -owner and poking the tool appropriately. We're getting 6-10ish spam per day, and about 0.5 valid mails per day AFAIK, though I've pulled those figures from intuition only. In general, I support IRC logging, but at the same time making public the amount of shit we talk about in there, and bot alerts? That's about all we talk about, other than the odd occasion anyway. I don't think it's a good idea to be public. FWIW, both ACCBot and Helpmebot keep logs, albiet designed for debugging purposes only, and generally speaking those logs aren't made available for general consumption, but I have referred to them several times over the course of the recent drama. Just throwing in another suggestion. [stwalkerster|talk] 20:39, 3 September 2010 (UTC)[reply]

Not intentionally trying to sound rude or specifically targeted at stwalkerster either, but the channel is public - it's not password protected and anyone can walk into it/observe/log it. Although a member of the ACC team could probably be thrown off for posting logs, the only action that could be taken against someone else would be to ban them from the channel (Wikipedia doesn't have any juristiction on Freenode and vice versa) and they can only be banned if their username was known. I don't think that's ever happened, but I'm just trying to demonstrate a scenario and when the channel is open to all it should be assumed that logging is occuring and if it's occuring then it should be official nullifying any 3rd party. Maybe it's just because I've been on IRC since 1996 and spent 5 years actually running a rather large network that I'm not so fussed about this, but IRC is largely a public medium and if you don't want something to come back and bite you, don't say it (the same can be said of email, webpages and even chat messages though!).  ZX81  ^talk 15:40, 4 September 2010 (UTC)[reply]

A good point - perhaps it can be like -admin and -privacy, which you can't join unless you are approved? -- PhantomSteve/talk|contribs\ 15:41, 6 September 2010 (UTC)[reply]

Seems like a good idea - that way perhaps they could be signed up to the mailing list and the channel at the same time? The Helpful One 22:46, 6 September 2010 (UTC)[reply]

• Mandatory joining the mailing list sounds like a very good idea to me although obviously you can only lead a horse to water, you can't actually make it drink (or in this case read the emails).  ZX81  ^talk 15:43, 4 September 2010 (UTC)[reply]
• Making joining the mailing list mandatory seems like a perfectly reasonable idea to me. Maybe all of this drama could be lessened if that were to happen? :) However, I completely oppose public logging of the IRC channel. ~~ Hi878 ^{(Come shout at me!)} 21:27, 5 September 2010 (UTC)[reply]

Should we add something to this indicating that we are not able to accept requests from free e-mail services such as hotmail? From what I understand from others at Unblock-en-l, we generally don't, and that makes sense, because it seems like it would be awfully easy for a sockpuppeteer or vandal to bypass the block by repeatedly requesting accounts with throw-away e-mail addresses.

How do we handle slightly more respectable free e-mail services, like gmail? --Moonriddengirl ^(talk) 12:30, 6 September 2010 (UTC)[reply]

Current practice is to request non-free emails only when there is a problem with the IP such as those mentioned above. Otherwise we AGF, in the same way that standard account creation without using the ACC process does not require non-free emails. Alexandr Dmitri (talk) 12:45, 6 September 2010 (UTC)[reply]

I agree with this - I think if we removed all the accounts which were created using free email addresses, we'd lose an awful lot of our established editors! If I remember correctly, my first email which I registered with was probably a hotmail one - although I might be wrong - and I changed to my current non-free one when I acquired my own domain. Unless there is a problem as you mentioned, there is no reason why an account should not be created with a free email address. -- PhantomSteve/talk|contribs\ 15:43, 6 September 2010 (UTC)[reply]

I wouldn't exactly have an email address either - my free email address does the job for me - and allows me to separate wiki stuff from all the other emails I receive. The Helpful One 22:06, 6 September 2010 (UTC)[reply]