Jimmy Wales wrote:
Tim Starling wrote:
Another much-requested feature is enhancement of
the rollback function,
especially to allow for page deletion. The bot created many pages,
apparently by following red links. In my opinion, the ideal feature would be
to allow the user to supply a list of IP addresses and usernames, and then
to revert every edit from those users with a single click.
This sounds like a wonderful idea, but I see a big problem with it.
If we had such a feature some sysops would be tempted to use it as
punishment against some bad users. There's a certain amount of
'vigilantism' that I've grumpily tolerated because it's very minor and
the people usually "deserve it" in some sense. But this would open a
huge new can of worms.
You can't expect people to follow the rules when every violation is
tolerated on the basis that it is in some sense justified. Sysops have
invested a great deal of time and emotional capital in Wikipedia.
Banning is not an effective punishment for trolls or vandals who will
switch identites and start again without a second thought. Banning or
demoting a sysop, on the other hand, is an effective punishment both
emotionally and in terms of the extreme difficulty in resuming the
original behaviour.
What I'm saying is that rules governing sysop behaviour can, in
principle, be enforced. However, I'll admit that it's important that
sysop actions be reversible.
Nicolas Weeger wrote:
What about something that'd require multiple sysop
approval? Like, 5
sysops to check something & click to confirm?
Only one of the seven wikis attacked had more than 5 sysops before the
attack. There were generally 1-3 foreign sysops working on cleaning up
the mess.
Jimmy Wales wrote:
Here's one idea -- a switch to toggle a captcha.
When a wiki is under
a spambot attack, the captcha would be turned on. Some captchas
aren't hard to defeat, but I doubt if the spammer is going to bother.
Unfortunately, I fear this will lead us down the path towards captchas
on all wikis on all edits, which would be unpleasant.
Captchas could slow down the attack somewhat. Let's say he uses 10 IP
addresses on 7 wikis. That means he would have to perform about 70
captchas. If each captcha takes 10 seconds, then it would require about
11 minutes of human time to perform the attack. Of course, he spent far
longer than 11 minutes developing the bot, but it does put a practical
limit on the scale and speed of the attack.
-- Tim Starling