On Fri, 31 Jan 2003, Sheldon Rampton wrote:
M Carling wrote:
If this turns out a be a serious problem, one idea would be to only allow logged-in users to make changes (except in the Sandbox).
That won't do much to keep out banned people. If someone wants to continually evade the ban, all they would have to do is subscribe a different user name every time they need to log in.
It would discourage some but not all vandals and would do so without significantly discouraging contributors.
Banning IP numbers isn't a very satisfactory solution either. To get around that barrier, just visit a different Internet cafe every day.
In the event that this becomes more of a problem, perhaps the tech folks should start working on a more substantial system for authenticating subscribers. Here's what I think would work:
(1) Establish a toggle that people with developer status can use to switch between "permission required" and "no permission required" mode for accepting new subscriptions. When "permission required" is turned ON, new subscribers would have to pass their submission request through a sysop, who would have to approve it before they can begin posting. When it is turned OFF, people can subscribe the same way they do now. Most of the time, it would be turned OFF, but in situations where a persistent vandal is active, it could be turned ON. That would make it possible to deny access to the vandal until he or she loses interest and goes elsewhere.
This only works in conjuction with my idea above of requiring users to log in to make changes. Better to try only the less intrusive part first, and if it doesn't suffice, something more radical can be considered.
(2) Create a special page, computer-generated and available only to sysops, which lists all of the pending submission requests. It will list the nickname of each pending subscriber alongside a check box, so a sysop can go through and quickly approve a batch of names simply by running down the list, checking the boxes, and clicking a "submit" button. A separate check box next to each user name can be used to flag individuals for further scrutiny, and clicking on the name itself will take you to a talk page for that user. Most users can be quickly approved this way simply by verifying that their IP number is not on a banned list or range. The others can be contacted via email and asked a few questions. Of course, vandals could still get through eventually by giving disingenuous answers, but there would be enough barriers to entry to slow them down and keep them from simply running amok at will.
I like this idea better, but with a modification. Sysops could designate trusted users so that most submissions would not need to be queued for a check. Those that need to be checked can be examined directly to see whether or not they are vandalous -- no need to engage in an email exchange.
M Carling