[Mike Godwin is CC'd on this as I'm sure he simply doesn't have time to follow everything on foundation-l, and I would in this case greatly value his input on my proposal at the end of the email, and the policy it would require to support it.]
As I tried to point out in my earlier message, the issue is predominantly IP addresses, not usernames.
In an attempt to explain without giving privacy policy violating details, we had a persistent vandal on Wikinews who was creating dodgy usernames, getting blocked for vandalism, then coming back when the autoblock on the IP address expired, creating a new user, and starting over. Local administrators DO NOT KNOW THE IP; they just block the name. Where it's one user every three or four days it is not immediately apparent this is the same person.
I was the one who checkusered one name, on Wikinews. I'd gotten suspicious enough to take that decision, if you don't understand how much of a grey area this stuff is you shouldn't be commenting unless it is to ask questions of people who do the job. The Checkuser gives the IP address and from the IP address you can get a list of all usernames. In this case, we had, at the limit of data retention, an "X on Wheels" account, so either Willy on Wheels himself, or a copycat. Every single one of the dozens of accounts had been indefinitely blocked, so this IP address was a pretty permanent home for the vandal. There was no collateral damage in putting in place a long-term block (in this case three months) preventing the IP from editing either logged in or not.
This information was then shared on Checkuser-l, and checkusers on other projects started confirming they had similar issues with the IP address; lots of accounts that had all been blocked indefinitely for vandalism. A general consensus formed to apply a three month block across multiple wikis.
These are the sort of cases that a global block ability would cover, and I would restrict access to such a tool to stewards. For this case we do not know if we got every WMF wiki, and the work... To get wikis where there is nobody with Checkuser you're looking at a steward granting themselves the right, applying the block, and taking the right away from themselves again. This is a VERY time-consuming process.
So what I would propose for global blocking is that stewards have an extra option to block an IP address (*NOT a username*) across all wikis.
The policy and guidelines for use of such a feature are the difficult bit, and what I believe this discussion should be working towards. Yet, they need room for application of common sense. We restrict it to Stewards, the most trusted users. We expect proven (Checkuser confirmed) vandalism on multiple wikis. We expect a stable IP, or a range with little or no collateral damage. What more? Consensus from a number of checkusers on different projects?
Some of the suggestions I've seen in this discussion are unworkable. We promise to keep IP information out of the public eye when you register an account. The ability to access that information is restricted, and rightly so. Checkuser is a delegation of developer power to trusted users. So, we can't run this on meta where everyone and their dog can access it.
Brian McNeil