Tarquin wrote in part:
I think the time has come for sysops to be able to ban usernamed users.
Let me tell y'all how I spent my weekend.
First, Friday morning (15:00 UCT), I got email from lorp@myfonts.com, who identified himself as [[User:Hotlorp]] (which was eventually confirmed when he left a message on my user talk page while signed in). Apparently his IP (194.117.133.198) was blocked. Note that Hotlorp contacted me, not the admins that had blocked him, because I have an email address on my user page, which is advertised on [[Wikipedia:Administrators]]. Since it had been a week and the IP was dynamic, I unblocked it once I got his message, which was around noon (19:00 UCT). I mailed this information to Hotlorp then.
Hotlorp tried again later (around 19:00 UCT), but was on IP 194.117.133.196, which was still blocked. So I unblocked that when I got the message (around 23:00 UCT). Then he came on and made some edits a few hours later (around 4:00 UCT or so), and I went to bed.
While I was sleeping (around 12:00 UCT), a vandal arrived, using bots (apparently) to splatter goatse across Wikipedia. This vandal thwarted our standard blocking mechanisms by using signed-in user names, which were chosen to make fun of us. The vandal made fun of Scipius, who responded to the vandal, but also made fun of people that had nothing to do with responding to the vandalism: Ed Poor, TMC, proposed moderators. These moderators were mentioned only on the mailing lists, and Ed and TMC were also participants in those discussions. Conclusion: The vandal has been reading the mailing lists.
Suspicion of the vandal fell on 194.117.133.196 (and 194.117.133.198), which were the last IPs to be used for goatse and which had (as mentioned) been unblocked less than a day earlier. These IPs had few redeeming edits -- after all, all of Hotlorp's good edits didn't show up in their user contribs. However, these IPs weren't blocked again right away, and there was no confirmation posted to the VANDALISM page that these IPs were actually being used by the vandal. An hour after arriving, the vandal left. I saw no record of any IPs' being banned at that time.
A couple of hours later (shortly before 15:00 UCT), Koyaanisqatsi blocked these IPs to stop the vandalism. In email with KQ, we've been unable to figure out why the last evidence of the vandalism now on Wikipedia ended hours before the blocking, even though KQ remembers seeing vandalism on Recentchanges just before blocking (and saw that the vandalism stopped after the blocking). Were people no longer reporting the vandal's user names to [[Wikipedia:VANDALISM IN PROGRESS]]? Or was the vandal now creating pages that people were deleting? (But there were no deletions during that time either; the last deletion log entry connected to goatse is 12:55 UCT.) Indeed, AFAICT, there is no particular evidence that this particular vandal was ever using these IPs, only that some goatse vandal (maybe a different person entirely) had used them a week ago.
Whether or not KQ actually blocked the vandal, he did block somebody else. Hotlorp had just returned, and he managed to get in 3 edits before he was blocked again. He emailed me again (no contact information for KQ) and I unblocked the IPs when I got the message (just before 24:00 UCT). I watched [[VANDALISM IN PROGRESS]] like a hawk all night, looking for a sign of returning goatse, but there was none, and has been none since.
The problem, of course, is that we're blocking an innocent user when it's not at all clear that we're even blocking the vandal. And it's a cruel joke to tell the innocent user to contact the admin that blocked them when they have no method of doing so besides editing pages.
Solutions:
* Block more intelligently:
** Let admins see the IP of signed in users. Then we can at least know for sure who to block.
** Let admins whitelist a user name known to use a dynamic IP. (This can always be undone later if abused.)
** Allow admins to see all contributions from a given IP, whether or not they were made anonymously. This will allow us to check for multiple users and give us the opportunity to create the above whitelist at the same time that we block the vandal.
* Give blocked people a way to contact admins:
** At the very least, include a link to [[Wikipedia:Administrators]] in the message telling people that they've been blocked, so that it will be easy for them to get in touch with me.
** Other admins can advertise their email addresses there too. (Risk: I've never yet received inappropriate mail at <toby+wikipedia>, and this is the only case where I've been contacted by a blockee.)
** Set up a mailing list for administrators to take blocking complaints and give blocked people a link to that on the block message. (Same risk as before, and we only need a few admins to sign up.)
* Others?
-- Toby