--- Comment #11 from DF <> 2010-10-24 09:26:36 UTC ---
Locked accounts are locked for a very valid reason and it is only used for
engregious vandals, spammers, abusive usernames, etc. That locked and
lock-hidden accounts are now permitted to log-in, continue SULing and when
logged-in, use some features like Special:EmailUser has brought us lots of

Now locked-hidden accounts previously suppressed manually elsewhere can log-in
an start spamming the user creation logs with auto account creations that may
contain abusive usernames, private information, libellous/slanderous data, etc;
which may carry legal consecuences. This causes us doublework because we have
to reblock again and go wiki by wiki suppressing the username again = waste of
time and resources. Security issue.

That locked and lock-hidden accounts are now able to log-in and use features
like Special:EmailUser is harmful. Months ago we had a strong case of spam on
the Ukranian Wikipedia were a spambot exploited the system to send spam to
users all over WMF projects. It resulted that the bot was also using locked
sockpuppet accounts to exploit this feature globally; so the lock was
absolutelly useless for stopping this abusem we had nothing to do but go wiki
by wiki and start manually blocking the accounts = waste of time and resources.
All this was verified by CheckUser.

Another serious issue is bug 23310.

We should not worry about the appeals or if the user locked is gonna cry and
nobody will hear him because our priority is to stop the user.

So for now I think it is safer to go back and make locked and lock-hidden
accounts not able to log-in (thus, not able to unify, use email, etc) as was
done previously.

The globalsuppression option via JobQueue is, on the other hand, a very handy
tool and should be kept and updated (bug 23310).

Thank you.

Configure bugmail:
------- You are receiving this mail because: -------
You are on the CC list for the bug.

Wikibugs-l mailing list

Reply via email to