Requests for comment/Allow sysops to override the spam blacklist
The following request for comments is closed. There is no consensus at this time to allow admins to override the spam blacklist. --Martin Urbanec (talk) 10:46, 26 March 2023 (UTC)
Proposal edit
Add the new userright sboverride (see phab:T36928) to the default admin toolkit (see phab:T313106). This userright allows a user's edits to override the spam blacklist.
Discussion edit
Support as proposer. Currently, a regex on the spam blacklist cannot be added to any page, for any reason. There are obviously very, very few times in which it would be necessary to link to a website on the blacklist, but occasions do exist. For example, it is impossible add a link to show the source of a copyvio from a blacklisted website. It is also impossible to correctly archive discussions that contain a newly-blacklisted link. The only way around this is for an admin to whitelist the website, make the desired edit, and then unwhitelist the website. According to Spam blacklist/About and Spam blacklist/Help, the spam blacklist exists to prevent spam, not to prevent the addition of specific links to pages. Sysops are highly trusted users. They can be trusted to refrain from spamming links. Over the decade in which phab:T36928 was open, there were several variations of one argument raised in opposition: granting anyone this right would lead to situations in which User:ImmaAdmin adds a blacklisted link, User:ImmaVandal replaces the entire content of page with Not Good Things, and then User:Vandal-reverter is unable to revert the vandalism. First, these cases would be rare, given the limited number of pages which would have blacklisted links. Second, almost every single wiki has some version of a {{edit protected}} template so someone can request that another user perform edits that they are unable to make themselves. Third, this problem already exists (from links added before the link was blacklisted). Reverting this type of vandalism requires an admin to whitelist the website, revert the edit, and then unwhitelist the website. With this change, it would actually be easier to deal with this type of vandalism, not harder. The same logic applies to accidental/good faith/merely disruptive/etc. removal of "good" blacklisted links—it would still be easier to fix than it currently is. HouseBlaster (talk) 03:21, 18 July 2022 (UTC)
- In response to the opposition below surrounding bad-faith admins: We do not and should not deprive admins of the ability to delete pages or block users by default just because these could be exercised in bad faith, to the detriment of the movement. If an admin is a spammer, the problem would not be that they can spam links on the blacklist. The problem is they hold a mop in the first place. HouseBlaster (talk) 21:05, 21 July 2022 (UTC)
- Support Suggest to also create another user group have this userright so that non-admin users may also request the flag to override. --Liuxinyu970226 (talk) 10:28, 18 July 2022 (UTC)
Oppose This is completely unnecessary and would greatly complicate subsequent editing of the page. There is no need to irritate non-admins by reminding them of their status by having to submit an edit request. If someone needs to demonstrate a copyvio, just write www.example.com/location/page.html. Anyone capable of assessing a copyvio can easily copy/paste the link. Johnuniq (talk) 01:12, 19 July 2022 (UTC)- Support Not something I would use often, but it does come up and admin should be trusted to know when to make an exception. It would simplify the process for editors. Dennis Brown (talk) 01:17, 19 July 2022 (UTC)
- How would this work? Would edits just automatically happen, or would there be some "This is on the spam blacklist, are you sure you want to do this?" confirmation page? I'm thinking of my own experience of wanting to add a <youtu dot be> URL and hitting the blacklist stop. I went to the blacklist noticeboard, asked for an override, and was soundly refused. Apparently these kinds of URLs had been used nefariously in the past as bogus redirects. Had I had the override bit, my edit, presumably, would have just happened without me being any the wiser. RoySmith (talk) 01:32, 19 July 2022 (UTC)
- I don't know, but I assume a request would come in to WP:AN, we would review and see if it qualifies, if it does, go to add, and I bet it would be like you said, a "are you sure you want to do this". I would hope it would do that, otherwise if it just did it without notice, an admin could accidentally add a blacklisted website in the course of normal editing. I'm guess that once the bit is in place, the system for warning could be changed if needed. Of course, if it is warning us when we try to add, we can always refuse to add if we aren't comfortable. I think most of the time, it's cut and dry. If I'm not sure, I would not do it. Dennis Brown (talk) 01:48, 19 July 2022 (UTC)
- How would this work? Would edits just automatically happen, or would there be some "This is on the spam blacklist, are you sure you want to do this?" confirmation page? I'm thinking of my own experience of wanting to add a <youtu dot be> URL and hitting the blacklist stop. I went to the blacklist noticeboard, asked for an override, and was soundly refused. Apparently these kinds of URLs had been used nefariously in the past as bogus redirects. Had I had the override bit, my edit, presumably, would have just happened without me being any the wiser. RoySmith (talk) 01:32, 19 July 2022 (UTC)
- Support per all above, particularly per Dennis Brown. Regarding Johnuniq's objection, sysops are sysops, and non-admins are not likely to be irritated by this rare situation more than they are already irritated at being unable delete pages, see deleted edit history, move over existing titles, and the like. BD2412 T 01:28, 19 July 2022 (UTC)
- A page with a blacklisted URL can't even be archived. Is copy/paste so hard? Johnuniq (talk) 03:29, 19 July 2022 (UTC)
- Support I've run into the exact scenario that HouseBlaster described, and its unbelievably irritating. This should be enabled by default, anything short of that is akin to a terrible user experience. -FASTILY 07:59, 19 July 2022 (UTC)
- Oppose for a variety of reasons. Blacklisted items are blacklisted for a reason. I've found on smaller projects in particular, especially those without active communities and who have inexperienced, temporary sysops, some have been actual spammers. This is too ripe for abuse on smaller projects that lack any oversight. Praxidicae (talk) 13:13, 19 July 2022 (UTC)
- A malicious sysop can already just remove links from the local blacklist, or locally whitelist links on the meta blacklist. —Cryptic (talk) 17:15, 19 July 2022 (UTC)
- That doesn't change my overall statement nor my point. Praxidicae (talk) 18:00, 19 July 2022 (UTC)
- A malicious sysop can already just remove links from the local blacklist, or locally whitelist links on the meta blacklist. —Cryptic (talk) 17:15, 19 July 2022 (UTC)
- Oppose per Praxidicae. Giraffer (talk) 06:28, 20 July 2022 (UTC)
- Oppose per Praxidicae. FWIW, most small wikis, and I'm not talking about those patrolled by the SWMT, but actual tiny wikis (i.e. those with 3 or fewer sysops) have sysops that might not actually fully understand what it means to be a sysop on a Wikimedia project – some of them might even be indefinitely blocked on one of the larger wikis and as Praxidicae mentiones, "some have been actual spammers". --SHB2000 (talk | contribs) 09:45, 21 July 2022 (UTC)
- Oppose. New links shouldn't be added, and in most cases existing links should be removed. URLs can be mentioned without being external links. Peter James (talk) 18:10, 21 July 2022 (UTC)
- Oppose If there is a good reason for a blacklisted link to be on a page, that link
/page combinationshould be whitelisted. (Adding a way to whitelist a link on a specific page only would be a better change.) If there isn't good reason, then the blacklisted link should be removed or, if needed to preserve context, nowiki'd or otherwise made to not trip the regex. But I see no situation in which it makes sense to allow a sysop to add a link, but not to allow others to restore it.There is furthermore the fact that Special:Diff is not always perfect at determining which lines a user has added (and probably always will be, since at a certain point we're talking about getting a computer to infer a human's intent), so having any blacklisted links on a non-whitelisted page means potential false positives on edits that don't even intend to interact with these links.-- Tamzin[cetacean needed] (she/they) 04:06, 22 July 2022 (UTC)- @Tamzin
Developer note: yes, it can be hard to tell what *lines* an edit adds, but the link filtering is based on what links existed before the edit vs. what links exist after (exist meaning interpreted as an external link by the software). Do you have any evidence that an edit that did not try to add a link was prevent by this extension? See the code - this part makes it so that if the page already existed, the links that are checked are only those that were added in the current end. --DannyS712 (talk) 00:18, 1 August 2022 (UTC)
- @DannyS712: Fair enough, struck. Also clarified my statement regarding link/page combinations. However, blanking and reversion isn't exactly an uncommon occurrence on-wiki, so I still see any right like this as a net-negative. -- Tamzin[cetacean needed] (she|they|xe) 00:37, 1 August 2022 (UTC)
- @Tamzin thanks. @Graeme Bartlett @Reaper Eternal @Pppery (and maybe @Rschen7754?) you seem to have based your comments on Tamzin's now-struck analysis that this could result in non-admins being unable to edit pages that already have a link on them, do you still oppose in light of the fact that existing links on a page are not checked against the spam lists? --DannyS712 (talk) 00:45, 1 August 2022 (UTC)
- I still oppose per Tamzin's first two sentences. * Pppery * it has begun 00:47, 1 August 2022 (UTC)
- @Tamzin thanks. @Graeme Bartlett @Reaper Eternal @Pppery (and maybe @Rschen7754?) you seem to have based your comments on Tamzin's now-struck analysis that this could result in non-admins being unable to edit pages that already have a link on them, do you still oppose in light of the fact that existing links on a page are not checked against the spam lists? --DannyS712 (talk) 00:45, 1 August 2022 (UTC)
- @DannyS712: Fair enough, struck. Also clarified my statement regarding link/page combinations. However, blanking and reversion isn't exactly an uncommon occurrence on-wiki, so I still see any right like this as a net-negative. -- Tamzin[cetacean needed] (she|they|xe) 00:37, 1 August 2022 (UTC)
- @Tamzin
- Oppose as this prevents others from editing the page with the banned link included. Graeme Bartlett (talk) 09:49, 22 July 2022 (UTC)
- Oppose - This basically adds a hidden full protection to a page. Reaper Eternal (talk) 16:56, 22 July 2022 (UTC)
- Oppose per Tamzin. * Pppery * it has begun 20:40, 24 July 2022 (UTC)
- Oppose per above however I would be open to large wikis overriding the default configuration. --Rschen7754 02:15, 27 July 2022 (UTC)
- Oppose Solid point made by Praxidicae; I know of at least one smaller wiki project where administrative privileges are routinely abused for purposes ranging from censorship to content manipulation/removal with political motives. Entries end up on the blacklist for a good reason, this shouldn't be overridable. ArticCynda (talk)
- Support SummerKrut (talk) 13:17, 26 August 2022 (UTC)
- Comment, there's a related task discussing about granting
sboverridepermission tobot, which I think is much less controversial than granting such permission tosysop. I didn't find a place to discuss about that, maybe it could be discussed here as well? Stang 19:41, 29 August 2022 (UTC) 
Comment: 1. Most users don't know that blacklisted URLs can be added correctly if they are framed by <nowiki>. That would be a simple workaround for bots. However, these links are not clickable and I don't know how search engines behave in such a case. 2. Praxidicae's concerns are IMO justified. What about a per-project solution, so that "big" wikis can decide and activate it on their own? 3. (outside of this RfC) The SBLs contain three types of entries: a) URLs used for spam, b) URL shorteners c) URLs of sites that are not suitable for other reasons (discrediting wm, vandalism etc). One could consider splitting the SBL into two or three and automatically tag pages with blacklisted spam links as 'noindex' letting spam attempts run into the void. (Background: On Commons there are many pages having blacklisted links that had been added before they shew up on a SBL.) --Achim55 (talk) 18:03, 2 October 2022 (UTC)- Support It seems so strange to me that the main argument against this useful tool is that there are some sysops somewhere in small wikis who are not responsible enough for using it. Well, as sysops they already have quite many opportunities for abusing and mistreating; why would not we, for instance, strip all the admins in all wikis from their right to block users or delete articles in order to avoid any kind of abuse in small wikis? Andrei Romanenko (talk) 01:07, 22 March 2023 (UTC)
Premature edit
I think this discussion is premature, please see my comment at phab:T313106#8086575. Legoktm (talk) 01:44, 19 July 2022 (UTC)
- It may be, but for what it is worth, it is probably best if it is an available bit for admin, not bundled. So admin can opt out, per RoySmith above. Dennis Brown (talk) 01:49, 19 July 2022 (UTC)
- Maybe the overriding of the blacklist is essential for archiving talk page, I think... but we can also remove/disable the blacklisted links in discussion (add before blacklist). I think I would open for large wikis to overriding it. Thingofme (talk) 15:56, 2 August 2022 (UTC)