User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1) Gecko/20061010 Firefox/2.0 Build Identifier: == Problem == Users must create wiki accounts before they can edit developers.mozilla.org. == Why it's bad == "[Locking down a wiki] does reduce spam, but it is a poor solution... because you are introducing something which massively inconveniences real users. Having to choose a username and password is a big turn off for many people. The wiki way is to be freely and openly editable. This "soft security" approach is one of the key strengths of the wiki concept. Are you going to let the spammers spoil that?" -- == My idea == It would be great if you used a less frustrating anti-spam solution than mandatory registration. Perhaps you could enable an anti-spam CAPTCHA extension for unregistered users and disable it for registered users? == See also == See also bug 370955, "Users must create accounts before they can edit wiki.mozilla.org. This discourages editing."  http://meta.wikimedia.org/wiki/Anti-spam_Features  http://wiki.chongqed.org/MediaWiki Reproducible: Always
I'm personally against this, as I feel that if a user has something worthwhile to contribute, he/she won't mind creating an account. Not requiring an account leaves the wiki easily open to abuse.
(In reply to comment #1) > I'm personally against this, as I feel that if a user has something worthwhile > to contribute, he/she won't mind creating an account. Not requiring an account > leaves the wiki easily open to abuse. Not requiring an account does _not_ necessarily leave it easily open to abuse, as the reporter outlined in the initial report, and I _know_ that there is not a correlation between "has something worthwhile to contribute" and "doesn't mind creating an account". We routinely hear that someone can't be bothered to put something on the wiki because they don't want to create an account (or just because the login mechanics are so unfortunate, but we'll get that fixed in an upgrade soon, I hope against hope). For a while I believe that even bz resisted putting things in the wiki because of the account annoyance, and that annoyance is the whole reason behind our single-signon extension on MDC. The whole point of our use of the wiki model is that it makes it easier for people to make contributions (often very small to start, like a typo correction or fixing a dead link), and we should not rank that above (ineffective) anti-spam measures. We could trivially end the spam problem by just not letting _anyone_ edit the wiki, as an extreme example, but the spam protection exists to make the wiki more _useful_, not as a first-class goal of its own. Our tools serve us, not the opposite, or we lose all day.
A more reasonable explanation for the account requirement is not as an anti-spam measure, but in communication consistency. If you don't log in, you're recorded on the wiki by your IP address. IPs change over time. Using an account (even if it's a fake name the person made up) helps us get to know the user and the type of things they're good at helping with because any changes from that person would all get recorded with the same name in the change log. That said, that may not be a good enough reason in itself to keep it, but we're going to have to deal with spam whether people register or not, and the above certainly carries more weight with me than the anti-spam tactic does. It also helps a lot when someone makes sweeping changes to an important wiki page if we see a name to go with it and know "oh yeah, that's someone that's important with that project, he knows what he's doing", rather than seeing an IP address because the person forgot to log in first and thinking it must be vandalism because they changed things in a strange way.
Wikipedia doesn't require you to log in to edit. But when you try to make sweeping changes without logging in, the admins message you and tell you to please log in. Their system works fine IMO. :-)
I don't object to easier ways for people to sign up for new accounts, which don't interrupt their contribution flow. Even just putting the "enter username/password (twice for new users) to credit this contribution" box on the edit page would help a lot there. Regular contributors are much more likely to create an account, but people usually have to go through being a casual or "just this once" contributor first, and I'm looking to reduce the barriers to that critical first contribution.
(In reply to comment #5) > I don't object to easier ways for people to sign up for new accounts, which > don't interrupt their contribution flow. Even just putting the "enter > username/password (twice for new users) to credit this contribution" box on the > edit page would help a lot there. It'd be really cool if someone added such a feature to MediaWiki CVS HEAD. Maybe we should send a feature request to http://bugzilla.wikimedia.org/? :-)
While it sounds cool to not require people to log in to do edits, in reality that's not an optimal solution, for one reason: when people have accounts, it makes it a lot easier when we go through doing proofing passes on updates. More or less every revision to the MDC wiki is checked by someone; I look at all of them (with the occasional exception). If I see that a change was done by someone I know, I can usually just give it a quick glance and move on. Allowing anonymous edits will tend to reduce the number of changes that are tagged with identification that will let me do that, which will make proofing the wiki take much longer. Even regular contributors will eventually quit logging in, because it's the kind of thing people won't do if they don't have to. I agree with shaver that the best approach is to make it easier to sign up for a new account.
(In reply to comment #7) [snip] > Even regular contributors will eventually quit logging in, because it's the > kind of thing people won't do if they don't have to. I disagree on that point. On Wikipedia, all the regular contributors log in. I suspect this is because of social pressure and egoboo. Anyway, cookies and the Password Manager make it easy to stay logged in forever.
(In reply to comment #8) > Anyway, cookies and the Password Manager make it easy to stay logged in > forever. That's true, especially if we can make sure that the log-in-for-this-edit thing plays nice with the password manager. People should only have to log in once, and I think that even if people had to type their u/p on the edit page periodically because they change profiles or something, they'd be quite likely to do that. Much more likely than the current try to edit, log in, back to page, edit cycle now, at least.
(In reply to comment #9) [snip] > ...if people had to type their u/p on the edit page > periodically because they change profiles or something... Hmmm... Asking for a login on the edit page is an interesting idea, but is it *really* the best way to do things? Why not just allow anons to make edits, but request that they please log in for larger ones?
I'm not saying that we shouldn't allow anon edits (though I'm sympathetic to sheppy's point about policing bandwidth; the ratios are different for us here than for Wikipedia, I think, so their experience may not translate fully). I'm saying that we should strongly encourage people to log in and/or register, and we should make it possible to do that right on the edit page so as to give them fewer reasons to _not_ log in.
The wiki (or Firefox, I guess) forgets my login very often, at least twice a week. It drives me crazy. I know that I'm the kind of person that would just do all my contributions anonymously rather than bother to log in (logging in is a pain, which is the point you're trying to make here, I think), if that were an option. I don't think I'm the only person like this. The point is that I don't want there to be anonymous edits, not even for little changes. Here's why: the majority of the changes I have to back out have typically been minor edits. For example, someone replaces the URL in an example on doing a search plugin with a link to a porn site. That's a really common type of page sabotage/spamming I see, very subtle changes to pages that might be missed if you weren't looking for them. I'd rather not have people doing these things anonymously, without having to log in.
(In reply to comment #12) > The wiki (or Firefox, I guess) forgets my login very often, at least twice a > week. It drives me crazy. Sounds like a bug. Perhaps you can get help on freenode #mediawiki or irc.mozilla.org. But if I recall correctly other people have the same problem. Maybe someone needs to open up a bug against developers.mozilla.org so that people will look more deeply into the issue? [snip] > the majority of the changes I have to back out have typically been > minor edits. For example, someone replaces the URL in an example on doing a > search plugin with a link to a porn site. That's a really common type of page > sabotage/spamming I see, very subtle changes to pages that might be missed if > you weren't looking for them. Maybe the Patrolled Edits feature would help. It lets trusted users mark edits as OK. Once marked, they are flagged as OK on the recent changes list. Perhaps it'd be best to: * set up some anti-spam solution, then * do a one-day trial of anon edits and see how it goes?
(In reply to comment #13) > Sounds like a bug. Perhaps you can get help on freenode #mediawiki or > irc.mozilla.org. Not with the version of MediaWiki we currently run.</troll> If the login preservation mechanism can be fixed and the edit page given a login/register mechanism, I personally think that's sufficient; others will doubtless disagree. If patrolling is to be used, there'd have to be some evangelism for it. I believe it was enabled at one point on either MDC or wiki.m.o, but because nobody used it it was just so much visual spam. Also, I skim recent changes using the RSS feed, so I and others who do likewise aren't really going to be involved in patrolling, even if we review most of the edits anyway. Patrolling doesn't interact well with the feed mechanism, unfortunately.
I can't use patrolling either, always forget to click the 'mark changes as patrolled link'. An anti-spam solution is likely not enough. At least we should also disallow image uploading for anonymous users (as well as users with less than X edits) and set up some sort of 'stupidity filter'. It's pretty tiring already to clean up after people who don't understand what wikis are for or think that MDC is their personal webpage / image hosting/
(In reply to comment #14) [snip] > Patrolling doesn't interact well with the feed mechanism, unfortunately. Could this be fixed with a delay system? The feed could show only edits that have sat for 15 minutes and not been marked as patrolled OK. :-) (In reply to comment #15) [snip] > I can't use patrolling either, always forget to click the 'mark changes as > patrolled link'. Therefore you think the patrolled edits system is a bad idea? :-) > It's pretty tiring already to clean > up after people who don't understand what wikis are for or think that MDC is > their personal webpage / image hosting/ Maybe it'd be worth it to set up something like http://en.wikipedia.org/wiki/Wikipedia:Introduction or http://en.wikipedia.org/wiki/Wikipedia:Tutorial and mention those rules there?
(In reply to comment #16) > > It's pretty tiring already to clean > > up after people who don't understand what wikis are for or think that MDC is > > their personal webpage / image hosting/ > > Maybe it'd be worth it to set up something like > http://en.wikipedia.org/wiki/Wikipedia:Introduction or > http://en.wikipedia.org/wiki/Wikipedia:Tutorial and mention those rules there? > You must be kidding. Those people who do this just can't read at all, they'll ignore whatever you write.
(In reply to comment #16) > Could this be fixed with a delay system? The feed could show only edits that > have sat for 15 minutes and not been marked as patrolled OK. :-) The feed system doesn't exist to replace patrolling. I use it to follow articles and their content as they're published to learn new information, not just to vet article changes for correctness.
I personally use the feed system primarily to be alerted to new changes so I know when and what needs checking. In other words, having the feed only show stuff after a delay will actually make the proofing harder, not easier. We already have pages that say what MDC is for and not for, and people ignore them. Having anonymous editing would certainly make it even harder and more frustrating to avoid having people post personal web sites. My favorite is the teacher that would not give up on trying to set up a complete web site for her 5th grade class. Every time we deleted it she'd set it back up again. Allowing anonymous edits would just make that more common and frustrating.
The fact that we've had the problems we've had recently with bot attacks (which led to the current disabling of new user signups to edit the wiki) leads me to not be supportive of providing an easy means of editing without signing up. Unless one of you guys feels like dealing with undoing all the random deletions of content. I sure don't want to be the one to do it. :)
Automatically closing all bugs that have not been updated in a while. Please reopen if this is still important to you and has not yet been corrected.