Open main menu

Semi-automated Portal creationEdit

I attempted to clarify that semi-automated creation of pages requires approval, not just articles. Headbomb reverted me, which is fine. I'm looking to ensure Portals can't be mass produced without discussion. Can we find a change that solves the problem now being discussed at VP? [1] Legacypac (talk) 01:54, 27 February 2019 (UTC)

Don't get me wrong, I support that change in principle, but going to 'pages' is a substantial change from 'articles'. For instance redirects are routinely created by semi-automated/automated means. I could go for 'content pages', where content is basically anything that readers can land on from the mainspace. Under that, articles, books, categories, and portals would all fit the bill since you can all access those from the mainspace. Headbomb {t · c · p · b} 02:06, 27 February 2019 (UTC)
I like that. We don't want to ban use of Twinkle to create XfDs for example. Legacypac (talk) 02:07, 27 February 2019 (UTC)
A change to "content" pages sounds good. —  HELLKNOWZ   ▎TALK 14:08, 27 February 2019 (UTC)
Do we RFC this, or is this a uncontroversial enough change to do with this discussion alone? Headbomb {t · c · p · b} 18:18, 27 February 2019 (UTC)
I don't think there is any change to the intent of the policy proposed, just an update to reflect that the semiautomated creation of portals are a thing now but were not a thing in July 2018 when there were 1700 portals no one was watching. Legacypac (talk) 18:23, 27 February 2019 (UTC)
Legacypac (talk · contribs) made this change, I refined to this. If we're all OK with the end result, I'll post a VP notice for more feedback. Headbomb {t · c · p · b} 20:03, 1 March 2019 (UTC)
I like your further changes. Very clear now. Legacypac (talk) 20:08, 1 March 2019 (UTC)
Headbomb, I would change the link to this thread to be a permanent link. It will be gone when the thread is archived. Ganeshk (talk) 22:47, 3 March 2019 (UTC)
Eventually. For now, it's a bit too recent to know if there won't be developments. Headbomb {t · c · p · b} 22:48, 3 March 2019 (UTC)
Headbomb, got you. That works. Ganeshk (talk) 22:56, 3 March 2019 (UTC)
Rather than make "broadly means" a link, I suggest having a reference. Usually linked text will point to a definition, rather than a conversation about the definition. isaacl (talk) 05:56, 7 March 2019 (UTC)
  • Whatever the letter of the policy, User:The Transhumanist has crossed the spirit of WP:MEATBOT and Good sense by autocreating thousands of pages. What is the penalty? What is the consequence? What is to be learned, and what is going to be done better going forward?
It seems he really only created the pages as "draft" subpages of a WP:WikiProject. This is not a project-damaging offence. I think he should be slapped with a wet fish. And then, he should be educated on better methods of Bot development. Define the scope. Do some testing, small scale. Present a case, listen to feedback. Do this BEFORE letting loose a MEATBOT violating process. Basically, follow standard WP:Bot processes and procedures.
Can someone skill with bot use give User:The Transhumanist some practical advice? --SmokeyJoe (talk) 05:24, 7 March 2019 (UTC)
@SmokeyJoe: I'd be willing to work with TTH - I think outlines have potential, and have even written 1.5 myself (User:DannyS712/Constitution is very much a draft) - @The Transhumanist thoughts? --DannyS712 (talk) 05:59, 7 March 2019 (UTC)
Outlines predate my Wikipedia career but what I've learned is there was massive backlash against them. SmokeyJoe - this thread pertains to the automated and semi-automated (he used both methods according to his own guide on making them) creation of thousands of portals. He breached these guidelines and we fixed the wording to make it even more clear not to do what he did. Legacypac (talk) 06:07, 7 March 2019 (UTC)

This is a bull shit edit [2] to cover his butt after he violated both WP:MASSCREATE and WP:MEATBOT. I've seen enough disruption. Someone else can revert him. Legacypac (talk) 18:16, 7 March 2019 (UTC)

I didn't make that edit, and you just falsely accused me. You are letting your emotions get the better of you. All edits I've made here have been to make the policy more clear.    — The Transhumanist   18:59, 7 March 2019 (UTC)
Meant to link to this edit [3] not sure how I got the other link. Some of your edits are ok but editing a policy to justify a breach of the policy is backward. You called your own edits semi-automated and you said you have a script that goes beyond semi-automated. You also claimed you checked these policies first. If you checked them you know you breached them, and if you did not check them, you misrepresented that you did. Legacypac (talk) 19:10, 7 March 2019 (UTC)
How is this edit an attempt to justify a breach of policy? (Note that no breaches of policy have actually taken place, to my knowledge). The change I was concerned about was the reporting of the results of a past discussion, in which different results were reported. I've improved the wording, so it is more clear. So that readers of the policy in the future are accurately informed, and so that editors wouldn't be confused upon discovering that the guideline didn't match the discussion referred to. Headbomb interactively improved my correction further, adding a link to the discussion in which the expansion of the policy took place (this very section we are in right now). Thank you, Headbomb.    — The Transhumanist   19:50, 7 March 2019 (UTC)
  • User:The Transhumanist, I suggest that any productive way forward from here does not involve you editing Bot policy, or engaging with Legacypac. An apology for startling your colleagues would be nice, and an acceptance of User:DannyS712's offer would be better. --SmokeyJoe (talk) 23:51, 7 March 2019 (UTC)

Clarification on "Bots operated by multiple users"Edit

It's not clear what is intended here by "directing any given edit" or "at the direction of more than one person". Presumably the intention is to cover bots that are manually assisted, and require the user to specify some specific information (beyond the name of the page to be processed) rather than bots that run automatically?

Could the guidance be updated to express this clearly?

Martin (Smith609 – Talk) 09:47, 18 March 2019 (UTC)

@Smith609: this is intended to be about bots that are performing assisted tasks or automatic bots that execute on user initiated triggers even when the bot is automatic (e.g. OutreachDashboardBot's creations.) Do you have a proposed rewording? — xaosflux Talk 12:03, 18 March 2019 (UTC)
(edit conflict) I guess the wording is unnecessarily convoluted. How about:
Accounts used for approved bots that can make edits of a specific designated type, at the direction of more than one person, are not likely to be a problem, provided:
Bot account may perform tasks that can be run by multiple persons, provided:
There is no restriction on task automation -- manual, supervised, automatic. There aren't restrictions on number of edits. There isn't a restriction on how the bot's run is timed -- on demand, continuous, one-time, at the same time, etc. There isn't even a restriction on who runs it -- operator, sysop, anyone. Basically, as long as this is disclosed in BRFA. At least, that's the practice. —  HELLKNOWZ   ▎TALK 12:20, 18 March 2019 (UTC)
I'm trying to understand the motivation behind this requirement. In the case of bots that execute on user initiated triggers, users aren't performing the tasks, the bot is. I don't understand why it matters whether the bot was activated by a user or by a CRON job. What is the purpose of being able to identify which user added a page to a bot's queue? Under what situation would it be okay for one user to trigger a bot to act on a page, but not for another user to trigger the same bot to make the same changes to the same page? If there is a problem with the bot, then isn't it the bot's maintainer (not its triggerer) who needs to be made aware of the problem? What exactly is this requirement trying to accomplish? Martin (Smith609 – Talk) 13:37, 19 March 2019 (UTC)
This is a bit of an edge case. A central part of bot operations is that the operator is responsible for all actions made by the bot, this is really about unusual bots that have multiple operators and a situation where a specific action or batch of actions should be associated with one specific operator, so that accountability is maintained. Most bots working under an automation process (e.g. that cron job) are considered the responsibility of all of the operators. — xaosflux Talk 13:52, 19 March 2019 (UTC)
Here, we have a bot with a user page that says "Editors who activate this bot should carefully check the results to make sure that they are as expected." Since citation bot messes things occasionally, knowing who activates the bot can lead to WP:TROUTING those editors who activate it without reviewing the results and let them know if they want to activate the bot, they're responsible for checking that things are as expected after the bot is done. Headbomb {t · c · p · b} 13:57, 19 March 2019 (UTC)
@Headbomb: I'm strongly in support of operators that make their bots trigerable by other users to start a batch (such as your example) and the example I had for OutreachDashboardBot identify the triggering user with the action. I'd say it doesn't remove the responsibility of the operator to be ultimately responsible for the action, but having that accountability is otherwise a good thing. — xaosflux Talk 14:05, 19 March 2019 (UTC)

It seems we all agree that it is best practice to identify the editor who triggered the bot. But is a bot violating policy if it does not do this? That is the nub of the issue at User talk:Citation bot currently — Martin (MSGJ · talk) 11:43, 20 May 2019 (UTC)

Not as written, no. Whether or not the spirit of the policy is violated is a different question. Headbomb {t · c · p · b} 16:35, 20 May 2019 (UTC)

New BAG nomination: EnterpriseyEdit

Hi! This is a notice that I have nominated myself for the Bot Approvals Group. I would appreciate your input. Thanks! Enterprisey (talk!) 06:15, 31 July 2019 (UTC)

Bots triggered by multiple usersEdit

Hello! Following up on the situations that were resolved with Citation bot, I think it would be useful to record the expectations for bots that can get triggered by other users to make edits without the operator needing to manually review it. Looking for some succinct verbiage to add to the BOTPOL on this. Needs to be broad, but not overly strict. Some obvious examples of bots getting triggered by other users that don't really need anything changes are anti-vandalism bots, copyvio detection bots, sinebot, archive bots. The citation bot issue's discussion has led to what I see a need for certain classifications of bots to authenticate, authorize, and identify the triggering user. The authorization can be simple (such as "is not a blocked user") or it could be more complex - but that degree is probably best left to a BRFA not the policy. I'm looking to record the current standards here moreso then to create a new rule. All input is welcome! — xaosflux Talk 13:20, 7 August 2019 (UTC)

Something like Bots which can be triggered by users other than the operator are expected to display the username of the requesting user in edit summaries and log entries and to not perform actions if the user is blocked or lacks the necessary user rights to carry the action out themselves? Jo-Jo Eumerus (talk, contributions) 13:38, 7 August 2019 (UTC)
Getting there I think - single-page type editing bots probably don't need that far; think this issue was primarily for when you could trigger the bot to edit an arbitrary page? Or perhaps this is really just an issue if the trigger is out-of-band of onwiki edits? It was clear that something needed to be done, and we shouldn't end up in a repeat situation in the future. — xaosflux Talk 13:46, 7 August 2019 (UTC)
For example, Special:Diff/909683673 isn't really a problem - as the source of the triggers is onwiki, logged, authenticated, and restricted - and that edit could include multiple updates from collaborative edits on the request page. — xaosflux Talk 13:48, 7 August 2019 (UTC)
Bots which can be triggered by users other than the operator are expected to publicly display the username of the requesting user in some way and to respect user rights- and block-imposed limitations. to make it a bit open-ended; "in some way" to leave room for bots that are triggered by edits to a page. Jo-Jo Eumerus (talk, contributions) 13:53, 7 August 2019 (UTC)
Jo-Jo Eumerus, That might be an issue for some bots like IABot. IABot can edit through certain levels of protections that new users can't, but new users can invoke the bot to any page they like. Of course they can't configure how it should run as it will use community defined defaults, which I believe is acceptable under the conditions I stated. I think this verbiage would better cover it:

Bots and/or tools that allow users to invoke the bot on a list of pages are required to observe if the user is blocked and to link the username of the invoking user in the edit summary. Bots that allow configuration options for said list must also check that the invoking user can edit through protection if any are applied to pages.

CYBERPOWER (Chat) 15:26, 7 August 2019 (UTC)
I would prefer to see, for one-off edit kinds of bots triggered by others, OAuth strongly recommended if not required for implementation in these kinds of bots and for the edit subsequently to be performed under the user's name (and/or to ship the editor straight to preview rather than to make the edit itself). The issue with citation bot was the 'category run', which IMO is reasonably a bot edit and which where that sits now should list the implementing user (again, strong preference to OAuth here). (Just getting my objectives on the page; I'll be back later to read other commentary.) --Izno (talk) 16:42, 7 August 2019 (UTC)
I think we would need to define "can be triggered" better. A lot of AnomieBOT's tasks are arguably "triggered" by others, e.g. by someone orphaning a reference, or adding a maintenance tag, or putting a template into Category:Wikipedia templates to be automatically substituted, or doing something on various project pages that are bot-clerked, or making various other edits that manipulate pages' categories, templates, and so on. On the other hand, there's no way for others to get AnomieBOT to do something by visiting any page off-wiki. And I could imagine a bot where edits are "triggered" by submitting a list of pages to a form off-wiki, but the user doing the submission has no control over what the bot does to each page. Where's the line, exactly? Anomie 16:49, 7 August 2019 (UTC)
I think the key thing for me would be an active choice in what page to trigger the bot on. If the bot always edits the same page, then being triggered to edit that page is not much different than a WP:PURGE. Signbots, vandalbots and dating bots, are not actively triggered, they are reactively triggered. Headbomb {t · c · p · b} 17:16, 7 August 2019 (UTC)
One of the identified problems with citationbot was that unauthenticated users were able to use it to hound another editor by having it follow them around - each atomic edit appeared appropriate, but the result was found to be unacceptable. — xaosflux Talk 17:33, 7 August 2019 (UTC)
Maybe it's better to state a general principle, currently embodied by the points "operator disclosure" and "operator verification". Something like "All decisions about the operation of the bot need to be accountable". (In practice, people want to know which talk page to yell at.) Nemo 18:03, 7 August 2019 (UTC)
As a policy, the more general the better - just want to be careful that we don't make it so broad that it is useless. The primary recipients of the policy are BAG and 'crats who end up approving bots. From a high-level technical perspective, I want to make sure we don't intermix an "operator" (someone who basically has total control and accountability for actions under the account) with a "user"/"triggering editor" of the bot though. — xaosflux Talk 18:07, 7 August 2019 (UTC)
That still leaves something of a grey area, depending on how you define "reactively triggered". The Citation bot queue complained about just above could have been implemented (somewhat poorly) as a wikipage, would the bot reacting to a wiki page edit have been sufficient for that situation? If not, then what about AnomieBOT's TemplateSubster reacting to the template being in a particular category; should AnomieBOT have to somehow dig through page histories to find out who added the category (probably by putting {{subst only|auto=yes}} on the template's doc subpage, but maybe some other way)? And similarly for TagDater and listing a template on WP:AWB/DT? Anomie 18:48, 7 August 2019 (UTC)
Editing WP:AWB/DT isn't triggering a bot, it is changing the configuration/rules of a weird pseudo-bot, so I think that example is out of scope for this discussion (it's a problem, but it's a different problem). AnomieBOT's TemplateSubster and {{subst only|auto=yes}} may be a real edge case in terms of this discussion, but it is also possible it simply means that that signal ("This template should be substed") belongs inline in the template—and thus subject to the same protection level as the template code—rather than on the /doc page (I need to think about this a bit more). But I also don't think one or two pathological edge cases are dealbreakers for a policy. There is always IAR and BAG discretion (and mandate for discretion can always be codified if really needed).
Other than that, I think y'all are overcomplicating this.
There is a pretty obvious distinction between things like AnomieBOT's TemplateSubster, SineBot, and ClueBOT, on the one hand, and things like Citation Bot and IABot (interactive), on the other. The former are not really "triggered by a user", they are operating autonomously. The user in question isn't directing the bot, they are doing something completely different that happens to be something the relevant bot is looking for: to subst erroneously unsubst'ed templates, to add a missing signature, or revert vandalism. In the latters' case, a user has actively asked the bot to perform a task (regardless of how much or little control that user has over the specifics of the task). It's the distinction between a user triggering the bot and a bot being triggered by something the user does. You can't do anything to make SineBot add signatures to another user's talk page messages, and you can't make ClueBOT revert another user's edits. And in all those cases the operator is responsible for the edits, and presumably perfectly comfortable with that. But you can make IABot add |archive-url= to all citations on an article written by another user (or, to pick a completely random example, mess up the carefully maintained indentation in a citation *cough* *cough*), and you can make IABot do this to all articles another user edits. You can use Citation Bot to bulk change the citations on a range of articles where you disagree with other editors on citation style. For the former group I need to be able to yell at Anomie and Cyberpower678; for the latter I need to be able to yell at whatever editor is being a… is directing the bot.
The duck test is pretty simple: should Martin be blocked when Citation Bot is being used to harass someone? If not, we have a case where the user needs to be authenticated (so the bot knows who is directing it), authorized (so blocked users are denied), and identified (so admins can block someone other than the operator, or other editors know who to yell at). None of the examples given so far (except possibly TemplateSubster and unprotected template /doc pages) seem at all problematic to distinguish here; and absent actual examples of bots that would be inappropriately caught by such a clause we're just bikeshedding.
Also, given the requirements and the state of technological development, I see absolutely no reason why BOTPOL shouldn't require OAuth for these cases now for all new BRFAs. The same for existing bots but with some kind of limited grandfather clause for tasks that are low potential for abuse and negligible risk of controversy (insufficient consensus for the task). Citation Bot failed on both those counts, and was actively abused, so a change was needed there in any case. But for other maintenance-mode/no-longer-actively-developed bots, where retrofitting OAuth would be a big ask, there may not be any pressing need. We're well past the point where OAuth is just "the cost of doing business" (or "table stakes" if you prefer), and if it's too hard for someone otherwise capable of writing a bot that other users can use, then something is wrong with either the bot architecture or the WMF infrastructure. --Xover (talk) 19:09, 13 August 2019 (UTC)
Return to the project page "Bot policy".