looks like the $wgLogAutocreatedAccounts var needs to be set in one of the config files, new in 1.17 (see http://www.mediawiki.org/wiki/Manual:$wgLogAutocreatedAccounts), default seems to be false. I don't know what the sensible default should be. That would take care of the "created by cookie" accounts at any rate.

enabled the setting on test2, tested with cookies, worked, tested creating an account via Special:UserLogin, worked. (Dunno why the second would not have worked but it seems ok now.)

(In reply to comment #0)

Creating an account in 1.16wmf4 test2 using Special:UserLogin doesn't create a
log entry (Krinkle and Platonides accounts), as opposed to creating it by
browsing (such as Reedy) where the 'Account created automatically' entry is
added.

I can confirm this behavior in 1.16wmf4 and 1.17wmf1. I wonder how long has this been the case...It's certainly not a regression in 1.17 then.

However, in 1.17wmf1 (deployed to test2 @ 20:07) it looks even more broken. The
last entry in the user cretion log is at 20:06. Later creations are not shown.
Whether they are created via Special:Userlogin (Hprmedina, Laura Fiorucci) or
by cookie (Manuelt15).

This we've fixed per comment 1 and 2 above. We should go ahead and preemptively set this to true for the cluster prior to deployment.

See discussion starting at 07:20 here:
http://prototype.wikimedia.org/logs/%23wikimedia-dev/20110211.txt

In short, this was a deliberate change per bug 23126, so we're going to leave this as is for now. If there's a community consensus to change this, we can revisit it.

That, and if there is, it's a trivial fix!

(In reply to comment #4)

See discussion starting at 07:20 here:
http://prototype.wikimedia.org/logs/%23wikimedia-dev/20110211.txt

In short, this was a deliberate change per bug 23126, so we're going to leave
this as is for now. If there's a community consensus to change this, we can
revisit it.

Re-opening this for now. Auto-creations should logged, as nearly any action to a wiki should be logged. According to the linked discussion, there were two reasons for not logging accounts of auto-created users:

[quote]
It was a response to https://bugzilla.wikimedia.org/show_bug.cgi?id=23126 . Stewards complained that locked accounts can continue to autocreate on other wikis. I decided to turn off autocreation logging because it:

1. allows vandals to flood local logs with "X plays with blocks" nonsense,
2. is useless (I did not find the use case).

[/quote]

If the accounts are _globally locked_, it's perfectly reasonable to restrict them from being able to create accounts on other wikis. This bug is about regular, non-locked accounts not being logged. This is broken behavior.

If an account is created on a wiki, it should go into [[Special:Log/newusers]]. If an account is globally locked, it should not be auto-created on other wikis (and thus it should not go into [[Special:Log/newusers]] as there would be nothing to log).

Perhaps I'm missing something obvious and this can be re-resolved with further explanation, but as I see this currently, the behavior makes absolutely no sense. The current behavior is that _any_ auto-created accounts are not logged and this is wrong.

bug 19161 gives another good reason not to log this. On the other hand, it seems wrong not to log such an action. (autocreating the account on edit instead of view would make more sense imho, but probably harder to implement).

I think bug 19161 (privacy leakage) is a pretty good reason not to log this. Logging this information just creates another reason *not* to create an account. if they can't even *read* a wiki without everyone finding out that they did.

Note that I'm not arguing that logging is wrong, just that logging relatively passive actions isn't really encouraging to en users.

resolving WONTFIX since I don't think this should be fixed.

Write actions to the wiki must be logged. A log of new users must contain the log of new users. I don't see how either of these points are very negotiable within MediaWiki.

Tim asked me to add why you would need a log of account creations. Some wikis like to know when new accounts are added so that they can welcome the accounts. Other people monitor new accounts (just as they do edits) to ensure that people aren't creating (sleeper) spam, vandalism, or attack accounts.

Speaking generally, this feature seems to be the wrong way to solve the underlying problem. The underlying problem seems to largely be an issue of bad account names being logged on other wikis. Global user rename or global username suppression are the answers to that kind of problem, not turning off the log.

(In reply to comment #10)

Write actions to the wiki must be logged. A log of new users must contain the
log of new users. I don't see how either of these points are very negotiable
within MediaWiki.

A user should be aware that he does certain action when the action is logged. Logged actions should be protected by edit tokens. I don't see how either of these points is very negotiable within MediaWiki.

• Bug 28136 has been marked as a duplicate of this bug. ***

(In reply to comment #8)

Note that I'm not arguing that logging is wrong, just that logging relatively
passive actions isn't really encouraging to en users.

Well, then a proper fix would be only to create accounts when doing a write action, such as editing a page.

Those logs are frequently used to counter vandalism and abusive usernames.

I agree with CoE - the account creation should be logged at the time that the user has consciously chosen to participate in the 'wiki. i.e. clicking the 'edit' button, or logging in.

wiki wrote:

Not sure it matters here, but we've gotten a complaint from a user about privacy issues associated with an automatic account creation and logging thereof. ( OTRS Ticket 2011032810013434 for those with access to OTRS ).

In this case, there was no entry in the new users log, but user name along with the date/time of the creation appears in the user list <slight sarcasm> If we're going to include the date/time of account creation in the user list, we might was well put the auto-created users the new user log too, the impact on user privacy is the same </slight sarcasm>

I concur with CoE and JMV, that account creation should only happen when a user does a write action. It's really the only practical way to adhere to our own privacy policy.

(In reply to comment #15)

I agree with CoE - the account creation should be logged at the time that the
user has consciously chosen to participate in the 'wiki. i.e. clicking the
'edit' button, or logging in.

No (btw, this is not what CoE meant, I think). Perhaps the account creation should be /triggered/ only etc. But if an account is created, this must be logged (as everything), see comment 10 and comment 11.

On it.wikiquote, for instance, we're currently unable to track 90 % of new accounts.
We'll request $wgLogAutocreatedAccounts to be set to true, but defaulting to false is inherently broken.
Whould we also open a discussion on Meta to request it to be set to true on all wikis?

fixed in r85128 by rollback of r64853
See bug 19161 for details.