Someone accidentally transcluded an entire noticeboard page, and because of that notified every single person on that page.
Might be a good idea to add a threshold on the amount of people you can notify in a single save action. Seems like a nice trick to abuse an otherwise good feature for spam.
https://en.wikipedia.org/wiki/Wikipedia_talk:Notifications#Bug_or_feature.3F
Version: master
Severity: normal
See Also:
https://bugzilla.wikimedia.org/show_bug.cgi?id=50082
bsitu wrote:
There is already a threshold to the number of people to notify in a single mention save action, it is 300
300 seems rather excessive to me. I think in general 10 should be more than enough. Alternatively there should at least be a "confirm", before sending something to 300 people.
bsitu wrote:
(In reply to comment #2)
300 seems rather excessive to me. I think in general 10 should be more than
enough. Alternatively there should at least be a "confirm", before sending
something to 300 people.
Thanks for the suggestion, I will discuss with the team on a more reasonable number for the threshold. Maybe we can skip mention notification by detecting if a page is transcluded.
I am not sure about a "confirm", it's just a regular talk page edit, adding extra step upon saving may confuse users.
Unfortunately detecting link transclusion is quite difficult and would probably require adding some hacks to core. Plus it would disable legitimate uses like {{ping}}. I would favor lowering the threshold instead. 10 seems a bit low, but I think I could live with 50 or maybe 20. I could imagine cases were someone would legitimately want to notify an entire list of users, but hundreds at once is probably excessive (and potentially abusive).
Here's an example of someone using the mention notification to ping 53 users at once:
https://en.wikipedia.org/w/index.php?title=Template_talk%3ACentered_pull_quote&diff=558712634&oldid=558711268
Derk-Jan, would you consider this an abuse of the feature or a reasonable, legitimate use?
It definitely is something entirely new. It's too benign for me to call it abuse though, the qualification excessive comes to mind, but that in itself for this one case does not make it abusive, nor a pattern of excessive usage.
I do think that if it is this easy to pull everyone and nobody into your discussion, and this would start happening more often, that people might be quicker to ignore their notifications, which would erode their value.
I also see no reason, why such an excessive usage (if required on occasion), should not require the user to 'batch' his mentions for instance. Excessive use might require excessive work on the part of the author.
bsitu wrote:
Before we come up with a better solution, I reduced the threshold from 300 to 100, 300 is indeed excessive
False notifications based on accidental-whole-page-transclusion, are still getting reported regularly, eg.
https://en.wikipedia.org/wiki/Wikipedia_talk:Notifications#Bug:_False_notification
https://en.wikipedia.org/wiki/Wikipedia_talk:Notifications#False_alarm
Just a gentle nudge. :)