otsukare Thoughts after a day of work Anonymous Reporting - Some context


The first week of January, we had to disable anonymous reporting. GitHub in a two steps strike blocked webcompat-bot (which allows us to handle anonymous reporting) and finally the full web-bugs repo (which handles all the issues for The reason for blocking was illegal content.

Previous situation

Anonymous reporting was open to everyone and we would moderate after the fact if the issue was really a liability for both GitHub or us. For the last 5 years, I guess the site was not known enough to not be a target of bots and the issues not regular enough. The situation has evolved.

The fall: We missed one issue which needed to be moderated and deleted. It was in a public view for quite a long time. We need to review our process about that.

Current situation

  • Any authenticated GitHub users can still report issues.
  • Anonymous reporting is disabled
  • webcompat-bot is still disabled, until we can prove to GitHub that we handle the issues related to the initial blocking.

Why people report issues anonymously?

There are a couple of reasons why someone would report anonymously an issue about a website

  • Just browser users, not necessary with a GitHub account and not necessary tech-savy enough to go to the hassles of creating a useless account on GitHub.
  • A tech savy user with already a GitHub account but the excessive permissions required to file a bug using Github makes some people uncomfortable.
  • Someone wants to report a website with a real issue, but do not want to be associated with the reports. Reports about websites where the content or topic would create an issue for your own personal safety in certain contexts.

What are the possible issues with reporting?

While anonymity or soft-anonymity is an important feature in our society, it also creates challenges in some contexts. Some of these issues are not only tied to anonymous reporting, but anonymous reporting makes it more difficult to have a direct discussion about them.

  • spam bots randomly posting issues for the purpose of making websites known
  • people with an agenda of just being nasty
  • people genuinely reporting problematic issues:
  • illegal content with possible liabilities
  • private personal information (imagine personal bank accounts, private page on social network, …)
  • internal pages of a company
  • private personal information of others (imagine a social network where the screenshot includes information about users which are usually not publicly visible)

The future

This post will help me to re-think our strategy for anonymous reporting. And what we need to to put in place for the future. We have ideas and options already, that I will probably flesh out during this week.

If you have any ideas to contribute, you are welcome to post comments on the issue. Be constructive. I will be drastic into removing things which are out of line.