Background
Communities can employ a variety of means to send out notifications, such as watchlist notices and geonotices, site notices, or for cross-wiki, CentralNotice. These are effective but can be a bit too in-your-face, or in the case of watchlist/geonotices, only viewable by people who use their watchlist. They also don't allow you target specific users. For more targeted messaging at scale, there's MassMessage, but this uses a talk page notice which is publicly viewable.
If we were able to send custom notifications, that'd allow us to leverage the advantages Echo provides -- that is, notifying specific users in a way that is not vexatious but still attention-grabbing, and can also be viewed cross-wiki.
Use-cases
The use-cases are wide, but largely around users "subscribing" to be notified with a specific message after something specific occurs.
- T2582: Remind me of this article in X days – "Remind me bot" where users ask to be notified with a custom message at a specific time.
- T189391: New block option: Notify me when this block is about to expire or has expired – could be done in MediaWiki, but is quite niche and thus maybe better fit for a bot task.
- Important community announcements.
- Getting notified when an article is added to a specific category.
- Requesting feedback on an RfC.
- …
Current state
Patch Demo: https://patchdemo.wmflabs.org/wikis/38e6b4ea7b/wiki/Special:ApiSandbox (use username Patch Demo, password patchdemo1)
As of June 2024, we have a new action=echocreateevent API that allows sending custom notifications -- including the title and message body. This is behind the $wgEchoEnableApiEvents feature flag which is not enabled on any wikis yet.
You can test out the using Special:ApiSandbox:
- Got to Special:ApiSandbox
- Select "echocreateevent" from the "action" dropdown
- On the left, click on "action=echocreateevent"
- Fill in the form as desired
- Auto-fill the token and "Make request"
Abuse potential
This feature has the potential to be abused, i.e. "YOUR ACCOUNT HAS BEEN HACKED, GO TO [this link] TO RESET YOURPASSWORD".
For abuse mitigation, we can explore:
- Using the bot icon instead of something used by system notifications (already done)
- Introducing a new, dedicated user group that has the echo-create permission. Communities should be instructed that only highly trusted users (or more commonly, bots) should belong to this group.
- Logging all notifications sent (r958058)
- Possibly requiring the API accept a page title that defines the message, so that the message can be audited.
- Not ideal for "remind me bot" use-case as the bot would have to create a new page for every message, or re-use the same one (clunky).
- This would mean no private messages could be sent. (i.e. for admins who want to be notified about something without beans up their nose)
- Enforce a consistent title or message body for all API-issued notifications
- Something like "This is a bot-issued notification sent by User:Foo"
- The message title can be long and will wrap, but the message body doesn't. For this reason, it may be better to restrict only the message body and not the title (?)
- Maybe the linked "Page" can serve the notification. In the case of Remind Me Bot, the user hopefully will remember why they wanted to be reminded about said article. For custom messages, it links to a page containing said message.
Other concerns
- T308084: Reduce DB space used by Echo notifications – we'd probably need DBA clearance before moving forward, and/or perhaps be explicit in our instructions to communities to not "overuse" this feature
Other ideas
- Add a Special page allowing admins (or users of the new user group) to issue one-off notifications, perhaps only being able to choose from a preselected list of types of notifications
