Project Information
- Name of tool/project: IP info (current working name)
- Project home page: Page on meta
- Name of team requesting review: Anti-Harassment
- Primary contact: @Tchanders
- Target date for deployment: January - March 2021
- Link to code repository / patchset: https://github.com/wikimedia/mediawiki-extensions-IPInfo
Description of the tool/project:
Basic description
A new extension for providing information about an IP address without (1) the need for the user to use an external service themselves and (2) exposing the IP address itself to the user. (Actually hiding the IP addresses is beyond the scope of this project.)
This provides the user with information they could have retrieved from knowing the IP address. This information could be displayed in various ways (popup on hover/click, special page, etc.).
Data
Based on our investigation in T259726, the data our users are looking for is not accessible from freely licensed datasets alone. Ideally IPInfo would combine several datasets, but this depends on agreeing licences with different providers, and will only be considered in future iterations.
The first iteration of IPInfo will use only MaxMind's GeoIP2 library, which we already have licences for, and which are already available on our servers: T263263#6534392. A PHP package providing an API for these databases is undergoing a security readiness review: T262963.
For third parties who do not have access to the proprietary datasets, IPInfo will use MaxMind's free GeoLite2 databases.
API
IPInfo provides two API endpoints, taking an edit id or a log id. If the edit or log was performed by an anonymous user (or the log target is an anonymous user), the API returns data about the relevant IP address(es).
Client-side UI
Currently IPInfo adds a button next to IP addresses on Special:Log and history pages. The data are retrieved on clicking this button, and displayed in a popup. This design may change.
Description of how the tool will be used at WMF:
Deployment
We expect the feature to be deployed to all wikis, and be available on certain pages that show IP addresses. It will initially be available only to checkusers.
Preventing abuse
Sending an edit/log ID rather than the IP address will allow the IP address to remain hidden (once they become hidden in the future), and is intended to prevent IPInfo from being used as an API for getting information about arbitrary IP addresses.
Only users with the 'ipinfo' right can see the information. At first this right will only be given to checkusers. In the future when IP addresses are no longer visible, more users may need to access this information, e.g. for patrolling to fight vandalism. This will depend on user research and testing.
Users will sign an agreement when first using this tool, and a record will be kept of which users have access. Access may be taken away from a user, and a record will be kept of this too: T264150.
Dependencies
- GeoIP2 library: T262963
- OOUI for UI components
Has this project been reviewed before?
No, but we are also requesting a performance review - T260821
Working test environment
IPInfo is available to logged-in users on our test environment: https://thegoodplace.wmcloud.org/index.php?title=Special:Log
Post-deployment
Anti-Harassment will be responsible for this post-deployment:
- Engineers: @Tchanders @STran
- Engineering manager: @aezell
- Product manager: @Niharika