• Title of session: IP Masking
• Session description: IP Masking is coming. IP addresses will be hidden from public and made accessible to volunteers who need to see them. This session will go over the changes that are coming and how volunteers and communities can prepare for them.
• Username for contact: NKohli (WMF)
• Session duration (25 or 50 min): 25 min
• Session type (presentation, workshop, discussion, etc.): Presentation/Discussion
• Language of session (English, Arabic, etc.): English
• Prerequisites (some Python, etc.): None
• Any other details to share?:
  • Especially relevant for people who work with unregistered editors or maintain tools that rely on IP addresses
  • Etherpad Link
• Slides: https://tinyurl.com/ipmasking
• Interested? Add your username below:
  • @kostajh
  • @Urbanecm
  • @Etonkovidova
  • @Lucas_Werkmeister_WMDE (mainly interested due to T328454, i.e. more from the technical side, but I’m sure a community-oriented session will still be very instructive :))
  • @Chicocvenancio
  • @Novem_Linguae
  • @Dreamy_Jazz
  • @CristianCantoro
  • @Robertsky
  • @ItamarWMDE
  • @hoo
  • @Jorgelhq
  • @Albertoleoncio

Session notes

• History: began in 2018. Related to regulation about data retention in some countries.
• We want to give users the information they need without giving the actual IP data. Replacing IPs with an anonymous identifier. A new identity based on a cookie. Expires in 12 months, or can be wiped out for other reasons. A part that is a bit more scary: the need to migrate various tools that use IPs.
• IPs will be visible to users with special permissions. No more public access.
• Multiple IPs can be linked to the same temporary cookie-based account. Allows temporary accounts to receive notifications, among other things.
• In the MVP, temporary accounts can not be converted to full accounts, but this might be added later.
• In the mockups, the name is ?1245. The format is not finalized.
• Revision history will not show IPs, but only the temporary name. Users with permissions will have a button to reveal a temporary account’s IP(s); this action will be logged.
• How will they be blocked? - by the temporary account, with the option to block all IP addresses
• So far - the product. Now, the technical changes:
• An account is created on certain changes, e.g. edit. Session-linked cookie.
• Temporary accounts have no preferences, emails, user groups, watchlist
• IP addresses are stored (in the checkuser tables) only for 90 days – but accessible to more than just checkusers
• rethink your code in tools (extensions, tools, gadgets, etc.) if it gets IP addresses from user names or works differently for anons and logged-ins.
• in terms of MediaWiki PHP code: in addition to $user->isRegistered() and $user->isAnon(), there is now $user->isNamed() and $user->isTemp() as well; JS code has mw.util.isTemporaryUser(), mw.user.isTemp(), mw.user.isNamed()
• A table of user methods (functions) translations is available in the slides (https://tinyurl.com/ipmasking).
• Phab task project tag: "IP Masking".
• Deployed on German Beta Wikipedia.

Questions

can temporary accounts use OAuth?
A: should be but CentraAuth not currently owned by a team so haven't been able to find the right person to talk to. If make temp account, then have that on all wikis. In terms of logging in, something to look into.
Q: use-case?
A: if they can login to my tool? but if oauth is only "proper" users, that's easier.
A: for MVP, that [i.e. oauth limited to non-temporary accounts] sounds like likely scenario.
[KH: As of right now, OAuth for tools doesn't work, because you're redirected to meta.wikimedia.org, but your temporary account won't exist on meta.wikimedia.org. I guess if IP masking is enabled on meta.wikimedia.org, then one would be able to use OAuth unless someone adjusts the code to prevent it.]
What will the name look like? Numbers, letters, words?
A: prefix and some numbers. yeah that's what we're thinking. global including the prefix.
A: not hard-coded but in config. could be configurable though that would make it very messy.
Is the temp. account global?
Basically yes.
Q: tool which allows me to edit on wikidata from wikipedia, how would that work?
A: should work via edit action on wikidata. a lot to do on temporary accounts. if you try on german beta where it's enabled,
Q: cookie last a year but ip gone after 90 days?
A: yeah, but if you use temp account after 90 days, new IP would still be stored.
Access to saved watchlists, filters, etc.?
A: no. we don't really want people to use these as permanent accounts so careful about what features are accessible. perhaps in later iterations though we can add more functionality.
A: user properties table also already too big so have to be careful about that.
Prefix translatable?
A: just some characters. have to be careful about which ones to allow (asterisk caused issues).
A: should be hard-coded because not really configurable because so much can break if usernames don't match expected patterns.
Q: share IP range?
A: not right now but maybe could make it possible if there's a clear use-case.
A: wouldn't work for temporary accounts. if you can see IP, you can work out manually. but right now no way to say these users are from same IP range.
Q Does AbuseFilter recognize temp. accounts as something distinct?
A: going to get a bit of rework to adapt to the temporary accounts.
AbuseFilter is going to be reworked.