Page MenuHomePhabricator
Create Task
Maniphest T120563

Sorting by hit counts may partly reveal the numbers
Open, Needs TriagePublic
Actions

Description

Similar to T120562: on Meta-Wiki anonymous users can see hit counts of those filters that are public. Hidden ones always have a blank field there. Sorting the table by hit count however reveals between what numbers it could be.

Details

ProjectBranchLines +/-Subject
mediawiki/extensions/AbuseFiltermaster+2 -1Add a requirement for view-private to allow sorting hit counts
Customize query in gerrit

Related Objects
Search...

Event Timeline

matej_suchanek created this task.Dec 6 2015, 9:48 AM
matej_suchanek raised the priority of this task from to Needs Triage.
matej_suchanek updated the task description. (Show Details)
matej_suchanek added a project: AbuseFilter.
matej_suchanek added a subscriber: matej_suchanek.
Restricted Application added subscribers: StudiesWorld, Aklapper. · View Herald TranscriptDec 6 2015, 9:48 AM
Samwalton9 added a subscriber: Samwalton9.Dec 6 2015, 4:59 PM

What's the benefit of hiding the hit numbers?

He7d3r mentioned this in T120562: AbuseFilter reveals hit count even without appropriate rights.Oct 17 2016, 2:00 PM
Daimona moved this task from Backlog to Filter privacy on the AbuseFilter board.Apr 3 2018, 11:59 AM
Daimona claimed this task.May 5 2018, 1:16 PM
Daimona added a subscriber: Daimona.

The hit count is available with a way weaker right (abusefilter-log-detail) for public filters. Hiding the hit count for private filters may actually be useful. Anyway, since we need to stick to TablePager's methods, it should be enough to require abusefilter-log-detail AND abusefilter-view-private to sort the table by hit count. Hopefully in the future we may be able to provide a more selective sorting (for instance leaving private ones at the end), also capable of things like T52839 and sorting non-DB data like (when they will be added there) average execution time and conditions. However, either we abandon tablepager, strongly overwrite its methods or make the change directly in TablePager.

gerritbot added a subscriber: gerritbot.May 5 2018, 1:18 PM

Change 431093 had a related patch set uploaded (by Daimona Eaytoy; owner: Daimona Eaytoy):
[mediawiki/extensions/AbuseFilter@master] Add a requirement for view-private to allow sorting hit counts

https://gerrit.wikimedia.org/r/431093

gerritbot added a project: Patch-For-Review.May 5 2018, 1:18 PM
Huji added a subscriber: Huji.May 5 2018, 2:35 PM

I don't think this is a good idea; those who cannot see private filters should still be able to sort the table by hit count.

Can you please explain why hiding the hit count for private filters may be useful?

Daimona added a comment.May 5 2018, 3:02 PM

We can't provide such selective sorting without a major change as explained above. I didn't have a specific situation where it'd be useful, I only thought we may give vandals (especially LTA) some info on how much a private filter is being triggered, although at the moment I can't think of a specific way to use this data. In any case, the right place to decide whether we want to make the hit count public is T21005.

Huji added a comment.May 5 2018, 3:27 PM

If we don't have a reason to think the current state is actually harmful, why are we trying to change it? I'd rather wait for T21005 to be decided on.

Daimona mentioned this in T194593: Rework AbuseFilterPager to allow more flexible sorting.May 13 2018, 11:12 AM
Daimona added a parent task: T194593: Rework AbuseFilterPager to allow more flexible sorting.May 13 2018, 1:27 PM
gerritbot added a comment.Jul 20 2018, 8:14 AM

Change 431093 abandoned by Daimona Eaytoy:
Add a requirement for view-private to allow sorting hit counts

Reason:
Needs a better strategy

https://gerrit.wikimedia.org/r/431093

Daimona removed Daimona as the assignee of this task.Jul 20 2018, 8:14 AM
Daimona removed a project: Patch-For-Review.
Daimona mentioned this in T223857: Show hit count of private filters to non-privileged users.May 22 2019, 1:27 PM
Content licensed under Creative Commons Attribution-ShareAlike 3.0 (CC-BY-SA) unless otherwise noted; code licensed under GNU General Public License (GPL) or other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL