(Onlookers' comment) That function allows one (through a checkbox) to submit some private data (IP addresses and email, for example) of an account to stopforumspam.com. Seems like this one would be the biggest privacy concern with using this extension on Wikimedia, when users with the permission to submit may use it (if at all) - and who receives that permission. Can't speak of the blocking function itself.
Yes, data submission is my main concern as well hence this bug. I don't think we want to enable that. As for IP blocking, if what the extension does is to regularly download a list of IPs or ranges flagged as toxic, and such list is stored on our sites; I'd say there's no problem with that. I think that's the expected behaviour by reading the extension description.
I suspect the feature that we want to use at Wikimedia would be the IP blacklist. Technically the featureset is similar to TorBlock (that's where I got the idea and modeled some of it after).
There should be no privacy issues since we're just downloading a list and applying it I think.
I can help with the technical side of deployment if it gets that far, but have no time to do the social stuff.
Agreed, and it's probably too slow to use anyways.
I think that regularly downloading the IPv4/IPv6 blacklists from SFS to restrict so called 'toxic' IPs and ranges without sending any user data to SFS is what might help us better. If it's not the whole extension, at least the blacklists could be implemented. Doesn't MediaWiki-extensions-TorBlock work that way?
Yes, that's basically how torblock works too.
@Legoktm, it looks like Ex:SFS expects the format of the "listed.." csv files, not the toxic list [https://www.stopforumspam.com/downloads/toxic_ip_cidr.txt]. Would you propose we use the lists that are constantly updated (I'm guessing use either the 7-days or 24-hour list)? Or would we update the way these are stored to include blocking the toxic ip ranges too?
Well I suspect this ticket isn't on anyone's radar because it has two tasks combined into one, not clearly scoped about what functionality is requested, etc.
In general the usage of the external IP blacklists is OK, and assuming that's the functionality being requested here, I'll close this as resolved. If you want to pursue this for deployment (and believe using SFS blacklists is going to help), please let me know and I can assist with that.