Page MenuHomePhabricator
Create Task
Maniphest T128055

Obfuscate old IP addresses in database
Open, Needs TriagePublic
Actions

Description

IP addresses of anonymous editors are recorded in the database forever; this is problematic for both legal and moral reasons, given that IP addresses are often personally identifiable information. In previous wikitech-l conversations about hiding IP addresses, it has been argued that it would make the job of recent changes patrollers and other vandal fighters unacceptably difficult. That kind of utility quickly decreases over time, though; the IP addresses of months-old edits are rarely useful.

A MediaWiki operator will probably store all kinds of personally identifiable information (web server logs etc), but will discard them after a certain period (90 days is typical). Similarly, MediaWiki could discard IPs (replace them with random tokens) or otherwise obfuscate them (e.g. discard last byte) after a certain timespan.

See also: T20981: Allow anonymising of unregistered users ("IP editors"), T95144: Avoid exposure of user IP addresses (tracking)

Related Objects

Event Timeline

Tgr created this task.Feb 25 2016, 7:03 AM
Restricted Application added subscribers: StudiesWorld, Aklapper. · View Herald TranscriptFeb 25 2016, 7:03 AM
Krenair subscribed.Feb 25 2016, 9:30 AM
ZhouZ added a project: WMF-Legal.Apr 18 2016, 5:50 PM
Restricted Application added a subscriber: JEumerus. · View Herald TranscriptApr 18 2016, 5:50 PM
ZhouZ moved this task from Backlog to Assigned on the WMF-Legal board.Apr 18 2016, 7:01 PM
ZhouZ added a subscriber: APalmer_WMF.
jayvdb awarded a token.Apr 19 2016, 6:32 AM
Tgr updated the task description. (Show Details)Apr 21 2016, 11:01 PM
Nirmos subscribed.Sep 9 2017, 7:19 AM
JJMC89 mentioned this in T227733: Draft: Masking IP addresses for increased privacy.Jul 11 2019, 6:39 AM
Risker subscribed.Aug 4 2019, 4:37 AM
Aklapper added a project: MediaWiki-Page-history.Sep 20 2019, 7:44 PM
JFishback_WMF added a project: Privacy Engineering.Mar 9 2020, 11:52 PM
JFishback_WMF moved this task from Intake to Backlog on the Privacy board.
JFishback_WMF moved this task from Incoming to Backlog on the Privacy Engineering board.Mar 10 2020, 1:12 AM
Alsee subscribed.Mar 10 2020, 5:32 AM

I think you need to run this by legal. This appears to violate the copyright attribution requirements. Logged-out users submitted their contribution under an attribution license, with a reasonable expectation that their IP would serve as their attribution identity.

It also appears pretty pointless, given that the information would already have been distributed in the database downloads. The only thing actually accomplished by mangling existing histories would be to confuse editors.

Phuzion subscribed.Feb 16 2021, 10:07 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits