|mediawiki/extensions/TitleBlacklist||master||+37 -4||Don't display anons in title blacklist log, add to CU data, reenable it|
|Open||None||T68450 Set $wgTitleBlacklistLogHits = true on WMF wikis|
|Open||None||T155967 Replace IPs with "an anonymous user" in title blacklist hits log|
This proposed change if it matches the title is problematic. The way it reads it says no IP hits on title blacklist will show. That is of little value.
Title blacklist affects
- creations of new accounts
- creation of new pages
- restricting certain pages to autoconfirmed editors
- move blocks
- prevent editing
The only concern should be where there is an account creation. All others should be visible for admins/checkuser/stewards. Rather than restrict the view /items, why not change the output in that for admins that the output blanks the IP address, or replaces it with xxx.xxx.xxx.xxx and displays it for checkuser/stewards.
I would also argue that stewards should have access to title blacklist data equal to checkusers without a requirement to give themselves specific rights allocation, though I can be argued out of that matter if it is difficult for technical reasons.
Perhaps one could log actual save attempts (which are POST requests, I believe) that trip the blacklist like normal and not log mere requests (which are GET requests, I believe) such as accessing a blacklisted edit page URL.
Users will not be able to make the save attempts since they have been blocked from accessing the edit URL (except in the case where a blacklist entry is added while the user was already editing the article, but it's too rare to be useful). Users are blocked from the edit URL so they don't waste their time making edits that will end up being blocked, as for protected pages.
That would be really helpful, as for defence purposes it is only the actual "attempt to save action" as the problem is often intense/shock vandals, and spambots.
As a clarification, as there is the <autoconfirmed> option, are you saying that it would trigger a warning to the user when they attempt to edit, rather when they attempt to save. [one asks naively as one has never triggered the title blacklist]
I looked at the code, and I'm not sure whether this actually removes the IP from public view, or just makes it harder to find (so it's not displayed on Special:Log, but maybe will pop up in other places like the API, replica DBs, filtering by username, etc.). The mechanism of hiding it seems to be to change the system message used for title blacklist log entries. Is this sufficient?