As the blocking consultation reaches a stopping point, let's take a sprint to investigate the top ideas from a technical POV.
With this project, we would create a browser fingerprint with some specific identifiable pieces of data about the user's computer and store it as a hash. Admins could then set an IP range block that also includes a match for this fingerprint, but would not be able to see the hashed information.
Questions to answer
- If we are to build this, how would we proceed? (rough implementation plan)
- What is the delta between building this and just building T100070
- Data collection & retention
- What data is currently being collected?
- How long is this data kept?
- Can we hash this data and keep it for longer than 90 days?
- Is a hash actually unique enough, given the small ecosystem of browsers?
- Part of core or an extension?
- How would client-side detection interact with backend?
Example of tracking data that could be hashed:
- AHT to hold a 'Privacy by Design' meeting with WMF Legal to discuss a potential implementation