AbuseFilter log entries cannot be redacted/suppressed
Closed, ResolvedPublic

Description

Author: wikiwodup

Description:
An action performed on a page that triggers the abuse filter is logged, but the content of the page in the log remains visible after the page is deleted.


Version: unspecified
Severity: major
URL: https://secure.wikimedia.org/wikipedia/en/wiki/Wikipedia_talk:Abuse_filter#Viewing_deleted_pages

bzimport set Reference to bz18043.
bzimport created this task.Via LegacyMar 19 2009, 1:09 AM
Dragons_flight added a comment.Via ConduitMar 25 2009, 3:42 PM

This also applies to material subsequently removed with RevisionDelete (i.e. the new "Oversight").

bzimport added a comment.Via ConduitApr 2 2009, 6:08 PM

mike.lifeguard+bugs wrote:

Sounds like deletion needs to purge the relevant content from AbuseLog. Alternatively, mark it as deleted, and let only those with viewdeleted see it (which would be something like bug 18091).

aaron added a comment.Via ConduitApr 2 2009, 6:09 PM

OK, can someone give a url? Thanks.

aaron added a comment.Via ConduitApr 3 2009, 1:24 AM

Doesn't seem to be an easy way to do this. Revision ID is not tracking in the var dumps.

werdna added a comment.Via ConduitApr 3 2009, 1:28 AM

You could just delete all log entries for a particular page when that page is deleted.

Wouldn't deal perfectly with undeletion, of course, and I suppose we could add a per-log-entry deletion facility.

Planning to add an afl_deleted field in the abuse filter log with a raft of schema changes coming in the next few weeks.

Dragons_flight added a comment.Via ConduitApr 3 2009, 3:02 AM

(In reply to comment #5)

You could just delete all log entries for a particular page when that page is
deleted.

There is an edge case where the abuse filter log is recording an attempted edit to a non-existent page that was disallowed or aborted. In which case the page was never created, and consequently was also never deleted. I know of at least one case where the abuse log for such an attempted edit contains oversight grade material.

That case probably needs to be handled at the time when such a log entry is accessed.

werdna added a comment.Via ConduitApr 3 2009, 3:07 AM

(In reply to comment #6)

(In reply to comment #5)
> You could just delete all log entries for a particular page when that page is
> deleted.

There is an edge case where the abuse filter log is recording an attempted edit
to a non-existent page that was disallowed or aborted. In which case the page
was never created, and consequently was also never deleted. I know of at least
one case where the abuse log for such an attempted edit contains oversight
grade material.

As I say, a per-log deletion button would deal with this situation.

bzimport added a comment.Via ConduitApr 3 2009, 11:38 AM

mike.lifeguard+bugs wrote:

(In reply to comment #7)

(In reply to comment #6)
> (In reply to comment #5)
> > You could just delete all log entries for a particular page when that page is
> > deleted.
>
> There is an edge case where the abuse filter log is recording an attempted edit
> to a non-existent page that was disallowed or aborted. In which case the page
> was never created, and consequently was also never deleted. I know of at least
> one case where the abuse log for such an attempted edit contains oversight
> grade material.

As I say, a per-log deletion button would deal with this situation.

So in the case of a normal deleted page you want sysops to go find the log entries or whatever and delete them separately?

bzimport added a comment.Via ConduitApr 3 2009, 6:15 PM

wikiwodup wrote:

(In reply to comment #8)

(In reply to comment #7)
> (In reply to comment #6)
> > (In reply to comment #5)
> > > You could just delete all log entries for a particular page when that page is
> > > deleted.
> >
> > There is an edge case where the abuse filter log is recording an attempted edit
> > to a non-existent page that was disallowed or aborted. In which case the page
> > was never created, and consequently was also never deleted. I know of at least
> > one case where the abuse log for such an attempted edit contains oversight
> > grade material.
>
> As I say, a per-log deletion button would deal with this situation.
>

So in the case of a normal deleted page you want sysops to go find the log
entries or whatever and delete them separately?

Perhaps delete from the log when a logged action is deleted from the page or oversighted, but also have a delete button available to delete only the action in the log, in case the edit was never completed.

werdna added a comment.Via ConduitApr 5 2009, 4:50 AM

(In reply to comment #9)

Perhaps delete from the log when a logged action is deleted from the page or
oversighted, but also have a delete button available to delete only the action
in the log, in case the edit was never completed.

That's what I said five comments ago.

werdna added a comment.Via ConduitJul 16 2009, 5:04 PM

(Batch change)

These are low-priority miniprojects that I can mop up at some point when I'm doing general code work as opposed to working on a specific projects.

werdna added a comment.Via ConduitAug 14 2009, 12:37 PM

[Batch change]

Removing Dave McCabe from CC, who I somehow managed to add to the CC list of 12 bugs assigned to me.

bzimport added a comment.Via ConduitNov 12 2009, 10:33 PM

happy.melon.wiki wrote:

Kicking this. There are several open threads on oversight-l regarding material in AbuseFilter log entries that urgently needs suppression. An afl_deleted column and, at least, the options hide-from-nonadmins and hide-from-nonoversighers are very badly needed.

bzimport added a comment.Via ConduitNov 26 2009, 7:44 PM

artificial wrote:

In the mean time, how about just obscuring viewing of all log entries older than say, 1 week, except to those with abusefilter, oversight and/or sysop permissions? It would reduce the scope for trouble with log entries without increasing the workload for those tasked with oversighting stuff.

bzimport added a comment.Via ConduitJan 12 2010, 2:20 AM

dy_yol wrote:

(In reply to comment #14)

In the mean time, how about just obscuring viewing of all log entries older
than say, 1 week, except to those with abusefilter, oversight and/or sysop
permissions? It would reduce the scope for trouble with log entries without
increasing the workload for those tasked with oversighting stuff.

What next? Obscuring user contributions from non-admins?

bzimport added a comment.Via ConduitFeb 15 2010, 9:37 PM

KnightLago wrote:

Bump. More oversighted material needs to be removed. Any timeline on this ticket?

Risker added a comment.Via ConduitMay 16 2010, 3:54 PM

Bump again. Any progress on this? More oversight-grade entries in the abuse logs. This is a recurrent and chronic issue, so a method for oversighters to suppress these entries is needed. We shouldn't be needing to run to a developer whenever a filter captures private data. More particularly, right now filter developers are holding off on creating filters that are designed to capture certain recurring vandalism that contains oversight-level data because they know the abuse filter logs can't be oversighted in the usual way.

Can we get this moved up in priority please?

HJ_Mitchell added a comment.Via ConduitJun 26 2010, 1:47 AM

Another bump. There's more stuff that ideally should be oversighted or at least removed from public view in the abuse logs and a lot of potentially very useful filters are on hold indefinitely because they would catch material that would need to be removed from public view. Any chance a higher priority can be given to this?

werdna added a comment.Via ConduitJun 26 2010, 1:49 AM

I fixed this today. It won't be active on Wikimedia sites for some weeks.

HJ_Mitchell added a comment.Via ConduitJun 26 2010, 2:48 AM

(In reply to comment #19)

I fixed this today. It won't be active on Wikimedia sites for some weeks.

That's good to hear, thank you very much. Is there any chance you could give a more specific educated guess as to how long it might be for informational purposes?

bzimport added a comment.Via ConduitJun 26 2010, 10:16 AM

happy.melon.wiki wrote:

It was done in r68584. Looks like some small schema changes need to be made to the abuse_filter_log table, which is 2,956,540 rows.

bzimport added a comment.Via ConduitMay 19 2011, 9:01 PM

Thehelpfulonewiki wrote:

Note, https://bugzilla.wikimedia.org/show_bug.cgi?id=28633 is now related to this. I believe this should also be fixed. Please comment/vote etc. :) THO.

Add Comment

Column Prototype
This is a very early prototype of a persistent column. It is not expected to work yet, and leaving it open will activate other new features which will break things. Press "\" (backslash) on your keyboard to close it now.