Page MenuHomePhabricator

"private" info that should not be + usability issue with filter detail
Open, MediumPublic


Author: matthew.britton

At the moment, trying to view the details of a private filter simply returns a "you can't view this filter because it's private" message. However, certain things about a private filter are still public, and it is annoying not to be able to see them by going to [[Special:AbuseFilter/123]] or whatever, instead having to find it in the filter list.

Additionally, certain things that have no need to be private, but are only accessible via details view and not the filter list are completely inaccessible.

Details view should be changed so that it always shows the filter details screen, but just omits certiain stuff in the case of private filters.

Below, I have classified the information about each filter according to what should be done with it.

  1. Hidden for private filters, and should be; no need to change:
  • Conditions
  • Notes
  • Filter history
  • Rate limiter
  1. Visible for private filters only through the filter list, should also be shown in details view:
  • Filter ID
  • Description
  • Number of hits
  • Private flag
  • Enabled flag
  • Last modified time and author
  • Log flag
  • Warn flag
  • Disallow flag
  • Tag flag
  • Block autopromote flag
  1. Inaccessible for private filters, but has no reason to be, should be shown in details view:
  • Statistics (matched last X of Y)
  • Average run time
  • System message to use for warning
  • Which tag is applied

The last two of these are the most important -- not having them available is a pain when trying to figure out what filter is responsible for what.

Note: All the changes above should be uniformly applied to APIs as well.

Event Timeline

bzimport raised the priority of this task from to Low.Nov 21 2014, 10:37 PM
bzimport added a project: AbuseFilter.
bzimport set Reference to bz19005.
bzimport added a subscriber: Unknown Object (MLST).
  1. Visible for private filters only through the filter list, should also be

shown in details view:

  • Last modified time and author

Some times, in case of a major sockpuppeteer, it would be better if the person in question has no idea when we change the rules. I believe this to be an important weapon against such vandals - for example, if the user who triggers [[Special:AbuseFilter/63]] suddenly can't do his trouble, he won't know if he just messed up or if we ave caught on to his most recent tricks.

Marking to hit on bug day.

Daimona raised the priority of this task from Low to Medium.Apr 11 2018, 6:00 PM
Daimona moved this task from Backlog to Filter privacy on the AbuseFilter board.
Daimona added a subscriber: Daimona.

This is something we should solve. Not only it would give a basis to fix other privacy related problems, but would also make clear what is actually private and what isn't.

Daimona updated the task description. (Show Details)Apr 13 2018, 12:30 PM
Daimona updated the task description. (Show Details)May 1 2018, 2:09 PM
Daimona claimed this task.EditedMay 5 2018, 12:19 PM

Working on this. For now, I'll only make the following changes

Things to make visible in filter editor for those with abusefilter-view:

  • Filter ID
  • Description
  • Groups
  • Flags (hidden, enabled, deleted, global)
  • Last edit details
  • Active actions without parameters

I'll handle the remaining ones separately, since they may be controversial.

Change 431090 had a related patch set uploaded (by Daimona Eaytoy; owner: Daimona Eaytoy):
[mediawiki/extensions/AbuseFilter@master] [WIP] Show already available info for private filters to everyone

Daimona added a comment.EditedMay 5 2018, 2:32 PM

The remaining thing to do is to decide whether we want to make public:

  • Statistics: number of matches, average time and everything else that will be available from T191428: max time/conditions, number of slow runs, number of runs with errors, number of actions which hit the conds limit, dedicated log and page for these stats. This needs to be decided for both public and private filters, and different things may require different rights.
  • The following action parameters: block durations (and whether the talk is blocked), message used for warnings, applied tags.
  • The hit count for private filters, to be shown both in filter editing page and on Special:AbuseFilter

Adding as subscribers people who's been recently active here. The three points above may be highly delicate, so some kind of discussion is truly needed.

In my opinion the less we show of private filters the better, but that's because I've had to deal with some very persistent LTAs who were going out of their way to deduce filter management activity. I get that some non-admins want to track down what filter prevented an edit, etc. So in particular I would !vote against showing the hit count and action parameters. Statistics seem fine to be public but I don't think it will be that helpful to someone who can't read the filter pattern (and determine how it can be reworked to be more efficient).

Yeah, I totally understand this POV. On itwiki we're fond of private filters, since they provide a good security by obscurity. Also, I find it more important to keep such security than it is to show private info to those without enough rights who just wants to understand what a filter does. Mine is quite a neutral position, leaning towards an oppose for hit count and especially action parameters. As for statistics, right because they're only useful to those who can view/edit filters, I'd just leave them private. They would provide few useful info to good people and may potentially reveal too much to bad people; although a risk assessment would be nice, I don't think it's necessary due to the low gain we would have in the good case.

Change 431090 abandoned by Matěj Suchánek:
Show already available info for private filters to everyone

Superseded by Ic81b1b39d65aabbe7c495d98d3ee96b3a16fd2b1

Change 431090 restored by Matěj Suchánek:
Show already available info for private filters to everyone

ToBeFree added a subscriber: ToBeFree.