Page MenuHomePhabricator

Allow users to see their own stored private information ("self-CheckUser")
Closed, DuplicatePublic

Description

Users should be able to see what a particular wiki is storing about them using the CheckUser tool or some equivalent. This would include stored IP addresses and user-agents, namely. I think this would be mostly interesting to users, but it might have other use-cases as well.


Version: unspecified
Severity: enhancement
URL: https://www.mediawiki.org/wiki/Requests_for_comment/Retained_account_data_self-discovery

Details

Reference
bz27242

Event Timeline

bzimport raised the priority of this task from to Low.
bzimport set Reference to bz27242.
bzimport added a subscriber: Unknown Object (MLST).
MZMcBride created this task.Feb 8 2011, 6:46 AM

Don't we make an effort *not* to store information? Wouldn't this sort of extension require us to store the information we don't store? Or, at least, copy the information that is currently only kept in log files?

I think what is being requested is to just be able to see the information currently available to checkusers, not to store new information.

(In reply to comment #1)

Don't we make an effort *not* to store information? Wouldn't this sort of
extension require us to store the information we don't store? Or, at least,
copy the information that is currently only kept in log files?

Information such as past used IP addresses and user agents is already stored (for 30 days, by default). It can be queried via the CheckUser extension without extending the storage duration or even altering the database (except updating the CheckUser log). You don't need to store the results of the query (the CheckUser extension doesn't, for example). For self-checks, you probably don't even need to log the queries, but that's debatable, I suppose.

AGK added a comment.Oct 31 2011, 11:49 PM

No, this is a terrible idea. If we really wanted to make it super easy for inexperienced sockers to game the CU system, we would have replaced the Main Page with your Guide To Socking.

AGK added a comment.Oct 31 2011, 11:51 PM

Changed priority to low not due to its merits but because of the nature of this enhancement (it is a wanted extra feature, not an improvement requiring urgency).

Isn't this a duplicate of some other wontfixed bug?

brion added a comment.Nov 1 2011, 12:08 AM

I do like the 'freedom of information act' feel of being able to look up whatever data is recorded... Recommend at least keeping it under consideration.

We could make it a config option to disable the feature for sites that don't want it

Possibly related: https://gerrit.wikimedia.org/r/53683.

Instead of only storing last login time, we could also store IP addresses and User-Agent strings of logins, for account security purposes. I think Gmail and others do this.

pgehres wrote:

In re Extension:AccountAudit, maybe. The goal of this extension is to finalize the SUL migration and then un-deploy the extension. There is also talk of adding the last login table to core.

I like the idea of allowing self-CU, but I think that should be part of Extension:CheckUser.

AGK added a comment.Mar 21 2013, 11:14 PM

For a variety of reasons (not least that this kind of feature is *expected* of large websites today), I would withdraw my earlier opposition to this feature request.

Note that there has been some discussion (including a comment by legal) on the talk page: https://www.mediawiki.org/wiki/Talk:Requests_for_comment/Retained_account_data_self-discovery

This needs a mock. I'll see what I can do about getting one made.

[[mw:Extension:AccountInfo]] does this, supporting both the $wgPutIPinRC option (enabled by default) and CheckUser.

Risker added a subscriber: Risker.Apr 5 2015, 2:55 PM
NickK added a subscriber: NickK.Apr 5 2015, 8:55 PM
saper added a subscriber: saper.Apr 5 2015, 9:12 PM
saper set Security to None.
saper moved this task from Backlog to Under discussion on the CheckUser board.
Jorm added a subscriber: Jorm.Apr 6 2015, 6:18 AM

"Let's teach serial sock abusers how to be better sock puppets by tipping our hand at them and showing them what we know."

"Let's teach serial sock abusers how to be better sock puppets by tipping our hand at them and showing them what we know."

I imagine most serial sock abusers are capable of looking up (or spoofing) their own IP address and User-Agent. :-)

T387#1182228 is related.

Jorm added a comment.Apr 6 2015, 5:17 PM

That's not an argument for making it easier for them to see where they goofed up in their bad behavior.

DoRD added a subscriber: DoRD.Apr 6 2015, 5:51 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptSep 12 2015, 6:48 PM
Jorm removed a subscriber: Jorm.Dec 26 2015, 7:24 PM
Restricted Application added a subscriber: JEumerus. · View Herald TranscriptDec 26 2015, 7:24 PM
EddieGP closed this task as Declined.Feb 17 2017, 8:06 PM
EddieGP added a subscriber: tstarling.

Seems to be a duplicate of T387

Declining after architecture committee discussion, due to rationale given by csteipp.

That's why I'm closing here, feel free to overrule when this impression was wrong.

EddieGP moved this task from Under discussion to Closed on the CheckUser board.Feb 17 2017, 8:06 PM
Meno25 removed a subscriber: Meno25.Sep 21 2018, 7:50 PM