Page MenuHomePhabricator

IP Info log access to staff, stewards, checkusers, ombudsmen
Closed, ResolvedPublic2 Estimated Story Points

Description

Motivation

Based on Legal team's feedback, we should keep IP Info log access consistent with checkuser log access.

Acceptance criteria
  • WMF staff, checkusers, ombuds members and stewards should be able to access IP Info log.
Related tasks:

Event Timeline

AGueyte set the point value for this task to 2.May 2 2022, 5:21 PM
Tchanders added a subscriber: STei-WMF.

Checkusers can already access the IPInfo log: https://gerrit.wikimedia.org/g/operations/mediawiki-config/+/6858ed934ff0127ca77926e7505a2e05f0bb0ff8/wmf-config/CommonSettings.php#4045

staff and steward group rights are managed on-wiki (T296499#7785816), and I suspect ombuds members are too, based on the conversation here: T295017#7899961

I think there's no more technical work to be done here.

Pinging @Niharika and @STei-WMF

ipinfo-view-log granted to ombuds

access was granted to staff and steward in T296499#7962227

Based on Legal team's feedback, we should keep IP Info log access consistent with checkuser log access.

This isn't being followed since sysops were granted log access in rOMWC9886463a1fba: Add IPInfo viewing rights for certain groups.

T309318: Can global sysops have ipinfo-view-full and ipinfo-view-log access? is also requesting expanded log access.

Niharika renamed this task from IP Info log access to staff, stewards, checkusers, ombudsmen to IP Info log access to sysops, staff, stewards, checkusers, ombudsmen.EditedMay 27 2022, 6:31 PM
Niharika updated the task description. (Show Details)

Thanks @JJMC89. This task was not updated to reflect that sysops should also have this access. I have updated it now. I take back my comment. I believe we never said sysops will have log access in the first place. I will need to consult with Legal about this.

Niharika renamed this task from IP Info log access to sysops, staff, stewards, checkusers, ombudsmen to IP Info log access to staff, stewards, checkusers, ombudsmen.May 27 2022, 6:47 PM
Niharika updated the task description. (Show Details)

Thanks @JJMC89. This task was not updated to reflect that sysops should also have this access. I have updated it now. I take back my comment. I believe we never said sysops will have log access in the first place. I will need to consult with Legal about this.

Just also noting that the IP Information tool guidelines specifically mentions "A log is kept of queries made using the IP Information tool and how the information was accessed. Access to this log is limited to Foundation staff and certain advanced user groups." — I have filed T309928: Remove `ipinfo-view-log` from sysops, and would strongly recommend we implement this while we wait for Legal's reply. Config changes are "cheap" 🙂

Can someone add me to T309411 please? :-)

Can someone add me to T309411 please? :-)

[FTR] Looks to be already done.

It is still dangerous if someone with IP Info log access is compromised (since we have no log on viewing IP Info log). See {T310393}

If someone with CU (or CU log, in the case of ombuds) access is compromised, we have much larger issues than the IP Info log.

At least CU data access is logged and if someone abuse it it may be easily detected. views of CU log is not logged (I am not sure whether this is a problem; and it seems there are no retention limit of private data inside) but such log includes primarily data of abusive users, not everyone.

What I concern is if a CU/steward/ombuds is compromised abuse can be made covertly without easy way to detect.