Page MenuHomePhabricator
Create Task
Maniphest T307617

IP Masking
Closed, ResolvedPublic
Actions

Description

What?

  • There is a Legal directive to move away from storing and publishing IP addresses on Wikimedia sites for all users.

What does the future look like if this is achieved?

  • IPs will no longer be visible to everyone.
  • Some users with advanced rights may still unveil the IP addresses for patrolling purposes.
  • The Foundation will be better protected from data regulators.
  • Privacy of unregistered editors will be better protected.
  • Anti-vandalism patrollers, including admins, will have access to the data & tools they need to protect the sites against vandalism.

Supporting document: IP Masking business case

What happens if we do nothing?

  • WMF faces the risk of litigation if we continue storing and perpetually publishing IP addresses. Our editors living in countries with a high level of censorship and persecution may come to harm if we continue our practice of publishing IP addresses.

Why?

Identify the value(s) this problem/opportunity provides. Add links to relevant OKRs.
Rank values in order of importance and be explicit about who this benefits and where the value is.

User Value/Organization Value AND Objective it supports and How

  1. Make IP addresses accessible to as few people as possible while ensuring that admins, stewards, and checkusers remain able to effectively perform their duties, in order to protect our users from misuse of personally identifiable information and our communities and content from vandalism, spam, and harassment. -> Thriving Movement

Why are you bringing this decision to the Technical Forum?
The IP masking project has wide ranging impacts to many different teams and systems that interact with MediaWiki.

While it has been possible for very experienced engineers to understand the impact and necessary code changes for MediaWiki Core, the impact to other systems and the changes needed requires teams from across the foundation to review the proposed changes and provide feedback.

The ultimate goals of following the technical forum process are to:

  • sign off on the technical plan for IP Masking, including how it interacts with existing extensions, APIs, community tools etc
  • make the IP masking project changes visible to as many teams as possible
  • understand which teams would need to make changes based on the chosen solution

Supporting Docs:

Event Timeline

lbowmaker created this task.May 4 2022, 6:55 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMay 4 2022, 6:55 PM
Aklapper added a project: Temporary accounts.May 4 2022, 9:15 PM
DannyS712 subscribed.May 4 2022, 9:19 PM

There is a Legal directive to move away from storing and publishing IP addresses on Wikimedia sites for all users.

This is the first I've heard of a directive not to store IP addresses - is this correct? How will users with advanced rights be able to unveil the IP if it is not stored?

Stang subscribed.May 6 2022, 3:33 PM
SCP-2000 subscribed.May 6 2022, 4:00 PM
LNguyen reassigned this task from Jenlenfantwright to TAdeleye_WMF.May 12 2022, 6:43 PM
LNguyen removed a subscriber: Jenlenfantwright.May 12 2022, 6:48 PM
Prtksxna subscribed.May 16 2022, 9:55 AM
Aklapper added a comment.Jul 5 2022, 10:13 PM

@lbowmaker / @TAdeleye_WMF: Would you have more info / a link to share for DannyS712, please? Thanks!

daniel subscribed.Jul 6 2022, 8:16 AM
In T307617#7905112, @DannyS712 wrote:

There is a Legal directive to move away from storing and publishing IP addresses on Wikimedia sites for all users.

This is the first I've heard of a directive not to store IP addresses - is this correct? How will users with advanced rights be able to unveil the IP if it is not stored?

I can't tell you what the current plan is, but my understanding from the discussion last year is that we'll rely on IPs stored tenmporarily in RecentChanges (30 days) and by CheckUser (90 days, iirc). After that, the IP associated with an edit will be gone. I personally think that's a fair and workable compromize. If need be, we could tune the storage period. As far as I understand, the important thing is to no longer require the IP to be stored forever.

LNguyen moved this task from Inbox to Problem Statement Review on the tech-decision-forum board.Oct 6 2022, 1:55 AM
Niharika closed this task as Resolved.Dec 2 2022, 2:42 AM

We have received feedback on our approach through the Tech Decision Forum process. I'm going to close this ticket. Please feel free to reopen if I've missed something.

Stang unsubscribed.Dec 5 2022, 10:33 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL