Currently, sysops have access to the IP info log (rOMWC9886463a1fba: Add IPInfo viewing rights for certain groups). This access can be exploited to determine IP addresses that a checkuser (or other users with access to account IP addresses) views, thus leaking checkuser data.
Example 1:
- A CheckUser reviews a SPI and notes that they will be making a check.
- The CU performs checks and views IP Info while doing so.
- The CU blocks or reports findings for the accounts in the SPI.
- A sysop can now correlate the IP info logs to determine IP contributions that the CU viewed.
Example 2:
- A account creation team member (confidentiality agreement required) views the IP Info for the IP associated with an account request.
- They then create the requested account.
- A sysop can now correlate the IP info logs with the account creation logs to determine IP for the created account.
These cases are exacerbated by the fact that users can unintentionally view IP info data since the infobox will remain uncollapsed once toggled to uncollapsed.