Page MenuHomePhabricator

Update WMDE Engineering-owned products that may be affected by IP Masking
Open, Needs TriagePublic

Description

IP Masking will affect lots of our products, features, tools, gadgets, etc. This task is for tracking work to update those that are owned by WMDE Engineering, ahead of IP Masking being enabled on WMF sites.

See T326816: Update features for temporary accounts, particularly What will be affected.

A preliminary investigation (T326759) has found that the following may be affected:

WMDE-TechWish

  • AdvancedSearch 921472
  • FileImporter ( does not need adjustments )
  • RevisionSlider 921540
  • TwoColConflict 921542

Wikidata (tracked in T328454: [TECH][IPM] Investigate ramifications of IP masking on Wikidata related extensions

  • EntitySchema
  • WikibaseLexeme
  • Wikibase
  • WikibaseQualityConstraints

Related Objects

StatusSubtypeAssignedTask
In ProgressNiharika
OpenNone
OpenNone
ResolvedItamarWMDE
OpenNone
ResolvedMichael
ResolvedLucas_Werkmeister_WMDE
ResolvedLucas_Werkmeister_WMDE
ResolvedArian_Bozorg
ResolvedArian_Bozorg
ResolvedArian_Bozorg
ResolvedArian_Bozorg
ResolvedArian_Bozorg
ResolvedArian_Bozorg
ResolvedArthurTaylor
ResolvedArian_Bozorg
ResolvedArian_Bozorg
ResolvedArian_Bozorg
ResolvedArian_Bozorg
ResolvedArian_Bozorg
ResolvedArian_Bozorg
ResolvedArian_Bozorg
DeclinedNone
ResolvedArian_Bozorg
ResolvedArian_Bozorg
ResolvedArian_Bozorg
ResolvedLydia_Pintscher
ResolvedArian_Bozorg
ResolvedNone
OpenNone
ResolvedArthurTaylor
ResolvedArian_Bozorg
ResolvedLucas_Werkmeister_WMDE
OpenNone
ResolvedArian_Bozorg
ResolvedArian_Bozorg
ResolvedArian_Bozorg
ResolvedArian_Bozorg
ResolvedArthurTaylor
ResolvedArthurTaylor
ResolvedArthurTaylor
ResolvedArthurTaylor
ResolvedArian_Bozorg
ResolvedArian_Bozorg
ResolvedLucas_Werkmeister_WMDE
ResolvedArian_Bozorg
ResolvedLucas_Werkmeister_WMDE
ResolvedArian_Bozorg
ResolvedArian_Bozorg
ResolvedArian_Bozorg
ResolvedArian_Bozorg
ResolvedArian_Bozorg
ResolvedArian_Bozorg
ResolvedDima_Koushha_WMDE

Event Timeline

Created a followup task for the Wikidata team T328454

Change 921472 had a related patch set uploaded (by WMDE-Fisch; author: WMDE-Fisch):

[mediawiki/extensions/AdvancedSearch@master] Adjust check for registered users

https://gerrit.wikimedia.org/r/921472

Change 921540 had a related patch set uploaded (by WMDE-Fisch; author: WMDE-Fisch):

[mediawiki/extensions/RevisionSlider@master] Skip user setting for unnamed users

https://gerrit.wikimedia.org/r/921540

Change 921542 had a related patch set uploaded (by WMDE-Fisch; author: WMDE-Fisch):

[mediawiki/extensions/TwoColConflict@master] Skip user setting for unnamed users

https://gerrit.wikimedia.org/r/921542

Change 921542 merged by jenkins-bot:

[mediawiki/extensions/TwoColConflict@master] Skip user setting for unnamed users

https://gerrit.wikimedia.org/r/921542

Change 921472 merged by jenkins-bot:

[mediawiki/extensions/AdvancedSearch@master] Adjust check for registered users

https://gerrit.wikimedia.org/r/921472

Change 921540 merged by jenkins-bot:

[mediawiki/extensions/RevisionSlider@master] Skip user setting for unnamed users

https://gerrit.wikimedia.org/r/921540

Change 929636 had a related patch set uploaded (by WMDE-Fisch; author: WMDE-Fisch):

[mediawiki/extensions/AdvancedSearch@master] Use isNamed for the user option

https://gerrit.wikimedia.org/r/929636

Change 929636 merged by jenkins-bot:

[mediawiki/extensions/AdvancedSearch@master] Use isNamed for the user option

https://gerrit.wikimedia.org/r/929636

There is a whole bunch of API endpoints and Special Pages on the Wikidata side of things that do changes that currently cause an anon user's IP address to be logged and displayed. Many, but not all of them go through repo/includes/EditEntity/MediaWikiEditEntity.php and I guess WIP example: Create a temporary user from ApiSetClaim (I57075e88) outlines the fundamental work that will need to be done, eventually.

@Tchanders: It is still unclear to me what the general plan is for moving forward with them. Or where the overall effort for this is being coordinated. I really would appreciate some pointers here if you can provide them 🙏.

Noting my confusion about a bunch of things in more detail, doesn't have to be cleared up here, but probably answers should exist at some point somewhere:
I see T349219: [M] Investigate: Which workflows create an IP actor?, but is this for doing due diligence that no workflow is being overlooked, or is that for creating a list to actually do the work? I saw T340540#9201679 which seems looks like we need to touch every current and future editing-related endpoint for this. I also saw T336187: [S] Investigate: Creating temp user on non-EditPage actions, but I'm unsure what specifically follows from that.

If we miss an endpoint, is there some safety-mechanism planned/implemented that ensures that requests fail that would create a ip-edit/change without also creating a temporary account?

The task T325592: Start a technical documentation page for IP Masking sounds like it might help, but it has not seen any movement since it was created roughly a year ago.

Thanks for the question @Michael - we are drafting a follow-up communication to send round about this, which should hopefully add a load of clarification. I'll try to provide some answers in the meantime below.

@Tchanders: It is still unclear to me what the general plan is for moving forward with them. Or where the overall effort for this is being coordinated. I really would appreciate some pointers here if you can provide them 🙏.
[...]
I see T349219: [M] Investigate: Which workflows create an IP actor?, but is this for doing due diligence that no workflow is being overlooked, or is that for creating a list to actually do the work?

The work will be co-ordinated via this task: T349129: [Epic] Workflows that create an IP (anon) actor should create a temporary user actor instead. We're expecting to add some more subtasks as a result of T349219: [M] Investigate: Which workflows create an IP actor?, which will be our attempt to find affected cases. But we don't expect to find them all, so we'll also ask other teams to check their features and file tasks there too.

In terms of co-ordinating timing and roadmaps between teams, this is something that @TAdeleye_WMF has been working on.

I saw T340540#9201679 which seems looks like we need to touch every current and future editing-related endpoint for this. I also saw T336187: [S] Investigate: Creating temp user on non-EditPage actions, but I'm unsure what specifically follows from that.

Each endpoint will need updating separately. (I think this is the logical conclusion of how MW is architected, by calling out to individual handlers that do everything - e.g. permissions checks, rate limits, logging, etc - distally.)

We will provide clear steps for what to do, which modules and traits can be included, etc. We'll add it to the documentation page (more on that below) and add it to the communication.

If we miss an endpoint, is there some safety-mechanism planned/implemented that ensures that requests fail that would create a ip-edit/change without also creating a temporary account?

The safety mechanism goes the other way - it will throw an error on attempting to create an IP actor, so the action won't complete until the pathway is fixed: T345578: Ensure that an IP address cannot be saved permanently if IP Masking is enabled.

This will likely be a way of finding missed cases, but at first we'll monitor for this log entry when IP actors are created: T349891: [S] Add some kind of logging when an actor is created with an IP address, to try to stay ahead.

The task T325592: Start a technical documentation page for IP Masking sounds like it might help, but it has not seen any movement since it was created roughly a year ago.

Our technical documentation lives here: https://www.mediawiki.org/wiki/Help:Temporary_accounts/How_it_works - it looks like that task wasn't updated when we added that.

@Tchanders Thank you so much for those details! This helps us a lot with planning the next steps better 🙏