Page MenuHomePhabricator
Create Task
Maniphest T328454

[TECH][IPM] Investigate ramifications of IP masking on Wikidata related extensions
Closed, ResolvedPublic1 Estimated Story Points
Actions

Description

In T326908: Update WMDE Engineering-owned products that may be affected by IP Masking it was identified that upcoming work on IP masking might affect Wikidata related extensions, in particular:

  • EntitySchema
  • Wikibase
  • WikibaseLexeme
  • WikibaseQualityConstraints

It appears as though the time of rollout for this feature is October 2023 at the earliest (and unlikely to be on Wikidata at that date), however this is subject to change. Additionally, this list of extensions might not be fully exhaustive, and we should be watching out for any additional extensions that might be impacted by IP Masking.

For more information about the IP Masking project, please see: https://meta.wikimedia.org/wiki/IP_Editing:_Privacy_Enhancement_and_Abuse_Mitigation

In this Investigation, we would like the following questions to be addressed:

Product Related

  • How do these features affect change summaries and change dispatching to client wikis?
  • How do they affect changes made from client wikis when adding sitelinks?
  • What implications do IP masking have on editing workflows that involve wikidata bridge?

Technical

  • What kind of changes are there to used MediaWiki stable (or perhaps even unstable) interfaces?
  • Which code points in the extensions listed above would be affected?

Related Objects
Search...

Event Timeline

ItamarWMDE created this task.Jan 31 2023, 4:17 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJan 31 2023, 4:17 PM
ItamarWMDE updated the task description. (Show Details)Jan 31 2023, 4:18 PM
ItamarWMDE mentioned this in T326908: Update WMDE Engineering-owned products that may be affected by IP Masking.
Lydia_Pintscher added a project: Wikidata.Feb 1 2023, 7:06 PM
ItamarWMDE updated the task description. (Show Details)Feb 8 2023, 2:32 PM
ItamarWMDE added a comment.Feb 14 2023, 2:30 PM

Task Prio Notes:

  • Does not affect end-users \ production (as the investigation results do not directly affect users, but the engineers who will have to implement any compatibility fixes)
  • Does affect development efforts
  • Does not onboarding efforts
  • Affects additional stakeholders (as this feature will be prepared and deployed by other teams in the movement)
ItamarWMDE moved this task from Incoming to [DOT] Prioritized on the wmde-wikidata-tech board.Feb 14 2023, 2:30 PM
ItamarWMDE added a project: Wikidata Dev Team.
ItamarWMDE moved this task from Incoming to [DOT] Tech Backlog on the Wikidata Dev Team board.Feb 14 2023, 3:02 PM
ItamarWMDE updated the task description. (Show Details)Feb 15 2023, 8:16 AM
ItamarWMDE renamed this task from Investigate ramifications of IP masking on Wikidata related extensions to [SW] Investigate ramifications of IP masking on Wikidata related extensions.Feb 15 2023, 8:57 AM
ItamarWMDE added a comment.EditedFeb 15 2023, 10:04 AM

Story Writing Notes:

  • Add explanation on IP masking from metawiki.
Lydia_Pintscher moved this task from [DOT] Tech Backlog to Unified DOT Backlog on the Wikidata Dev Team board.Feb 15 2023, 10:38 AM
ItamarWMDE renamed this task from [SW] Investigate ramifications of IP masking on Wikidata related extensions to [IPM] Investigate ramifications of IP masking on Wikidata related extensions.Mar 14 2023, 1:34 PM
ItamarWMDE updated the task description. (Show Details)
Lucas_Werkmeister_WMDE mentioned this in T332079: [Session] IP Masking.Mar 23 2023, 10:47 AM
hoo subscribed.EditedMay 20 2023, 7:18 AM

Some thoughts I had during the wmhack session (T332079):

Two things that directly comes to my mind here there this might cause trouble is the link item feature (linking Wikidata items from the client) and Wikibase client's bridge. Link item is supposed to only be accessible to logged in users, both tools will need to "log in" on Wikidata (both using mediawiki.ForeignApi).

Especially interesting case here: User has no (temporary) account yet, uses one of the tools (shall we allow that?)… and gets a temporary account on Wikidata (does that work, will it (=the account login) propagate to the client wiki?).

WMDE-Fisch added a parent task: T326908: Update WMDE Engineering-owned products that may be affected by IP Masking.May 21 2023, 10:55 AM
Manuel subscribed.Jul 24 2023, 2:09 PM

I am monitoring this task as I would like to understand the consequences of IP Masking for analytics.

Lucas_Werkmeister_WMDE mentioned this in T342872: Only show pulsating dot to logged-in users.Jul 27 2023, 1:27 PM
ItamarWMDE renamed this task from [IPM] Investigate ramifications of IP masking on Wikidata related extensions to [TECH][IPM] Investigate ramifications of IP masking on Wikidata related extensions.Aug 2 2023, 2:16 PM
Michael subscribed.Aug 8 2023, 8:42 AM
Lucas_Werkmeister_WMDE subscribed.Aug 8 2023, 8:44 AM
karapayneWMDE set the point value for this task to 1.Aug 8 2023, 8:45 AM
karapayneWMDE subscribed.Aug 8 2023, 8:56 AM

Timebox 16 hrs broken into

  • 8 hr - Investigate places where Wikibase distinguishes between anonymous and registered users
  • 8 hr - Investigate behavior of temporary accounts with cross-wiki API actions
karapayneWMDE moved this task from Unified DOT Backlog to Sprint-∞ on the Wikidata Dev Team board.Aug 8 2023, 8:56 AM
karapayneWMDE edited projects, added Wikidata Dev Team (Sprint-∞); removed Wikidata Dev Team.
ItamarWMDE moved this task from Parents/Waiting to Todo/Backlog on the Wikidata Dev Team (Sprint-∞) board.Aug 9 2023, 7:18 PM
Michael moved this task from Todo/Backlog to Parents/Waiting on the Wikidata Dev Team (Sprint-∞) board.Aug 14 2023, 8:23 AM
Michael added subscribers: Arian_Bozorg, Lydia_Pintscher.Aug 15 2023, 12:15 PM

Very related and probably also important for Product sense-making around this: T337103: Decide a standard approach for classifying temporary, IP and registered users. cc @Arian_Bozorg @Lydia_Pintscher

Lucas_Werkmeister_WMDE mentioned this in T326816: Update features for IP Masking.Aug 28 2023, 9:20 AM
ItamarWMDE moved this task from [DOT] Prioritized to Ongoing on the wmde-wikidata-tech board.Aug 29 2023, 7:19 AM
Michael moved this task from Parents/Waiting to Product Verification on the Wikidata Dev Team (Sprint-∞) board.Sep 6 2023, 12:36 PM

See the child-tasks T343799 and T343800 for the results. Please take a look and let us know if you're missing something or need the information presented differently or anything.

Also, the upstream implementations seem to still see very active development, so it might make sense to wait for them to settle somewhat and not rush our development:

(this task should probably move on to tech-verification after product is happy)

Niharika subscribed.Sep 6 2023, 1:59 PM
Lydia_Pintscher moved this task from Product Verification to Tech Verification on the Wikidata Dev Team (Sprint-∞) board.Sep 7 2023, 11:19 AM

Thank you! Looking good. Moving this to tech verification.

ItamarWMDE moved this task from Tech Verification to Todo/Backlog on the Wikidata Dev Team (Sprint-∞) board.Sep 13 2023, 7:56 AM
Michael closed subtask T343799: [8 hr] Investigate places where Wikibase distinguishes between anonymous and registered users as Resolved.Sep 18 2023, 2:20 PM
Michael closed subtask T343800: [8 hr] Investigate behavior of temporary accounts with cross-wiki API actions as Resolved.
Michael moved this task from Todo/Backlog to Peer Review on the Wikidata Dev Team (Sprint-∞) board.Sep 18 2023, 2:24 PM

Results from the subtasks copied with slightly adjusted language to: https://wikitech.wikimedia.org/wiki/WMDE/Wikidata/Reports/2023/2023-09-18_Ramifications_of_IP_masking_on_Wikidata_related_extensions

@Lucas_Werkmeister_WMDE please let me know what you think of the overall report and my adaption of your parts in particular.

FTR: That writeup took another two hours.

Lucas_Werkmeister_WMDE added a comment.Sep 22 2023, 1:39 PM

Looks great to me, thank you! (I’ve made a few small edits to the page.)

Michael moved this task from Peer Review to Tech Verification on the Wikidata Dev Team (Sprint-∞) board.EditedSep 26 2023, 10:54 AM

The edits look good to me, thanks!

Manuel added a comment.Sep 26 2023, 12:49 PM

If I understand IP masking correctly, the goal is to get rid of IPs as public identifiers. Instead we will use cookie-based "temporary accounts" as public identifiers. These are independent of the IP. I have two questions about this:

  1. This seems feasible for browser-based editing. But what about API-based editing? Can non-logged-in users currently edit using our APIs? (I hope not, as it does not sound like a good idea. xD) How will/should this work in the future?
  1. For Wikidata Analytics I got the impression that we will still store IPs internally, so nothing should change from an analytics perspective. Is that correct?
Michael added a comment.Sep 26 2023, 2:47 PM
In T328454#9199247, @Manuel wrote:

If I understand IP masking correctly, the goal is to get rid of IPs as public identifiers. Instead we will use cookie-based "temporary accounts" as public identifiers. These are independent of the IP. I have two questions about this:

  1. This seems feasible for browser-based editing. But what about API-based editing? Can non-logged-in users currently edit using our APIs? (I hope not, as it does not sound like a good idea. xD) How will/should this work in the future?

Yes they can. The edits made from entity pages are made via API calls from javascript, that includes edits from users that are not logged in.
The details how that will work in the future will need to be figured out. I guess the API response will include some info about the created account?

  1. For Wikidata Analytics I got the impression that we will still store IPs internally, so nothing should change from an analytics perspective. Is that correct?

We will still store the IPs internally, also for anti-abuse measures. With temporary accounts, I could see new types of queries coming the table of analytics with respect to the behavior of anonymous editors, now that we sometimes have a better way to associate edits with the same editor over time than relying on IPs.

ItamarWMDE closed this task as Resolved.Sep 26 2023, 5:15 PM
ItamarWMDE claimed this task.
ItamarWMDE moved this task from Tech Verification to Our work done on the Wikidata Dev Team (Sprint-∞) board.

Thanks for the investigation and for summarizing your findings. I'll resolve this, and we can discuss a future followup with product managers.

Restricted Application added a project: User-ItamarWMDE. · View Herald TranscriptSep 26 2023, 5:15 PM
Lydia_Pintscher mentioned this in T351968: Update Wikidata-related extensions for IP Masking.Nov 26 2023, 12:40 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL