Page MenuHomePhabricator
Create Task
Maniphest T328718

[IP Masking] Do not show logged-in version of Special:CreateAccount page to temp accounts
Open, MediumPublic
Actions

Assigned To
None
Authored By
RHo
Feb 2 2023, 11:16 PM
Tags
Referenced Files
F36687914: image.png
Feb 2 2023, 11:16 PM
F36687901: image.png
Feb 2 2023, 11:16 PM
F36687899: image.png
Feb 2 2023, 11:16 PM
F36687895: image.png
Feb 2 2023, 11:16 PM
Subscribers
Aklapper
KStoller-WMF
Prtksxna
RHo
Tchanders

Description

User story

As an unregistered editor who has decided to create an account understanding it will not be tied to my unregistered edits,
I want assurance that my new account identity is separate,
So that I can be assured about my anonymity.

Problem(s)

Currently the temp account is being shown the version of Special:CreateAccount page for logged in users.

01. Navigate to Special:CreateAccount in temp user state with unexpected fields (send temp password to email, rationale)google translated de betalabs version
image.png (1×1 px, 466 KB)
02. Filled in with new account
image.png (1×1 px, 425 KB)
03. Person is now logged in as new account in Newcomer homepage welcome survey
image.png (1×1 px, 386 KB)
04. Going to Special:Log?type=newusers and it is shown publicly that *Unregistered_2828 created the account
image.png (1×2 px, 410 KB)
Proposed solution
  • Show a specific version of Special:CreateAccount for temp accounts which does not ask for a rationale, and doesn't have the send a temp password to an email field.
  • Do not show the unregistered account that created the new account in Special:Log&page=&tagfilter=&type=newusers

Related Objects
Search...

Event Timeline

RHo created this task.Feb 2 2023, 11:16 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptFeb 2 2023, 11:16 PM
Tchanders added a project: Anti-Harassment.Feb 20 2023, 3:57 PM
Tchanders subscribed.
Tgr moved this task from Inbox to Triaged on the Growth-Team board.Feb 21 2023, 5:47 AM
Tchanders added a comment.Feb 21 2023, 3:22 PM

Going to Special:Log?type=newusers and it is shown publicly that *Unregistered_2828 created the account

One danger here is that the IP addresses of temporary accounts are available more widely than the IP addresses of registered accounts. (Admins and patrollers will be able to access them.) By linking a temporary and a registered account, we are exposing the IP addresses of that registered account more widely.

Prtksxna subscribed.Mar 6 2023, 10:55 AM
Umherirrender renamed this task from [IP Masking] Do not show logged-in version of Create:SpecialAccount page to temp accounts to [IP Masking] Do not show logged-in version of Special:CreateAccount page to temp accounts.Mar 29 2023, 7:43 PM
Umherirrender subscribed.Mar 29 2023, 7:45 PM

There is message "createacct-temp-warning" (The edits you made with your temporary account will not be carried over to your permanent one.), so only the temp password and the reason field should be removed and the auth process must not use the temp user to log

Umherirrender unsubscribed.May 1 2023, 12:14 PM
Urbanecm_WMF added a project: IP-Masking-Growth-Team.Aug 29 2023, 2:06 PM
KStoller-WMF moved this task from Triaged to Backlog on the Growth-Team board.Nov 2 2023, 5:47 PM
KStoller-WMF subscribed.

Moving this into the Growth team backlog, as I imagine this is a MVP release requirement.

KStoller-WMF triaged this task as Medium priority.Nov 7 2023, 8:24 PM
Tchanders mentioned this in T357498: Non-autocreated temp accounts creations do not appear in Special:Log.Feb 26 2024, 11:12 AM
kostajh added a subtask: T357498: Non-autocreated temp accounts creations do not appear in Special:Log.Feb 26 2024, 12:49 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL