Hello,

After looking into the documentation and the code this is my summary:

GlobalBlocking only blocks IPs and range

We might want to upgrade the extension to:

• block temporary account users (and display their related IPs as seen on T324602)
• block registered users as wished by the community in T17294

and if so, it would come with an update of the following:

• Database fields anonOnly
• API fields anonOnly
• Global Blocking Error messaging for all types of users.
• GlobalBlocking user rights/permissions to enable show IPs
• Documentation, "anon only"

Use of IPs

The IP is being used on the Special:GlobalBlock.
It's also shown on Special:GlobalBlockList and on Special:BlockList.

->isAnon (x2)

includes/GlobalBlocking.php



use Wikimedia\IPUtils (x6)
includes/Api/ApiQueryGlobalBlocks.php
includes/GlobalBlocking.php
includes/GlobalBlockingHooks.php
includes/Special/SpecialGlobalBlockList.php
includes/Special/SpecialGlobalBlockStatus.php
includes/Special/SpecialRemoveGlobalBlock.php



Hope this helps!

Thanks for this analysis, @AGueyte

We might want to upgrade the extension to:

• block temporary account users (and display their related IPs as seen on T324602)
• block registered users as wished by the community in T17294

These will be a fair amount of work, so I suspect maybe not MVP but perhaps something to work on in the future... What do you think @Niharika?

The IP is being used on the Special:GlobalBlock.
It's also shown on Special:GlobalBlockList and on Special:BlockList.

This is fine - we will continue to allow IP blocking on Special:Block, and show blocked IPs on Special:BlockList too.

->isAnon (x2)
[...]


use Wikimedia\IPUtils (x6)
[...]

Thanks for highlighting these. Do any of these use-cases look like they need updating, or do they look like they'll still work after temporary accounts are enabled?

Hello, thanks for this.

->isAnon
Global blocking of an IP will not be impacted by temp user.

->isAnon is looking if the user is registered, i.e. has a user_id.
Temp accounts have an id, therefore, a temporary account will not be considered an anon user.
In fact, trying to block a temp account will result in an error:
"The IP address (*Unregistered 10) you entered is invalid. Please note that you cannot enter a username!"

IPUtils
It won't be impacted as the form only accepts IPs.

Thanks @AGueyte . I'll leave this open for @Niharika to look over, in case we want to do any follow-up work.

Adding here a behavior also seen on Special:BlockList, as a logged-out user, I get to see in Special:Log the IPs or user Globally Blocked

In T331751#8742451, @AGueyte wrote:

Adding here a behavior also seen on Special:BlockList, as a logged-out user, I get to see in Special:Log the IPs or user Globally Blocked

Thanks. I guess it would be possible to infer IP addresses related to temporary accounts via this log. @Niharika @Dreamy_Jazz Do you know if we have a similar concern for registered accounts and IP addresses that have been looked up via CheckUser, where both end up being blocked?

Yes this is a concern. The way it is "got around" is by asking a different user to block or by spacing out the blocks. This isn't too ideal and a task is open to find a solution for this kind of problem, but so far I've not been able to see one.