Page MenuHomePhabricator

Add global contributions tool to CheckUser
Open, Needs TriagePublic



After Temporary accounts is live, external tools will have no way to query for IP ranges from public data. All new logged out edits will be made using temporary accounts, and thus the underlying IP only lives in CheckUser. However, the barrier to being able to see the IPs will be lowered, similar to before (because they're still "logged out"). The difference is some may not have the rights to view the IPs on one wiki, while they do on others, etc.

Local sysops can use Special:Contributions to query for edits from a given IP range. When we identify a vandalism spree on one wiki, it's not uncommon that it spreads to others. This is where stewards step in and block globally if it's causing harm across the farm.


Older tools that were relied on by Stewards and Global Sysops like Tool-Global-user-contributions and XTools will no longer be able to suit the needs of the global counter-vandalism community. T331546: Convert XTools globalcontribs and GUC to use authenticated API calls is about updating those tools to make authenticated API calls so they can continue to function, but this still would mean making 800+ separate requests to get the same results that before could be done in just 8 database queries. The time to check a range globally will go from a few seconds to significantly longer.

Proposed solution

We need a proper global contributions tool to be introduced into MediaWiki. Care should be taken to ensure IPs are only surfaced on wikis for which the user has the rights to view them. Since the data all lives in CheckUser, it seems fitting to implement it there, with a standard ContribsPager-like interface. There is T28957 which is about a dedicated extension, but that makes less sense now given it would have a hard dependency on CheckUser.

Note that this not T212779: Implement Global CheckUser, which has seen some pushback from the community. This task is about exposing only edits from temporary accounts across all wikis for which the IPs are already visible to the user.

Event Timeline

Perhaps a good candidate for the Wikimedia-Hackathon-2023. We won't be able to finish it but I'm betting we could get a proof-of-concept working.

Removing from Wikimedia-Hackathon-2023 as Dreamy Jazz and I concluded this is a tad too big for a three-day project, and also the IP masking project as a whole is still not "stable" per se, so it's probably best to wait. If anyone does want to work on this in the future, though, please ping me as I'd love to be a part of it!

For future reference:

On the WMF installation, we'll likely want to go by the dblists to UNION queries, such that we get a final set of revisions across all wikis that are sorted by timestamp. So the use of sections might be something we offer through a MW configuration setting, and for non-WMF installations or where there aren't dblists, we simply iterate through each project using SiteList or something. The idea here is to avoid making 800+ queries to each wiki on the farm, and instead reduce to however many sections there are (8 in the case of WMF). See the XTools implementation at