Page MenuHomePhabricator
Create Task
Maniphest T347280

Log submissions of incident reports via MediaWiki logging system
Open, Needs TriagePublic
Actions

Description

Typically, when a user performs an action on MediaWiki, application code logs that action to the MediaWiki logging database table. Those logs are then accessible at Special:Log, e.g. https://en.wikipedia.org/wiki/Special:Log

For incident reports, we wouldn't want to create a public log entry, because this could be a vector for further abuse and harassment of the individual filing a report.

But for transparency, to help identify people who are misusing the report submission system, and to reduce the amount of vandalism/abuse/spam sent via the report system, it would be useful to have a private log action and type associated with filing an incident report. We would then grant the right to view these log types and actions to specific user groups. This can be configured on a per-wiki basis.

Questions

  • Do we want to do this for the MTP?
  • What should be included in the log message? (e.g. we probably only need a minimal amount of information: "User A submitted an incident report" and not the details of what was in the report, nor who the report was filed about)

Event Timeline

kostajh created this task.Sep 25 2023, 11:24 AM
Restricted Application added a project: Trust and Safety Tools Team Backlog. · View Herald TranscriptSep 25 2023, 11:25 AM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
JayCano edited projects, added Trust and Safety Product Team; removed Trust and Safety Tools Team Backlog.Aug 28 2024, 3:11 PM
kostajh added a comment.Nov 6 2024, 2:11 PM

@Madalina this is a question for you to answer.

kostajh moved this task from Backlog to Triaged on the Incident-Reporting-System board.Nov 6 2024, 2:12 PM
Madalina added a comment.Nov 8 2024, 5:59 PM

So what will we be logging exactly? Just the username ? And are we talking about logging when they click the report button or just the actual submissions of reports?

With the MVP users will only be able to file reports for emergency situations so I expect the number of people who can view this logs will be very limited.

kostajh added a comment.Nov 11 2024, 9:24 AM
In T347280#10304892, @Madalina wrote:

So what will we be logging exactly? Just the username ? And are we talking about logging when they click the report button or just the actual submissions of reports?

I think that's up to you to decide, along with community input from people who would be viewing such logs.

With the MVP users will only be able to file reports for emergency situations so I expect the number of people who can view this logs will be very limited.

Yeah. I'd suggested talking to Stewards about what their preferences are for this task. In the meantime, we don't need to do this for the December pilot.

Madalina added a comment.Nov 12 2024, 4:51 PM

Sounds good. Let's see if we can get to it in the next release.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits