Page MenuHomePhabricator
Create Task
Maniphest T357682

Investigate: Is AbuseFilter in accordance with the IP address reveal policy
Open, Needs TriagePublic
Actions

Description

Background

The IP access policy can be read here: https://foundation.wikimedia.org/wiki/Policy:Access_to_temporary_account_IP_addresses

Who can see IP addresses automatically

It states that some groups of users may have access to see IP addresses without opting in (stewards and checkusers at the time of writing).

AbuseFilter exposes IP addresses of logged-in users to certain users. We'd like to know whether this is consistent with the policy.

How long are IP addresses stored?

The policy also states that IP addresses are stored for a short duration (90 days at the time of writing).

AbuseFilter has a maintenance script for purging IP address data. We'd like to know if this is run consistently with the policy.

What we'd like to know
  • Which user groups can see IP addresses of registered users via AbuseFilter?
  • Do we need any permissions changes to be consistent with the policy?
  • How regularly is maintenance/PurgeOldLogIPData.php run?
  • How long does AbuseFilter keep IP data for?

Related Objects
Search...

Event Timeline

Tchanders created this task.Feb 15 2024, 3:31 PM
Tchanders mentioned this in T331653: Investigate: Update AbuseFilter for IP Masking.Feb 15 2024, 3:34 PM
Urbanecm_WMF subscribed.Feb 16 2024, 11:37 AM
In T331653#9547009, @Tchanders wrote:
  • Find out how regularly maintenance/PurgeOldLogIPData.php runs and how long we keep data, and add the answers to T357682.

According to Puppet, the script runs daily at 01:15 UTC. If you wanna verify that, logs in mwmaint2002:/var/log/mediawiki/mediawiki_job_purge_abusefilteripdata will be your friend.

  • Find out which permissions you need to see the IP addresses stored in afl_ip, and which groups have those permissions, and add the answers to T357682.

The abusefilter-privatedetails permission, which is granted to CheckUsers only (on their respective projects) and globally to the Stewards, Ombuds and authorized WMF personnel (+staff global group). In addition to that, the +sysadmin global group can self-assign this (or any other) permission at any point.

Dreamy_Jazz renamed this task from Investigate: Is AbuseFilter in accordance with the IP to Investigate: Is AbuseFilter in accordance with the IP address reveal policy.Feb 16 2024, 12:18 PM
STran added a comment.Feb 16 2024, 2:15 PM

Somewhat related, but this question came up during the broad AbuseFilter investigation and it seems relevant.

AbuseFilter currently logs IP addresses for anyone who triggers a filter. What do we do about this, if anything?

Anyone also includes accounts. I wonder if this is okay, as I don't think it's necessarily sharing these IPs and it makes sense that AbuseFilter would need to know both an account name and an IP so that it can block unwanted actions from logged in users but I'm flagging it here just in case.

Three_Sixty subscribed.Feb 19 2024, 1:17 AM
Johannnes89 subscribed.Fri, Apr 26, 3:07 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL