Page MenuHomePhabricator
Create Task
Maniphest T375086

Bring IP Info access permissions to parity with the IP Reveal feature
Open, In Progress, Needs TriagePublic
Actions

Description

Motivation

IP Info presently has two access levels:

  1. View-basic: Limited data access. Available to auto confirmed users and above.
  2. View-full: Complete data access. Available to admins and above.

This access permission structure was created when we did not have a notion of how the IP Reveal feature might work in the future.

Now we have an access policy for granting patrollers on a project access to IP addresses to combat vandalism. This group consists of users whose:

  • User account is a minimum of 6 months old
  • User account has made a minimum of 300 edits to the local project
  • User account has been explicitly granted the permission to view IPs by an admin or steward

It makes sense for this group of users to have access to IP Info view-full right so that they can access information that is useful to their patrolling workflows before they need to reveal the IP address itself.

Users who do not meet the above access policy are likely not patrollers and probably do not need IP-address related information for their work.

Proposed plan

With the above factors in mind, I propose we:

  • Remove ipinfo-view-basic right entirely and have just one access level ipinfo-view-full for the sake of simplicity
  • Allow anyone who meets the access policy for revealing IP addresses to be able to opt-in to viewing IP Info

Note: There is an open question about how would global opt-in for IP Info work. Let's tackle that in T298977: Make it possible to set the IPInfo user preference globally.

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
Update IPInfo access levelsoperations/mediawiki-configmaster+36 -28
Unify IPInfo access levelsmediawiki/extensions/IPInfomaster+105 -401
Unify IPInfo access levelsoperations/mediawiki-configmaster+16 -14
Grant automatic IPInfo access if temp users are not knownmediawiki/extensions/WikimediaEventsmaster+223 -1
Customize query in gerrit

Related Objects
Search...

StatusSubtypeAssignedTask
 DeclinedNoneT261555 Allow CheckUser to provide IP addresses for logged in edits/actions
 ResolvedkostajhT285977 IP Info
 ResolvedNiharikaT287648 Reviews and deployment
 ResolvedTchandersT260597 Deploy IP Info extension to all wikis (as a beta feature)
 ResolvedNiharikaT261372 Replace mock data returned from API endpoint with live data
 ResolvedDzahnT288844 Update MaxMind GeoIP2 license key and product IDs for application servers
 ResolvedBUG REPORTClement_GoubertT288375 IPInfo MediaWiki extension depends on presence of maxmind db in the container/host
 ResolvedSpikeNiharikaT263637 Determine on which pages IPInfo should be available
 ResolvedNiharikaT292755 Epic: IP Info access
 ResolvedSTranT296499 Grant certain groups the ipinfo-view-full right
 ResolvedTchandersT260598 Deploy IP Info extension to test.wikipedia.org
 ResolvedTchandersT260599 Deploy IP Info extension to beta cluster
 ResolvedsbassettT262963 Security Readiness Review For geoip2/geoip2
 ResolvedDec 15 2020TchandersT266136 Update CI config once geoip2 is available
 ResolvedTchandersT269475 Add geoip2/geoip2 library to mediawiki/vendor
 ResolvedTchandersT260602 Complete the necessary reviews for the IP Info extension
 InvalidNoneT260601 Remove the static mock data from the popup and make a request to the API endpoint for dynamic mock data
 ResolvedSep 22 2020TchandersT260603 Create an API endpoint that accepts a log id or revision id and returns mock data about the IP address
 ResolvedSep 22 2020TchandersT260604 Display a popup with fixed mock data for an IP address on the specified page(s)
 ResolvedTchandersT260605 Add IP Info extension to translatewiki.net
 ResolveddbarrattT260607 Deploy the IP Info extension to The Good Place
 ResolvedTchandersT260609 Create a basic extension.json file and a new wikipage for the IP Info extension
 ResolveddbarrattT260611 Request a repository for the IP Info Extension
 ResolvedTchandersT260610 Request the necessary reviews of the IP Info extension
 ResolvedsbassettT260822 Security review of IP Info extension
 ResolvedNiharikaT260821 Performance review of IP Info extension
 InvalidNoneT270347 Remove 'ipinfo' right from administrators on the Beta Cluster
 ResolvedkostajhT309318 Can global sysops have ipinfo-view-full and ipinfo-view-log access?
 OpenNoneT395566 IPInfo: Release version 1.0.0
 In ProgressmszwarcT375086 Bring IP Info access permissions to parity with the IP Reveal feature
 OpenNoneT413771 Deploy temporary accounts to Russian Wikipedia

Event Timeline

There are a very large number of changes, so older changes are hidden. Show Older Changes
gerritbot added a comment.Oct 17 2024, 2:24 PM

Change #1081176 had a related patch set uploaded (by Máté Szabó; author: Máté Szabó):

[mediawiki/extensions/IPInfo@master] Unify IPInfo access levels

https://gerrit.wikimedia.org/r/1081176

gerritbot added a project: Patch-For-Review.Oct 17 2024, 2:24 PM
mszabo moved this task from In Progress to Needs review on the Trust and Safety Product Sprint (Sprint Cello (Oct 7 - 18)) board.Oct 17 2024, 9:03 PM
gerritbot added a comment.Oct 18 2024, 8:33 AM

Change #1081370 had a related patch set uploaded (by Máté Szabó; author: Máté Szabó):

[operations/mediawiki-config@master] Unify IPInfo access levels

https://gerrit.wikimedia.org/r/1081370

Niharika mentioned this in T373818: [Epic] Guidance for discovery of IP Reveal feature.Oct 18 2024, 9:42 AM
Tchanders moved this task from Inbox to In progress on the Temporary accounts board.Oct 21 2024, 9:38 AM
Johannnes89 subscribed.Oct 21 2024, 5:58 PM
SCP-2000 subscribed.Oct 26 2024, 1:06 AM
kostajh edited projects, added Trust and Safety Product Sprint (Sprint Accordion October 28 - November 15); removed Trust and Safety Product Sprint (Sprint Cello (Oct 7 - 18)).Oct 28 2024, 11:04 AM
kostajh moved this task from Priority Backlog to Needs review on the Trust and Safety Product Sprint (Sprint Accordion October 28 - November 15) board.
kostajh changed the task status from In Progress to Stalled.Oct 30 2024, 12:20 PM

Pending Legal review / approval.

Niharika changed the task status from Stalled to In Progress.Nov 4 2024, 6:43 PM

We have now been unblocked by Legal with the relevant policy change being updated: https://foundation.wikimedia.org/wiki/Legal:IP_Information_tool_guidelines

mszabo added a comment.Nov 4 2024, 9:03 PM

QA Notes

  • Verify that an user group with just the ipinfo right assigned has full access to the IP information tool, after accepting the data use agreement.
  • Verify that IP info access log entries in this setup are logged as full access, whereas historical entries logged before this change continue to differentiate between full and limited access.
kostajh mentioned this in T355393: Provide fallbacks when source is missing data.Nov 8 2024, 3:41 PM
kostajh mentioned this in T355392: Confirm and update what information IPInfo users should be able to see.
Tchanders edited projects, added Trust and Safety Product Sprint (Sprint Gong (November 18 - December 6)); removed Trust and Safety Product Sprint (Sprint Accordion October 28 - November 15).Nov 18 2024, 11:43 AM
Tchanders moved this task from Priority Backlog to Needs review on the Trust and Safety Product Sprint (Sprint Gong (November 18 - December 6)) board.
Tchanders edited projects, added Temporary accounts (Major pilot wiki deployment); removed Temporary accounts.Nov 20 2024, 6:39 PM
Tchanders moved this task from Backlog to Planned on the Temporary accounts (Major pilot wiki deployment) board.Dec 5 2024, 4:49 PM
kostajh edited projects, added Trust and Safety Product Sprint (Sprint Chimes (Dec. 9 - Jan. 17)); removed Trust and Safety Product Sprint (Sprint Gong (November 18 - December 6)).Dec 9 2024, 9:30 PM
kostajh moved this task from Priority Backlog to Needs Review on the Trust and Safety Product Sprint (Sprint Chimes (Dec. 9 - Jan. 17)) board.
Restricted Application added a project: Trust and Safety Product Team. · View Herald TranscriptDec 9 2024, 9:30 PM
mszabo mentioned this in T354860: Don't make request to ipoid if user only has ipinfo-view-basic.Dec 11 2024, 4:41 PM
Tchanders changed the task status from In Progress to Stalled.Dec 13 2024, 3:09 PM
Tchanders edited projects, added Trust and Safety Product Sprint; removed Trust and Safety Product Sprint (Sprint Chimes (Dec. 9 - Jan. 17)).
Tchanders subscribed.

Blocked on T325451.

Restricted Application removed a project: Trust and Safety Product Team. · View Herald TranscriptDec 13 2024, 3:09 PM
Dreamy_Jazz mentioned this in T383391: Remove feature flag for showing temporary accounts onboarding dialog.Jan 10 2025, 11:34 AM
Xaosflux subscribed.Feb 3 2025, 11:04 PM

Let me know if this user story can be covered here, of if it needs another feature request.

User story: I've enabled IP Information in my global preferences, and have already agreed to the terms at least once. I don't want to have to go through the identical agreement process on each of our hundreds of projects individually to use this tool on each project.

Dreamy_Jazz added a subtask: T373818: [Epic] Guidance for discovery of IP Reveal feature.Feb 6 2025, 6:04 PM
Dreamy_Jazz removed a subtask: T373818: [Epic] Guidance for discovery of IP Reveal feature.Feb 6 2025, 6:11 PM
Dreamy_Jazz added a parent task: T383391: Remove feature flag for showing temporary accounts onboarding dialog.Feb 6 2025, 6:16 PM
Dreamy_Jazz mentioned this in T345639: Blocked users should not be allowed to view IP addresses.Feb 11 2025, 3:44 PM
Xaosflux added a comment.Feb 19 2025, 12:38 AM
In T375086#10519312, @Xaosflux wrote:

Let me know if this user story can be covered here, of if it needs another feature request.

User story: I've enabled IP Information in my global preferences, and have already agreed to the terms at least once. I don't want to have to go through the identical agreement process on each of our hundreds of projects individually to use this tool on each project.

@Niharika - could you comment on the scope of this?

Johannnes89 added a comment.EditedFeb 19 2025, 11:30 AM
In T375086#10519312, @Xaosflux wrote:

User story: I've enabled IP Information in my global preferences, and have already agreed to the terms at least once. I don't want to have to go through the identical agreement process on each of our hundreds of projects individually to use this tool on each project.

+1, I mentioned this in 2023, it's really annoying that we still need to manually check "I agree to use this tool in accordance with the IP Information tool guidelines" in every project instead of offering this option via Special:GlobalPreferences.

T385701, T385698 and T298977 appear to be the tickets related to this request.

Dreamy_Jazz mentioned this in T387550: IP reveal guidance dialog: Do not show IPInfo checkbox if user does not have appropriate IPInfo rights.Feb 28 2025, 11:49 AM
Dreamy_Jazz mentioned this in T309318: Can global sysops have ipinfo-view-full and ipinfo-view-log access?.Feb 28 2025, 5:45 PM
Dreamy_Jazz added a parent task: T309318: Can global sysops have ipinfo-view-full and ipinfo-view-log access?.
kostajh changed the task status from Stalled to Open.Mar 19 2025, 11:44 AM
In T375086#10403263, @Tchanders wrote:

Blocked on T325451.

Clarification now exists in https://phabricator.wikimedia.org/T325451#10651235

Niharika added a comment.Mar 25 2025, 10:37 AM

@Xaosflux @Johannnes89 that user story makes sense to include and has been OK'd by Legal. Thanks for your patience on this as we were waiting for the dust to settle on the new proposed thresholds requirements.

Niharika updated the task description. (Show Details)Mar 25 2025, 12:35 PM
Yoshi24517 subscribed.Mar 25 2025, 11:06 PM
Tchanders moved this task from Planned to In progress on the Temporary accounts (Major pilot wiki deployment) board.Apr 30 2025, 4:20 PM
gerritbot added a comment.May 7 2025, 1:04 PM

Change #1143079 had a related patch set uploaded (by Máté Szabó; author: Máté Szabó):

[mediawiki/extensions/WikimediaEvents@master] Grant automatic IPInfo access if temp users are not known

https://gerrit.wikimedia.org/r/1143079

gerritbot added a comment.May 12 2025, 10:39 AM

Change #1143079 abandoned by Máté Szabó:

[mediawiki/extensions/WikimediaEvents@master] Grant automatic IPInfo access if temp users are not known

Reason:

We'll be taking a different approach.

https://gerrit.wikimedia.org/r/1143079

Tchanders edited projects, added Temporary accounts (Global wiki rollout); removed Temporary accounts (Major pilot wiki deployment).May 13 2025, 12:29 PM

I'm removing this as a major pilots blocker, since we're taking a different approach.

I'll conservatively add it as a full rollout blocker, but we can discuss this more later.

gerritbot added a comment.May 16 2025, 11:46 AM

Change #1146969 had a related patch set uploaded (by Máté Szabó; author: Máté Szabó):

[operations/mediawiki-config@master] Update IPInfo access levels

https://gerrit.wikimedia.org/r/1146969

gerritbot added a comment.May 16 2025, 1:19 PM

Change #1081370 abandoned by Máté Szabó:

[operations/mediawiki-config@master] Unify IPInfo access levels

Reason:

Superseded by Id9d8f5bee40135ae1746652c2c873fe33ce68435.

https://gerrit.wikimedia.org/r/1081370

gerritbot added a comment.May 20 2025, 10:15 AM

Change #1081176 abandoned by Máté Szabó:

[mediawiki/extensions/IPInfo@master] Unify IPInfo access levels

Reason:

Superseded by Id9d8f5bee40135ae1746652c2c873fe33ce68435

https://gerrit.wikimedia.org/r/1081176

gerritbot added a comment.May 27 2025, 1:45 PM

Change #1146969 merged by jenkins-bot:

[operations/mediawiki-config@master] Update IPInfo access levels

https://gerrit.wikimedia.org/r/1146969

Stashbot added a comment.May 27 2025, 1:45 PM

Mentioned in SAL (#wikimedia-operations) [2025-05-27T13:45:53Z] <kharlan@deploy1003> Started scap sync-world: Backport for [[gerrit:1146969|Update IPInfo access levels (T375086)]]

Stashbot added a comment.May 27 2025, 1:48 PM

Mentioned in SAL (#wikimedia-operations) [2025-05-27T13:47:59Z] <kharlan@deploy1003> mszabo, kharlan: Backport for [[gerrit:1146969|Update IPInfo access levels (T375086)]] synced to the testservers (see https://wikitech.wikimedia.org/wiki/Mwdebug). Changes can now be verified there.

Stashbot added a comment.May 27 2025, 2:01 PM

Mentioned in SAL (#wikimedia-operations) [2025-05-27T14:01:10Z] <kharlan@deploy1003> Finished scap sync-world: Backport for [[gerrit:1146969|Update IPInfo access levels (T375086)]] (duration: 15m 16s)

Maintenance_bot removed a project: Patch-For-Review.May 27 2025, 2:33 PM
codenamenoreste subscribed.May 27 2025, 9:53 PM
codenamenoreste added a comment.May 27 2025, 10:04 PM

Noting that on Meta-Wiki, non-admins, non-checkusers, and users who are not local temporary account IP viewers can no longer view IP Info's basic information (via ipinfo-view-basic). On the other hand, some global groups (such as abuse filter helpers and maintainers, global rollbackers, and U4C members) only have the ipinfo right, which explains the similar situation I just explained.

Tchanders edited parent tasks, added: T395566: IPInfo: Release version 1.0.0; removed: T383391: Remove feature flag for showing temporary accounts onboarding dialog, T375084: [Epic] Graduate IP Info out of Beta features.May 29 2025, 3:08 PM
Tchanders moved this task from To triage to Ready on the Temporary accounts (Global wiki rollout) board.Jun 10 2025, 3:07 PM
NicoScribe subscribed.Jun 20 2025, 2:36 PM

Now that there is only one access level, why keep two rights, ipinfo and ipinfo-view-full?

One right is enough. The other is redundant. In Special:ListGroupRights and Special:GlobalGroupPermissions, all the user groups with ipinfo have ipinfo-view-full.

sgrabarczuk added a comment.Jun 24 2025, 9:42 AM
In T375086#10934693, @NicoScribe wrote:

Now that there is only one access level, why keep two rights, ipinfo and ipinfo-view-full?

I swear I wrote a pretty long and detailed answer to the same question somewhere, but don't remember where...

Anyway, in short, there are two rights because this is a transition period. On wikis without temp accounts, IP Info is being used by users who wouldn't qualify for access to temp accounts, and we don't want to take IP Info from them. In this update there are two bullet points about this.

Johannnes89 added a comment.Jun 24 2025, 12:31 PM
In T375086#10861542, @codenamenoreste wrote:

Noting that on Meta-Wiki, non-admins, non-checkusers, and users who are not local temporary account IP viewers can no longer view IP Info's basic information (via ipinfo-view-basic). On the other hand, some global groups (such as abuse filter helpers and maintainers, global rollbackers, and U4C members) only have the ipinfo right, which explains the similar situation I just explained.

The issue for global groups has been resolved in T396774: IPInfo: Assign IPInfo rights to global groups who have IP reveal access. And IP Info's behaviour for local groups on Meta-Wikis is similar to wikis where temporary accounts are deployed (see Szymon's answer above) because temporary accounts are "known" on Meta.

TechnoSquirrel69 subscribed.Jul 2 2025, 11:02 AM
ClaudineChionh subscribed.Aug 3 2025, 12:33 PM
Dreamy_Jazz moved this task from Backlog to Maintenance to triage on the Trust and Safety Product Sprint board.Sep 2 2025, 11:30 AM
Dreamy_Jazz subscribed.

We need to discuss whether this is resolved or if we need to reassign this task.

OKryva-WMF edited projects, added Product Safety and Integrity; removed Trust and Safety Product Sprint.Sep 26 2025, 12:55 PM
OKryva-WMF moved this task from Inbox to Next sprint on the Product Safety and Integrity board.Sep 26 2025, 12:57 PM
OKryva-WMF added a project: Essential-Work.Oct 3 2025, 2:20 PM
Niharika moved this task from Ready to In progress on the Temporary accounts (Global wiki rollout) board.Nov 7 2025, 10:26 AM
Tchanders moved this task from Next sprint to Essential Work Sprint (Dec 15th - Jan 9th) on the Product Safety and Integrity board.Nov 19 2025, 12:39 PM
Tchanders edited projects, added Product Safety and Integrity (Essential Work Sprint (Dec 15th - Jan 9th)); removed Product Safety and Integrity.

Bringing into the sprint. Scope of the work in the sprint is to get clarity on the status of this task.

Aklapper removed mszabo as the assignee of this task.Nov 24 2025, 10:58 AM
Aklapper added a subscriber: mszabo.

Removing inactive assignee account. (Please do so as part of your team's offboarding process.)

OKryva-WMF moved this task from Backlog to Ready on the Product Safety and Integrity (Essential Work Sprint (Dec 15th - Jan 9th)) board.Dec 15 2025, 2:18 PM
mszwarc changed the task status from Open to In Progress.Dec 19 2025, 2:20 PM
mszwarc claimed this task.
mszwarc moved this task from Ready to In progress on the Product Safety and Integrity (Essential Work Sprint (Dec 15th - Jan 9th)) board.
mszwarc added a comment.Dec 22 2025, 10:33 AM
In T375086#11387877, @Tchanders wrote:

Bringing into the sprint. Scope of the work in the sprint is to get clarity on the status of this task.

As of now, the ipinfo-view-basic permissions are assigned to users only on wikis without temporary accounts (i.e. only ruwiki). Over the last two months, the IPInfo tool was used 2100 times on Russian Wikipedia, out of which 65% were basic mode queries.

What has been done:

  • On wikis with temporary accounts, nobody has (ipinfo-view-basic) and (ipinfo-view-full) is granted to groups who have access to temp. accounts' IP addresses – TAIV, admin (+a few other "higher" groups, such as CU)
    • Effectively, IP Reveal and IPInfo have the same access levels.

What is still to be done:

  • There is a wiki, which uses IPInfo basic mode – ruwiki, which doesn't have temp. accounts deployed yet.
    • (ipinfo-view-basic) is assigned to autoconfirmed users there and we can't probably just give them the full access.
    • It seems the easiest to just wait for TA deployment to ruwiki (unless it's going to take ages).
  • Once ruwiki no longer uses the basic mode:
    • We'll be able to drop the permissions and configuration for basic mode.
    • We'll be able to drop the code responsible for mode selection (basic or full).
    • We might consider dropping no-ipinfo user group.
      • Only one user ever had this group, EPICtest@testwiki (for testing).
      • In the new scenario, abuse of IPInfo data is probably not the main vector of abuse, especially that malicious users could try to look this data up in other online service (they will still have access to TAs' IP addresses).
mszwarc moved this task from In progress to Needs review on the Product Safety and Integrity (Essential Work Sprint (Dec 15th - Jan 9th)) board.Dec 22 2025, 10:33 AM
mszwarc added a comment.Dec 22 2025, 10:36 AM

Bringing to review to reflect that it's no longer worked on, but probably it's good to wait for new year to coordinate this with plans for TA deployment, if there are any (potentially adapting what we want to do with this)

Tchanders added a subtask: T413771: Deploy temporary accounts to Russian Wikipedia.Jan 5 2026, 1:23 PM
Tchanders moved this task from Needs review to Done on the Product Safety and Integrity (Essential Work Sprint (Dec 15th - Jan 9th)) board.

It seems the easiest to just wait for TA deployment to ruwiki (unless it's going to take ages).

I agree. My understanding is that it shouldn't take ages.

I've made this task a parent of the ruwiki deployment task so that we remember to do it. We can consider it Done for the purposes of this sprint.

OKryva-WMF moved this task from Global wiki rollout to Next on the Temporary accounts board.Wed, Jan 28, 1:21 PM
OKryva-WMF edited projects, added Temporary accounts; removed Temporary accounts (Global wiki rollout).
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits