Page MenuHomePhabricator

Bring IP Info access permissions to parity with the IP Reveal feature
Open, Stalled, Needs TriagePublic

Description

Motivation

IP Info presently has two access levels:

  1. View-basic: Limited data access. Available to auto confirmed users and above.
  2. View-full: Complete data access. Available to admins and above.

This access permission structure was created when we did not have a notion of how the IP Reveal feature might work in the future.

Now we have an access policy for granting patrollers on a project access to IP addresses to combat vandalism. This group consists of users whose:

  • User account is a minimum of 6 months old
  • User account has made a minimum of 300 edits to the local project

It makes sense for this group of users to have access to IP Info view-full right so that they can access information that is useful to their patrolling workflows before they need to reveal the IP address itself.

Users who do not meet the above access policy are likely not patrollers and probably do not need IP-address related information for their work.

Proposed plan

With the above factors in mind, I propose we:

  • Remove ipinfo-view-basic right entirely and have just one access level ipinfo-view-full for the sake of simplicity
  • Allow anyone who meets the access policy for revealing IP addresses to be able to opt-in to viewing IP Info

Note: There is an open question about how would global opt-in for IP Info work. Let's tackle that in T298977: Investigate setting IPInfo user preferences as Global Preferences.

Event Timeline

mszabo changed the task status from Open to In Progress.Oct 7 2024, 2:12 PM
mszabo claimed this task.

@mszabo Legal wants us to update the access policy for IP Info before the changes in this task go live. I'm going to work with them to update the policy but it may take some time. In the meantime feel free to keep working on this task but hold off on merging any changes into master.

@mszabo Legal wants us to update the access policy for IP Info before the changes in this task go live. I'm going to work with them to update the policy but it may take some time. In the meantime feel free to keep working on this task but hold off on merging any changes into master.

@Niharika this task is marked as a blocker to minor pilot wikis, so ideally we are merging code before October 21. Are we able to merge changes?

We need some more time to finalize the access policy and proposed changes.

Change #1081176 had a related patch set uploaded (by Máté Szabó; author: Máté Szabó):

[mediawiki/extensions/IPInfo@master] Unify IPInfo access levels

https://gerrit.wikimedia.org/r/1081176

Change #1081370 had a related patch set uploaded (by Máté Szabó; author: Máté Szabó):

[operations/mediawiki-config@master] Unify IPInfo access levels

https://gerrit.wikimedia.org/r/1081370

kostajh changed the task status from In Progress to Stalled.Oct 30 2024, 12:20 PM

Pending Legal review / approval.

Niharika changed the task status from Stalled to In Progress.Nov 4 2024, 6:43 PM

We have now been unblocked by Legal with the relevant policy change being updated: https://foundation.wikimedia.org/wiki/Legal:IP_Information_tool_guidelines

QA Notes

  • Verify that an user group with just the ipinfo right assigned has full access to the IP information tool, after accepting the data use agreement.
  • Verify that IP info access log entries in this setup are logged as full access, whereas historical entries logged before this change continue to differentiate between full and limited access.