Page MenuHomePhabricator
Create Task
Maniphest T378892

Forward PII from SecurePoll voting to CheckUser
Open, Needs TriagePublic
Actions

Description

Given that the securepoll-view-voter-pii right grants wholesale access to all voters' PII, there is a desire in enwiki to not collect PII at all from SecurePoll elections. For scrutineering of such elections, the CheckUser tool would be used as normal to retrieve the PII only for suspicious accounts.

However, a problem with the above approach is that if an account with no edits in the past 90 days votes in an election, the CU tool will have no data.

A solution is to have the voting action create a log entry, which like all other kinds of log entries, populates the CheckUser result tables.

Event Timeline

SD0001 created this task.Nov 3 2024, 10:32 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptNov 3 2024, 10:32 AM
Pppery added a project: CheckUser.Nov 3 2024, 2:30 PM
Dreamy_Jazz subscribed.EditedNov 3 2024, 4:31 PM

A solution is to have the voting action create a log entry, which like all other kinds of log entries, populates the CheckUser result tables.

This is not accurate. Only log events sent to Special:RecentChanges are logged. Extensions can choose to send additional log events as required, such as AbuseFilter does by sending CheckUser the entry as a recentchanges instance.

Furthermore, CheckUser can receive and store events which do not have a log ID. This means that you should be able to make the evidence of a vote expire after 90 days.

Proc subscribed.Nov 6 2024, 1:14 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits