Page MenuHomePhabricator
Create Task
Maniphest T381052

Investigate: Should we remove the preference check from AbuseFilter's protected variables implementation?
Closed, ResolvedPublic
Actions

Description

In order to access protected variables in AbuseFilter, the user has to not only have the right but also check a preference to enable the feature. This was done as a product requirement to keep it in line with how IPs are treated in CheckUser. With the potential of introducing new protected variables, this preference will have to be generalized to no longer specify IPs (see T380920: Remove the AbuseFilter protected variables preference gate).

However, this requirement is a wmf-specific legal requirement and maybe in that case it doesn't belong in the core codebase of AbuseFilter? We should consider if we need to hardcode this preference check (in the hypothetical where a third party wiki is using AbuseFilter, they might not have the same need to check off a ToS agreement).

Related Objects
Search...

Event Timeline

STran created this task.Nov 27 2024, 11:28 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptNov 27 2024, 11:28 PM
kostajh added a project: Trust and Safety Product Sprint (Sprint Gong (November 18 - December 6)).Dec 2 2024, 9:20 AM
Dreamy_Jazz subscribed.EditedDec 5 2024, 8:48 PM

Considering that the preference for CheckUser on WMF wikis includes specific legal text that we have not added for the AbuseFilter preference, it suggests to me that the AbuseFilter preference isn't actually using the correct preference text at the moment.

I see the following options:

  1. Keep the current AbuseFilter preference for viewing any protected variable
  2. Keep the current AbuseFilter preference for viewing just user_unnamed_ip and update the preference text to make it more like the one in CheckUser
  3. (Maybe) Hide the AbuseFilter preference if CheckUser is installed, and rely on the value of that preference?
  4. Get rid of the AbuseFilter preference entirely. If CheckUser is installed then check the value of that preference before accessing user_unnamed_ip?

I think that we will need to update the preference for AbuseFilter to include the details about the policy if we are going to keep the access. I potentially like the idea in #4 because it then mirrors the idea of keeping all temporary account access / log stuff in the same place. However, that would cause additional complexity.

Perhaps what to do here is dependent on what we do in T380919.

Dreamy_Jazz added a parent task: T380454: Provide ip_reputation_tunnel_operators AbuseFilter.Dec 5 2024, 8:53 PM
Bugreporter mentioned this in T381722: Add abusefilter-access-protected-vars to frwiki EFM and remove it for sysops.Dec 8 2024, 3:13 AM
Dreamy_Jazz moved this task from Sprint Gong (November 18 - December 6) to Sprint Chimes (Dec. 9 - Jan. 17) on the Trust and Safety Product Sprint board.Dec 9 2024, 5:35 PM
Dreamy_Jazz edited projects, added Trust and Safety Product Sprint (Sprint Chimes (Dec. 9 - Jan. 17)); removed Trust and Safety Product Sprint (Sprint Gong (November 18 - December 6)).
Dreamy_Jazz moved this task from Priority Backlog to Ready on the Trust and Safety Product Sprint (Sprint Chimes (Dec. 9 - Jan. 17)) board.
Dreamy_Jazz moved this task from Ready to Priority Backlog on the Trust and Safety Product Sprint (Sprint Chimes (Dec. 9 - Jan. 17)) board.
kostajh edited projects, added Trust and Safety Product Sprint (Sprint Tuba (Jan 20 - Feb 7)); removed Trust and Safety Product Sprint (Sprint Chimes (Dec. 9 - Jan. 17)).Jan 17 2025, 12:24 PM
STran added a comment.Feb 5 2025, 10:53 AM

I think we should go with 4 as of the outcome of the L3SC task:

I think you're okay to proceed without requiring an NDA/amending the policy to include IP reputation variables.

Given that we'll be implementing these variables as protected variables, it sounds like we don't want to gate protected variables as a whole behind a preference. Let's remove this preference as it affects all protected variables and update T380920: Remove the AbuseFilter protected variables preference gate to reflect that work and create a new task to investigate how we'll treat user_unnamed_ip as a protected-plus variable.

STran mentioned this in T385687: Investigate: How should the AbuseFilter variable `user_unnamed_ip` be restricted.Feb 5 2025, 11:02 AM
STran moved this task from Priority Backlog to Needs Review on the Trust and Safety Product Sprint (Sprint Tuba (Jan 20 - Feb 7)) board.
Tchanders subscribed.Feb 6 2025, 4:58 PM

This proposal makes sense to me. Do we need anything else here, or can we close this task?

STran added a comment.Feb 7 2025, 7:29 AM

Do we need anything else here, or can we close this task?

Nope, just wanted to give some time for rebuttal if necessary but it sounds like we're all aligned on direction so let's close this out as the follow-up tasks tracking the work to be done exist elsewhere.

STran closed this task as Resolved.Feb 7 2025, 7:29 AM
STran claimed this task.
STran moved this task from Needs Review to Done on the Trust and Safety Product Sprint (Sprint Tuba (Jan 20 - Feb 7)) board.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits