Page MenuHomePhabricator
Create Task
Maniphest T381722

Add abusefilter-access-protected-vars to frwiki EFM and remove it for sysops
Closed, ResolvedPublicRequest
Actions

Description

Hello.
On frwiki, abusefilter managers are separated of sysops, since the right abusefilter-access-protected-vars is automatically granted to local sysops on each wiki, we would like to add it for the existing group on frwiki who manages filters (abusefilter group) and remove it for the sysop group that doesn't need it.

Local discussion and consensus : https://fr.wikipedia.org/w/index.php?title=Wikip%C3%A9dia:Bulletin_du_filtrage&oldid=220947050#Acc%C3%A8s_aux_filtres_prot%C3%A9g%C3%A9s_pour_les_AFs

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
frwiki: Add abusefilter-access-protected-vars to EFM, remove it from sysops.operations/mediawiki-configmaster+5 -1
Customize query in gerrit

Related Objects
Search...

Event Timeline

ShifaYT created this task.Dec 7 2024, 5:57 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptDec 7 2024, 5:57 PM
ShifaYT added a project: Wikimedia-Site-requests.Dec 7 2024, 6:00 PM
ShifaYT triaged this task as Low priority.Dec 7 2024, 6:32 PM
ShifaYT changed the subtype of this task from "Task" to "Administrative Request".
Dreamy_Jazz added a project: Trust and Safety Product Team.Dec 8 2024, 12:16 AM
gerritbot added a comment.Dec 8 2024, 12:48 AM

Change #1101182 had a related patch set uploaded (by LD; author: LD):

[operations/mediawiki-config@master] T381722:Add abusefilter-access-protected-vars to frwiki EFM and remove it for sysops

https://gerrit.wikimedia.org/r/1101182

gerritbot added a project: Patch-For-Review.Dec 8 2024, 12:48 AM
gerritbot added a comment.Dec 8 2024, 12:56 AM

Change #1101182 abandoned by LD:

[operations/mediawiki-config@master] T381722:Add abusefilter-access-protected-vars to frwiki EFM and remove it for sysops

Reason:

>wmf-config

https://gerrit.wikimedia.org/r/1101182

gerritbot added a comment.Dec 8 2024, 12:59 AM

Change #1101182 restored by LD:

[operations/mediawiki-config@master] T381722:Add abusefilter-access-protected-vars to frwiki EFM and remove it for sysops

https://gerrit.wikimedia.org/r/1101182

LD claimed this task.Dec 8 2024, 1:13 AM
LD unsubscribed.
Od1n unsubscribed.Dec 8 2024, 1:17 AM
Bugreporter subscribed.EditedDec 8 2024, 3:13 AM

I think this is unready to merge. Since abusefilter-access-protected-vars is essentially another kind of IP reveal process, it is protected by https://foundation.wikimedia.org/wiki/Policy:Wikimedia_Access_to_Temporary_Account_IP_Addresses_Policy (and this is why check a preference to enable the feature). Abusefilter managers is not mentioned in policy and may be granted to users that otherwise has no IP reveal access. Therefore we need to check (if CheckUser is installed) whether the user has IP reveal access (and for user require an opt-in, choose to opt-in) in addition to abusefilter-access-protected-vars. Then the view agreement in AbuseFilter can be removed (see T381052: Investigate: Should we remove the preference check from AbuseFilter's protected variables implementation?).

By the way, it may be possible (though not required) that Wikimedia Access to Temporary Account IP Addresses Policy be revised so community can define other user group (e.g. "abusefilter managers" and "arbcom") to have IP reveal access without age and edit count requirement, and/or user can directly apply Global temporary account IP viewers (without having other groups like GR/GS/CU/OS) via community discussion. This require WMF legal approval and is obviously out of scope of this task.

Pppery subscribed.Dec 8 2024, 4:41 AM

Enwiki already has this config.

Pppery unsubscribed.Dec 8 2024, 4:41 AM
Johannnes89 subscribed.Dec 8 2024, 7:19 AM
Bugreporter added a comment.Dec 8 2024, 10:06 AM

Em, that is T380332: Add abusefilter-access-protected-vars to enwiki EFM/EFH

Bugreporter mentioned this in T380332: Add abusefilter-access-protected-vars to enwiki EFM/EFH.Dec 8 2024, 10:09 AM
Johannnes89 added a subscriber: STran.Dec 8 2024, 1:24 PM

T369610#10240941 suggests that this has not really been discussed with legal? @STran fyi

LD added a comment.Dec 8 2024, 1:48 PM

commit#1080244: we also need to clarify whether the default configuration, where the 'sysop' group has both abusefilter-access-protected-vars and abusefilter-protected-vars-log rights, should be transferred to those maintaining AbuseFilter locally or other groups in mediawiki-config.
Given that AbuseFilter is managed by the 'abusefilter' group on frwiki, should we:

  • Remove both abusefilter-access-protected-vars and abusefilter-protected-vars-log rights from the 'sysop' group?
  • Add both abusefilter-access-protected-vars and abusefilter-protected-vars-log rights to the 'abusefilter' group?

Same clarification is needed for T380332 where abusefilter-access-protected-vars is only given to 'checkuser' group.

Bugreporter added a comment.EditedDec 8 2024, 1:58 PM

Note I will suggest user require both normal IP reveal right (checkuser-temporary-account+optin or checkuser-temporary-account-no-preference) and abusefilter-access-protected-vars to access protected variables, so Legal approval is not needed.

This will make users with only abusefilter-access-protected-vars, such as alternative accounts and accounts mainly active in other wikis, no longer have access to protected variables. I am not sure whether it is in line with current policy if we need to also allow them to see protected variables.

"protected vars" here only means IP masking-level protection. In the future CU/OS level filter may be introduced, but they are out of scope of this task. Also abusefilter-protected-vars-log is another right that is only given to CU and global maintainer (T369610), also out of scope of this task. What I only concern is assigning abusefilter-access-protected-vars to a local user group that does not always have IP reveal access by policy.

LD added a comment.Dec 8 2024, 2:37 PM

From what I understand, if user_unnamed_ip variable (T364833) is added to frwiki, then abusefilter-access-protected-vars should be granted to local maintainers.
In the meantime, adding checkuser-temporary-account-no-preference to abusefilter group hasn't been discussed yet on frwiki (until now they discussed to grant it to rollbacker group).
It can be stalled until further clarifications, even if enwiki already has a similar config.

Bugreporter added a comment.EditedDec 8 2024, 2:45 PM

checkuser-temporary-account and checkuser-temporary-account-no-preference can not be granted to other user groups unless https://foundation.wikimedia.org/wiki/Policy:Wikimedia_Access_to_Temporary_Account_IP_Addresses_Policy is amended, and there are no current way for user not meeting the requirement in policy to have access (even if approved by local consensus).

LD added a subscriber: sgrabarczuk.EditedDec 8 2024, 3:20 PM

It seems to be being discussed this week (@sgrabarczuk).

gerritbot added a comment.Dec 8 2024, 5:35 PM

Change #1101182 had a related patch set uploaded (by Pppery; author: LD):

[operations/mediawiki-config@master] frwiki: Add abusefilter-access-protected-vars to EFM, remove it from sysops.

https://gerrit.wikimedia.org/r/1101182

Dreamy_Jazz subscribed.EditedDec 8 2024, 5:45 PM
In T381722#10388986, @LD wrote:

From what I understand, if user_unnamed_ip variable (T364833) is added to frwiki, then abusefilter-access-protected-vars should be granted to local maintainers.
In the meantime, adding checkuser-temporary-account-no-preference to abusefilter group hasn't been discussed yet on frwiki (until now they discussed to grant it to rollbacker group).

Granting checkuser-temporary-account-no-preference can only be for users which have automatic access per the temporary accounts IP reveal policy. Granting it to any other group is not something that can be done without consultation with WMF-Legal. This means that checkuser-temporary-account-no-preference cannot currently be given to the abusefilter group on frwiki.

This is also the same with the checkuser-temporary-account right. Users on frwiki get access through the normal process (meeting the minimum criteria defined at https://foundation.wikimedia.org/wiki/Policy:Wikimedia_Access_to_Temporary_Account_IP_Addresses_Policy#Patrollers_and_other_users). This granting of access is only done when temporary accounts have been enabled on the wiki to avoid log spam.

While I suspect all users with the abusefilter group would meet the requirements for access, this may not always be the case. For example, on the English Wikipedia it's been noted that some users don't meet the requirements for access who are in a relevant abusefilter group (T380332#10389104).

Therefore, I suggest waiting to do this task until there has been time to discuss with WMF-Legal and check if this is okay to do. For example, the policy may need to be modified to allow the changes that are requested in this ticket.

It can be stalled until further clarifications, even if enwiki already has a similar config.

I'm not sure the enwiki config was properly discussed. I would prefer if this is not used as an example without there being a confirmation from WMF-Legal at the time that this was okay to do.

kostajh added a project: Temporary accounts.Dec 8 2024, 7:35 PM
kostajh added a project: Trust and Safety Product Sprint (Sprint Chimes (Dec. 9 - Jan. 17)).Dec 9 2024, 9:33 PM
A_smart_kitten subscribed.Dec 13 2024, 11:30 AM
kostajh edited projects, added Trust and Safety Product Sprint (Sprint Tuba (Jan 20 - Feb 7)); removed Trust and Safety Product Sprint (Sprint Chimes (Dec. 9 - Jan. 17)).Jan 17 2025, 12:24 PM
Jules78120 added a comment.Feb 5 2025, 1:34 PM

T&S decision said, on another matter (IPReputation AF variables), that:

We will implement IPReputation AbuseFilter variables for temporary accounts and anonymous users, using the existing protected variables mechanism.
[…] Access to the IPReputation AbuseFilter variables for temporary accounts and anonymous users will be granted to users in the sysop group, and then additionally abuse filter manager group and abuse filter group where these groups exist locally.

So it seems logic that protected variables rights should be given to relevant local AF groups, and not only sysops.

Dreamy_Jazz added a comment.EditedFeb 5 2025, 1:44 PM

Yes. We intend to get back to this task soon after having talked with Legal on most of the issues, but need to consider whether we might protect the user_unnamed_ip variable by placing it behind a check to see if the user can view the IP addresses of temporary accounts.

kostajh edited projects, added Trust and Safety Product Sprint (Sprint Hurdy-Gurdy (Feb 10 - Feb 28)); removed Trust and Safety Product Sprint (Sprint Tuba (Jan 20 - Feb 7)).Feb 10 2025, 10:01 AM
kostajh added subscribers: MMoss_WMF, kostajh.Feb 11 2025, 2:21 PM

@MMoss_WMF is working on a policy update related to this task.

Dreamy_Jazz mentioned this in T385687: Investigate: How should the AbuseFilter variable `user_unnamed_ip` be restricted.Feb 11 2025, 3:54 PM
Dreamy_Jazz moved this task from Sprint Hurdy-Gurdy (Feb 10 - Feb 28) to Sprint Lemon Meringue (March 3 - 21) on the Trust and Safety Product Sprint board.Mar 4 2025, 11:54 AM
Dreamy_Jazz edited projects, added Trust and Safety Product Sprint (Sprint Lemon Meringue (March 3 - 21)); removed Trust and Safety Product Sprint (Sprint Hurdy-Gurdy (Feb 10 - Feb 28)).
Tchanders edited projects, added Trust and Safety Product Sprint (Sprint Chocolate Cake (March 24 - April 11)); removed Trust and Safety Product Sprint (Sprint Lemon Meringue (March 3 - 21)).Mar 24 2025, 2:19 PM
Dreamy_Jazz added a comment.EditedApr 2 2025, 1:43 PM

An update for this task:

  1. In a few weeks time (when wmf.24 or later is deployed to all wikis) it will be possible to merge the associated config patch as it stands
    1. This is because we have made access to user_unnamed_ip depend on having access to CheckUser IP reveal (checkuser-temporary-account).
    2. This change needs to be deployed via the train before we can merge this config patch
    3. I would expect that all users in the groups that maintain abuse filters will meet the requirements for IP reveal access, so will have access to user_unnamed_ip
  2. For future config changes:
    1. You can assign the abusefilter-access-protected-vars right to any abusefilter maintainer group and remove it from sysops as desired
    2. You should not assign the checkuser-temporary-account or checkuser-temporary-account-no-preference right to any group not defined as having access in this policy.
  3. At this time we will not be updating the this policy to give access to IP reveal for users in local abuse filter groups, as they would likely already be eligible for access through the "Patrollers and other users" section

Thanks for waiting while we resolved the legal / technical blockers.

Dreamy_Jazz added a subtask: T387333: CheckUser should impose IP viewing restrictions on AbuseFilter's `unnamed_user_ip` protected variable.Apr 2 2025, 1:45 PM
Dreamy_Jazz closed subtask T387333: CheckUser should impose IP viewing restrictions on AbuseFilter's `unnamed_user_ip` protected variable as Resolved.Apr 3 2025, 2:21 PM
kostajh edited projects, added Trust and Safety Product Sprint (Sprint Cozonac (April 14 - May 2)); removed Trust and Safety Product Sprint (Sprint Chocolate Cake (March 24 - April 11)).Apr 14 2025, 2:54 PM
gerritbot added a comment.Apr 17 2025, 1:03 PM

Change #1101182 merged by jenkins-bot:

[operations/mediawiki-config@master] frwiki: Add abusefilter-access-protected-vars to EFM, remove it from sysops.

https://gerrit.wikimedia.org/r/1101182

Stashbot added a comment.Apr 17 2025, 1:03 PM

Mentioned in SAL (#wikimedia-operations) [2025-04-17T13:03:51Z] <dreamyjazz@deploy1003> Started scap sync-world: Backport for [[gerrit:1101182|frwiki: Add abusefilter-access-protected-vars to EFM, remove it from sysops. (T381722)]]

Stashbot added a comment.Apr 17 2025, 1:09 PM

Mentioned in SAL (#wikimedia-operations) [2025-04-17T13:09:32Z] <dreamyjazz@deploy1003> dreamyjazz, wpld: Backport for [[gerrit:1101182|frwiki: Add abusefilter-access-protected-vars to EFM, remove it from sysops. (T381722)]] synced to the testservers (https://wikitech.wikimedia.org/wiki/Mwdebug)

Dreamy_Jazz closed this task as Resolved.Apr 17 2025, 1:13 PM
Dreamy_Jazz moved this task from Priority Backlog to Done on the Trust and Safety Product Sprint (Sprint Cozonac (April 14 - May 2)) board.

I've deployed the change for this ticket. Other wikis which wish to make this change can do so as described in T381722#10703779 by filing a different ticket (though we can make the config change if desired).

Stashbot added a comment.Apr 17 2025, 1:17 PM

Mentioned in SAL (#wikimedia-operations) [2025-04-17T13:17:09Z] <dreamyjazz@deploy1003> Finished scap sync-world: Backport for [[gerrit:1101182|frwiki: Add abusefilter-access-protected-vars to EFM, remove it from sysops. (T381722)]] (duration: 13m 18s)

Jules78120 awarded a token.Apr 17 2025, 5:56 PM
Bugreporter mentioned this in T325451: [Epic] Users with right privileges are able to view IP addresses.May 5 2025, 9:28 AM
LD removed a project: Patch-For-Review.Jun 19 2025, 8:19 PM
Stang mentioned this in T397788: zhwiki: Grant abusefilter-access-protected-vars to abusefilter and abusefilter-helper.Jun 25 2025, 12:23 AM
Dragoniez mentioned this in T399535: Create "abusefilter" user group for Vietnamese Wikipedia (vi.wikipedia.org).Jul 17 2025, 4:12 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits