Page MenuHomePhabricator
Create Task
Maniphest T388718

UserInfoCard: Visual cue that other temporary accounts are active on the same IP or IPv6 /64 range
Open, MediumPublic3 Estimated Story Points
Actions

Assigned To
STran
Authored By
kostajh
Mar 12 2025, 8:49 PM
Tags
Referenced Files
F65932033: image.png
Aug 29 2025, 7:56 PM
F61528080: temp-user-info-card-4Jun.png
Jun 4 2025, 6:05 PM
F59788227: user-info-card-temp-08May.png
May 9 2025, 8:55 PM
F59740866: image.png
May 7 2025, 11:16 AM
Subscribers
Aklapper
dom_walden
Johannnes89
KColeman-WMF
kostajh
Niharika
sgrabarczuk
Vermont

Description

Summary

When a temporary account is shown in the UserInfoCard, also provide a visual cue to indicate if other active (registered in last 90 days) temporary accounts exist on the same IP address / IP address range.

Background

  • Temporary accounts paradigm means that users without IP reveal access cannot see that a bad actor has created multiple temporary accounts from the same IP address
  • Providing an indicator that there are other temporary accounts from the same IP or IPv6 /64 range can help:
    • users without IP reveal access can scrutinize those contributions more closely
    • users with IP reveal access would know that revealing the IP may be necessary for further investigation
  • Note that multiple temporary accounts from a single IP is *not* a sole predictor of a bad actor, given that schools, universities, and larger communities in countries with fewer IP addresses can share a single IP address
  • The visual cue is an icon and text: "Temporary accounts from this IP: [count]". We'll need a link to documentation to explain further what the implications are.
  • We should *not* provide any details about which specific temporary account names are active on the same IP / IPv6 /64 range. We should just note the fact that other temp accounts exist.

User story

  • As a user without IP reveal rights, I want to understand if a temporary account is possibly associated with a bad actor who is creating multiple temporary accounts from the same IP
  • As a user with IP reveal rights, I want a visual indicator to understand if IP reveal is more likely to be productive when investigating an account

Design

T389448: UserInfoCard: Design Temporary User Card

temp-user-info-card-4Jun.png (2×3 px, 729 KB)

  • Icon: UserTemporary
  • Copy: Temporary accounts from this IP: [count]
  • Numbers are bucketed to protect privacy: 0, 1-2, 3-5, 6-10, 11+

Technical notes

(needs more detail)

  • Use the same code involved in Special:IPContributions
  • Need to consider that when we say "other temporary accounts are active on the same IP / IPv6 range" that we take into account the initial edit that created the temporary account, and any subsequent IPs used in further editing
  • Would be nice to package this code such that it could potentially be reused elsewhere, e.g. an AbuseFilter variable that could provide stricter rate limiting if we see that multiple temporary accounts are active from a single IP in a short period of time

Acceptance criteria

  • When viewing temporary accounts in the UserInfoCard, we see a visual cue that other active temporary accounts exist on the IP / IPv6 /64 range
  • Documentation exists to explain to the user what the implications are (e.g. not necessarily a bad actor)

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
Look up cu_log_events accounts in getTempAccountsFromIPAddress()mediawiki/extensions/CheckUsermaster+90 -42
Add tooltip to UserInfoCard's temporary account aggregate count propertymediawiki/extensions/CheckUsermaster+30 -4
Add "active on IP/range" temp account count to UserInfoCardmediawiki/extensions/CheckUsermaster+479 -16
Refactor out query builder in CheckUserTemporaryAccountsByIPLookupmediawiki/extensions/CheckUsermaster+199 -14
Customize query in gerrit

Related Objects
Search...

Event Timeline

kostajh created this task.Mar 12 2025, 8:49 PM
Restricted Application removed a project: Trust and Safety Product Team. · View Herald TranscriptMar 12 2025, 8:49 PM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
kostajh updated the task description. (Show Details)Mar 12 2025, 8:49 PM
Johannnes89 subscribed.Mar 13 2025, 8:42 AM
kostajh added a project: CheckUser-UserInfoCard.Mar 13 2025, 10:45 AM
Vermont subscribed.Mar 13 2025, 1:25 PM
sgrabarczuk subscribed.EditedMar 14 2025, 2:42 PM
This comment has been deleted.
KColeman-WMF mentioned this in T384702: UserInfoCard: Design a clickable component to display account information.Mar 14 2025, 11:21 PM
kostajh mentioned this in T389448: UserInfoCard: Design Temporary User Card.Apr 28 2025, 11:50 AM
Tchanders moved this task from Inbox to Create/update essential tools/anti-abuse management on the Temporary accounts board.Apr 30 2025, 4:30 PM
Tchanders edited projects, added Temporary accounts (Create/update essential tools/anti-abuse management); removed Temporary accounts.
KColeman-WMF subscribed.May 7 2025, 11:16 AM

Here are some options for displaying whether there are temp users from the same IP. Interested to hear thoughts and preferences. Would it be useful to include a count? How prominent does the information need to be?

image.png (1×2 px, 281 KB)

T389448: UserInfoCard: Design Temporary User Card

KColeman-WMF attached a referenced file: F59740866: image.png. (Show Details)May 7 2025, 11:16 AM
KColeman-WMF added a comment.May 9 2025, 8:55 PM

Update: Latest design is here and includes a count with temp user icon:

user-info-card-temp-08May.png (2×3 px, 748 KB)

Legal has given the go ahead to include a bucketed count (bucketed to protect privacy).

There is some discussion on whether this count should be small (e.g. 1-2, 3-5, 6-10, 11+) or larger ranges (1-5, 5-10, 10-20, 20-50, 51+).

kostajh moved this task from Backlog to 2024-2025 Q4 on the WE4.2 Anti-abuse board.May 20 2025, 6:29 PM
kostajh edited projects, added Trust and Safety Product Sprint (Sprint Carrot Cake (May 26 - June 13)); removed Trust and Safety Product Sprint.May 25 2025, 8:53 PM
KColeman-WMF attached a referenced file: F59788227: user-info-card-temp-08May.png. (Show Details)May 28 2025, 9:47 AM
Niharika mentioned this in T395538: Temporary Account should always show count of Accounts uses the self IP(s) in the last 10 Days without a Temp account CU.May 29 2025, 11:44 AM
KColeman-WMF updated the task description. (Show Details)Jun 4 2025, 6:05 PM
KColeman-WMF attached a referenced file: F61528080: temp-user-info-card-4Jun.png. (Show Details)
kostajh moved this task from Priority Backlog to Ready on the Trust and Safety Product Sprint (Sprint Carrot Cake (May 26 - June 13)) board.Jun 11 2025, 8:11 AM
kostajh edited projects, added Trust and Safety Product Sprint (Sprint Baklava (June 16 - July 4)); removed Trust and Safety Product Sprint (Sprint Carrot Cake (May 26 - June 13)).Jun 16 2025, 6:14 AM
kostajh moved this task from Priority Backlog to Ready on the Trust and Safety Product Sprint (Sprint Baklava (June 16 - July 4)) board.
Escargot_rouge subscribed.Jun 23 2025, 9:11 PM
In T388718#10808650, @KColeman-WMF wrote:

Update: Latest design is here and includes a count with temp user icon:

user-info-card-temp-08May.png (2×3 px, 748 KB)

Legal has given the go ahead to include a bucketed count (bucketed to protect privacy).

There is some discussion on whether this count should be small (e.g. 1-2, 3-5, 6-10, 11+) or larger ranges (1-5, 5-10, 10-20, 20-50, 51+).

In this design, there is no mention of IPv6 /64 range or IPv4 /16 range. Has the idea been abandoned or is it just not in the mockup?

kostajh added a comment.Jun 23 2025, 9:12 PM
In T388718#10940087, @Escargot_rouge wrote:
In T388718#10808650, @KColeman-WMF wrote:

Update: Latest design is here and includes a count with temp user icon:

user-info-card-temp-08May.png (2×3 px, 748 KB)

Legal has given the go ahead to include a bucketed count (bucketed to protect privacy).

There is some discussion on whether this count should be small (e.g. 1-2, 3-5, 6-10, 11+) or larger ranges (1-5, 5-10, 10-20, 20-50, 51+).

In this design, there is no mention of IPv6 /64 range or IPv4 /16 range. Has the idea been abandoned or is it just not in the mockup?

I believe the idea is for the bucketed count to include /64 range for IPv6 and an exact match for IPv4.

kostajh moved this task from Inbox to Nice-to-have for MVP rollout on the CheckUser-UserInfoCard board.Jul 3 2025, 12:10 PM
kostajh edited projects, added Trust and Safety Product Sprint (Sprint Cannoli (July 7 - July 25)); removed Trust and Safety Product Sprint (Sprint Baklava (June 16 - July 4)).Jul 7 2025, 9:46 AM
kostajh moved this task from Priority Backlog to Ready on the Trust and Safety Product Sprint (Sprint Cannoli (July 7 - July 25)) board.
kostajh removed a project: Trust and Safety Product Sprint (Sprint Cannoli (July 7 - July 25)).Jul 16 2025, 1:05 PM
kostajh moved this task from Nice-to-have for MVP rollout to Triaged on the CheckUser-UserInfoCard board.Jul 23 2025, 10:24 AM
kostajh set the point value for this task to 3.Aug 1 2025, 9:28 AM

We should break this down into a few smaller pieces.

Nemoralis awarded a token.Aug 3 2025, 1:47 PM
OKryva-WMF triaged this task as Medium priority.Aug 7 2025, 10:24 AM
OKryva-WMF added a project: Trust and Safety Product Sprint (Sprint Rum baba (July 28 - August 15)).
OKryva-WMF moved this task from Priority Backlog to Ready on the Trust and Safety Product Sprint (Sprint Rum baba (July 28 - August 15)) board.
STran claimed this task.Aug 11 2025, 12:33 PM
STran moved this task from Ready to In Progress on the Trust and Safety Product Sprint (Sprint Rum baba (July 28 - August 15)) board.
STran added a comment.EditedAug 12 2025, 12:38 PM

cc @KColeman-WMF @kostajh what IP do we want to associated with the temporary account in question? A temporary account can be associated with many IPs if its IP hopping. There are a few options:

  • on revision/log lines, the IP used could be passed along. Not all instances of UIC can be associated with a revision/log id (eg. Special:ListUsers) however so this would need a fallback. Additionally, this means that if a temp account is IP hopping, different instances of UIC could show different aggregate counts for the same account.
  • most recently used ip
  • we probably have the ip it was created from?
  • aggregate of all used ips?
    • the temp account has multiple ips, each of those can have multiple temporary accounts, sum all of those up
Niharika subscribed.Aug 13 2025, 12:11 PM

@STran Of the options you listed I also think sum of temp accounts from all IPs makes the most sense.

  • Using the revision/log IP or the most recently used IP will lead to a confusing state where the card displays different information depending on which page or when it is opened.
  • The IP the account was created from is not very useful and quite limiting

Should we limit how many IPs we will check to optimize for performance? Or if you think performance should not be a concern let's go ahead with summing up temp accounts from all associated IPs and evaluate afterwards.

Dreamy_Jazz added a project: OKR-Work.Aug 13 2025, 3:34 PM
Niharika moved this task from Triaged to In Progress on the CheckUser-UserInfoCard board.Aug 18 2025, 2:21 PM
OKryva-WMF edited projects, added Trust and Safety Product Sprint (Sprint Princess Tarta (August 18 - September 5)); removed Trust and Safety Product Sprint (Sprint Rum baba (July 28 - August 15)).Aug 19 2025, 10:08 AM
OKryva-WMF moved this task from Priority Backlog to In Progress on the Trust and Safety Product Sprint (Sprint Princess Tarta (August 18 - September 5)) board.
Niharika mentioned this in T402213: Add top octets or network hash to account name.Aug 21 2025, 11:03 AM
gerritbot added a comment.Aug 25 2025, 12:47 PM

Change #1181698 had a related patch set uploaded (by STran; author: STran):

[mediawiki/extensions/CheckUser@master] Refactor out query builder in CheckUserTemporaryAccountsByIPLookup

https://gerrit.wikimedia.org/r/1181698

gerritbot added a project: Patch-For-Review.Aug 25 2025, 12:47 PM
gerritbot added a comment.Aug 26 2025, 5:12 PM

Change #1182191 had a related patch set uploaded (by STran; author: STran):

[mediawiki/extensions/CheckUser@master] Add "active on IP/range" temp account count to UserInfoCard

https://gerrit.wikimedia.org/r/1182191

STran moved this task from In Progress to Needs Review on the Trust and Safety Product Sprint (Sprint Princess Tarta (August 18 - September 5)) board.Aug 27 2025, 4:32 PM
STran added a comment.Aug 29 2025, 3:37 PM

@KColeman-WMF The implementation of the number has changed to be an aggregate count of all temporary accounts found on all IPs associated with the temp account being looked up. As such, the original copy seems to be outdated (Temporary accounts from this IP), Would this copy be okay instead? Other temporary accounts on the IPs. Happy to change it to anything.

KColeman-WMF added a comment.Aug 29 2025, 7:56 PM
In T388718#11132408, @STran wrote:

@KColeman-WMF The implementation of the number has changed to be an aggregate count of all temporary accounts found on all IPs associated with the temp account being looked up. As such, the original copy seems to be outdated (Temporary accounts from this IP), Would this copy be okay instead? Other temporary accounts on the IPs. Happy to change it to anything.

I do think this is a harder concept to convey in simple terms. Perhaps we will need a tooltip for this line of information?

How about: Temporary accounts from all associated IPs: [count]

We could also include tooltip text on hover: An aggregate count of all temporary accounts from all IPs associated with this account

image.png (990×1 px, 198 KB)

gerritbot added a comment.Sep 2 2025, 11:46 AM

Change #1181698 merged by jenkins-bot:

[mediawiki/extensions/CheckUser@master] Refactor out query builder in CheckUserTemporaryAccountsByIPLookup

https://gerrit.wikimedia.org/r/1181698

ReleaseTaggerBot added a project: MW-1.45-notes (1.45.0-wmf.18; 2025-09-09).Sep 2 2025, 12:01 PM
gerritbot added a comment.Sep 4 2025, 10:57 AM

Change #1182191 merged by jenkins-bot:

[mediawiki/extensions/CheckUser@master] Add "active on IP/range" temp account count to UserInfoCard

https://gerrit.wikimedia.org/r/1182191

Maintenance_bot removed a project: Patch-For-Review.Sep 4 2025, 11:30 AM
gerritbot added a comment.Sep 4 2025, 12:35 PM

Change #1184769 had a related patch set uploaded (by STran; author: STran):

[mediawiki/extensions/CheckUser@master] Add tooltip to UserInfoCard's temporary account aggregate count property

https://gerrit.wikimedia.org/r/1184769

gerritbot added a project: Patch-For-Review.Sep 4 2025, 12:35 PM
gerritbot added a comment.Sep 5 2025, 2:20 PM

Change #1184769 merged by jenkins-bot:

[mediawiki/extensions/CheckUser@master] Add tooltip to UserInfoCard's temporary account aggregate count property

https://gerrit.wikimedia.org/r/1184769

Maintenance_bot removed a project: Patch-For-Review.Sep 5 2025, 2:31 PM
kostajh moved this task from Needs Review to Needs QA on the Trust and Safety Product Sprint (Sprint Princess Tarta (August 18 - September 5)) board.Sep 8 2025, 1:06 PM
gerritbot added a comment.Sep 8 2025, 1:25 PM

Change #1185932 had a related patch set uploaded (by STran; author: STran):

[mediawiki/extensions/CheckUser@master] Look up cu_log_events accounts in getTempAccountsFromIPAddress()

https://gerrit.wikimedia.org/r/1185932

gerritbot added a project: Patch-For-Review.Sep 8 2025, 1:25 PM
OKryva-WMF edited projects, added Trust and Safety Product Sprint (Sprint Dadar Gulung (September 8 - September 26)); removed Trust and Safety Product Sprint (Sprint Princess Tarta (August 18 - September 5)).Sep 8 2025, 1:35 PM
OKryva-WMF moved this task from Priority Backlog to Needs QA on the Trust and Safety Product Sprint (Sprint Dadar Gulung (September 8 - September 26)) board.Sep 8 2025, 1:38 PM
dom_walden subscribed.Sep 16 2025, 2:24 PM
In T388718#11157501, @gerritbot wrote:

Change #1185932 had a related patch set uploaded (by STran; author: STran):

[mediawiki/extensions/CheckUser@master] Look up cu_log_events accounts in getTempAccountsFromIPAddress()

https://gerrit.wikimedia.org/r/1185932

@STran In case this has been forgotten, this hasn't been merged yet.

dom_walden added a comment.Sep 17 2025, 2:09 PM

@KColeman-WMF @STran A couple of questions:

  1. If a temporary account does not have rows in the CheckUser tables, for example the data has been pruned after 90 days, we currently return 0 because we don't have an IP address for them. This might be misleading as we don't know if any other temporary accounts share/once shared an IP(s). We could instead return something like unknown or data expired.
  2. I am unsure what aggregate count means and how it is different from a normal count.
  3. Should the temporary account you are looking up be included in the count (currently it is)?
  4. Should the help text mention that we include the entire IPv6 /64 range, or is that TMI?
STran added a comment.Sep 24 2025, 8:39 AM

I think these are mostly for Katie to decide but to add some context to

We could instead return something like unknown or data expired.

I think the case in regular usage must always be expired as if the temporary account exists then it should have logged a createaccount event in the CU logs but there's nothing stopping the query from running on non-existent temp accounts. We should be able to respond to that accordingly if necessary but flagging it here so we can decide about it.

OKryva-WMF edited projects, added Product Safety and Integrity; removed Trust and Safety Product Sprint (Sprint Dadar Gulung (September 8 - September 26)).Sep 26 2025, 12:44 PM
OKryva-WMF edited projects, added Product Safety and Integrity (Sprint Apfel Strudel (Sep 29 - Oct 17)); removed Product Safety and Integrity.Sep 26 2025, 12:48 PM
OKryva-WMF moved this task from Priority backlog to Needs QA on the Product Safety and Integrity (Sprint Apfel Strudel (Sep 29 - Oct 17)) board.Sep 26 2025, 12:48 PM
gerritbot added a comment.Sep 30 2025, 9:09 AM

Change #1185932 merged by jenkins-bot:

[mediawiki/extensions/CheckUser@master] Look up cu_log_events accounts in getTempAccountsFromIPAddress()

https://gerrit.wikimedia.org/r/1185932

Maintenance_bot removed a project: Patch-For-Review.Sep 30 2025, 9:33 AM
ReleaseTaggerBot edited projects, added MW-1.45-notes (1.45.0-wmf.22; 2025-10-07); removed MW-1.45-notes (1.45.0-wmf.18; 2025-09-09).Sep 30 2025, 10:00 AM
kostajh mentioned this in T406707: PHP Warning: Undefined array key 20250928162850.Oct 9 2025, 8:15 AM
OKryva-WMF edited projects, added Product Safety and Integrity (Sprint Mint Choc Chip Ice Cream (Oct 20 - Nov 7)); removed Product Safety and Integrity (Sprint Apfel Strudel (Sep 29 - Oct 17)).Oct 17 2025, 1:47 PM
OKryva-WMF moved this task from Backlog to Needs QA on the Product Safety and Integrity (Sprint Mint Choc Chip Ice Cream (Oct 20 - Nov 7)) board.Oct 17 2025, 1:48 PM
dom_walden moved this task from Needs QA to Done on the Product Safety and Integrity (Sprint Mint Choc Chip Ice Cream (Oct 20 - Nov 7)) board.Oct 27 2025, 2:46 PM

Moving to Done, but there are still open questions for @KColeman-WMF.

In T388718#11189667, @dom_walden wrote:

@KColeman-WMF @STran A couple of questions:

  1. If a temporary account does not have rows in the CheckUser tables, for example the data has been pruned after 90 days, we currently return 0 because we don't have an IP address for them. This might be misleading as we don't know if any other temporary accounts share/once shared an IP(s). We could instead return something like unknown or data expired.
  2. I am unsure what aggregate count means and how it is different from a normal count.
  3. Should the temporary account you are looking up be included in the count (currently it is)?
  4. Should the help text mention that we include the entire IPv6 /64 range, or is that TMI?
Escargot_rouge unsubscribed.Oct 27 2025, 4:02 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits