Author: tjoneslow
Description:
I am dealing with a constant wave of abuse from a user who creates a new account with random names but the same email address. It would be great if the AF variables included, especially for the createaccount action, an user_email for filtering action.
This is the email address the user enters for creating their account, not the text of any email's they are sending.
Version: unspecified
Severity: enhancement
I'm not sure how much of a good idea exposing a users email addresses is. Especially as if there is a filter hit, it will be a logged value and viewable..
tjoneslow wrote:
We (the admins of our wiki) had a long discussion about this. We'd like to expand our request to include a variable (e.g. $wgAbuseFilterUseEmailAddress) defaulted to false which controls the use of the email address as a variable. False means no variable, true means there is.
From the perspective of our wiki, the Abuse Log is visible only to sysops which is a small group trusted not to abuse the availability of the email address. But we understand that on a larger wiki the viewership of the abuse log and the expectations of privacy are different.
I suggest treating the email address similar to other sensitive data (like IPs) and require abusefilter-privatedetails to view it