When AbuseFilter prevents a user from creating an account, it is currently impossible for CUs to associated the IP and the user. Here is in example:
* IP 184.108.40.206 tries to created the account User:FailedToCreate and this action is prevented by the abuse filter.
* If you query 220.127.116.11, you will see this in the CU results
* But of course, you don't know which IP to query.
* If you query FailedToCreate you get an error saying the account doesn't exist (which is fair)
* Without the abusefilter-private right, you have no way to associate FailedToCreate and 18.104.22.168 to each other.
WMF has not given the `abusefilter-private` right to its CUs, because if a CU had that right and would use it to lookup the IP of a user associated with this type of abuse log entry, there would be no way to log the CU's action. WMF would like all CU actions to be logged, so other CUs can monitor it.
Two steps need to be taken:
1. Make it possible to log the CU actions, should they be given the `abusefilter-private` right (see T152934)
1. Ad this right to the list of rights CUs hold on WMF wikis (this task)