Page MenuHomePhabricator
Create Task
Maniphest T21796

Checkuser watchlist feature
Open, LowPublic
Actions

Description

Author: mapellegrini

Description:
It should be possible to program a checkuser watchlist feature. The watchlist consists of IP addresses or ranges of interest. A hypothetical design would be like this:

* 1.2.3.4        User:ABC
* 100.1.1.1/16   IP range for User:XYZ
...

When a checkuser runs a check, if any of the IP addresses returned match an item or range in his watchlist, the associated information should be displayed next to it. A hypothetical example would be the following results from check User:FooBar

66.55.44.33 (block) (1 Aug 2016, 12:00 -- 2 Aug 2016, 12:00) [57] (~86 of all users)

100.1.1.145 (block) (18 Jul 2016, 12:00 -- 28 Jul 2016, 12:00) [14] (IP range for User:XYZ)

The watchlists can be user-specific (each person with checkuser access has his own watchlist), or global (all the checkusers share the same watchlist), or both.

Details

Reference
bz19796

Related Objects
Search...

StatusSubtypeAssignedTask
 Resolved TBolligerT120734 Epic ⚡️ Improve MediaWiki's blocking tools
 OpenNoneT21796 Checkuser watchlist feature

Event Timeline

bzimport raised the priority of this task from to Low.Nov 21 2014, 10:41 PM
bzimport added a project: CheckUser.
bzimport set Reference to bz19796.
bzimport added a subscriber: Unknown Object (MLST).
bzimport created this task.Jul 17 2009, 9:28 PM
bzimport added a comment.Jul 17 2009, 9:30 PM

mike.lifeguard bugs wrote:

I'd strongly suggest these be shared (cross-wiki if possible, but that may have to be done via mailing list if it can't be implemented in software).

bzimport added a comment.Jul 17 2009, 10:00 PM

lar wrote:

This would be HIGHLY useful. Interwiki CU coordination now is via our mailing list which works but oculd be better.

I would like to see all 3. A private watchlist just for myself, a watchlist that is shared with every CU on this particular wiki, and a global one across all wikis where Stewards can administer permissions. Let me, as the author of an entry, choose which visibilities are active, requiring at least one to be active at all times, and let entries show who authored them, when, and what wiki they were on at the time. Separate out the watchlist visibility permission from CU itself so it can be assigned to Stewards, allowing them to see per wiki and global watchlists regardless if they turned on the CU permission on a given wiki or not.

Avraham added a comment.Jul 17 2009, 11:09 PM

Agreed; cross-wiki cu activities can use all the help it can get, and this would be fantastic.

bzimport added a comment.Jul 17 2009, 11:30 PM

Nishkid64 wrote:

This would greatly improve cross-wiki CheckUser communication. I fully support any efforts toward creating a user-specific and global CU watchlist.

aaron added a comment.Jul 18 2009, 8:29 PM

If done, this would likely be global only, but not cross-wiki.

bzimport added a comment.Jul 19 2009, 3:49 PM

mike.lifeguard bugs wrote:

(In reply to comment #5)

If done, this would likely be global only, but not cross-wiki.

Sorry, I'm not sure what the difference between "global" and "cross-wiki" is here. Can you clarify?

bzimport added a comment.Jul 19 2009, 4:40 PM

mapellegrini wrote:

There are three levels of watchlist being proposed/discussed right now:

  • User level - a user's ranges/comments are visible only to that user
  • Global level - a user's ranges/comments are visible to all checkusers on that wiki
  • Cross-wiki level - a user's ranges/comments are visible to all checkusers on all wikis
bzimport added a comment.Jul 19 2009, 5:04 PM

mapellegrini wrote:

Note - the possibility that this feature could violate the WMF privacy policy was brought up on the checkuser mailing list. Mike Godwin was asked to comment, and he said that such a feature would not violate the policy.

bzimport added a comment.Jul 19 2009, 5:31 PM

mike.lifeguard bugs wrote:

(In reply to comment #7)

  • Global level - a user's ranges/comments are visible to all checkusers on that

wiki

Using the word "global" to describe this is wrong - it is not global at all (that is why I didn't understand the difference between "global" and "cross-wiki" -- there isn't any such difference). This should more correctly be called "shared" or "shared locally" if there is a need to differentiate between this and cross-wiki sharing.

For steward use, cross-wiki sharing is really critical - without that it will be nearly useless for us.

bzimport added a comment.Jul 19 2009, 5:39 PM

lar wrote:

Agree with Mike

Suggest instead that the terms be

  • "personal" - User level - a user's ranges/comments are visible only to that user
  • "local" - One wiki level - a user's ranges/comments are visible to all checkusers on that wiki
  • "Global" - Cross-wiki level - a user's ranges/comments are visible to all allowed users on

all wikis

aaron added a comment.Jul 20 2009, 11:41 PM

I wonder if getCentralDB() like functions could be used, and WMF sites could borrow the centralauth DB if it is to tedious to make another one.

DannyH mentioned this in T120734: Epic ⚡️ Improve MediaWiki's blocking tools.Dec 7 2015, 10:50 PM
TerraCodes awarded a token.Apr 21 2016, 5:24 AM
Restricted Application added a subscriber: JEumerus. · View Herald TranscriptApr 21 2016, 5:24 AM
MarcoAurelio mentioned this in T139810: RFC: Overhaul the CheckUser extension.Jul 23 2016, 1:26 PM
MarcoAurelio added a project: Stewards-and-global-tools.Jul 23 2016, 1:43 PM
MarcoAurelio removed a subscriber: wikibugs-l-list.
MusikAnimal mentioned this in T145912: Create new Special:RangeContributions page to support viewing contributions across an IP range.Sep 16 2016, 11:00 PM
kaldari subscribed.Sep 29 2016, 11:24 PM

Nothing in the description sounds like a watchlist to me. Can someone please edit the description to clarify what is being asked for? Is this just asking for a way to tag IP addresses for CheckUser interfaces?

Huji updated the task description. (Show Details)Sep 29 2016, 11:39 PM
Huji subscribed.Sep 29 2016, 11:41 PM

@kaldari I updated the details to clarify.

I think this is NOT something that would be done through CU extension itself. Instead, IMHO, we need to extend CU in such a way that a thing like this can be easily done through a JS tool (much like Twinkle), that updates the CU results page based on some external source.

The problem, of course, is that the watchlist is going to contain private information and needs to be stored somewhere; that means we need a place to store content that only CUs can see (much like an Abusefilter that is not public; but restricted to only CUs).

Matanya moved this task from Untriaged to Medium priority on the Stewards-and-global-tools board.Apr 19 2017, 7:56 PM
Luis150902 added a parent task: T120734: Epic ⚡️ Improve MediaWiki's blocking tools.Apr 23 2017, 6:26 AM
Luis150902 subscribed.
0x010C subscribed.Oct 31 2018, 5:31 PM
Demian mentioned this in T237486: Organize tasks related to the overhaul of CheckUser.Nov 6 2019, 8:46 AM
Dreamy_Jazz subscribed.EditedAug 20 2022, 9:12 PM

In theory a tool that hooks into checkuser wiki could be used for this purpose. The way that I see a JS tool working is:

  • A CU can using the tool mark an IP / range as being relevant and of interest with some information such as "this is XYZ". This would, via some method, save this info is some kind of structured way on checkuser wiki.
  • When a CU loads results the checkuser wiki page with the info is loaded and parsed. Any ranges that match results would then be marked as being of interest and with the info stored on checkuser wiki.
  • A CU could through some method remove or amend this information when they see it in the results page if it's no longer relevant or now out of date.

The checkuser wiki is WMF specific, but that would be okay for a WMF specific JavaScript gadget / tool. All CUs can have accounts there and it's the one already existing place where all CUs (assuming the CU is logged in) can access information without non-CUs seeing it.

However, I could see this being an issue to properly maintain. First, ranges that are not often frequented or where the CUs who are checking do not know if the information is still relevant could easily become out of date. Later down the line a CU looking for what sockmaster the account is related to sees this info, and without a clearly visible way to say this is old information, could easily jump to conclusions about the account they were checking. A mitigation to this could be time limiting the info, but this won't always work and relies on good maintenance of this information which may not be easy for wikis with not many CUs. Furthermore, a CU from another wiki would be able to see this info. While not necessarily an issue this would have to be considered and it made clear to CUs that this could be seen by all WMF CUs. Also I'm pretty sure that it isn't going to be easy to access information on the checkuser wiki as I suspect CORS will prevent access.

If CUs on the wiki effectively use reasons for their checks and/or if T190666 is implemented and CUs use that to note the results of checks (i.e. this was XYZ) then checkusers can look at the checkuser log to find what sockmasters have used this range in the past. This has a clear timestamp for the checks and doesn't also have any particular notation that this information is up to date thus reducing the risk of CUs old and outdated info as the basis for a block.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits