Page MenuHomePhabricator

Strip abusefilter-private from everyone
Closed, ResolvedPublic

Description

As per this link I would like no one to hold abusefilter-private rights. The reason is that "The abusefilter-private right allows those who have it to see the IP address of any edit by using the AbuseFilter examine interface. The right isn't assigned to anyone ), because it is essentially an unlogged form of checkuser". I added the bolding of the text by the way. I think CU or CU style privledges should be logged somewhere and no one should have access to silent CU like that

Event Timeline

Joepayne created this task.Jan 12 2018, 1:33 PM

I added a github PR here.

MacFan4000 closed this task as Declined.EditedJan 12 2018, 5:05 PM
MacFan4000 claimed this task.

OS is used by Stewards and we never use it as CheckUser. It find to be able to change private filters. Also that link is not releated.

Void changed the task status from Declined to Resolved.Jan 12 2018, 8:41 PM
Void added a subscriber: Void.

abusefilter-private gives rights to view the IP of whatever user triggered that filter when viewing an abuse log entry. The intended right may have been abusefilter-view-private (provides ability to view private abuse filters) or abusefilter-log-private (provides ability to view AbuseLog entries of filters marked as private). Either way, anyone with abusefilter-modify (given to sysops) has the ability to view (and modify) all filters (including private).
As such, I've merged the PR; the right does not belong with the oversight toolset.

Joepayne reassigned this task from MacFan4000 to Void.Jan 13 2018, 2:26 AM

Void resolved it

I would like to suggest reconsideration of the abusefilter-private right. Abusefilter now logs private data access. This must be enabled with the $wgAbuseFilterPrivateLog setting and the abusefilter-private-log right is required to view it. I suggest this config option be enabled and both rights be added to the checkuser group.

Void added a comment.Sep 15 2018, 10:59 PM

If there was a consistent issue where there was abuse being stopped by the abuse filters that needed CU information to look into, I'd do it, but there just hasn't been precedent.