Requests for comment/Exposure of user IP addresses: Difference between revisions

This request for comments is regarding exposure of user IP addresses.

• phabricator:T20981
  • phabricator:T2556
  • phabricator:T7486
  • phabricator:T64979
• mailarchive:mediawiki-l/2009-May/030979.html
• m:Talk:Privacy policy/Archives/2013#Still lacking IP privacy protection.
• m:Talk:Privacy policy/Archives/2013 (2)#Do not save the IP of logged in users!
• m:Talk:Privacy policy/Archives/2013 (2)#Strip Wikimedia Data Collection to the Barest Minimum - Privacy Specifics

[FIXME: there have been a million wikitech-l, mediawiki-l, Bugzilla, and wiki discussions about this; find and cross-reference here please. See candidates.]

Currently within MediaWiki, if a user chooses not to log in, MediaWiki uses their assigned IP address as the user identifier. If a user edits while logged out, the IP address is recorded and stored in perpetuity as a username would be.

If a user edits whiled logged in, the associated address is privately stored for 90 days and only accessible by system administrators, or in the case of Wikimedia wikis and other wikis using the CheckUser extension, a small group of trusted users. After 90 days, the information is purged from the system and no longer accessible.

• Knowing whether an IP address belongs to a school or the U.S. Congress or whatever can be helpful information.
• IP addresses are relatively difficult to change for an average user, helping prevent vandalism and other repetitive harm to the projects.
• IP address ranges can be blocked.

• Privacy concerns!
  • Users can be unknowingly and unwillingly identified when editing while logged out.
• Information about underlying IP addresses used with user accounts can be subpoenaed by law enforcement during the retention period.

Related to the previous discussion above. Usually some kind of salting, random name thing.

• Retained account data self-discovery (talk)