[Foundation-l] Abuse filter

Robert Rohde rarohde at gmail.com
Wed Mar 25 16:55:49 UTC 2009 

Just so everyone is clear:

1) The abuse log is public.  Anyone, including completely anonymous
IPs, can read the log.

2) The information in the log is either a) already publicly available
by other means, or b) would have been made public had the edit been
completed.  So abuse logging doesn't release any new information that
wouldn't have been available had the edit been completed.  (Some of
the information it does release, such as User ID number and time of
email address confirmation, is extremely obscure though.  While
"public" in the sense that it could be located by the public, some of
the things in the log would be challenging to find otherwise.)

3) Some of the rules are private.  The log generated is the same
whether the rule being triggered is public or private, and both kinds
result in a publicly accessible log.

4) There is an existing bug that deletion of articles does not
currently delete the corresponding entries in the Abuse Log.  That can
potentially allow information about deleted content to leak through in
some specific cases.  It is on the agenda to patch that hole.

-Robert Rohde

On Wed, Mar 25, 2009 at 5:35 AM, John at Darkstar <vacuum at jeb.no> wrote:
> The problem is that something that previously was public (vandal moving
>  the page "George W. Bush" to "moron") will now be private (he get a
> message that hi isn't allowed to do that), this shifts the context from
> a public context to a private context. Then the extension do logging of
> actions done in this private context to another site. Users of this site
> will then have access to private information. It is not the information
> _disclosed_ which creates the problem, it is the information
> _collected_. It seems like the information is legal for "administrative
> purposes", but as soon as it is used for anything other it creates a lot
> of problems. For example, if anyone takes actions against an user based
> on this collected information it could be a violation of local laws.
> (Imagine collected data being integrated with CU) If such actions must
> be taken, then the central problems are identification of who has access
> to the logs and are they in fact accurate. That is something you don't
> want in a wiki with anonymous contributors! :D
>
> The only solution I see is to avoid all logging of private actions if
> the actions themselves does not lead to a publication of something.
> Probably it will be legal to do some statistical analysis to administer
> the system, but that should limit the possibility of later
> identification of the involved users.
>
> There are a lot of other problems, but I think most of them are minor to
> this.
>
> John
>
> Domas Mituzas skrev:
>> Hello John,
>>
>>> done, or that any other measure is taken to avoid said problems. Can
>>> anyone clarify on the matter as it seems that nearly everyone just
>>> hurrays the implementation and there is no effort to solve those
>>> issues.
>>
>>
>> I discussed this with Andrew (he is not on foundation-l), and
>> apparently, AbuseFilter does not seem to disclose any information that
>> would not be available elsewhere.
>> Is there any particular information released by it you'd consider
>> leaking private data?
>>
>> We love privacy, but we want to be consistent :)
>>
>
> _______________________________________________
> foundation-l mailing list
> foundation-l at lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l
>

More information about the foundation-l mailing list