< Requests for comment
Tracked in Phabricator
Task T387
Request for comment (RFC)
Retained account data self-discovery
Component General
Creation date
Author(s) MZMcBride
Document status declined
See Phabricator.

Thoughts related to bugzilla:27242.

Background

The CheckUser extension stores information about each change to the wiki for a fixed period of time (by default, three months). This information includes the following database fields for each action to the wiki:

  • cu_changes.cuc_user account ID of the user performing an action; this would be used for self-lookups; it's indexed [(cuc_user,cuc_ip,cuc_timestamp)]
  • cu_changes.cuc_ip IP address [IPv4 and IPv6]
  • cu_changes.cuc_xff XFF data
  • cu_changes.cuc_agent User-Agent data

By default, MediaWiki core also stores private information in the recentchanges table:

  • recentchanges.rc_ip IP address

In the interest of freedom of information and enhancing account security, it should be possible for users to see the private data stored about themselves at any time.

The implementation of this idea will be done though an extension (Extension:AccountInfo).

Implementation proposals

Special:Preferences section

The CheckUser table keeps a private log of actual CheckUser lookups for the purposes of accountability. This log tracks queries of the database when a user checks another user (or themselves), if they have the checkuser user right. Because this log is very private, though, it may make sense to not log self-queries of this kind.

Instead, there could be an "Retained account data" tab in Special:Preferences that shows the information for any rows in the CheckUser tables matching the currently logged in account.

Outside examples

Gmail

Gmail provides a "Details" link at the bottom of a user's inbox. Clicking this "Details" link opens up a separate browser window. This browser window contains an HTML table showing a user's account activity, specifically:

  • a user's access type (browser, mobile, POP3, etc.), with a "Show details" link next to browser entries that will expose the browser's user agent string;
  • a user's location (IP address); and
  • the time of the account activity.
This article is issued from Mediawiki. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.