https://bugzilla.wikimedia.org/show_bug.cgi?id=46457
Bawolff (Brian Wolff) <bawolff...@gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |bawolff...@gmail.com
--- Comment #11 from Bawolff (Brian Wolff) <bawolff...@gmail.com> ---
(In reply to comment #10)
> But they won't be able to figure it out unless they have reasons to suspect
> that IP address is the one that was autoblocked in the first place. That is,
> you need to know what IP address to check first, and even then you can't
> actually be certain that it is the one under a particular autoblock unless
> you
> can observe the contribs page of that particular IP address both immediately
> before and immediately after the autoblock triggered. It's not really a
> problem
> if the software reveals little more than what you already know or have a good
> reason to suspect.
>
> The scenario described - an admin somehow going over the contribution pages
> of
> all 4 billion IPv4 addresses (not to mention the 2^128 IPv6 ones) to find the
> one that is under an autoblock - which also must be the only autoblock active
> at the time - is, to put it mildly, extremely unlikely.
Autoblock <-> IP address associations is private data. Only checkusers should
be to get any sort of information in this direction. The fact that it is
somewhat hard to exploit is irrelevant. (And really, if you have some suspicion
of where the user lives, you would have to go through significantly less than 4
billion IP addresses. Even with 4 billion IPv4 addresses, bots don't exactly
get tired of looking through pages)
This bug is a potential violation of Wikimedia's privacy policy and should be
fixed
--
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
_______________________________________________
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
