Requests for comment/Retained account data self-discovery
Thoughts related to bugzilla:27242.
|Retained account data self-discovery|
The CheckUser extension stores information about each change to the wiki for a fixed period of time (by default, three months). This information includes the following database fields for each action to the wiki:
- cu_changes.cuc_user – account ID of the user performing an action; this would be used for self-lookups; it's indexed [(cuc_user,cuc_ip,cuc_timestamp)]
- cu_changes.cuc_ip – IP address [IPv4 and IPv6]
- cu_changes.cuc_xff – XFF data
- cu_changes.cuc_agent – User-Agent data
By default, MediaWiki core also stores private information in the recentchanges table:
- recentchanges.rc_ip – IP address
In the interest of freedom of information and enhancing account security, it should be possible for users to see the private data stored about themselves at any time.
The implementation of this idea will be done though an extension (Extension:AccountInfo).
The CheckUser table keeps a private log of actual CheckUser lookups for the purposes of accountability. This log tracks queries of the database when a user checks another user (or themselves), if they have the checkuser user right. Because this log is very private, though, it may make sense to not log self-queries of this kind.
Instead, there could be an "Retained account data" tab in Special:Preferences that shows the information for any rows in the CheckUser tables matching the currently logged in account.
Gmail provides a "Details" link at the bottom of a user's inbox. Clicking this "Details" link opens up a separate browser window. This browser window contains an HTML table showing a user's account activity, specifically:
- a user's access type (browser, mobile, POP3, etc.), with a "Show details" link next to browser entries that will expose the browser's user agent string;
- a user's location (IP address); and
- the time of the account activity.