Page MenuHomeMiraheze

Abuse filter rangeblocks reveal user information
Closed, InvalidPublic

Description

I recently noticed the block log sdiy wiki, which includes the Abuse Filter user blocking both a user and the range the user is supposed to have edited out of. This behavior may be undesirable and reveal private information outside of the scope of our privacy policy. However, it is possible that these ranges are simply too large to reveal too much, but this is itself another issue.

Event Timeline

Void created this task.Jan 31 2019, 23:18
John added a subscriber: John.Jan 31 2019, 23:25

But we do this? User + range blocking. Though /16s are WAY too large to block automatically.

But this isn’t a security issue to me.

John closed this task as Invalid.Jan 31 2019, 23:38
John changed the visibility from "Custom Policy" to "Public (No Login Required)".
John changed the edit policy from "Custom Policy" to "All Users".
Void added a comment.Jan 31 2019, 23:40

Regardless, we've disabled the feature in https://git.io/fhyHl.