Page MenuHomePhabricator
Create Task
Maniphest T5233

Send a cookie with each block
Closed, ResolvedPublic8 Estimated Story Points
Actions

Assigned To
MusikAnimal
Authored By
Dragons_flight
Aug 23 2005, 12:09 AM
Tags
Referenced Files
F2539109: signature.asc
Sep 4 2015, 5:12 AM
F2236: User.php
Nov 21 2014, 8:46 PM
Subscribers
Ajraddatz
Akeron
Aklapper
Bawolff
BethNaught
Callanecc
Chicocvenancio
View All 54 Subscribers
Tokens
"Love" token, awarded by MarcoAurelio."Doubloon" token, awarded by RandomDSdevel."Like" token, awarded by Ladsgroup."Like" token, awarded by Jdforrester-WMF."Mountain of Wealth" token, awarded by Dalba.

Description

I would like to propose an extension of the autoblocker. The goal is to limit an attacker's
ability to continue their bad behavior by obtaining a new IP address (i.e. by redialing an ISP
or resetting a DSL connection).

Whenever someone logs into a mediawiki wiki from an account that has been blocked, in addition
to autoblocking their IP address, send their browser a cookie identifying the block in
question. Then every time someone tries to edit anonymously or create a new account, look for
this cookie and if it exists, see whether the block it references is still active and if so
block the new IP as well.

Such cookies would need to be temporary (just as auto-blocks are temporary (is it 24 hours?))
to avoid catching good people on public computers.

Of course, some black hats would be able to find ways around such cookies (its not all that
hard), but I would be willing to wager that most of the people engaged in juvenile vandalism
are not all that computer savvy.

Two possible conflicts come to my mind. One, if someone is blocked for having an
inappropriate username, it is not obvious that we would necessarily want their IP blocked from
creating a new account. (How is this handled in the present autoblocker?) Though for most
inappropriate usernames, being forced to sit down for 24 hours might not be a bad thing.

The other possible conflict is when a user has multiple accounts. If a sockpuppet account is
blocked, should that necessarily impose a short block on the other accounts as well? Maybe
so. This could be avoided by only checking for the cookie when someone is acting anonymously,
or we could just decide that a block on one should lead to a short block of all (is this the
effect of the current autoblocker?).

Anyway, anything to slow down returning persistent vandals is in my mind a good thing.

-DF

Details

Reference
bz3233
SubjectRepoBranchLines +/-
Send a cookie with autoblocks to prevent vandalism.mediawiki/coremaster+270 -2
Customize query in gerrit

Related Objects
Search...

Event Timeline

There are a very large number of changes, so older changes are hidden. Show Older Changes
gerritbot added a comment.Nov 16 2016, 6:44 PM

Change 48029 merged by jenkins-bot:
Send a cookie with autoblocks to prevent vandalism.

https://gerrit.wikimedia.org/r/48029

kaldari closed this task as Resolved.Nov 16 2016, 7:15 PM
kaldari moved this task from Needs Review/Feedback to Q1 2018-19 on the Community-Tech-Sprint board.
kaldari closed subtask T147610: Add feature flag for block cookie behavior as Resolved.
Jdforrester-WMF added a project: User-notice.Nov 16 2016, 7:26 PM
matej_suchanek removed a project: Patch-For-Review.Nov 16 2016, 7:33 PM
matej_suchanek updated the task description. (Show Details)
John_Broughton unsubscribed.Nov 16 2016, 9:06 PM
kaldari mentioned this in T150991: Test cookie blocking on Test Wikipedia.Nov 17 2016, 9:28 PM
Johan moved this task from To Triage to Announce in next Tech/News on the User-notice board.Nov 18 2016, 4:21 PM
kaldari closed subtask T146230: Set-up EventLogging to see how often blocked users are blocked via cookie as Resolved.Nov 19 2016, 12:32 AM
Johan moved this task from Announce in next Tech/News to In current Tech/News draft on the User-notice board.Nov 24 2016, 2:03 PM
Niharika edited projects, added Community-Tech; removed Community-Tech-Sprint.Nov 28 2016, 10:33 AM
Niharika moved this task from Up Next (June 3-21) to Archive on the Community-Tech board.Nov 28 2016, 11:00 AM
Ladsgroup awarded a token.Nov 28 2016, 9:24 PM
TerraCodes subscribed.Nov 29 2016, 5:53 PM
RandomDSdevel awarded a token.Nov 29 2016, 9:24 PM
Johan moved this task from In current Tech/News draft to Recently announced in Tech/News on the User-notice board.Dec 1 2016, 6:15 AM
Gestrid subscribed.Dec 4 2016, 10:47 PM
MusikAnimal mentioned this in T152462: Add cookie when blocking anonymous users.Dec 5 2016, 10:43 PM
Johan moved this task from Recently announced in Tech/News to Already announced/Archive on the User-notice board.Dec 7 2016, 5:52 AM
Bawolff mentioned this in T152952: CookieSetOnAutoblock for an infinite block would block the computer forever, add expiration to LocalStorage entry.Dec 12 2016, 12:23 PM
Bawolff mentioned this in T152953: $wgCookieSetOnAutoblock should perhaps spread autoblocks when the cookie matches.Dec 12 2016, 12:45 PM
Seb35 added a project: MW-1.29-release-notes.Jan 4 2017, 2:45 PM
DannyH reopened this task as Open.Jan 30 2017, 7:22 PM

Reopening so that this can be a tracking ticket as we continue to work on refinements...

DannyH moved this task from Archive to Older: Tracking Work by Others on the Community-Tech board.Jan 30 2017, 7:22 PM
DannyH added a subtask: T152462: Add cookie when blocking anonymous users.
DannyH added a subtask: T153527: Flaky unit test "UserTest::testAutoblockCookieInfiniteExpiry".
DannyH added a subtask: T153347: Block cookies should expire after 24 hours or the length of the actual block, whichever is shorter.
DannyH added a subtask: T151097: Switching $wgCookieSetOnAutoblock from true to false can cause fatal error.Jan 30 2017, 7:25 PM
DannyH added a subtask: T150991: Test cookie blocking on Test Wikipedia.
DannyH added a subtask: T149330: Investigation: Adding a check for the block cookie to the account creation process.
DannyH added a subtask: T150888: Document $wgCookieSetOnAutoblock on mediawiki.org.
DannyH added a subtask: T152076: Enable and test cookie blocking on English Wikipedia.
DannyH added a subtask: T152953: $wgCookieSetOnAutoblock should perhaps spread autoblocks when the cookie matches.Jan 30 2017, 7:28 PM
DannyH added a subtask: T152952: CookieSetOnAutoblock for an infinite block would block the computer forever, add expiration to LocalStorage entry.
DannyH added a subtask: T152951: CookieSetOnAutoblock doesn't verify cookie before using it allowing an attacker to enumerate revdeleted users.
MarcoAurelio awarded a token.Jan 30 2017, 8:03 PM
kaldari closed subtask T152951: CookieSetOnAutoblock doesn't verify cookie before using it allowing an attacker to enumerate revdeleted users as Resolved.Feb 13 2017, 11:45 PM
kaldari created subtask T158129: Test cookie blocking on Test Wikipedia.Feb 14 2017, 10:17 PM
Samwilson removed Samwilson as the assignee of this task.Feb 14 2017, 10:56 PM
Samwilson subscribed.
Chicocvenancio subscribed.Feb 21 2017, 12:37 PM
Callanecc subscribed.Mar 1 2017, 9:21 AM
Yoshi24517 subscribed.Mar 3 2017, 6:51 PM
TBolliger subscribed.Mar 3 2017, 7:54 PM
tom29739 subscribed.Mar 17 2017, 12:28 AM
kaldari closed subtask T152952: CookieSetOnAutoblock for an infinite block would block the computer forever, add expiration to LocalStorage entry as Resolved.Mar 21 2017, 5:36 AM
kaldari closed subtask T158129: Test cookie blocking on Test Wikipedia as Resolved.Mar 25 2017, 12:17 AM
MusikAnimal closed subtask T152462: Add cookie when blocking anonymous users as Resolved.Mar 30 2017, 3:50 PM
MusikAnimal reopened subtask T152462: Add cookie when blocking anonymous users as Open.
MusikAnimal closed this task as Resolved.Mar 30 2017, 3:54 PM
MusikAnimal claimed this task.

Deployed to English Wikipedia and working beautifully :) Those with access to EventLogging data can monitor eventlogging_CookieBlock to see how often blocks are being enforced by the cookie. We've also been keeping a close eye on the autoblock list and all seems well. We'll deploy to other wikis soon. Huge thanks and congrats to @Samwilson, and all who helped with this!!

MusikAnimal closed subtask T152076: Enable and test cookie blocking on English Wikipedia as Resolved.Mar 30 2017, 3:54 PM
MusikAnimal removed a subtask: T152462: Add cookie when blocking anonymous users.
Xaosflux subscribed.Mar 30 2017, 4:56 PM
Xeno subscribed.Mar 30 2017, 6:15 PM

This has been made live on English Wikipedia. It has been suggested to provide the ability to control whether a cookie block is placed separate from the autoblock option due to potential personal liability that could be acquired in countries with "cookie laws".

Yoshi24517 added a comment.Mar 30 2017, 6:25 PM

Where can I find the eventLogging data? I would like to look at the cookieBlock extension.

Niharika subscribed.Mar 30 2017, 9:54 PM

I looked at the eventlogging data. As of right now, there have been 1134 cookie-based blocks on enwiki. Woah!

In T5233#3144600, @Yoshi24517 wrote:

Where can I find the eventLogging data? I would like to look at the cookieBlock extension.

It's private data so not everyone can access it. To look at the code you don't need to access the eventlogging data. CookieBlock is not an extension but a part of MediaWiki core. See https://gerrit.wikimedia.org/r/#/c/48029/

Yoshi24517 added a comment.EditedMar 31 2017, 3:20 AM

I didn't mean the code. I meant the eventLogging data. (Scratch that comment.)

Ah never mind. I see that I have to be a Wikimedia Foundation employee. Thanks anyway. I think it would be really cool to watch though. Anyway thanks for telling me.

TheDJ subscribed.Mar 31 2017, 8:01 AM

due to potential personal liability that could be acquired in countries with "cookie laws".

Can you link those discussions ? It seems rather exceptional if there would be personal liability for that. But maybe WMF-legal could weigh in.

MusikAnimal added a comment.Mar 31 2017, 11:38 AM
In T5233#3145431, @Niharika wrote:

I looked at the eventlogging data. As of right now, there have been 1134 cookie-based blocks on enwiki. Woah!

Yeah... I'm questing if that was set up correctly. If that figure were true we should see a large influx of active autoblocks, which I have not noticed. I shall investigate!

In T5233#3144570, @Xeno wrote:

This has been made live on English Wikipedia. It has been suggested to provide the ability to control whether a cookie block is placed separate from the autoblock option due to potential personal liability that could be acquired in countries with "cookie laws".

I've spoke with legal and they should comment on the discussion soon.

jrbs subscribed.Apr 1 2017, 9:26 AM
jeblad subscribed.EditedApr 3 2017, 6:23 PM

In some countries we have short dynamic lease of IP addresses, that means a block will start to propagate. We have also some admins that belive blocking IP ranges is a good thing. That means blocking parts of the network for ISPs. When you add this on top the IP block then you effectively block the whole IP-range for that ISP.

Sorry, but this idea is utterly stupid! I'm just waiting for articles about "the new internett-virus spread by Wikipedia"!

Tgr added a comment.Apr 3 2017, 7:21 PM

The EU data protection working group advisory WP-194 section 3.3 ("cookies set for the specific task of increasing the security of the service that has been explicitly requested by the user") clearly applies here, as long as the cookie is only set on edit attempts (IIRC not the case with the current implementation, but would be a trivial change).

Kjetil subscribed.Apr 3 2017, 7:22 PM
jeblad added a comment.Apr 3 2017, 7:41 PM

I doubt that interpretation hold for this task, but it surely will not hold at all for T152462 and definitely not for T152953.

jeblad added a comment.Apr 3 2017, 7:48 PM

Given the statement in T5233#980836 and how this will behave, I can not see how this should be claimed to not be interfering with a multiuser environment. It is used for blocking of IP addresses where the blocked user itself may not be active, but other users might be active. In T152462 there isn't even made any attempt to check if there is a single user? In T152953 multiple users will be involved, possibly an unlimited number?

Reedy mentioned this in T162096: Potential abuse of MW Cookie Blocks.Apr 3 2017, 9:51 PM
Samwilson added a comment.Apr 4 2017, 2:38 AM
In T5233#3151976, @Tgr wrote:

... as long as the cookie is only set on edit attempts (IIRC not the case with the current implementation, but would be a trivial change).

One problem with only setting the cookie on an edit attempt is that it relies on the person being blocked then attempting to edit after being blocked but before changing their IP address. That might be quite okay though; I guess most blocked people try to edit after being blocked?

Akeron subscribed.Apr 4 2017, 8:13 AM
Johan moved this task from Already announced/Archive to In current Tech/News draft on the User-notice board.Apr 27 2017, 8:21 PM
Jeff_G subscribed.May 1 2017, 10:41 PM
Johan moved this task from In current Tech/News draft to Already announced/Archive on the User-notice board.May 2 2017, 12:05 PM
Chicocvenancio added a comment.EditedMay 2 2017, 1:27 PM

Is there a Timeline for this to be set on other WMF wikis? Specifically in ptwiki it would be particularly useful right now. (May 8, from the comment bellow. Thanks!)

Zppix subscribed.May 2 2017, 1:32 PM

@Chicocvenancio https://meta.wikimedia.org/wiki/Special:MyLanguage/Tech/News/Latest

Zppix unsubscribed.May 2 2017, 1:32 PM
DannyH moved this task from Older: Tracking Work by Others to Archive on the Community-Tech board.May 9 2017, 1:46 AM
Chicocvenancio added a comment.May 20 2017, 1:00 PM

Can't we start sending cookies for ip blocks as well?

Jeff_G added a comment.May 20 2017, 2:22 PM
In T5233#3152926, @Samwilson wrote:
In T5233#3151976, @Tgr wrote:

... as long as the cookie is only set on edit attempts (IIRC not the case with the current implementation, but would be a trivial change).

One problem with only setting the cookie on an edit attempt is that it relies on the person being blocked then attempting to edit after being blocked but before changing their IP address. That might be quite okay though; I guess most blocked people try to edit after being blocked?

The cookie could be added as soon as the user requests an edit page or gets a notice that they are blocked, even on a different WMF project or another wiki that runs this code, effectively crowdsourcing the cookie addition, given a global realtime distributed database of IP addresses to be sent cookies.

Jeff_G added a comment.May 20 2017, 2:25 PM
In T5233#3279200, @Chicocvenancio wrote:

Can't we start sending cookies for ip blocks as well?

If you meant blocks of individual IP addresses, I thought that was a good idea and already included. If you meant rangeblocks of IP address ranges, I think that is a good idea.

MusikAnimal added a comment.May 20 2017, 3:23 PM
In T5233#3279200, @Chicocvenancio wrote:

Can't we start sending cookies for ip blocks as well?

See T152462

greg unsubscribed.May 20 2017, 8:53 PM
TBolliger mentioned this in T188161: Investigation: Anon cookie blocking.Feb 24 2018, 12:55 AM
MBinder_WMF mentioned this in T200102: Phlogiston Bug: cot prefix recently closed shows tasks actually closed long ago.Jul 20 2018, 6:19 PM
TBolliger mentioned this in T196575: Add block cookie for browser-based API edits (including VisualEditor & MobileFrontend).Feb 20 2019, 10:03 PM
Tchanders mentioned this in T233441: Cookie blocks apply regardless of ipblock-exempt right.Sep 22 2019, 8:42 AM
Tchanders mentioned this in T233595: Clear block cookie when tracking block, not when checking block.Oct 9 2019, 10:33 AM
Ladsgroup edited projects, added User-notice-archive; removed User-notice.Aug 13 2022, 1:54 PM
Dreamy_Jazz mentioned this in T374734: Apply cookie blocks for global blocks.Sep 13 2024, 7:03 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits