On Feb 6, 2008 8:27 PM, Ilmari Karonen <nospam(a)vyznev.net> wrote:
There could be privacy concerns over that, though;
certainly I'd assume
there's a reason why purge checkuser records after a while.
That's why it would be an option, perhaps disabled on Wikimedia. The
reasonable default would be to log them permanently, because that's
what practically all web software does, and what all admins and users
expect (to the extent they know about stuff like IP addresses).
(I'd have expected the Foundation privacy policy
to say something about
that, but strangely enough it doesn't seem to; the only statement about
retention times I can find is that Apache access logs are "normally
discarded after about two weeks.")
Which tells you how old that is. How long has it been since we kept
Apache access logs? We have some Squid sampling now, I think, but
last I heard only a one-tenth anonymized sample was stored anywhere.
In fact, I wonder if we really need to record IP
addresses of logged-in
users in the recentchanges table at all -- after all, the CheckUser
extension has its own tables for that data.
Currently, a default installation of MediaWiki allows IP addresses to
be checked by anyone with database access. That's intentional, I'm
pretty sure. I assume it used to be the way things were done on
Wikimedia, in fact, before Checkuser.