Talk:IP Editing: Privacy Enhancement and Abuse Mitigation/Privacy enhancement
Separate storage, control access.
Secure the sensitive information about anonymous edits by storing it separately, and controlling access via user permissions.
I came to this conclusion on the other page, but realise that the crux of what I was thinking there actually relates to privacy and is an architectural principle that underpins the tools, rather than being about the tools themselves. So I've cross-posted here.
Note that I wrote edits, not editors. One way to implement this might be a table with the columns: Revision ID (primary and foreign key), IP address (non-null), rDNS, IP geolocation, ISP name, AS, UA string (non-null?), cookie, device-advertising ID. IP address blocks don't change hands often, but they can, so let's store the owner and geo at save-time. This can also make for easy and fast searching or sorting, compared to pulling in the extra information from third parties at query time. You can still add live lookup for richer info on top of what's been saved.
(Previous unsigned comment added by Pelagic, 6 May 2020 diff.)
- How does this compare to the way that checkuser information is currently stored? Is it a table in the database or some separate log file? Standard webserver logs aren't easy to cross-match with user actions, so I suspect only actual saves are logged. Pelagic (talk) 05:52, 29 December 2020 (UTC)