Requests for comment/Retained account data self-discovery

Thoughts related to 27242.

Background
The CheckUser extension stores information about each change to the wiki for a fixed period of time (by default, ). This information for each action to the wiki:


 * cu_changes.cuc_user – account ID of the user performing an action; this would be used for self-lookups; it's indexed [(cuc_user,cuc_ip,cuc_timestamp)]
 * cu_changes.cuc_ip – IP address [IPv4 and IPv6?]
 * cu_changes.cuc_xff – XFF data
 * cu_changes.cuc_agent – User-Agent data

In the interest of freedom of information and enhancing account security, it should be possible for users to see the private data stored about themselves at any time.

Any implementation of this idea would likely be put behind a configuration variable. From this, two questions arise:


 * 1) What would the default value of this configuration variable be (that is, would this feature by enabled by default or not)?
 * 2) Would Wikimedia wikis override the default value of this configuration variable? [This will likely need community input and discussion, but is almost entirely outside the scope of this particular requests for comment.]

Special:Preferences section
The CheckUser table keeps a private log of actual CheckUser lookups for the purposes of accountability. This log tracks queries of the database when a user checks another user (or themselves), if they have the checkuser user right. Because this log is very private, though, it may make sense to not log self-queries of this kind.

Instead, there could be an "Retained account data" tab in Special:Preferences that shows the information for any rows in the CheckUser tables matching the currently logged in account.

Gmail
Gmail provides a "Details" link at the bottom of a user's inbox. Clicking this "Details" link opens up a separate browser window. This browser window contains an HTML table showing a user's account activity, specifically:


 * a user's access type (browser, mobile, POP3, etc.), with a "Show details" link next to browser entries that will expose the browser's user agent string;
 * a user's location (IP address); and
 * the time of the account activity.