Jump to content

Trust and Safety Product/Decision records/2025-06-04 Disabling CheckUser API on WMF wikis

From mediawiki.org

Authors: WBrown (WMF) (talk)

Status

[edit]
  • Approved 2025-06-20

Context

[edit]

The CheckUser extension provides an API to allow users to query CheckUser data. Trust and Safety Product have received concerns about this API and also have our own concerns. This decision record is not related to the CheckUserLog API which will be unaffected.

The concerns raised include:

  • Having a CheckUser API implies that automated access to CheckUser data is a good idea, which should not necessarily be implied
    • For example, an OAuth tool may accidentally keep copies of the CheckUser data without a good reason to do so
  • The CheckUser API has very low usage and so it's maintenance burden to usage ratio is very weighted towards maintenance.
    • This had lead to Client Hints not being displayed in the CheckUser API as Trust and Safety Product could not prioritise development of the API
    • On most wikis the API has been used ~10 times.

We asked CheckUsers on their checkuser-l list and received mixed feedback. Users raised points including:

  • login.wikimedia.org uses the CheckUser API more frequently, though that this usage has been close to zero in the last few years

Given the sensitivity of the CheckUser API, some communities have raised non-public concerns to us about the presence of this API, which are informing our decision to disable it.

Options considered

[edit]
  • Keep the status quo. Do not disable the API
  • Disable the API on wikis which opt-in to disabling
  • Disable the API on wikis which opt-out to disabling
  • Disable the API on all wikis except from login.wikimedia.org
  • Disable the API on all wikis
  • Remove the API entirely

Decision

[edit]

We propose to disable the API on all wikis except from login.wikimedia.org. This will reduce the impact on workflows given by WMF stewards on login.wikimedia.org while addressing the concerns that led to this decision record (detailed above and privately).

Consequences

[edit]
  • The CheckUser API will not be usable on all WMF wikis except from login.wikimedia.org
  • Doing this will further place the API down the priority list for updates, especially for HTTP Client Hints which may make the maintenance problem worse over time
Retrieved from "https://www.mediawiki.org/w/index.php?title=Trust_and_Safety_Product/Decision_records/2025-06-04_Disabling_CheckUser_API_on_WMF_wikis&oldid=7698976"