User:DWalden (WMF)/IPInfo

How to find/create test IPs[edit]

To look up information for an IP that IP needs to be associated with either an edit or a log action.

The IP can then be looked up on:

• An article's edit history
• Special:Log
• Special:Contributions/<ip>

Already existing data[edit]

Edit[edit]

• IPs with edits on beta: /edit
• IPs with edits on beta in the last 24 hours: https://en.wikipedia.beta.wmflabs.org/wiki/Special:RecentChanges?userExpLevel=unregistered&limit=500&days=1&urlversion=2

Log[edit]

• IPs with logged events on beta: /log

Creating your own[edit]

Edit[edit]

• Edit any page while logged out. You can do this with a VPN to simulate IPs from different locations. (I have confirmed that I can edit from a VPN on beta.)

Log[edit]

1. Pick an <ip> which you are interested in.
2. Go to Special:Block/<ip> (you need to be logged in as an admin).
3. On the form, pick an expiration date and click "Block"

   

4. Go to Special:Log/block and you should see a line like 08:48, 9 September 2021 <user> blocked <ip>, with the (i) icon next to <ip>

   

(N.B. this will count as an "active block" for that IP until the expiration date set in step 3 has passed. After the expiration date has passed, it will count as a "past block". If you want a "past block" on an IP address you can just set the expiration date to 1 second.)

IP Info Privileges[edit]

There are two IP information viewing privileges:

ipinfo-view-basic or ipinfo-view-full

Test Strategy[edit]

When we worked on this previously (end of 2020), testing focused on a few quality criteria.

Quality Criteria[edit]

Accuracy[edit]

• Are we reporting information for the wrong IP?
• Do we display the information in a misleading way?

Security[edit]

• Does anyone have access to IP information who should not?
• Do we log access for non-repudiation purposes?
• Any patterns in the behaviour/response of the application which might lead to information disclosure? (info, example)

Usability[edit]

• Support on a range of user interface languages, including right-to-left languages
• Support on a range of skins
• Support on a range of browsers (and possibly devices if we want to support mobile)
• Accessibility (e.g. people who only use keyboard or use a screen reader)

Oracles[edit]

Places to check information about IPs.

• Block info
  • Number of times an <ip> has been blocked:
    • Web: https://en.wikipedia.beta.wmflabs.org/wiki/Special:Log?type=block&user=&page=<ip>
    • API: https://en.wikipedia.beta.wmflabs.org/w/api.php?action=query&list=logevents&letype=block&lelimit=500&letitle=User:<ip> (only shows the most recent 500 blocks for the IP)
• Edits
  • Number of edits locally:
    • Web: https://en.wikipedia.beta.wmflabs.org/wiki/Special:Contributions/<ip>
    • API: https://en.wikipedia.beta.wmflabs.org/w/api.php?action=query&list=usercontribs&uclimit=500&ucuser=<ip> (it will only show the most recent 500 edits for the IP)
  • Number of edits globally:
    • Web: ???
    • API: ???

What we (probably) won't test[edit]

• Correctness of the results MaxMind gives us.

Test Code[edit]

• https://gitlab.wikimedia.org/dwalden/ipinfo-testing
• Scripts which start with ipinfo_ in https://gitlab.wikimedia.org/dwalden/pywikibot-scripts/-/tree/main/scripts (sorry they have no/the wrong documentation)

Open all IPInfo popups on a page[edit]

$(".ext-ipinfo-button > a").each(function(index, icon) {
    icon.click();
});

Collect all data from the IPInfo popups on a page[edit]

Run the below scripts in your browser console on pages with IPInfo popups (e.g. revision history, Special:Log). All the data from the popups will be in the results variable. You can then compare this against the data MaxMind returns for that IP.

Log pages:

var results = [];
$(".ext-ipinfo-button").each(function(index, span) {
    // Record the log id
    var logid = $(span).parent().attr("data-mw-logid");

    // Record the IP
    var ip = $(span).prev().text();

    // Record the Location, ASN and Source (if applicable)
    var location = $(span).find(".ext-ipinfo-widget-location").text();
    var asn = $(span).find(".ext-ipinfo-widget-asn").text();
    var source = $(span).find(".ext-ipinfo-widget-source").text();
    var error = $(span).find(".ext-ipinfo-widget-error").text();

    results.push([logid, ip, location, asn, source, error]);
});

Revision pages:

var results = [];
$(".ext-ipinfo-button").each(function(index, span) {
    // Record the log id
    var logid = $(span).parent().parent().attr("data-mw-revid");

    // Record the IP
    var ip = $(span).prev().text();

    // Record the Location, ASN and Source (if applicable)
    var location = $(span).find(".ext-ipinfo-widget-location").text();
    var asn = $(span).find(".ext-ipinfo-widget-asn").text();
    var source = $(span).find(".ext-ipinfo-widget-source").text();
    var error = $(span).find(".ext-ipinfo-widget-error").text();

    results.push([logid, ip, location, asn, source, error]);
});