Checkuser data retention Options

[gomi]

here:

Tim Starling tstarling at wikimedia.org
Thu Sep 11 03:11:52 UTC 2008

Jon wrote:
> I could not find this in the privacy policy... however, what is
> Wikimedia's current data retention policy? That is to ask, how long do
> projects keep data for use in tools such as checkuser?

CheckUser data used to be kept for 3 months, but Aaron recently increased
it to 5 months. I'm not sure why or on whose authority.

<http://svn.wikimedia.org/viewvc/mediawiki/trunk/extensions/CheckUser/CheckUser.php?r1=39734&r2=40620>

-- Tim Starling

[Rootology]

Last night I poked around all the listed materials out of curiosity, and darned if I can find where wgCUDMaxAge and the retention for CU data is actually stored on the separate table. I have a feeling it's out of view. Since this is the principle "privacy" matter (especially after Poetgate) that everyone is always worried about, I'm honestly wondering if the benefits of hiding this information from being displayed in a clear fashion outweigh the possible harm.

This post has been edited by Rootology: Fri 19th September 2008, 5:58pm

[Krimpet]

Last night I poked around all the listed materials out of curiosity, and darned if I can find where wgCUDMaxAge and the retention for CU data is actually stored on the separate table. I have a feeling it's out of view. Since this is the principle "privacy" matter (especially after Poetgate) that everyone is always worried about, I'm honestly wondering if the benefits of hiding this information from being displayed in a clear fashion outweigh the possible harm.

From CheckUser.php:

CODE

    # Every 100th edit, prune the checkuser changes table.
    wfSeedRandom();
    if( 0 == mt_rand( 0, 99 ) ) {
        # Periodically flush old entries from the recentchanges table.
        global $wgCUDMaxAge;
        $cutoff = $dbw->timestamp( time() - $wgCUDMaxAge );
        $recentchanges = $dbw->tableName( 'cu_changes' );
        $sql = "DELETE FROM $recentchanges WHERE cuc_timestamp < '{$cutoff}'";
        $dbw->query( $sql );
    }

Also, while Wikimedia's LocalSettings does require() a file called "PrivateSettings.php" that's not world-viewable that contains database passwords and the like, it's loaded before the CheckUser extension is, meaning any attempts to hide CU settings in there would be overridden by the defaults when CheckUser is loaded.

I think it can be confidently said, then, that CU data on Wikimedia is deleted after the default 90 days.

[tarantino]

I think it can be confidently said, then, that CU data on Wikimedia is deleted after the default 90 days.

This is confirmed by Tim Starling -

It's the same everywhere, it's three months. Neither the Board nor the
executive have expressed any desire to make that decision, but they are
free to weigh in if they want to. We chose the three month figure as a
compromise between privacy advocates and troll hunters.