Page MenuHomePhabricator
Create Task
Maniphest T16700

Add Opera Mini Browser IP range to the list of trusted XFF headers
Closed, ResolvedPublic
Actions

Description

Author: thatcher131

Description:
The Opera Mini broswer for mobile devices funnels all edits through two ranges, 91.203.96.0/22 and 195.189.142.0/23. For users of the full version of the program, Opera forwards xff headers indicating the real IP of the user. For users of the demo version, the xff headers only contain Opera's IPs. This makes the demo version effectively an open proxy, and both ranges have been blocked on enwiki for this reason, blocking all editors who use the device. If the Opera Mini IPs were added to the list of trusted xff forwarders, my understanding is that blocking the IP range would only affect users of the demo, while users of the full version would be recorded as coming from their home IP and would not be affected by IP blocks on the ranges.

Version: unspecified
Severity: enhancement

Details

Reference
bz14700

Event Timeline

bzimport raised the priority of this task from to Medium.Nov 21 2014, 10:14 PM
bzimport added projects: Wikimedia-Site-requests, Shell.
bzimport set Reference to bz14700.
bzimport added a subscriber: Unknown Object (MLST).
bzimport created this task.Jul 1 2008, 10:34 PM
bzimport added a comment.Jul 1 2008, 10:37 PM

ayg wrote:

Are these ranges known to be static and reliable, and unlikely to change behavior in the future (e.g. by adding anonymous proxy functionality for paid subscribers or something like that)?

bzimport added a comment.Jul 1 2008, 10:58 PM

thatcher131 wrote:

I can't give an informed answer to that. Probably someone should contact Opera. I dislike blocking the range while we wait for them to contact us. Checkuser returns an error message (too many edits) when checking the range, so there are a lot of edits coming from there.

bzimport added a comment.Jul 2 2008, 7:32 AM

thatcher131 wrote:

Actually, is that concern relevant? If Opera started a pad proxy service, then either it would be transparent and continue to forward the originating IP, or it would be anonymous. If anonymous, then a block on the Opera Mini range would block users of the demo and users of the proxy service, while not affecting users of the full version, which seems to me to be the correct result anyway.

bzimport added a comment.Jul 2 2008, 9:00 AM

knowsit wrote:

There's relevant discussion here - http://en.wikipedia.org/wiki/Wikipedia:Administrators%27_noticeboard/Archive104#Opera_proxies
And here - http://meta.wikimedia.org/wiki/Talk:XFF_project#Opera_Mini
And now here - http://en.wikipedia.org/wiki/Wikipedia:Administrators%27_noticeboard#Opera-Mini

And a list of proxies here - http://en.wikipedia.org/wiki/User:Ilmari_Karonen/sandbox/Opera_Mini

bzimport added a comment.Jul 2 2008, 1:59 PM

ayg wrote:

(In reply to comment #3)

Actually, is that concern relevant? If Opera started a pad proxy service, then
either it would be transparent and continue to forward the originating IP, or
it would be anonymous. If anonymous, then a block on the Opera Mini range
would block users of the demo and users of the proxy service, while not
affecting users of the full version, which seems to me to be the correct result
anyway.

What if the IP ranges got rejiggered and Opera started using the range for their employees' personal computers, moving the proxies to some other range? They could do that at any time, unless they give a guarantee to the contrary. Then their employees could set their IP addresses on Wikipedia to anything they liked, by manually adding XFF headers.

demon added a comment.Dec 10 2009, 2:13 PM

Closing this as FIXED. Tim's already put a lot of Opera Mini proxies into the TrustedXFF list.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL