Grants:Project/Rapid/GeneralNotability/Bullseye/Report

Report accepted

This report for a Rapid Grant approved in FY 2021-22 has been reviewed and accepted by the Wikimedia Foundation.

To read the approved grant submission describing the plan for this project, please visit Grants:Project/Rapid/GeneralNotability/Bullseye.
You may still comment on this report on its discussion page, or visit the discussion page to read the discussion about this report.
You are welcome to Email rapidgrants at wikimedia dot org at any time if you have questions or concerns about this report.

Goals

The goal of the project was to purchase data feed licenses for Bullseye, a Toolforge-hosted project designed that consolidates multiple data feeds about IP addresses in a single place. The feeds I selected were specifically intended to be useful to CheckUsers on any project, but would benefit administrators as well.

Outcome

Please report on your original project targets. Please be sure to review and provide metrics required for Rapid Grants.

Target outcome	Achieved outcome	Explanation
Total participants	There were 224 unique users of Bullseye since January 2022	Unfortunately, I did not collect stats on number of users before the grant started, and due to database problems everyone had to recreate their account in January 2022 so I can't use join dates either.
Number of newly registered users	N/A	This project was not geared at recruiting new users.
Number of content pages created or improved, across all Wikimedia projects	N/A	This was not a content creation/improvement project.
User satisfaction	Aside from occasional bug reports or Toolforge problems, feedback for Bullseye has been very positive.	I contacted the checkuser-l mailing list (as CheckUsers are the main audience for the tool) and sent an email through Wikipedia to all non-checkusers who had used the tool more than 100 times in the past year; the email told the recipients that I was contacting them for feedback on Bullseye as part of my grant and that I was interested in all feedback, but especially how useful they found the Spur and Shodan feeds. All responses I received were positive. Selected quotes from the responses: As a SPI clerk, I use Bullseye almost daily and have found it to be the most valuable tool available for investigating suspected proxies and IP-based abuse (enwiki SPI clerk) [I] would highly recommend any CheckUser who has not used it yet to give it a try (enwiki CheckUser) I use it on almost every check I run. The Spur and Shodan data is critically important, as is the WHOIS CIDR information and the geolocation mapping. (enwiki CheckUser) Of all the tools I use, Bullseye is one of the most frequent. (steward) Bullseye is an invaluable tool for centralizing IP address information. The Shodan information being presented alongside WHOIS information allows me to quickly confirm open proxies, even when they'd be difficult to spot based on WHOIS data alone (such as for MikroTik zombies on commercial/residential ISPs). Spur data is also useful to correlate P2P proxy use. The quick highlighting of the likely range size is also incredibly useful when making checks. (steward) I use Bullseye pretty much every time I run a check, and I almost always look at the Spur data when I'm doing so. (enwiki checkuser) Above all, the strength is that it makes no extra effort to verify P2P proxies. It's obvious how much it alleviates my annoyance. (steward) I also received a number of suggestions for features, such as the ability to leave notes for other checkusers; I hope to implement some of them when my job is less crazy.

Usage stats

Remarks: Chart above is by month, starting with December 2021, ending with September 2022. There were issues with how I implemented data collection that caused October and November 2021 to not record properly, these were omitted. Note that one use by any particular user may add to multiple user type categories - for example, if a user were an administrator and CheckUser and looked up an IP, that would be counted under "all," "admin," and "checkuser". I'm not sure why the sysop count is lower than the checkuser count when almost all checkusers should be administrators too.

I also pulled the statistics for number of views per user (that is, number of times a user looked up an IP). They don't make a very interesting histogram, but the numbers are pretty expected - there are a lot of people who tried it once or twice, a solid core of regular users (100+ uses in the past year), and four people who have used it over 1000 times in the past year. The most surprising bit to me was that I was not the top user, and in fact was in third place.

Looking at the user stats, I am quite happy with the mix of users - a lot of English Wikipedia CheckUsers, unsurprisingly (since that's my home project, plus I became a CheckUser about a month after this grant started), but also several stewards, some English Wikipedia non-CheckUser admins, a handful of admins/checkusers from other language wikis, and even a few non-admins. I think this demonstrates quite well that this isn't just a niche project used by a couple of people and that it has been adopted beyond my local community.

Learning

Projects do not always go according to plan. Sharing what you learned can help you and others plan similar projects in the future. Help the movement learn from your experience by answering the following questions:

I really don't have much to report here – the grant process went smoothly (my thanks to the WMF grants folks for a straightforward process!), paying for Shodan and Spur and getting access keys was straightforward, no major problems were encountered. There were certainly occasional bugs with Bullseye, including a rather silly error on my part that ruined the monthly usage statistics for the first couple of months, but that development effort was outside the scope of this grant. The one takeaway I do have, now that I'm looking back at the usage statistics and the number of queries I paid for, is that there's a lot of room to grow Bullseye - the highest monthly usage was around 2,500 uses, which is well below the 50,000 query/month limit from Spur and a drop in the bucket compared to the million queries/month Shodan makes available. I would like to keep those restricted to trusted users to reduce the chance of a malicious user intentionally causing us to use up all of our monthly queries, but I think I can loosen the criteria a bit (right now, I believe they're both restricted to people who are at least one of global sysop, WMF staff, steward, administrator on any project, or checkuser on any project).

Finances

Grant funds spent

Please describe how much grant money you spent for approved expenses, and tell us what you spent it on.

I spent the grant funds exactly as described in the proposal. Restating:

Spur, 50k query pack: $99/month, $1188 for one year. This was purchased as a one-year package.
Shodan, "Freelancer" subscription: $59/month, $708 for one year. This was paid for month-to-month.

Remaining funds

Do you have any remaining grant funds?

I do not.

Anything else

Anything else you want to share about your project?

Like I said above, I'm quite happy with how things turned out and was pleased by the positive feedback I received. I intend to file a follow-up request for additional funding, and would be interested in working with the grants team on whether there is a way to make this a recurring grant to streamline the process so that people can continue to have access to these data feeds.