Users with edit_posts capability can see everyone's comments, IPs, and email addresses

edit_posts is used to control comment editing, specifically, but viewing, generally. If you have the edit_posts capability, you'll be able to view all comments, but only be able to edit the ones on your posts.

Contributors won't be able to view any comments or edit any. The only default role affected here is "Author."

What you're advocating is a change in functionality, so I'm going to update the ticket to reflect that.

Attachment hides IP address and e-mail address from authors who can't edit those comments.

(In [7322]) Only show IP and email address for comments a user can edit. Fixes #4353.

I know this is set to "fixed", but this really needs another good looking at. No matter what I do, even using a Role Manager type plugin, I can't hide ANY comments and their informations from Authors, Editors, and Contributors.

IMHO; Authors, Editors, and Contributors shouldn't NOT be able to view ANY comment information(s) at all, unless it's comments of their own, on their own posts. I used the analogy in the wp-hackers or wp-testers list before; That's like Bank employees leaving bank member's important informations out over night, and even though it's supposedly kept secret and hidden from anyone else, it's not. The night clean crew comes in after hours, and their informations could be right there in plain view to the clean crew.

It's not supposed to be viewed/seen by just anyone, and everyone. What if you have an Author, Contributor or whatever that turns stalker/ whacko on you (site admin), and goes through all the comments, digging for people's email addresses, IP addresses and what-not? I had that happen to me already. I had some chick as an Author, and she was using my own plugins against me. Stalking me.

I had to get rid of the Useronline & LastFm? plugin before. It's not wonderful to find draft posts titled: Just you, me, and 2 bots. And for the content, was making references to knowing that I was really online, but I must be hiding from her on messengers. If she can see certain things, because of her "Higher Status" in a blog, then use that "status" for evil.

I can just picture HER or ANYONE, going through other comments NOT NEEDED for their eyes, contacting them via their email addresses for either email or instant messengers, or, even going to their websites try to start drama that way too. Bottom line is, I just don't think all that extra information should be viewed by Authors, Contributors, and Editors just "because" they have the "status".

Don't get me wrong though, I DO believe and think "they" should be able to view that stuff, if it's on their OWN posts. But, just not ALL of the comments, that aren't even on their posts. You know? The site admin should have that access, just not everyone that has a write post status. Maybe I'm alone here... ?

Too bad there wasn't some way to add the functionality and control of this [=http://www.laboratoriocaffeina.it/development/2007/07/20/restrict-authors-access-to-edit-comments-the-plugin.html/ plugin], into the core. [=http://wordpress.org/support/topic/137505/ Support thread] referenced.

Personal story aside, I'd agree about the wrong-ness of a contributor or author being able to see any comments that aren't related to anything other than their own entries. Once you get into editor-level then everything is fair game, but at levels below that there should be restrictions.

If nothing else, it makes the "view comments" screen a bit broken - if I log in as a contributor to my test blog just now, and "manage comments", I can see -

Four buttons at the top of the screen "Approve" "Mark as spam" "unapprove" "delete" that shouldn't appear at all (because I can never use them).

5 Approved comments on entries that are nothing to do with the user. 5 Unapproved comments on entries that are nothing to do with the user.

As a contributor it's highly debatable whether I should have access to the manage comments screen at all, because it's a functionally useless screen. As an author, visibilty should surely be restricted to comments on posts "authored by me".

Postponing to 2.8.