Projects Privacy

PrivacyTag
ActivePublic
Watch Project

Members (7)

Watchers (6)

Details

Description

Issues relating to reader and editor privacy.

Please note the difference to the Security and HTTPS projects (see their descriptions).

Also see T92889 for more information.

Recent Activity
View All

Sat, Jul 6

Bugreporter merged task T195888: Create "vanish" option in Special:GlobalRenameRequest into T366439: [EPIC] Automate account Vanishing.
Sat, Jul 6, 2:28 AM · Patch-Needs-Improvement, Privacy Engineering, User-Urbanecm, Trust-and-Safety, Privacy, User-revi, GlobalRename, MediaWiki-extensions-CentralAuth

Mon, Jul 1

sbassett changed the status of Restricted Task, a subtask of T172065: Hunt for Toolforge tools that load resources from third party sites, from Open to In Progress.
Mon, Jul 1, 4:25 PM · Privacy Engineering, Toolforge-standards-committee, Tools, Privacy

Sat, Jun 29

JJMC89 added a subtask for T172065: Hunt for Toolforge tools that load resources from third party sites: Restricted Task.
Sat, Jun 29, 6:45 PM · Privacy Engineering, Toolforge-standards-committee, Tools, Privacy
Aklapper added a subtask for T172065: Hunt for Toolforge tools that load resources from third party sites: T368833: Luthor loads JavaScript and CSS from third-party domain jsdelivr.net.
Sat, Jun 29, 6:43 PM · Privacy Engineering, Toolforge-standards-committee, Tools, Privacy

Mon, Jun 24

simon04 added a comment to T218057: Determine workflow to selectively purge potentially privacy-sensitive EXIF fields, such as geocoordinates, from a Wikimedia Commons file.

Some preliminary notes regarding an implementation:

  • includes/media/JpegHandler.php swapICCProfile already implements invoking exiftool
  • exiftool supports removing all GPS tags via -gps:all= -- https://www.exiftool.org/geotag.html
  • to be figured out: how to invoke JpegHandler from UploadBase (there's also TransformationalImageHandler.doTransform, but it seems to be related to thumbnail generation)
Mon, Jun 24, 7:43 PM · Privacy Engineering, Multimedia, Privacy, Commons, UploadWizard, MediaWiki-File-management

Jun 10 2024

TheDJ closed T366412: fr.wikivoyage.org's MediaWiki:Common.js tries to iframe 404 external http://maps.wikivoyage-ev.org/w/artmap.php as Resolved.

the external code loading was removed

Jun 10 2024, 9:49 PM · Privacy, Local-Wiki-Template-And-Gadget-Issues

Jun 3 2024

Jdlrobson added a comment to T366412: fr.wikivoyage.org's MediaWiki:Common.js tries to iframe 404 external http://maps.wikivoyage-ev.org/w/artmap.php.

Instead of waiting, I've gone ahead and removed this, as this seemed like a big security risk (someone could buy the domain http://maps.wikivoyage-ev.org)
https://fr.wikivoyage.org/w/index.php?title=MediaWiki%3ACommon.js&diff=566274&oldid=497402

Jun 3 2024, 10:38 PM · Privacy, Local-Wiki-Template-And-Gadget-Issues
JJMC89 removed a subtask for T366412: fr.wikivoyage.org's MediaWiki:Common.js tries to iframe 404 external http://maps.wikivoyage-ev.org/w/artmap.php: T366433: CentralAuth tests broken unless you run them inside Quibble.
Jun 3 2024, 1:45 AM · Privacy, Local-Wiki-Template-And-Gadget-Issues
OKJ04 added a subtask for T366412: fr.wikivoyage.org's MediaWiki:Common.js tries to iframe 404 external http://maps.wikivoyage-ev.org/w/artmap.php: T366433: CentralAuth tests broken unless you run them inside Quibble.
Jun 3 2024, 1:40 AM · Privacy, Local-Wiki-Template-And-Gadget-Issues

Jun 2 2024

TheDJ updated subscribers of T366412: fr.wikivoyage.org's MediaWiki:Common.js tries to iframe 404 external http://maps.wikivoyage-ev.org/w/artmap.php.

I see that user isn't very active any longer. @VIGNERON sometimes ventures to fr.wikivoyage and they have some experience. Maybe they can help find people who can assist cleaning up all the years of neglect in the scripts and styling there.

Jun 2 2024, 8:52 PM · Privacy, Local-Wiki-Template-And-Gadget-Issues
Aklapper created T366412: fr.wikivoyage.org's MediaWiki:Common.js tries to iframe 404 external http://maps.wikivoyage-ev.org/w/artmap.php.
Jun 2 2024, 1:46 AM · Privacy, Local-Wiki-Template-And-Gadget-Issues

May 31 2024

JWheeler-WMF moved T341294: Write privacy policies for Community Tech projects hosted by WMCS from On deck (June 25-July 5) to Maintenance Backlog on the Community-Tech board.
May 31 2024, 7:02 PM · Privacy, Community-Tech

May 14 2024

TAdeleye_WMF moved T294522: Reshape warning on Special:EmailUser about email address exposure from PM to Needs Triage on the Trust and Safety Product Team board.
May 14 2024, 4:34 PM · Trust and Safety Product Team, patch-welcome, MediaWiki-Email, Privacy

May 8 2024

Tgr updated the task description for T174388: LoginNotify should inform users of the IP address of failed login attempts to their account.
May 8 2024, 11:02 AM · Growth-Team-Filtering, Patch-Needs-Improvement, Privacy Engineering, Growth-Team, Notifications, User-Huji, Community-Tech, Privacy, WMF-Legal, MediaWiki-extensions-LoginNotify
Tgr updated the task description for T174388: LoginNotify should inform users of the IP address of failed login attempts to their account.
May 8 2024, 10:54 AM · Growth-Team-Filtering, Patch-Needs-Improvement, Privacy Engineering, Growth-Team, Notifications, User-Huji, Community-Tech, Privacy, WMF-Legal, MediaWiki-extensions-LoginNotify
Aklapper added a project to T350931: Gitlab attempts to reach gitlab CDN when using the Web IDE: Upstream.
May 8 2024, 9:43 AM · Upstream, GitLab (Upstream pit of despair 🕳️), Privacy
Aklapper moved T350931: Gitlab attempts to reach gitlab CDN when using the Web IDE from Backlog to Reported Upstream on the Upstream board.
May 8 2024, 9:43 AM · Upstream, GitLab (Upstream pit of despair 🕳️), Privacy

May 2 2024

Eugene233 moved T324103: ISA tool uses third party cdn from Backlog to Review on the Wiki-Mentor-Africa board.
May 2 2024, 7:19 PM · Wiki-Mentor-Africa, Privacy, Patch-For-Review, ISA

Apr 29 2024

sbassett added a comment to T290493: Cross Origin Resource Sharing Misconfiguration | Lead to sensitive information. in "diff.wikimedia.org".

I can also confirm that https://diff.wikimedia.org/wp-json/ and a few of the other, specific api endpoints under that url now seem disabled.

Apr 29 2024, 5:51 PM · Privacy Engineering, Privacy, Diff-blog, SecTeam-Processed, Security
sguebo_WMF added a comment to T290493: Cross Origin Resource Sharing Misconfiguration | Lead to sensitive information. in "diff.wikimedia.org".
In T290493#9754259, @CKoerner_WMF wrote:

We've restricted access to the WP API on Diff with a recent update. Can someone please confirm if this issue is resolved according to the description?

Apr 29 2024, 5:27 PM · Privacy Engineering, Privacy, Diff-blog, SecTeam-Processed, Security
CKoerner_WMF moved T290493: Cross Origin Resource Sharing Misconfiguration | Lead to sensitive information. in "diff.wikimedia.org" from Backlog to In Progress on the Diff-blog board.
Apr 29 2024, 4:47 PM · Privacy Engineering, Privacy, Diff-blog, SecTeam-Processed, Security
CKoerner_WMF added a comment to T290493: Cross Origin Resource Sharing Misconfiguration | Lead to sensitive information. in "diff.wikimedia.org".

We've restricted access to the WP API on Diff with a recent update. Can someone please confirm if this issue is resolved according to the description?

Apr 29 2024, 4:46 PM · Privacy Engineering, Privacy, Diff-blog, SecTeam-Processed, Security

Apr 21 2024

TheDJ merged T363072: Notifications: View IP address by failed login attempts into T174388: LoginNotify should inform users of the IP address of failed login attempts to their account.
Apr 21 2024, 7:43 PM · Growth-Team-Filtering, Patch-Needs-Improvement, Privacy Engineering, Growth-Team, Notifications, User-Huji, Community-Tech, Privacy, WMF-Legal, MediaWiki-extensions-LoginNotify

Apr 18 2024

brennen moved T350931: Gitlab attempts to reach gitlab CDN when using the Web IDE from Inbox to Upstream pit of despair 🕳️ on the GitLab board.
Apr 18 2024, 6:25 PM · Upstream, GitLab (Upstream pit of despair 🕳️), Privacy

Apr 14 2024

Tgr added a comment to T353589: Opt out of Chrome topic calculation on Wikimedia sites & Cloud Services.

This results in a slightly annoying (although probably harmless) Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'browsing-topics'. console error, at least when using the Beta channel release of Chrome.
Not sure what's happening - there doesn't seem to be any ongoing origin trial for topics, it shows up (and is enabled) in my settings. But the chrome://flags/#privacy-sandbox-ads-apis feature flag seems to be disabled by default.

Apr 14 2024, 6:15 PM · Patch-For-Review, User-Frostly, SRE, Traffic, Privacy Engineering, Privacy

Apr 11 2024

SLyngshede-WMF closed T350126: IDM signup page doesn't link to any privacy policy documentation as Resolved.
Apr 11 2024, 10:42 AM · Privacy, Infrastructure-Foundations, Bitu

Apr 10 2024

JWheeler-WMF moved T341294: Write privacy policies for Community Tech projects hosted by WMCS from Up Next (June 3-21) to On deck (June 25-July 5) on the Community-Tech board.
Apr 10 2024, 4:21 PM · Privacy, Community-Tech

Apr 8 2024

JWheeler-WMF moved T341294: Write privacy policies for Community Tech projects hosted by WMCS from On deck (June 25-July 5) to Up Next (June 3-21) on the Community-Tech board.
Apr 8 2024, 3:23 PM · Privacy, Community-Tech

Mar 26 2024

JWheeler-WMF triaged T341294: Write privacy policies for Community Tech projects hosted by WMCS as High priority.
Mar 26 2024, 9:57 PM · Privacy, Community-Tech
SLyngshede-WMF moved T350126: IDM signup page doesn't link to any privacy policy documentation from Backlog to Pending Release on the Bitu board.
Mar 26 2024, 11:26 AM · Privacy, Infrastructure-Foundations, Bitu

Feb 27 2024

Bawolff added a comment to T22326: Option to strip some metadata on upload (GPS/geolocation privacy).

The easiest thing to do here would be to make sure the end user knows that they should strip location data before uploading. Apparently we already do this in UploadWizard but not other upload workflows. This is very much a case of patch-welcome if somebody wants to do that. It could be a warning box or note on the uploading workflow (perhaps during the upload itself "This contains location data are you sure you want to upload it?" for example.

Feb 27 2024, 3:17 PM · UploadWizard, Privacy, Multimedia, MediaWiki-Uploading

Feb 26 2024

Jdlrobson added a comment to T22326: Option to strip some metadata on upload (GPS/geolocation privacy).

There was some discussion about this in the Wikipedia weekly Facebook channel. I'm summarizing the conversation here so it's not lost so please don't shoot the messenger :-). I've anonymized all this feedback - but if you want me to credit you for any of this please drop me a note in Facebook:

Feb 26 2024, 9:31 PM · UploadWizard, Privacy, Multimedia, MediaWiki-Uploading
WMDE-Fisch closed T194088: Wikivoyage should provide non external Nearby articles as Invalid.

Yes , the special WikiVoyage nearby feature got deprecated and the code removed T332785: Remove custom old nearby functionality for Wikivoyage from Kartographer. So this ticket should be invalid now.

Feb 26 2024, 1:17 PM · Maps (Kartographer), Tools, Privacy
WMDE-Fisch closed T244691: WikiVoyage nearby articles map layer loads a JS file from toolforge as Invalid.

The special WikiVoyage nearby feature got deprecated and the code removed T332785: Remove custom old nearby functionality for Wikivoyage from Kartographer. So this ticket should be invalid now.

Feb 26 2024, 1:16 PM · SecTeam-Processed, Maps (Kartographer), Security, Privacy Engineering, Privacy
WMDE-Fisch closed T244691: WikiVoyage nearby articles map layer loads a JS file from toolforge, a subtask of T194088: Wikivoyage should provide non external Nearby articles, as Invalid.
Feb 26 2024, 1:15 PM · Maps (Kartographer), Tools, Privacy

Feb 16 2024

kostajh added a subtask for T250227: Investigate and evaluate hCaptcha to replace Wikimedia's Fancy Captcha: T356599: DiscussionTools is incompatible with hCaptcha (and likely ReCaptcha).
Feb 16 2024, 12:51 PM · Software-Licensing, Tech-Product API Roadmap, Product Infrastructure Roadmap, Privacy, ConfirmEdit (CAPTCHA extension), Security-Team

Feb 15 2024

Mstyles removed a member for Privacy: JFishback_WMF.
Feb 15 2024, 6:07 PM
Bugreporter added a comment to T335508: Connect temporary and permanent account during signup.

Another point to debate is if the relation of temporary and permanent account is not public, should it be available infinitely? Temporary account itself does not contain PII as long as IPs are removed after 90 days, but there are some edge cases: temporary user session may be somehow preserved after creation of permanent account, either due to (1) having a temporary session in one wiki and regular one on another due to failure of central login, or (2) replicaton of session (e.g. by some backup/sync feature of browser), so IPs would be available until 90 days of last temporary account action, which may be more than 90 days after regular account creation if we do not invalidate the temporary account after creation of a permanent one.

Feb 15 2024, 1:37 AM · Trust and Safety Product Team, Privacy, CheckUser, MediaWiki-User-login-and-signup, Temporary accounts

Feb 14 2024

Bugreporter added a comment to T335508: Connect temporary and permanent account during signup.

Note: currently temporary and permanent account are connected publicly. cf T357498: Temp account creations do not appear in Special:Log

Feb 14 2024, 10:05 AM · Trust and Safety Product Team, Privacy, CheckUser, MediaWiki-User-login-and-signup, Temporary accounts

Feb 7 2024

SLyngshede-WMF changed the status of T350126: IDM signup page doesn't link to any privacy policy documentation from Open to In Progress.
Feb 7 2024, 10:50 AM · Privacy, Infrastructure-Foundations, Bitu
SLyngshede-WMF added a comment to T350126: IDM signup page doesn't link to any privacy policy documentation.

The privacy policy is being added with the patch for https://phabricator.wikimedia.org/T351137

Feb 7 2024, 10:50 AM · Privacy, Infrastructure-Foundations, Bitu

Jan 31 2024

sbassett closed T281750: codecov bash uploader vulnerability and wikimedia exposure as Resolved.
Jan 31 2024, 5:43 PM · SecTeam-wikimedia-project-event, Vuln-VulnComponent, Vuln-Infoleak, Privacy, Security, Security-Team

Jan 30 2024

sbassett claimed T281750: codecov bash uploader vulnerability and wikimedia exposure.
Jan 30 2024, 11:42 PM · SecTeam-wikimedia-project-event, Vuln-VulnComponent, Vuln-Infoleak, Privacy, Security, Security-Team
sbassett added a comment to T281750: codecov bash uploader vulnerability and wikimedia exposure.

Just to close the loop on this 2+ year old incident and hopefully resolve it reasonably well enough:

  1. It looks like the earliest we started doing anything at gitlab.wikimedia.org was June of 2021 or so? And most of that work was experimentation/testing, so that environment isn't implicated at all, given the date of the codecov incident. And there isn't any obvious usage of codecov based upon trivial searches.
  2. As noted above, gerrit/jenkins should not be implicated at all given their configuration, and even with the trivial search mentioned within the task description, there's no immediate evidence that codecov's bash uploader was even used within a canonical gerrit repository.
  3. As for github:
    1. There are at least a few repos which currently make use of codecov's bash uploader, but save pywikibot (which was ruled not vulnerable in T281750#7054720 - and the newer codecov bash upload integration appears to be from 2023) these all appear to be more external repos that are not used directly within Wikimedia production.
    2. Some Travis CI deployment stages were disabled by @Ladsgroup in T281750#7055735 and remain disabled. I don't believe these repos were ever vulnerable to this specific codecov issue, even though those repos use codecov, but I suppose this was done out of an abundance of caution in case any relevant environment variable might have been leaked.
    3. Performing various searches (codecov.io/bash, Codecov-bash, Codecov-action, Codecov-circleci-orb, Codecov-bitrise-step) for potentially relevant, vulnerable code under github.com/wikimedia currently yields no true positive results.
    4. As an extra effort, I wrote a script to also find canonical github.com/wikimedia repos, clone them and search git log for the aforementioned, potentially problematic codecov strings. This produced:
      1. https://github.com/wikimedia/edx-platform (0f29b144dd)
      2. https://github.com/wikimedia/docker-library-images (22c68d5eca)
      3. https://github.com/wikimedia/apps-android-commons (707c52c768)
Jan 30 2024, 11:39 PM · SecTeam-wikimedia-project-event, Vuln-VulnComponent, Vuln-Infoleak, Privacy, Security, Security-Team

Jan 29 2024

Wikihydro added a comment to T22326: Option to strip some metadata on upload (GPS/geolocation privacy).

+1, we need a solution for this. It's been 10 years, and in my opinion, it should not be considered a low priority. Privacy is paramount, and asking to manually remove GPS metadata is counterproductive

Jan 29 2024, 8:24 PM · UploadWizard, Privacy, Multimedia, MediaWiki-Uploading
SLyngshede-WMF added a comment to T350126: IDM signup page doesn't link to any privacy policy documentation.

Privacy policy to link to https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Non-wiki_privacy_policy

Jan 29 2024, 3:50 PM · Privacy, Infrastructure-Foundations, Bitu
joanna_borun triaged T350126: IDM signup page doesn't link to any privacy policy documentation as Medium priority.
Jan 29 2024, 3:47 PM · Privacy, Infrastructure-Foundations, Bitu

Jan 18 2024

Anthere added a project to T324103: ISA tool uses third party cdn: Wiki-Mentor-Africa.
Jan 18 2024, 7:29 PM · Wiki-Mentor-Africa, Privacy, Patch-For-Review, ISA
Ammarpad removed a project from T265726: Assign oathauth-verify-user to bureaucrats on WMF wikis: Patch-For-Review.
Jan 18 2024, 9:09 AM · WMF-Legal, Wikimedia-Site-requests, Privacy
gerritbot added a comment to T265726: Assign oathauth-verify-user to bureaucrats on WMF wikis.

Change 835252 abandoned by Samtar:

[operations/mediawiki-config@master] InitialiseSettings.php: Add oathauth-verify-user to default bureaucrat

Reason:

https://gerrit.wikimedia.org/r/835252

Jan 18 2024, 5:53 AM · WMF-Legal, Wikimedia-Site-requests, Privacy
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits