Hi Pine, On 8 March 2016 at 09:11, Pine W <[email protected]> wrote:
> Does "username/password combination for accounts created in Labs > services" refer to service-specific Labs passwords rather than Wikimedia > login credentials? > Yes. It refers to e.g. the username/password combination you use on https://phab-01.wmflabs.org/ or http://en.wikipedia.beta.wmflabs.org. Wikimetrics uses OAuth, so it will not get to know your credentials. > I'm deeply uncomfortable with the idea that someone who logs into a Labs > account could have their IP made public, and it also seems to me that any > Labs tool owners who capture the IPs of tool users should be required to > pass a similar level of scrutiny as is applied to Checkusers. Is this > something that I should bring up with James Alexander and/or Michelle > Paulson? > > someone who logs into a Labs account could have their IP made public Wikitech itself falls within the WMF Privacy Policy, so creating a Labs account (and logging in to Wikitech) will not share your IP with any projects. Using web tools hosted on Labs could, however, and realistically there not much we can do about it. For example, in the case of Tool Labs, we do not pass the IP address of the user to the tool, but a malicious tool could load an external resource and track users using that external resource. This means we would need to require checkuser-level scrutiny for *every* labs user, which would just mean people will host their tools off labs. The requirement to show a warning when private information is logged (cf. https://wikitech.wikimedia.org/wiki/Wikitech:Labs_Terms_of_use#What_information_should_I_provide_to_users.3F ) is a compromise. In practice, Labs projects should be considered the same as any external resource: they might store private information. We just require labs project to be clear about this in advance. Merlijn
_______________________________________________ Labs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/labs-l
