https://bugzilla.wikimedia.org/show_bug.cgi?id=53008
--- Comment #62 from Rich Farmbrough rich...@farmbrough.co.uk ---
@Alex: I have pointed out a violation of WMF's privacy policy, with possibly
life threatening implications. Somewhat naively I expected that this would be
prioritised as an
https://bugzilla.wikimedia.org/show_bug.cgi?id=53008
--- Comment #63 from Rich Farmbrough rich...@farmbrough.co.uk ---
@Jackmcbarn
No, I suggested that it is a reasonable compromise for Administrators to review
requests to lift autoblock.
Technically this is a breach of the Privacy Policy,
https://bugzilla.wikimedia.org/show_bug.cgi?id=53008
--- Comment #64 from Jackmcbarn jackmcbarn+w...@gmail.com ---
(In reply to Rich Farmbrough from comment #62)
@Alex: I have pointed out a violation of WMF's privacy policy, with possibly
life threatening implications. Somewhat naively I
https://bugzilla.wikimedia.org/show_bug.cgi?id=53008
--- Comment #55 from Rich Farmbrough rich...@farmbrough.co.uk ---
[W]hen necessary to operate the site - absolutely - and the point is that it
is not necessary in this case. (Some of it can be removed trivially, other
parts require some
https://bugzilla.wikimedia.org/show_bug.cgi?id=53008
--- Comment #56 from Luis Villa (WMF Legal) lvi...@wikimedia.org ---
Rich: thanks for creating the page, appreciate it. I'll ask James Alexander
(who has had this power for a long time, and works closely with me on a variety
of things) to take
https://bugzilla.wikimedia.org/show_bug.cgi?id=53008
--- Comment #57 from Alex Monk kren...@wikimedia.org ---
I'm not sure what you guys are talking about with having powers. This is a
MediaWiki feature, anyone can set up a wiki (or use existing open test wikis)
and try it out.
--
You are
https://bugzilla.wikimedia.org/show_bug.cgi?id=53008
--- Comment #58 from Alex Monk kren...@wikimedia.org ---
It sounds to me like this issue is inherent in the design of the autoblock
system, so I doubt there's any simple solution.
Rich Farmbrough:
* Why have you made a meta.wikimedia.org page
https://bugzilla.wikimedia.org/show_bug.cgi?id=53008
--- Comment #59 from Alex Monk kren...@wikimedia.org ---
(In reply to Alex Monk from comment #58)
obviously your own IP is available to the blocked
users - i.e. the intended blockee and everyone else on the same IP - anyway
obviously the
https://bugzilla.wikimedia.org/show_bug.cgi?id=53008
--- Comment #60 from Jackmcbarn jackmcbarn+w...@gmail.com ---
Rich, I've read your proposal. It seems that what you're basically requesting
is to make it so only CheckUsers (or members of a new group that would
essentially be CheckUser-lite)
https://bugzilla.wikimedia.org/show_bug.cgi?id=53008
--- Comment #61 from Jackmcbarn jackmcbarn+w...@gmail.com ---
Also, keep in mind that it isn't enough to have enough information to perform
the technical action of lifting the autoblock. You also need enough information
to decide whether or not
https://bugzilla.wikimedia.org/show_bug.cgi?id=53008
--- Comment #54 from Luis Villa (WMF Legal) lvi...@wikimedia.org ---
To be clear, the privacy policy allows disclosure of this sort of information
when necessary to operate the site, so this is not a privacy policy violation.
That said, if we
https://bugzilla.wikimedia.org/show_bug.cgi?id=53008
--- Comment #52 from Rich Farmbrough rich...@farmbrough.co.uk ---
1. The text on Autoblocker, according to translatewiki
Autoblocked because your IP address has been recently used by [[User:$1|$1]].
The reason given for $1's block is $2
https://bugzilla.wikimedia.org/show_bug.cgi?id=53008
--- Comment #53 from Jackmcbarn jackmcbarn+w...@gmail.com ---
Hiding $1 and $2 would be totally pointless, since knowing the block ID ($5)
allows you to see those anyway.
--
You are receiving this mail because:
You are the assignee for the
https://bugzilla.wikimedia.org/show_bug.cgi?id=53008
--- Comment #50 from Elvey b...@matthew.elvey.com ---
Again, please flesh that out with a (fictitious) example. _Show us_ what else
is needed, please; I'm asking for more than just the bald claim that you've
made twice now.
I provided blanks
https://bugzilla.wikimedia.org/show_bug.cgi?id=53008
--- Comment #51 from Jackmcbarn jackmcbarn+w...@gmail.com ---
I specifically said they don't need the actual IPs.
--
You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.
https://bugzilla.wikimedia.org/show_bug.cgi?id=53008
Andre Klapper aklap...@wikimedia.org changed:
What|Removed |Added
See Also|
https://bugzilla.wikimedia.org/show_bug.cgi?id=53008
--- Comment #46 from Elvey b...@matthew.elvey.com ---
Jack: If the user needed to be blocked for some reason other than the possibly
significant connection to the blocked user, they would be blocked for that
reason soon enough. The admin would
https://bugzilla.wikimedia.org/show_bug.cgi?id=53008
--- Comment #47 from Jackmcbarn jackmcbarn+w...@gmail.com ---
The admins do have to decide whether or not to grant the user's request to lift
the autoblock, and they need this information in order to decide that.
--
You are receiving this
https://bugzilla.wikimedia.org/show_bug.cgi?id=53008
--- Comment #48 from Elvey b...@matthew.elvey.com ---
Can you flesh that out, with an example (BlockedUser uses IP
10.9.8.7...OtherUser... other user on IP ... admin needs to know the actual IPs
of ... to look at because... )?
--
You are
https://bugzilla.wikimedia.org/show_bug.cgi?id=53008
--- Comment #49 from Jackmcbarn jackmcbarn+w...@gmail.com ---
The IP is the one piece of information he doesn't need. The block ID is needed
for lifting the block to be technically possible, and the rest of it (all tied
to the block ID) is
https://bugzilla.wikimedia.org/show_bug.cgi?id=53008
--- Comment #44 from Nemo federicol...@tiscali.it ---
(In reply to Jackmcbarn from comment #43)
Then what procedure should be followed to unblock a user who is autoblocked?
Autoblock ID is the only really necessary one.
# $wgAutoblockExpiry
https://bugzilla.wikimedia.org/show_bug.cgi?id=53008
--- Comment #45 from Jackmcbarn jackmcbarn+w...@gmail.com ---
I didn't mean how would an admin be able to hit the unblock button. I meant
how would an admin be able to decide whether or not they should be unblocked.
--
You are receiving this
https://bugzilla.wikimedia.org/show_bug.cgi?id=53008
--- Comment #42 from Elvey b...@matthew.elvey.com ---
Jack: Whatever. We need to stop violating the privacy policy. From the
policy:
we consider at least the following to be “personal information” if it is
otherwise nonpublic and can be used
https://bugzilla.wikimedia.org/show_bug.cgi?id=53008
--- Comment #43 from Jackmcbarn jackmcbarn+w...@gmail.com ---
Then what procedure should be followed to unblock a user who is autoblocked?
--
You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for
https://bugzilla.wikimedia.org/show_bug.cgi?id=53008
Elvey b...@matthew.elvey.com changed:
What|Removed |Added
Status|RESOLVED|REOPENED
https://bugzilla.wikimedia.org/show_bug.cgi?id=53008
--- Comment #41 from Jackmcbarn jackmcbarn+w...@gmail.com ---
If that information weren't available, it wouldn't be possible for admins to
decide whether or not to lift the autoblock.
--
You are receiving this mail because:
You are the
https://bugzilla.wikimedia.org/show_bug.cgi?id=53008
Marcin Cieślak marcin.cies...@gmail.com changed:
What|Removed |Added
Status|NEW |RESOLVED
https://bugzilla.wikimedia.org/show_bug.cgi?id=53008
--- Comment #37 from Gerrit Notification Bot gerritad...@wikimedia.org ---
Change 92254 abandoned by saper:
Don't expose blocked IP address in error message
Reason:
From the bug comments:
After reviewing this again I came to conclusion that
https://bugzilla.wikimedia.org/show_bug.cgi?id=53008
--- Comment #38 from Luis Villa (WMF Legal) lvi...@wikimedia.org ---
Marcin: I think I'm missing something - if we're able to fix[1] something
globally by blanking $1, shouldn't we do that instead of requiring each
individual community to fix
https://bugzilla.wikimedia.org/show_bug.cgi?id=53008
--- Comment #39 from Jackmcbarn jackmcbarn+w...@gmail.com ---
$1 is the user's own IP address, which they already know anyway. All we did on
enwiki was remove one of our customizations that told them they needed to post
their IP to get the
https://bugzilla.wikimedia.org/show_bug.cgi?id=53008
Marcin Cieślak marcin.cies...@gmail.com changed:
What|Removed |Added
Status|PATCH_TO_REVIEW |NEW
---
https://bugzilla.wikimedia.org/show_bug.cgi?id=53008
--- Comment #35 from Jackmcbarn jackmcbarn+w...@gmail.com ---
Indeed, that sounds reasonable, though rather than setting parameter 1 to a
blank value, it should be removed and the rest pushed down a number. That isn't
something to worry about
https://bugzilla.wikimedia.org/show_bug.cgi?id=53008
--- Comment #29 from Luis Villa (WMF Legal) lvi...@wikimedia.org ---
I feel like I'm missing something here - is there any reason *not* to fix this,
other than the basic fixing bugs takes time? e.g., is there an impact on
translations?
https://bugzilla.wikimedia.org/show_bug.cgi?id=53008
--- Comment #30 from Jackmcbarn jackmcbarn+w...@gmail.com ---
The block ID is absolutely necessary for them to be able to ask an admin to
lift the block. Given the block ID, the rest of the information (except their
own IP address, which as
https://bugzilla.wikimedia.org/show_bug.cgi?id=53008
--- Comment #31 from Luis Villa (WMF Legal) lvi...@wikimedia.org ---
Ah, I see, thanks for putting all the pieces together for me. I need to chat
with Michelle about this but will try to respond soon.
--
You are receiving this mail because:
https://bugzilla.wikimedia.org/show_bug.cgi?id=53008
--- Comment #32 from Rich Farmbrough rich...@farmbrough.co.uk ---
It would need more than current admin powers to investigate an autoblock.
Ideally it should be a trusted person only (i.e. someone who has
self-identified to the WMF,and is
https://bugzilla.wikimedia.org/show_bug.cgi?id=53008
--- Comment #33 from Jackmcbarn jackmcbarn+w...@gmail.com ---
Rich, with the solution you propose here, it would be completely impossible for
anyone to investigate an autoblock, except people who can query directly
against private fields in the
https://bugzilla.wikimedia.org/show_bug.cgi?id=53008
--- Comment #28 from Jackmcbarn jackmcbarn+w...@gmail.com ---
As Bawolff has said, I don't think we should change this behavior unless WMF
Legal agrees that we need to.
--
You are receiving this mail because:
You are the assignee for the bug.
https://bugzilla.wikimedia.org/show_bug.cgi?id=53008
--- Comment #25 from Rich Farmbrough rich...@farmbrough.co.uk ---
According to Jackmcbarn
[https://en.wikipedia.org/w/index.php?title=MediaWiki_talk:Autoblockedtextaction=editsection=17
here], even if we change the on-wiki messages on en:, it
https://bugzilla.wikimedia.org/show_bug.cgi?id=53008
--- Comment #26 from Rich Farmbrough rich...@farmbrough.co.uk ---
The required code is:
return array(
'',
'',
'',
$context-getRequest()-getIP(),
https://bugzilla.wikimedia.org/show_bug.cgi?id=53008
--- Comment #27 from Rich Farmbrough rich...@farmbrough.co.uk ---
(Possibly $0 is required)
--
You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.
https://bugzilla.wikimedia.org/show_bug.cgi?id=53008
--- Comment #24 from Marcin Cieślak marcin.cies...@gmail.com ---
I think that policy question here is who is responsible for maintaining privacy
policy:
(1) To what level should software prevent disclosure of IP addresses of
contributors? (I
https://bugzilla.wikimedia.org/show_bug.cgi?id=53008
--- Comment #21 from Marcin Cieślak marcin.cies...@gmail.com ---
Additionally, in case of [[MediaWiki:autoblocktext]] $7 reveals the IP address
as the intended blockee even in case of autoblock. I think this is another
bug.
Another logged-in
https://bugzilla.wikimedia.org/show_bug.cgi?id=53008
Gerrit Notification Bot gerritad...@wikimedia.org changed:
What|Removed |Added
Status|NEW
https://bugzilla.wikimedia.org/show_bug.cgi?id=53008
--- Comment #22 from Gerrit Notification Bot gerritad...@wikimedia.org ---
Change 92254 had a related patch set uploaded by saper:
Don't expose blocked IP address in error message
https://gerrit.wikimedia.org/r/92254
--
You are receiving
https://bugzilla.wikimedia.org/show_bug.cgi?id=53008
Marcin Cieślak marcin.cies...@gmail.com changed:
What|Removed |Added
See Also|
https://bugzilla.wikimedia.org/show_bug.cgi?id=53008
Marcin Cieślak marcin.cies...@gmail.com changed:
What|Removed |Added
CC|
https://bugzilla.wikimedia.org/show_bug.cgi?id=53008
Marcin Cieślak marcin.cies...@gmail.com changed:
What|Removed |Added
See Also|
https://bugzilla.wikimedia.org/show_bug.cgi?id=53008
Stefan2 stefan2bugzi...@hotmail.co.jp changed:
What|Removed |Added
CC|
https://bugzilla.wikimedia.org/show_bug.cgi?id=53008
db duplicate...@googlemail.com changed:
What|Removed |Added
CC|
https://bugzilla.wikimedia.org/show_bug.cgi?id=53008
--- Comment #15 from db duplicate...@googlemail.com ---
enwiki has customized the message and does not use $7 and $8, that a local
decision.
the local page on translatewiki is no longer requiered but
https://bugzilla.wikimedia.org/show_bug.cgi?id=53008
--- Comment #16 from Luis Villa lvi...@wikimedia.org ---
(In reply to comment #15)
enwiki has customized the message and does not use $7 and $8, that a local
decision.
Ah, thanks.
the local page on translatewiki is no longer requiered but
https://bugzilla.wikimedia.org/show_bug.cgi?id=53008
--- Comment #17 from Nemo federicol...@tiscali.it ---
(In reply to comment #14)
Possibly dumb question: why doesn't
https://en.wikipedia.org/wiki/MediaWiki:Autoblockedtext show $7 and $8?
Probably just because it has not been substantially
https://bugzilla.wikimedia.org/show_bug.cgi?id=53008
--- Comment #8 from Rich Farmbrough rich...@farmbrough.co.uk ---
(In reply to comment #7)
If it was against the privacy policy, we would want to make it so that its
not
an option for people to do (privacy policy should be enforced in
https://bugzilla.wikimedia.org/show_bug.cgi?id=53008
Nemo federicol...@tiscali.it changed:
What|Removed |Added
CC||lvi...@wikimedia.org
https://bugzilla.wikimedia.org/show_bug.cgi?id=53008
--- Comment #11 from Luis Villa lvi...@wikimedia.org ---
Can someone give me an example of the supposed leakage? I'm looking, for
example, at https://en.wikipedia.org/wiki/MediaWiki:Autoblockedtext , but it
doesn't seem to say who was blocked-
https://bugzilla.wikimedia.org/show_bug.cgi?id=53008
--- Comment #12 from Nemo federicol...@tiscali.it ---
(In reply to comment #11)
Can someone give me an example of the supposed leakage? I'm looking, for
example, at https://en.wikipedia.org/wiki/MediaWiki:Autoblockedtext , but it
doesn't
https://bugzilla.wikimedia.org/show_bug.cgi?id=53008
Andre Klapper aklap...@wikimedia.org changed:
What|Removed |Added
CC|
https://bugzilla.wikimedia.org/show_bug.cgi?id=53008
--- Comment #2 from Rich Farmbrough rich...@farmbrough.co.uk ---
I'm not sure why MZMcBride is against privacy for our editors but should anyone
need a direct quote to see that this is a Bad Thing:
Except as described above, Wikimedia policy
https://bugzilla.wikimedia.org/show_bug.cgi?id=53008
Andre Klapper aklap...@wikimedia.org changed:
What|Removed |Added
Severity|normal |major
---
https://bugzilla.wikimedia.org/show_bug.cgi?id=53008
Nemo federicol...@tiscali.it changed:
What|Removed |Added
CC||federicol...@tiscali.it
https://bugzilla.wikimedia.org/show_bug.cgi?id=53008
Andre Klapper aklap...@wikimedia.org changed:
What|Removed |Added
URL|
https://bugzilla.wikimedia.org/show_bug.cgi?id=53008
Rich Farmbrough rich...@farmbrough.co.uk changed:
What|Removed |Added
Severity|major |normal
---
https://bugzilla.wikimedia.org/show_bug.cgi?id=53008
--- Comment #6 from Rich Farmbrough rich...@farmbrough.co.uk ---
(In reply to comment #3)
(In reply to comment #2)
I'm not sure why MZMcBride is against privacy for our editors
No need to put words into other's mouths which were never
https://bugzilla.wikimedia.org/show_bug.cgi?id=53008
Bawolff (Brian Wolff) bawolff...@gmail.com changed:
What|Removed |Added
CC|
65 matches
Mail list logo