[Bug 53008] New: Violation of WMF Privacy policy, and good practice, by associating IP address and user-name to non privileged users

Sun, 18 Aug 2013 14:13:04 -0700 

https://bugzilla.wikimedia.org/show_bug.cgi?id=53008

       Web browser: ---
            Bug ID: 53008
           Summary: Violation of WMF Privacy policy, and good practice, by
                    associating IP address and user-name  to non
                    privileged users
           Product: MediaWiki
           Version: unspecified
          Hardware: All
                OS: All
            Status: NEW
          Severity: normal
          Priority: Unprioritized
         Component: User blocking
          Assignee: [email protected]
          Reporter: [email protected]
    Classification: Unclassified
   Mobile Platform: ---

Certain MediaWiki: pages will reveal that a (blocked) user has been using that
IP address, to any third party using the same IP. 

In particular:

* MediaWiki:Autoblocker
* MediaWiki:Cantcreateaccount-text

As far as WMF projects are concerned the information relating a user to an IP
should only be available to designated WMF staff and checkusers. 

Worse the current text of

* MediaWiki:Autoblockedtext 

encourages the third party to publish the IP and  account name on the Internet,
unsing the {{unblock-auto}} template, which will remain publicly available in
history, and archives, effectively for perpetuity.

Therefore the following steps should be taken:

0. A list of affected MediaWiki: pages should be created.
1. On all WMF projects the pages should be re-written with a more neutral
message, excluding any identifying information.
2. The mechanism that passes the identifying information to the pages should be
removed.
3. Each project, with support where necessary, should perform an
audit/oversight on uses (including uses in history) of the following templates
(or their equivalents)

* Template:Unblock-auto 
* Template:Unblock-auto reviewed
* Template:Unblock-auto on hold

You can see where this has been done correctly, though possibly the private
data is still visible to administrators, by viewing the history of wp:en:User
talk:Leodj1992.

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.
_______________________________________________
Wikibugs-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

Reply via email to