--- Comment #19 from Liangent <> ---
(In reply to Luis Villa (WMF Legal) from comment #18)
> (In reply to Krinkle from comment #17)
> > So if I understand correctly, the whitelist of properties you approved in
> > comment 12 are in fact allowed for identifiable queries (e.g. with
> > user_id/user name attached to it), as opposed to the anonymized view.
> Yes, that is correct, for those categories. 
> As far as implementation, we'll want to review new fields as they are added,
> which is why I prefer a whitelist approach (review what is released; hard to
> accidentally release data accidentally) to a blacklist approach (review what
> is not released; easy to release data accidentally by not adding it to the
> blacklist).
> > And when you say "OK in principle" for the anonymized view, that means all
> > properties?
> Yes, based on my understanding that they are already available on toolserver
> in user_properties_anonym and/or via the API. If they aren't already public
> (via API or toolserver) we should probably review one-by-one, and/or do a
> more careful scrutiny of the anonymization procedures. Maybe that deserves a
> separate bug?

anonym on Toolserver is also whitelist based. I don't have access to the
original list ts_global.user_properties_anonym_whilelist, but it's possible to
sniff it with select distinct up_property from user_properties_anonym; (a slow

You are receiving this mail because:
You are on the CC list for the bug.
Wikibugs-l mailing list

Reply via email to