https://bugzilla.wikimedia.org/show_bug.cgi?id=53008
--- Comment #64 from Jackmcbarn <[email protected]> --- (In reply to Rich Farmbrough from comment #62) > @Alex: I have pointed out a violation of WMF's privacy policy, with possibly > life threatening implications. Somewhat naively I expected that this would > be prioritised as an urgent fix. Expecting me to set up my own test bed to > evaluate my proposed fixes (which are partly other peoples proposals, of > course) is like expecting me to dig up the road when the water company has a > mains leak. Luis already pointed out that it's not a privacy policy violation. Also, please explain how it has life-threatening implications. > Yes I was sort of aware that there should be a $0, and meant to fix that. > It's a wiki, you could have fixed it. :) What? > Of course knowing the block ID still allows you to see the block > information, if you know how to access the block log. However this is > better than being told "The user was Fred Bloggs". > > The later part of the proposal suggests reconfiguring the Block Log > interface so that the Block ID number is only visible to administrative > users who will be using the log to consider removing autoblocks. I still don't see a clear threat model to justify making autoblocks even less transparent. > @Jackmcbarn > > No, I suggested that it is a reasonable compromise for Administrators to > review requests to lift autoblock. > > Technically this is a breach of the Privacy Policy, since Admins aren't > identified to the Foundation in general. Pragmatically the chance of this > being exploited seems small to me, though I may be wrong. If it's technically a breach, then we can't "fix" this by doing this either. > The information relating to the block that is not in the block log currently > has to be found by examining talk pages, contacting blocking admins, looking > at contribs etc. I don't see how these proposals change that for better or > worse. Because it takes it from being "you can see it, but you have to dig for it" to "you can't see it". -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
