https://bugzilla.wikimedia.org/show_bug.cgi?id=19161
John Mark Vandenberg <jay...@gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |REOPENED
Resolution|FIXED |
--- Comment #43 from John Mark Vandenberg <jay...@gmail.com> 2011-04-01
11:36:04 UTC ---
This hasn't solved the problem described. It has been hidden, poorly.
I have randomly picked a new autocreated user, Nane2011, to demonstrate.
Whereas before the privacy vuln required looking at the user creation log,
which is now blank
https://secure.wikimedia.org/wikipedia/en/w/index.php?title=Special:Log&type=newusers&user=Nane2011
Now, the exact same information is visible here:
https://secure.wikimedia.org/wikipedia/en/w/index.php?title=Special%3AListUsers&username=Nane2011&group=&limit=1
The information is also available at:
http://toolserver.org/~vvv/sulutil.php?user=Nane2011
And it is distributed to the toolserver.
Moreover, hiding the new user creation entry is _not_ the solution. That just
hides it, and then the wiki database contains information which it needs to
keep hidden in order to protect the privacy of its users. Any number of
oversights/screw ups with data management can result in accidental release of
this information. Avoid creating data that you want to remain hidden.
And if you are going to continue with this 'hiding' approach, please revert the
current 'fix' until it has been properly built and implemented, otherwise users
have the false expectation that this information is hidden.
--
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are on the CC list for the bug.
_______________________________________________
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
