Page MenuHomePhabricator
Create Task
Maniphest T135323

Use OAuth for https://cluebotng.toolforge.org/
Closed, ResolvedPublic
Actions

Description

Converting the tool to use OAuth would:

  • Eliminate the need for the use of reCaptcha which is an end-user privacy concern if not a Tool Labs Terms of Use/Privacy Policy violation.
    • The privacy concern here is that a WMF hosted web page is automatically including 3rd party assets (in this case an iframe).
  • Eliminate passing password data into the Tool Labs environment which is a general security concern (POSTed password data can not be guaranteed to be secure in the Tool Labs environment).
  • Eliminate local account creation without required end-user notice.

Related Objects
Search...

Event Timeline

bd808 created this task.May 15 2016, 4:22 AM
Restricted Application added subscribers: Zppix, Aklapper. · View Herald TranscriptMay 15 2016, 4:22 AM
bd808 added a parent task: T133919: [EPIC] Protect end-user privacy by restricting non-consensual third-party browser interactions.May 15 2016, 4:23 AM
tom29739 subscribed.May 15 2016, 9:01 AM

The required 'account creation' notice isn't there, and it's using reCaptcha so loading content from other sites without use consent, so all of this is a Tool Labs Terms of Use/Privacy Policy violation.

DamianZaremba claimed this task.May 21 2016, 3:33 PM

https://meta.wikimedia.org/wiki/Steward_requests/Miscellaneous#OAuth_consumer_for_ClueBot_NG

ZhouZ subscribed.Sep 23 2016, 9:31 PM
Aklapper added a comment.Nov 29 2019, 8:39 AM

@DamianZaremba: Hi! Is this task still valid and should still be open? If yes, are you still working (or still plan to work) on this task? (If you do not plan to work on this task anymore, please remove yourself as assignee (via Add Action...Assign / Claim in the dropdown menu) so in theory others could work on it.) Thanks!

Aklapper renamed this task from Use OAuth for http://tools.wmflabs.org/cluebot/ to Use OAuth for https://tools.wmflabs.org/cluebotng/.Mar 6 2020, 11:28 AM
Aklapper removed DamianZaremba as the assignee of this task.
Aklapper added a project: Privacy.
Aklapper removed a subscriber: ZhouZ.

https://tools.wmflabs.org/cluebot/ does not exist anymore. https://tools.wmflabs.org/cluebotng/ does and lacks OAuth, so this issue is still valid.
However, it might be something to report to https://github.com/damianzaremba/cluebotng/issues instead, which I did in https://github.com/DamianZaremba/cluebotng/issues/13 .

Resetting task assignee due to inactivity.

JFishback_WMF added a project: Privacy Engineering.Mar 9 2020, 11:12 PM
JFishback_WMF moved this task from Incoming to Watching on the Privacy Engineering board.
JFishback_WMF moved this task from Intake to Backlog on the Privacy board.
DamianZaremba renamed this task from Use OAuth for https://tools.wmflabs.org/cluebotng/ to Use OAuth for https://cluebotng.toolforge.org/.Jul 24 2021, 5:19 PM
DamianZaremba closed this task as Resolved.
Nintendofan885 subscribed.Jul 24 2021, 5:26 PM

application is https://meta.wikimedia.org/wiki/Special:OAuthListConsumers/view/d6fe7b30457ece6ecf48d3aaaf9b82ff

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits