Page MenuHomePhabricator

Use OAuth for http://tools.wmflabs.org/cluebot/
Open, Needs TriagePublic

Description

Converting the tool to use OAuth would:

  • Eliminate the need for the use of reCaptcha which is an end-user privacy concern if not a Tool Labs Terms of Use/Privacy Policy violation.
    • The privacy concern here is that a WMF hosted web page is automatically including 3rd party assets (in this case an iframe).
  • Eliminate passing password data into the Tool Labs environment which is a general security concern (POSTed password data can not be guaranteed to be secure in the Tool Labs environment).
  • Eliminate local account creation without required end-user notice.

Event Timeline

bd808 created this task.May 15 2016, 4:22 AM
Restricted Application added subscribers: Zppix, Aklapper. · View Herald TranscriptMay 15 2016, 4:22 AM

The required 'account creation' notice isn't there, and it's using reCaptcha so loading content from other sites without use consent, so all of this is a Tool Labs Terms of Use/Privacy Policy violation.

@DamianZaremba: Hi! Is this task still valid and should still be open? If yes, are you still working (or still plan to work) on this task? (If you do not plan to work on this task anymore, please remove yourself as assignee (via Add Action...Assign / Claim in the dropdown menu) so in theory others could work on it.) Thanks!