Page MenuHomePhabricator

Use OAuth for
Open, Needs TriagePublic


Converting the tool to use OAuth would:

  • Eliminate the need for the use of reCaptcha which is an end-user privacy concern if not a Tool Labs Terms of Use/Privacy Policy violation.
    • The privacy concern here is that a WMF hosted web page is automatically including 3rd party assets (in this case an iframe).
  • Eliminate passing password data into the Tool Labs environment which is a general security concern (POSTed password data can not be guaranteed to be secure in the Tool Labs environment).
  • Eliminate local account creation without required end-user notice.

Event Timeline

The required 'account creation' notice isn't there, and it's using reCaptcha so loading content from other sites without use consent, so all of this is a Tool Labs Terms of Use/Privacy Policy violation.

@DamianZaremba: Hi! Is this task still valid and should still be open? If yes, are you still working (or still plan to work) on this task? (If you do not plan to work on this task anymore, please remove yourself as assignee (via Add Action...Assign / Claim in the dropdown menu) so in theory others could work on it.) Thanks!

Aklapper renamed this task from Use OAuth for to Use OAuth for 6 2020, 11:28 AM
Aklapper removed DamianZaremba as the assignee of this task.
Aklapper added a project: Privacy.
Aklapper removed a subscriber: ZhouZ. does not exist anymore. does and lacks OAuth, so this issue is still valid.
However, it might be something to report to instead, which I did in .

Resetting task assignee due to inactivity.