Page MenuHomePhabricator
Create Task
Maniphest T189489

logstash-beta: stop exposing IP addresses to the public
Closed, DuplicatePublic
Actions

Description

On reviewing https://gerrit.wikimedia.org/r/#/c/416346/ @hashar mentions that IP addresses are being collected (indefinitely?) and exposed to the public via https://logstash-beta.wmflabs.org/app/kibana

As things stand now this is a gross violation of the Labs Terms of Use as nowhere in any beta cluster project the warnings set out at https://wikitech.wikimedia.org/wiki/Wikitech:Labs_Terms_of_use#What_can_and_can%E2%80%99t_be_done_with_user_information? are displayed.

There's no need for the public to access private user information.

Volunteer administrators (those with deployment-tin access) may have a need to access such data for debug or abuse prevention.

Event Timeline

MarcoAurelio created this task.Mar 12 2018, 2:21 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMar 12 2018, 2:21 PM
Huji triaged this task as Unbreak Now! priority.Mar 12 2018, 2:29 PM
Huji subscribed.

This is an overt violation of Privacy Policy as well. Marking it as unbreak now!

Restricted Application added subscribers: Liuxinyu970226, TerraCodes. · View Herald TranscriptMar 12 2018, 2:29 PM
Bawolff subscribed.Mar 12 2018, 2:34 PM

There's a related [secret] bug at T161051

Tgr closed this task as a duplicate of Restricted Task.Mar 12 2018, 10:59 PM
Restricted Application removed a subscriber: Liuxinyu970226. · View Herald TranscriptMar 12 2018, 10:59 PM
Tgr subscribed.Mar 12 2018, 11:00 PM

As discussed elsewhere, this was not a violation of the Labs ToU, nevertheless not a great situation. Logstash-beta is now behind password access again.

Krenair subscribed.Mar 12 2018, 11:07 PM
MarcoAurelio added a comment.Mar 13 2018, 10:46 AM

As refuted elsewhere, yes it is. But gladly that this is being resolved.

chasemp subscribed.May 30 2018, 4:58 PM
sbassett moved this task from Intake to Done on the Privacy board.Oct 16 2019, 4:35 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL