Page MenuHomePhabricator

Potential privacy violations in emails on mailing lists (links posted in emails to external websites which track users)
Closed, DeclinedPublic

Description

See this for an example: https://lists.wikimedia.org/pipermail/glam/2019-January/001517.html

I propose that all links sent to Wikimedia mailing lists should be filtered (1) to ensure that links go only to where the visible text of the link says that they should go, and (2) to block any emails that include known third party tracking such as tracking from Facebook.

Also, if creating links that use third party tracking and/or are misleading on Wikimedia mailing lists or sites is not already forbidden by WMF Policy, I suggest that WMF policy be changed to create such a prohibition.

Event Timeline

Pine created this task.Jan 7 2019, 5:42 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJan 7 2019, 5:42 AM
Aklapper renamed this task from Potential privacy volations in emails sent to Wikimedia mailing lists to Potential privacy violations in emails on mailing lists (links posted in emails to external websites which track users).EditedJan 7 2019, 2:34 PM
Aklapper closed this task as Declined.

As for every email there is no privacy violation if a reader does not "blindly" click on links but first checks where those links actually really go.
I don't see good reasons why Wikimedia specifically should spend efforts on a technical solution to a general social problem, hence declining.

Socially: Feel free to create awareness of the problem by contacting users who post third party tracking links.
Technically: You are also free to propose (1) to the upstream Mailman software maintainers or to the developers of your email application to compare the text of a link (a <href="https://bad-website.example.com">https://good-website.example.com</a>) to its href target (https://good-website.example.com) to display some warning in case the text looks like some web address, or such. Very same case as for Phishing emails.

For (2), as far as I know, Mailman version 2 only allows filter rules for specific message headers but not for body messages. Hence same as (1) applies and requires an upstream request to implement that. (If I am wrong, someone correct me please!)

Pine reopened this task as Open.EditedJan 7 2019, 9:54 PM

Hi Andre, while I believe that while it's okay and good for you to include your opinion, I don't think that you should decline bugs that aren't clearly junk, especially because you at most speak for WMF and certainly not for the community. You exceeded your authority by declining this bug in that manner.

I am reopening this bug and adding three projects which I hope have people with domain-specific expertise who can comment on the relevant issues: Wikimedia-Mailing-lists, Privacy, and WMF-Legal.

Restricted Application added a project: Operations. · View Herald TranscriptJan 7 2019, 9:54 PM
Bawolff closed this task as Declined.Jan 7 2019, 11:38 PM
Bawolff added a subscriber: Bawolff.

Just set the mailing list to not allow html email. That's really the only fool proof way to get what you're asking for.

Beyond that, its really an upstream issue in my opinion - We only use the mailman software, we don't make it. Phabricator tickets related to mailman should in general be about how to use the software. Changes to the mailman software including feature requests, should go to the people developing the mailman software, not here.

With that in mind, I'm reclosing as declined per Andre.

p.s. Minor note, the declined status is not for "junk". That's what the "invalid" status is for. The "declined" status means that the bug is legit but being rejected. In this case, declined essentially means out of scope

As an addendum:

Also, if creating links that use third party tracking and/or are misleading on Wikimedia mailing lists or sites is not already forbidden by WMF Policy, I suggest that WMF policy be changed to create such a prohibition.

This is of course not the place to propose policy. Of course if there is consensus for a policy, and a hard requirement of the consensus is that technical measures be taken to enfroce the policy (Up to and including moving to different software if necessary), that's a totally different discussion.

Aklapper removed a project: WMF-Legal.EditedJan 8 2019, 3:14 AM

@Bawolff added (thanks!) what I should have also written before: Feel free to contact your list administrator and ask them to only allow plain text and disallow HTML posts. That will definitely solve the problem, so a technical solution to this problem already exists. This is unrelated to WMF-Legal, hence removing tag.

PS: I speak as a bugwrangler. I'm not a "WMF speaker" or such. I'm generally happy to agree or disagree with people based on argumentations, no matter who might pay them or not.

sbassett triaged this task as Normal priority.Wed, Oct 16, 4:38 PM
sbassett moved this task from Backlog to Done on the Privacy board.