Bugzilla email address privacy concerns
Closed, DeclinedPublic

Description

Author: stevesliva

Description:
Users are not advised upon creating an account at MediaZilla that their email
address will become their username and be visible to anyone on all MediaZilla
bug reports voted on or created by that user.

At the least, the create a new account page should advise users of the lack of
email address privacy. (Personally, I assumed that email would be required to
confirm that I was a real live person, and then allow me to create an account,
not for becoming my username.)


Version: unspecified
Severity: enhancement
URL: http://bugzilla.wikipedia.org/createaccount.cgi
See Also:
https://bugzilla.mozilla.org/show_bug.cgi?id=218917

bzimport added a subscriber: Unknown Object (MLST).
bzimport set Reference to bz148.
bzimport created this task.Via LegacyAug 16 2004, 4:58 PM
hashar added a comment.Via ConduitAug 16 2004, 5:21 PM

You might want to report it to the bugzilla developpers as well :

http://www.bugzilla.org/developers/reporting_bugs.html

hashar added a comment.Via ConduitJan 20 2005, 8:16 AM

To be reported to bugzilla team.

bzimport added a comment.Via ConduitAug 10 2005, 5:28 PM

phillip.stewart wrote:

A little is already done. @ is used instead of @.

See: https://bugzilla.mozilla.org/show_bug.cgi?id=261326
Bugzilla spam prevention (tracking anti-spam-spiders/harvesters bugs)

bzimport added a comment.Via ConduitAug 23 2007, 8:29 PM

ayg wrote:

*** Bug 11048 has been marked as a duplicate of this bug. ***

brion added a comment.Via ConduitDec 28 2008, 9:51 PM

There's a number of third-party patches/tweaks to BZ to suppress display of email addresses unless one's logged in and such. Clearer display of privacy info would also be good!

brion added a comment.Via ConduitApr 9 2009, 12:24 AM

https://bugzilla.mozilla.org/show_bug.cgi?id=219021 is marked FIXED upstream:
"Email addresses should only be displayed to logged in users"

Should make it to a future release... (3.4?)

brion added a comment.Via ConduitAug 12 2009, 11:44 PM

Bulk-assigning open BZ issues to Fred.

bzimport added a comment.Via ConduitSep 10 2009, 5:34 PM

fvassard wrote:

This will get corrected in the upcoming version of Bugzilla, which should make it here very soon.
Resolving.

bzimport added a comment.Via ConduitSep 10 2009, 8:16 PM

ibloodyhatespam wrote:

Please note that making email addresses invisible until you register just moves the problem up a tiny bit, spambots can easily register (as they do on various types of forum) and then still harvest email addresses.

What would help is either making email addresses invisible permanently (except for admins), or providing the user a choice between showing his email address (only for registered users, of course) or hiding it altogether.

bzimport added a comment.Via ConduitSep 14 2009, 1:50 PM

gangleri wrote:

I think this can help:

Please see truncated email addresses at
http://bugs.developers.facebook.com/show_bug.cgi?id=6500
subject: « make irc://foo.bar clickable links »

I think it's not done in http://bugs.developers.facebook.com/config.cgi but one can ask the maintainer:
maintainer : 'platform-bugs\x40lists.facebook.com'

btw:
https://landfill.bugzilla.org/bugzilla-tip/config.cgi shows install_version : '3.5'

http://landfill.bugzilla.org/gangleri/index.cgi shows to maintainers:
A new Bugzilla version (3.4.2) is available at http://www.bugzilla.org/releases/3.4.2/.
Release date: 2009-09-11

http://landfill.bugzilla.org/gangleri/config.cgi shows version : '3.4.1',

Regards Reinhardt [[user:Gangleri]]

demon added a comment.Via ConduitJan 19 2010, 8:44 PM
  • Bug 9872 has been marked as a duplicate of this bug. ***
demon added a comment.Via ConduitJan 19 2010, 8:58 PM

Marking this fixed with the BZ 3.4 upgrade, bug 16777. E-mail addys aren't shown to unregistered users anymore.

brion added a comment.Via ConduitJul 13 2011, 1:13 AM

Reopening -- the upstream bug that was fixed doesn't solve the problem that email addresses are used as a primary identifier and are exposed to other users.

brion added a comment.Via ConduitJul 13 2011, 1:13 AM
  • Bug 29852 has been marked as a duplicate of this bug. ***
brion added a comment.Via ConduitJul 13 2011, 1:14 AM
  • Bug 11898 has been marked as a duplicate of this bug. ***
hashar added a comment.Via ConduitMar 4 2012, 1:04 PM

Unassigning from fvassard at wikimedia dot org

Aklapper added a comment.Via ConduitMay 25 2012, 8:52 AM

(In reply to comment #13)

Reopening -- doesn't solve the problem that email addresses are used as
a primary identifier and are exposed to other users.

Upstream for that is https://bugzilla.mozilla.org/show_bug.cgi?id=218917

Aklapper added a comment.Via ConduitJan 31 2014, 10:14 PM

Upstream ticket has an initial patch, so there is a small chance to see this in Bugzilla 5.0.

Qgil added a comment.Via ConduitApr 14 2014, 1:30 AM

Related: a request for comments to move our bug reporting and more to Phabricator, where users' email addresses are kept private.

https://www.mediawiki.org/wiki/Requests_for_comment/Phabricator

Details about the potential migration from Bugzilla to Phabricator are being discussed at

Migrate Bugzilla to Phabricator
http://fab.wmflabs.org/T39

+ dependent tasks.

Qgil added a comment.Via ConduitMay 17 2014, 12:14 AM

With the move to [[w:Phabricator]] approved, this request about visible email addresses in Bugzilla is Lowest priority. We are focusing in Wikimedia Phabricator Day 1.

Aklapper closed this task as "Declined".Via WebNov 23 2014, 11:23 PM
Aklapper claimed this task.

Wikimedia has migrated from Bugzilla to Phabricator. Hence closing as "declined".

Phabricator does not expose your email address, hence this is resolved/fixed in Phabricator terms.

Kozuch awarded a token.Via WebDec 17 2014, 8:09 PM

Add Comment