Bugzilla email address privacy concerns
Closed, DeclinedPublic

Description

Author: stevesliva

Description:
Users are not advised upon creating an account at MediaZilla that their email
address will become their username and be visible to anyone on all MediaZilla
bug reports voted on or created by that user.

At the least, the create a new account page should advise users of the lack of
email address privacy. (Personally, I assumed that email would be required to
confirm that I was a real live person, and then allow me to create an account,
not for becoming my username.)


Version: unspecified
Severity: enhancement
URL: http://bugzilla.wikipedia.org/createaccount.cgi
See Also:
https://bugzilla.mozilla.org/show_bug.cgi?id=218917

bzimport set Reference to bz148.
bzimport added a subscriber: Unknown Object (MLST).
bzimport created this task.Aug 16 2004, 4:58 PM

You might want to report it to the bugzilla developpers as well :

http://www.bugzilla.org/developers/reporting_bugs.html

To be reported to bugzilla team.

phillip.stewart wrote:

A little is already done. @ is used instead of @.

See: https://bugzilla.mozilla.org/show_bug.cgi?id=261326
Bugzilla spam prevention (tracking anti-spam-spiders/harvesters bugs)

ayg wrote:

*** Bug 11048 has been marked as a duplicate of this bug. ***

brion added a comment.Dec 28 2008, 9:51 PM

There's a number of third-party patches/tweaks to BZ to suppress display of email addresses unless one's logged in and such. Clearer display of privacy info would also be good!

brion added a comment.Apr 9 2009, 12:24 AM

https://bugzilla.mozilla.org/show_bug.cgi?id=219021 is marked FIXED upstream:
"Email addresses should only be displayed to logged in users"

Should make it to a future release... (3.4?)

Bulk-assigning open BZ issues to Fred.

fvassard wrote:

This will get corrected in the upcoming version of Bugzilla, which should make it here very soon.
Resolving.

ibloodyhatespam wrote:

Please note that making email addresses invisible until you register just moves the problem up a tiny bit, spambots can easily register (as they do on various types of forum) and then still harvest email addresses.

What would help is either making email addresses invisible permanently (except for admins), or providing the user a choice between showing his email address (only for registered users, of course) or hiding it altogether.

gangleri wrote:

I think this can help:

Please see truncated email addresses at
http://bugs.developers.facebook.com/show_bug.cgi?id=6500
subject: « make irc://foo.bar clickable links »

I think it's not done in http://bugs.developers.facebook.com/config.cgi but one can ask the maintainer:
maintainer : 'platform-bugs\x40lists.facebook.com'

btw:
https://landfill.bugzilla.org/bugzilla-tip/config.cgi shows install_version : '3.5'

http://landfill.bugzilla.org/gangleri/index.cgi shows to maintainers:
A new Bugzilla version (3.4.2) is available at http://www.bugzilla.org/releases/3.4.2/.
Release date: 2009-09-11

http://landfill.bugzilla.org/gangleri/config.cgi shows version : '3.4.1',

Regards Reinhardt [[user:Gangleri]]

demon added a comment.Jan 19 2010, 8:44 PM
  • Bug 9872 has been marked as a duplicate of this bug. ***
demon added a comment.Jan 19 2010, 8:58 PM

Marking this fixed with the BZ 3.4 upgrade, bug 16777. E-mail addys aren't shown to unregistered users anymore.

brion added a comment.Jul 13 2011, 1:13 AM

Reopening -- the upstream bug that was fixed doesn't solve the problem that email addresses are used as a primary identifier and are exposed to other users.

brion added a comment.Jul 13 2011, 1:13 AM
  • Bug 29852 has been marked as a duplicate of this bug. ***
brion added a comment.Jul 13 2011, 1:14 AM
  • Bug 11898 has been marked as a duplicate of this bug. ***
hashar added a comment.Mar 4 2012, 1:04 PM

Unassigning from fvassard at wikimedia dot org

(In reply to comment #13)

Reopening -- doesn't solve the problem that email addresses are used as
a primary identifier and are exposed to other users.

Upstream for that is https://bugzilla.mozilla.org/show_bug.cgi?id=218917

Upstream ticket has an initial patch, so there is a small chance to see this in Bugzilla 5.0.

Qgil added a comment.Apr 14 2014, 1:30 AM

Related: a request for comments to move our bug reporting and more to Phabricator, where users' email addresses are kept private.

https://www.mediawiki.org/wiki/Requests_for_comment/Phabricator

Details about the potential migration from Bugzilla to Phabricator are being discussed at

Migrate Bugzilla to Phabricator
http://fab.wmflabs.org/T39

+ dependent tasks.

Qgil added a comment.May 17 2014, 12:14 AM

With the move to [[w:Phabricator]] approved, this request about visible email addresses in Bugzilla is Lowest priority. We are focusing in Wikimedia Phabricator Day 1.

Aklapper closed this task as "Declined".Nov 23 2014, 11:23 PM
Aklapper claimed this task.

Wikimedia has migrated from Bugzilla to Phabricator. Hence closing as "declined".

Phabricator does not expose your email address, hence this is resolved/fixed in Phabricator terms.

Add Comment