Page MenuHomePhabricator

Security concept review for newcomer tasks on Special:Homepage
Closed, ResolvedPublic

Description

Project Information

  • Name of project: Newcomer tasks
  • Project home page: https://www.mediawiki.org/wiki/Growth/Personalized_first_day/Newcomer_tasks
  • Tracking task: T227728: [EPIC] Growth: Newcomer tasks 1.0
  • Name of team which owns the project: Growth-Team
  • Primary contact for the project: @JTannerWMF
  • Target date for deployment: November 5th for the first iteration; ("v1.0"); further iterations in the following weeks and months
  • Link to code repository: part of the existing GrowthExperiments extension; still under development
  • Is this a brand-new project: sort of but not really, it adds to an existing project (the newcomer homepage)
  • Has this project ever been reviewed before: no
  • Has any risk assessment (STRIDE, etc.) been performed: I don't believe so
  • Is there an existing RFC or has this been presented to the community: no, except for project page updates and community ambassador contacts
  • Is this project tied to a team quarterly goal: yes
  • Does this project require its own privacy policy: no (other than the existing WelcomeSurvey privacy policy)

Description of the project and how it will be used

The best way to quickly get an idea of what this feature is like is to browse through these mockups. The description below links to individual slides in those mockups.

We are adding a "suggested edits" module to the newcomer homepage (Special:Homepage). This module will display articles that the local wiki community has flagged using "maintenance templates" (the boxes that say things like "this article needs copyediting" or "this article needs an image") and encourage the user to edit one and perform the task (fix typos, add an image, etc). In the first iteration, we will allow users to choose different task types based on difficulty level (mockup) but allow no other customization; in a future iteration we will also ask them which topics they're interested in when they first use the suggested edits feature (mockup) and show them task suggestions based on that (they could then change their topic filter later). When the user clicks a suggestion, we'd initially just send them to that article, but in later iterations we'd also give them guidance when they get there.

As part of this project, we've removed the topic-related questions from the WelcomeSurvey, because the topic question shown when the user initiates the suggested edits module replaces those. We've also added new answer options to the "why did you create your account" question, and we're planning to add a languages question. There are also some styling/layout and minor functionality changes to Special:Homepage itself.

Description of any sensitive data to be collected or exposed

This is the first feature that would use the survey answers from the WelcomeSurvey for personalization. Users would see different interface text in the suggested edits module depending on their answer to the "why did you create your account" question, and in a future iteration we plan to use answers to the languages question to suggest translation tasks.

We'll also be instrumenting how these new features are used with EventLogging. Legal is reviewing our measurement plan. The main things we want to instrument are:

  • Clicks on and interactions with the module, like for every other homepage module
  • Which pages are shown to the user as suggestions
  • Which suggestions each user clicks on
  • What happens during edit sessions that follow from a user clicking a suggestion (this data is already recorded by the EditAttemptStep schema, but it's sampled at 6.25% of edit sessions; for edit sessions following from a suggestion click, we'd oversample this schema to 100%)

We would record the user ID for all of these events, subject to a retention period.

Technologies employed

Mostly regular PHP and JavaScript. For topic-based suggestions, we may query the existing ElasticSearch cluster; this isn't part of the first iteration, and we haven't fully decided how to implement it yet.

Dependencies and vendor code

Nothing out of the ordinary, just things that are already in production: OOjs UI, EventLogging, PageImages, PageViewInfo, TextExtracts

Working test environment

This feature is still being developed, but it's enabled in beta labs, so new functionality appears there as patches get merged

Additional documentation

Event Timeline

Catrope created this task.Oct 16 2019, 11:48 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptOct 16 2019, 11:48 PM
sbassett triaged this task as Medium priority.Oct 17 2019, 7:48 PM
sbassett updated the task description. (Show Details)
JTannerWMF added a subscriber: sbassett.

Just moved this to the Growth Team Board for tracking purpose.

Hi @sbassett hope you're well. I copied you on our instrumentation DACI email to initiate this process and @Catrope kindly created this task. Just wanted to check in on when we can expect further guidance from your team regarding this project? Let me know if you need further information on our side.

sbassett added a project: Privacy.EditedOct 25 2019, 9:01 PM
sbassett added subscribers: Jcross, JFishback_WMF.

Hey @JTannerWMF -

You'll probably want to work with our PM, @Jcross, to get this scheduled, which we can hopefully do during our weekly triage meeting this coming Monday. Just glancing at this, particularly the Description of any sensitive data to be collected or exposed section, I'm not seeing much in the realm of technical security concerns, which would most likely be dealt with during a full security review of any relevant code anyways. This appears to be more an issue of Wikimedia's policies around EventLogging (noted as under review by WMF-Legal) and targeting specific users based upon potentially sensitive/private data. So this may be more relevant for @JFishback_WMF to have a look at once WMF-Legal has wrapped up their review. I'm going to tag this task with Privacy as well for the time being.

Hi @JTannerWMF, @sbassett beat me to the punch! We'll make a point of reviewing on Monday at our triage meeting and I'll be sure to touch base with you when we know what our timeline will look like.

sbassett moved this task from Backlog to Doing on the Privacy board.
sbassett moved this task from Backlog to In Progress on the Security-Team-Reviews board.
Jcross added a comment.EditedOct 28 2019, 5:34 PM

Hi @JTannerWMF - we've taken a look at this and once WMF-Legal has wrapped up their review we should only need a few days at most.

Hi @Jcross ! We received Legal's approval to move forward yesterday afternoon. Let me know if you'd like me to forward their approval via email.

Excellent news @JTannerWMF - James is on it and we should have an update for you soon.

@JTannerWMF we've taken a look at this and, absent any further feedback from your team, we believe this is LOW risk. @sbassett mentioned it would be a good idea to have Performance-Team take a look - do you know if anyone from that team has reviewed this?

JFishback_WMF moved this task from Doing to Done on the Privacy board.Nov 1 2019, 3:21 PM

Hi @JFishback_WMF, would you be so kind as to providing further context of what specifically we should ask Performance to look at?

JFishback_WMF closed this task as Resolved.Wed, Nov 13, 11:19 PM

Hey @JTannerWMF I think the concern was simply whether enabling this additional functionality would possibly have a negative performance impact at scale. I don't think anyone on Security-Team is super concerned it will, just thought it might be worth running it by the Performance-Team just to be safe. I'll go ahead and resolve this particular task and leave it to you whether you want to run this by anyone else. Please let me know if you need anything else from me!