Page MenuHomePhabricator

https://annual.wikimedia.org/2014/ loads javascript from toolforge [possible privacy policy violation]
Closed, ResolvedPublic

Description

While researching T239061, i discovered https://annual.wikimedia.org/2014/ loads the script https://tools.wmflabs.org/wmcounter/wmcounter.data.js . This is a tool controlled by User:Emijrp - a prominent Wikipedian.

I see two concerns here:
A) Loading JS from toolforge is probably a violation of privacy policy
B) Loading JS from a toolforge tool controlled by a retired wikipedian onto a *.wikimedia.org domain is a security risk. What if said user misplaces his ssh key? What if said user becomes disgruntled and turns evil (Not saying that would happen, just going through the possibilities)? Any code on *.wikimedia.org domains should be controlled by official WMF repos.

I would suggest just modifying the 2014 report to have the current value of the script. Sure it might break the edit counter, but its from 2014, does anyone really care?

Details

Related Gerrit Patches:

Event Timeline

Bawolff created this task.Nov 25 2019, 9:17 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptNov 25 2019, 9:17 AM
sbassett triaged this task as High priority.Nov 25 2019, 4:04 PM
sbassett added subscribers: JFishback_WMF, Varnent.

I would suggest just modifying the 2014 report to have the current value of the script. Sure it might break the edit counter, but its from 2014, does anyone really care?

This seems reasonable to me. I think displaying current value as suggested and adjusting text below to say "Number of edits across all databases in Wikimedia's servers as of XYZ date." and then remove the link that explains the live number count. Alternatively, can remove that mini-section of the report if this solution is not viable for some reason.

Essentially, we care about the report in so much as it provides historical data that is still accessed or referenced on occasion by people outside of the organization. However, it is not a primary storytelling tool anymore and that script happens to be displaying the only non-historical number in the report. So put another way, it's the one number we arguably are the least concerned about maintaining.

Thanks, @Varnent. Do you per chance know who has access to manage the content of annual.wikimedia.org?

Thanks, @Varnent. Do you per chance know who has access to manage the content of annual.wikimedia.org?

I believe it is on Gerrit repo - so in theory anyone should have access to its content.

@Varnent - ah, there it is. Thanks. Now to figure out who/how to deploy there :)

Change 553184 had a related patch set uploaded (by SBassett; owner: SBassett):
[wikimedia/annualreport@master] Remove toolforge JavaScript library due to privacy concerns

https://gerrit.wikimedia.org/r/553184

Change 553184 merged by SBassett:
[wikimedia/annualreport@master] Remove toolforge JavaScript library due to privacy concerns

https://gerrit.wikimedia.org/r/553184

sbassett closed this task as Resolved.Nov 26 2019, 9:10 PM
sbassett assigned this task to JFishback_WMF.
sbassett moved this task from Intake to Done on the Privacy board.
sbassett moved this task from Backlog / Other to Done on the acl*security board.Nov 26 2019, 9:10 PM

@sbassett - great, thank you! Are the numbers now on display on that page still up-to-date or are they showing a number from a specific date?

@Varnent - they're static as of the patch merge and deploy, so whatever they were around 21:00 UTC or 13:00 PST. Per previous discussion, we assumed that would be ok.

Varnent added a comment.EditedNov 27 2019, 4:05 PM

@Varnent - they're static as of the patch merge and deploy, so whatever they were around 21:00 UTC or 13:00 PST. Per previous discussion, we assumed that would be ok.

If they are static to a specific date, we should amend the text (as I mentioned before) to indicate that date - so something like "Number of edits across all databases in Wikimedia's servers as of 26 November 2019." and then remove the link that explains the live number count. Otherwise I fear someone may report that as a live number when it is now a historical number.

Thank you for catching this and work on it! :)

JFishback_WMF reopened this task as Open.Nov 27 2019, 6:46 PM

@sbassett I'll reopen and take care of this.

JFishback_WMF lowered the priority of this task from High to Low.Nov 27 2019, 6:47 PM
JFishback_WMF moved this task from Done to Doing on the Privacy board.
sbassett closed this task as Resolved.Jan 14 2020, 11:45 PM
sbassett moved this task from In Progress to Our Part Is Done on the Security Readiness Reviews board.

If they are static to a specific date, we should amend the text (as I mentioned before) to indicate that date - so something like "Number of edits across all databases in Wikimedia's servers as of 26 November 2019." and then remove the link that explains the live number count. Otherwise I fear someone may report that as a live number when it is now a historical number.

@Varnent - I pushed a fix for this to gerrit, which is now live at https://annual.wikimedia.org/2014/. I thought it might be a good idea to leave the edit counter information in place so people could have some idea where the figure was generated. If you'd like that completely removed, I can revise it once more, though I'm going to call this resolved for now.