Page MenuHomePhabricator
Create Task
Maniphest T26552

Wiki-email to store a hash of the message text
Open, MediumPublicFeature
Actions

Description

Author: FT2.wiki

Description:
Can mediawiki store together with the hash of the recipient, a hash of the body text of an email with white space removed (if over some minimum number of characters)?

Rationale - while this would be effectively impossible to reverse back to text (and therefore preserves privacy of email content), it means that a sender or recipient claims in a harassment case can prove their account of the message sent or received is accurate and the text cited has not been tampered, because it can be hashed back to the same digest.

This is computationally trivial, has no impact on privacy (minimum number of characters), and could be extremely useful in serious cases of dispute, harassment, solicitation, sexual solicitation, grossly untoward suggestion, etc, if one party claims the email text was as submitted and the other party asserts it has been tampered with and is falsified.

Basically without breaching privacy, it would allow a sender or recipient to prove to WMF if needed that the actual content of an email is as claimed, or had been amended.

It's unlikely to be needed much, but when it is, it's likely to be a serious case and something that's valuable to have in place. By nature it does not appear to risk privacy otherwise, because the hash could not be used to verify a text without WMF help and cannot be converted back to text by WMF or any person. It would purely protect the sender and recipient by allowing them to prove or disprove email content in a serious matter.

Version: unspecified
Severity: enhancement

Details

Reference
bz24552

Related Objects

Event Timeline

bzimport raised the priority of this task from to Medium.Nov 21 2014, 11:07 PM
bzimport added a project: CheckUser.
bzimport set Reference to bz24552.
bzimport added a subscriber: Unknown Object (MLST).
bzimport created this task.Jul 26 2010, 6:01 PM
Platonides added a comment.Jul 29 2010, 11:13 PM

The salted hash of the recipient is directly viewable for checkusers.
Secretly storing the hashes would need somewhere to do it. It's probably a bad idea to add it in the checkuser-email-action entry, as it would be a free text for breaking the secret key. Perhaps it could be hashed with the recipient hash...

bzimport added a comment.Jul 30 2010, 12:37 AM

FT2.wiki wrote:

Not with the recipient. I would assume a simple salt would be used as already.

If the recipient is considered safe to salt hash and include in CU results then presumably the text can be salt hashed and included too. If having access to many hashes of salt hashed email recipient IDs doesn't allow breaching of privacy (as it shouldn't) then access to many hashes of salt hashed email texts won't either (provided a minimum email size is set as suggested).

MarcoAurelio mentioned this in T139810: RFC: Overhaul the CheckUser extension.Jul 23 2016, 1:26 PM
MarcoAurelio added a project: Stewards-and-global-tools.Jul 23 2016, 1:43 PM
MarcoAurelio removed a subscriber: wikibugs-l-list.
Restricted Application added a subscriber: JEumerus. · View Herald TranscriptJul 23 2016, 1:43 PM
Liuxinyu970226 subscribed.Jul 27 2016, 3:25 AM
Matanya moved this task from Untriaged to Low priority on the Stewards-and-global-tools board.Apr 19 2017, 7:54 PM
Meno25 unsubscribed.Nov 23 2018, 7:24 AM
Aklapper changed the subtype of this task from "Task" to "Feature Request".Feb 4 2022, 12:24 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL