Page MenuHomePhabricator

Increased visibility in wiki-replicas for volunteers fighting vandals
Open, Needs TriagePublic

Description

Summary
The Security-Team recently completed an audit of the configuration file maintain-views.yaml, in order to explore whether wiki-replicas pose some privacy risks for the contributors supporting Wikimedia projects. As part of the conclusions, it is recommended that details about vandal fighters be redacted from wiki-replicas logs, as also raised in T241667.

Broader context
Abuse filter logs are somewhat public, depending on the project configuration. The issue at stake here is that the logs create increased visibility for volunteers doing anti-vandalism work, making them potential targets of harassment. While this is more of a safety issue rather than a privacy concern this is a risk which stems from the data released in wiki-replicas. As such it cannot be overlooked.

Below is a list of the last 100 anti-vandalism actions on En.WP using Abuse Filter. The volunteers behind these actions are highlighted through this query.

SELECT afh_user_text, afh_timestamp, afh_public_comments, afh_actions 
FROM abuse_filter_history
LIMIT 100;

Related Objects

StatusSubtypeAssignedTask
OpenNone