Note: Miraheze has the RemovePII mediawiki extension for compliance with GDPR. There might be bits you can steal.

In T290099#7322617, @RhinosF1 wrote:

Note: Miraheze has the RemovePII mediawiki extension for compliance with RTBF. There might be bits you can steal.

Interesting - https://github.com/miraheze/RemovePII does indeed look like it could maybe get us part of the way there.

See also:

• https://www.mediawiki.org/wiki/Extension:DisableAccount (may not be compatible with CentralAuth)
• https://www.mediawiki.org/wiki/Extension:DeletePagesForGood (unstable, see T220884: Update the DeletePagesForGood extension for MCR)

See also: T34815: Add user preference to deactivate/delete user account

In T290099#7322617, @RhinosF1 wrote:

Note: Miraheze has the RemovePII mediawiki extension for compliance with RTBF. There might be bits you can steal.

Interesting - https://github.com/miraheze/RemovePII does indeed look like it could maybe get us part of the way there.

I agree that the Miraheze's extension covers an interesting range of PII to remove— including recentchanges, data collected during CheckUser lookups, and various logs. Meanwhile, ResetUserEmail doesn't allow you to delete user emails since that script, unless I am wrong, does not support empty email. So perhaps a the first iteration could remove email address. Then, next iterations would target more PII gradually. I guess I'm suggesting to start with removing email addresses because that request pops up frequently.

In T290099#7331913, @sguebo_WMF wrote:

So perhaps a the first iteration could remove email address. Then, next iterations would target more PII gradually. I guess I'm suggesting to start with removing email addresses because that request pops up frequently.

Starting with various user email search/removal functionality sounds good to me. We're definitely not going to be able to catalog and qualify every piece of relevant data within a first or second iteration of this maintenance script, but getting an initial version up for code review would be a great first step. Let me know if I can help with that.

I've talked about this with individual SRE and security team members but let me say it on record as well that this type of script would be immensely helpful for T&S's workflow :) I'm sure as a former member of the T&S, Samuel would also concur with me :)

Change 720819 had a related patch set uploaded (by Samuel (WMF); author: Samuel (WMF)):

[mediawiki/core@master] Add script to remove user email address

https://gerrit.wikimedia.org/r/720819

Change 720819 merged by jenkins-bot:

[mediawiki/core@master] Add script to delete a user email's address

https://gerrit.wikimedia.org/r/720819

Update: A first iteration of this landed in https://gerrit.wikimedia.org/r/720819 (thanks, @sguebo_WMF!) It's a fairly simple maint script for now, but can and should be expanded upon down the road, either via adding additional features or creating additional maint scripts. I propose leaving this task open for now to track that future work.