Page MenuHomePhabricator
Create Task
Maniphest T31852

email address on bugzilla account registration could be disclosed accidentally
Closed, ResolvedPublic
Actions

Description

Author: saibotrash

Description:
The bugzilla system does not really respect [[WP:ANON]] - the account creation here https://bugzilla.wikimedia.org/createaccount.cgi which is needed to report bugs on wikimedia's servers needs a valid(!) mail address. Users often have real name mail addresses while being pseudonymous on-wiki. Users who do not exactly read the message on the registration page can be easily tricked to disclose their real name since the email address will be public in bugzilla!

This is especially bad for people who do not speak English - or do only speak a bit. They could simply not understand what will happen with their email address. It is VERY uncommon that a email address which is required(!) for registration is made public.

Bugzilla links are spread in our projects in village pump discussions and so on.

Simple: solution do not make email adresses public and do not require email adresses for registration.

Version: unspecified
Severity: normal

Details

Reference
bz29852

Related Objects

Event Timeline

bzimport raised the priority of this task from to Needs Triage.Nov 21 2014, 11:27 PM
bzimport added a project: Wikimedia-Bugzilla.
bzimport set Reference to bz29852.
bzimport created this task.Jul 12 2011, 10:51 PM
Reedy added a comment.Jul 12 2011, 10:56 PM

E-mail address is used as login, and is how bugzilla is built around users having emails

MarkAHershberger added a comment.Jul 13 2011, 12:20 AM

(In reply to comment #1)

E-mail address is used as login, and is how bugzilla is built around users
having emails

See discussion at https://bugzilla.mozilla.org/show_bug.cgi?id=425663#c23

demon added a comment.Jul 13 2011, 12:25 AM

I personally think integrating CentralAuth and BZ is a horrible waste of time. I'd much rather see us use something like OpenID for our SUL purposes, rather than hacking more crap into CA.

brion added a comment.Jul 13 2011, 1:13 AM
  • This bug has been marked as a duplicate of bug 148 ***
Jdforrester-WMF mentioned this in T35365: resources/mediawiki/mediawiki.feedback.js: Privacy and usability issues.Mar 3 2015, 6:18 PM
Content licensed under Creative Commons Attribution-ShareAlike 3.0 (CC-BY-SA) unless otherwise noted; code licensed under GNU General Public License (GPL) or other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL