Page MenuHomePhabricator

Undergo WMF legal review for Edit Check
Closed, ResolvedPublic


This task involves the work of ensuring the methods Edit Check employs to evaluate an edit someone is attempting to publish meets Wikimedia project privacy policies.


Edit Check - Legal, Safety and Security review

Event Timeline

Aklapper renamed this task from Undergo WMF legal review to Undergo WMF legal review for Edit Check.Aug 11 2023, 7:25 AM

Privacy engineering review: LOW privacy risk. automatically accepted.

" Hi all, the Privacy Engineering review is complete. It is my understanding that new feature will associate certain user actions with tags. For example, it will document publicly why a new user refrained from inserting a reference in a new Wikipedia paragraph. This meta-data association will be publicly available, for example in the Recent Changes.

However, the associated tags are not expected to contain any PII. They will be generic category-like meta-data. Therefore, the change described in this conceptual documentation poses a privacy risk categorized as LOW, which can be automatically accepted."

Legal - Privacy: low risk

"Hi, no issues from my Legal-Privacy review either. The heuristic that triggers the edit check (described on MW and phab) is straightforward and not evaluating the quality of the content added, but rather looking for quantity being added missing citations. The tags are publicly viewable, but likewise content-neutral (based on tags listed on MW and phab). Agree with the low risk rating for privacy.

If tags eventually include evaluating the content being added (such as through inclusion of vandalism or spam related tags), there is a potential of inaccurate automatic tagging giving rise to defamation complaints — if the project expands into evaluating content, then please come back for a new review from Legal so we can evaluate any new risks. Thank you!"

Trust and Safety review: low risk

"I have completed my review and do not have have any major safety concerns. I'm curious, if a user selects "no" if the edit check pops up, are they required to submit a reason or they can publish the article without it? I totally understand all the positive reasons to publicly document people's responses to avoid deletion of added content etc. I am however slightly concerned about the possibility of the public documentation of responses also exposing a user to abuse/harassment especially if it is a controversial article. This is very low risk and i can't think of a way to mitigate it yet but is worth flagging."

Hi, when the user selects "no", they are being asked the following question.

Screenshot 2023-09-05 at 3.09.03 PM.png (616×816 px, 84 KB)

Once, the user chooses one "reason", they can proceed to saving their edit.
Please note that they can choose "other" and we will not ask further questions.
Those "reasons" will be saved as a tag. You can see the related work in this task:

As of right now, it is required to go through that step. We are also discussing about changing this in the future. As this is an experiment and we would like to learn if the tool (Editcheck) is useful for newcomers, we are making it more explicit and required.

Does this helps?

yes this is helpful @Valerie Puffet-Michel, thank you!