Page MenuHomePhabricator
Create Task
Maniphest T383236

Heritage Foundation threat of targeted attack
Open, Needs TriagePublic
Actions

Description

There's a thread on enwiki about what looks to be plausible threat of a targeted attack on the privacy of wikipedia editors. Some quotes from the referenced slide show:

  • Identify and target Wikipedia editors abusing their position by analyzing text patterns, usernames, and technical data through data breach analysis, fingerprinting, HUMINT, and technical targeting.
  • Use redirects to capture IP addresses, browser fingerprints, and device data through a combination of in browser fingerprinting scripts and HTML5 canvas techniques

I don't know how serious a threat this is, or whether there is anything that can be done at our end, so opening this ticket just to make sure T&S is aware of it.

Event Timeline

RoySmith created this task.Wed, Jan 8, 3:10 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptWed, Jan 8, 3:10 PM
Xaosflux subscribed.Wed, Jan 8, 3:26 PM
KrakatoaKatie subscribed.Wed, Jan 8, 3:32 PM
Jules78120 subscribed.Wed, Jan 8, 3:39 PM
Barkeep49 subscribed.Wed, Jan 8, 3:40 PM
GorillaWarfare subscribed.Wed, Jan 8, 3:41 PM
L235 subscribed.Wed, Jan 8, 3:45 PM
Aklapper added a comment.Wed, Jan 8, 4:17 PM

Per https://phabricator.wikimedia.org/project/profile/1058/ this should likely be an email instead. :-)

Sdkb subscribed.Wed, Jan 8, 4:24 PM
RoySmith added a comment.Wed, Jan 8, 4:27 PM
In T383236#10441632, @Aklapper wrote:

Per https://phabricator.wikimedia.org/project/profile/1058/ this should likely be an email instead. :-)

Email sent.

ARandomName123 subscribed.Wed, Jan 8, 4:34 PM
1AmNobody24 subscribed.Wed, Jan 8, 4:57 PM
Cyberdog958 subscribed.Wed, Jan 8, 5:37 PM
Blablubbs subscribed.Wed, Jan 8, 5:52 PM
ThadeusOfNazereth subscribed.Wed, Jan 8, 5:52 PM
Blablubbs added a comment.Wed, Jan 8, 5:53 PM

I do think it should also be a ticket, albeit probably not a public one.

TheresNoTime subscribed.Wed, Jan 8, 5:58 PM
Dylsss subscribed.Wed, Jan 8, 6:06 PM
Xaosflux added a comment.Wed, Jan 8, 6:12 PM

@Aklapper perhaps change visibility on this to Trusted-Contributors ?

A_smart_kitten subscribed.Wed, Jan 8, 6:25 PM
BethNaught subscribed.Wed, Jan 8, 6:37 PM
BethNaught unsubscribed.
RoySmith added a comment.Wed, Jan 8, 6:43 PM

When I created the ticket, I thought about marking it "security", but figured I wasn't saying anything that wasn't already public, so left it open. I was not previously aware of the Trusted-Contributors mechanism; I agree that would make sense to use here.

Hmmm, I see I'm already a member of that group, so apparently somebody already thought I was trustworthy. Must be a low bar :-)

LakesideMiners subscribed.Wed, Jan 8, 8:13 PM
NightWolf1223 subscribed.Wed, Jan 8, 8:27 PM
Richard_Nevell subscribed.Wed, Jan 8, 10:29 PM
Isla subscribed.Wed, Jan 8, 10:46 PM
Novem_Linguae subscribed.Wed, Jan 8, 10:47 PM
Novem_Linguae changed the subtype of this task from "Bug Report" to "Task".Wed, Jan 8, 10:49 PM
ahriboy subscribed.Thu, Jan 9, 3:52 AM
SHB2000 subscribed.Thu, Jan 9, 4:31 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits