Page MenuHomePhabricator

CentralAuth account autocreation may be violating WMF's privacy policy
Closed, InvalidPublic


The policy says "page visits do not expose a visitor's identity publicly.", however the fact that a user registered on one project visited another site and the first time he/she did so are logged and viewable publicly by SUL account.

Version: unspecified
Severity: normal



Event Timeline

bzimport raised the priority of this task from to Needs Triage.Nov 22 2014, 1:04 AM
bzimport set Reference to bz40006.
bzimport added a subscriber: Unknown Object (MLST).

They are free to ask that their global account be deleted.

I doubt that this is actually something for bugzilla (yet). That looks more like something that needs a discussion, which shouldn't happen here but on meta.

How is SUL autocreation exposing one's "identity" publicily?

(In reply to comment #3)

How is SUL autocreation exposing one's "identity" publicily?

I read it as my user name. For example I'm [[en:User:Liangent]] and is publicly known as this username on enwiki. You can find the time I visited simplewiki for the first time.

This is not a Bugzilla bug, but a legalese discussion. You'll need to define what "identity" is in the first place (and I very much doubt it's your nickname, as this is not a "personally identifiable information").

By the way, the information in the log is does not tell when you visited simplewiki for the first time; it only says when the account was created - which happens when you log-in into the wiki for the first time or visit it while logged-in on another project for the first time (so you might have visited it a long time before doing either of this things).

If you still have any doubts about that, please contact the Foundation's LCA team at


I think Liangent has a point, your first visit is logged if you're logged in, which is contradictory with what the privacy policy states (the gist of it being "visits aren't publicly logged"). I have passed it on to the WMF staff responsible for rectifying that.

Just as a heads-up, the Deputy General Counsel thinks no changes are necessary in the privacy policy for the following reasons:

  • Users can delete cookies or log out in order to prevent this from happening,
  • the information disclosed is not identifiable (a simple username).

For the record, I am waiting for an email response from WMF Legal about this issue.