Ask Legal, not me. I'm just the messenger on this.

It looks like it's server-side.

I'm not a lawyer either, but I think there are two key differences here:

• Any images uploaded are clearly uploaded, not "drafted".
• This is not a supported service. It is not a permanent draft. There is no UI or documentation fr it. Nobody is promising you that the server cache won't be flushed in 10 minutes.

In T39992#424332, there is fear that terrorists or spies use that service to exchange messages so it doesn't need to be documented or even supported, just used.

(Also some definitions of child pornography include texts, for example German law. Apparently, US law and WMF's Terms of Use allow such texts to be shared. However, such distribution wherever perpetrated is probably punishable in Germany per § 184b StGB i. V. m. § 6 VI StGB.)

Fine to use me as a proxy. I'll take a look after the holiday.

Wikipedia supports storing private data via the options API, Gerrit supports storing private data via draft inline comments, Phabricator (and before that, Bugzilla) supports storing private data via saved searches, so it's not like this would change the status quo in any way. You would be hard-pressed to find any software product today which allows personal accounts but does not allow storing private data in those accounts in some way that could be technically used to distribute illegal material. I find it fairly ridiculous to suggest that any organization hosting any software capable of storing private data is in violation of German (or any other) anti-terrorism/child porn/whatever law.

Also, if "no private drafts whatsoever" is an actual decree from Legal, could they verify that? (CC-ing Luis.) Lets not spend too much time arguing on something that might yet turn out to be a myth.

(That's what you get for not refreshing.) Luis, can you also comment on T39992? References to Legal are made there as well. The relevant thread starts at T39992#424332.

In T75834#792390, @Tgr wrote:

Wikipedia supports storing private data via the options API, Gerrit supports storing private data via draft inline comments, Phabricator (and before that, Bugzilla) supports storing private data via saved searches, so it's not like this would change the status quo in any way. You would be hard-pressed to find any software product today which allows personal accounts but does not allow storing private data in those accounts in some way that could be technically used to distribute illegal material. I find it fairly ridiculous to suggest that any organization hosting any software capable of storing private data is in violation of German (or any other) anti-terrorism/child porn/whatever law.
[…]

I didn't want to suggest that (and it would be wrong). @Qgil's comment above seemed to say that distributing child pornography is only relevant if it is done in the form of images, and I wanted to mention aside from the question at hand that this (apparently) reflects US law, but not (for example) German.

Waiting for input from Luis here, but I (not being a lawyer) would close this task as declined.

I'd generally prefer client-side drafts, but as discussed offline with @Jdforrester-WMF there is no blanket prohibition from the legal team on server-side draft storage.

In T75834#947107, @LuisV_WMF wrote:

I'd generally prefer client-side drafts, but as discussed offline with @Jdforrester-WMF there is no blanket prohibition from the legal team on server-side draft storage.

Do you have an ETA for the legal team's conclusion on edit caching in Phabricator?

I think Luis' reply is enough to decline this task. Phabricator is a third party tool that we are using. I see no reason to invest resources in developing and maintaining a local patch when there hasn't been any problem with this caching feature and when we have 'no blanket prohibition' from WMF-Legal.

I propose to close this task as Resolved. We have investigated this feature and we have decided not to disable it.