Page MenuHomePhabricator

Investigate and perhaps disable edit caching in Phabricator
Closed, ResolvedPublic

Description

In T39992#777565, @Qgil wrote:

About ability to recover from crashes, I wonder how complex would it be enable this "cache" that Phabricator offers in this very Comments textarea I'm typing it. Type something, reboot your laptop, come back to this URL, and your text is still here, in the textarea, where you left it.

In T39992#424332, @Jdforrester-WMF pointed out that server-side private drafts are not acceptable. It needs to be investigated how Phabricator does this and, if server-side, disable it.

Event Timeline

scfc created this task.Nov 25 2014, 5:45 AM
scfc raised the priority of this task from to Needs Triage.
scfc updated the task description. (Show Details)
scfc added a project: Phabricator.
scfc changed Security from none to None.
scfc added a subscriber: scfc.
Qgil triaged this task as Low priority.Nov 25 2014, 7:02 AM
Qgil added subscribers: Jdforrester-WMF, Qgil.

CCing @Jdforrester-WMF

I hope the current caching is not a problem in Phabricator; it's very useful here.

Ask Legal, not me. I'm just the messenger on this.

It looks like it's server-side.

I'm not a lawyer either, but I think there are two key differences here:

  • Any images uploaded are clearly uploaded, not "drafted".
  • This is not a supported service. It is not a permanent draft. There is no UI or documentation fr it. Nobody is promising you that the server cache won't be flushed in 10 minutes.
scfc added a comment.Nov 27 2014, 3:33 AM

In T39992#424332, there is fear that terrorists or spies use that service to exchange messages so it doesn't need to be documented or even supported, just used.

(Also some definitions of child pornography include texts, for example German law. Apparently, US law and WMF's Terms of Use allow such texts to be shared. However, such distribution wherever perpetrated is probably punishable in Germany per § 184b StGB i. V. m. § 6 VI StGB.)

Aklapper added subscribers: LuisV_WMF, Aklapper.

This needs legal input first to be able to make a decision on "threats vs. convenience".
Assigning to @LuisV_WMF for the time being (feel free to reassign, I'm sorry for using you as a proxy).

Fine to use me as a proxy. I'll take a look after the holiday.

Tgr added a subscriber: Tgr.Nov 27 2014, 10:51 PM

Wikipedia supports storing private data via the options API, Gerrit supports storing private data via draft inline comments, Phabricator (and before that, Bugzilla) supports storing private data via saved searches, so it's not like this would change the status quo in any way. You would be hard-pressed to find any software product today which allows personal accounts but does not allow storing private data in those accounts in some way that could be technically used to distribute illegal material. I find it fairly ridiculous to suggest that any organization hosting any software capable of storing private data is in violation of German (or any other) anti-terrorism/child porn/whatever law.

Also, if "no private drafts whatsoever" is an actual decree from Legal, could they verify that? (CC-ing Luis.) Lets not spend too much time arguing on something that might yet turn out to be a myth.

Tgr added a comment.Nov 27 2014, 10:54 PM

(That's what you get for not refreshing.) Luis, can you also comment on T39992? References to Legal are made there as well. The relevant thread starts at T39992#424332.

scfc added a comment.Nov 28 2014, 12:24 AM
In T75834#792390, @Tgr wrote:

Wikipedia supports storing private data via the options API, Gerrit supports storing private data via draft inline comments, Phabricator (and before that, Bugzilla) supports storing private data via saved searches, so it's not like this would change the status quo in any way. You would be hard-pressed to find any software product today which allows personal accounts but does not allow storing private data in those accounts in some way that could be technically used to distribute illegal material. I find it fairly ridiculous to suggest that any organization hosting any software capable of storing private data is in violation of German (or any other) anti-terrorism/child porn/whatever law.
[…]

I didn't want to suggest that (and it would be wrong). @Qgil's comment above seemed to say that distributing child pornography is only relevant if it is done in the form of images, and I wanted to mention aside from the question at hand that this (apparently) reflects US law, but not (for example) German.

Waiting for input from Luis here, but I (not being a lawyer) would close this task as declined.

I'd generally prefer client-side drafts, but as discussed offline with @Jdforrester-WMF there is no blanket prohibition from the legal team on server-side draft storage.

scfc added a comment.Dec 31 2014, 3:16 PM

I'd generally prefer client-side drafts, but as discussed offline with @Jdforrester-WMF there is no blanket prohibition from the legal team on server-side draft storage.

Do you have an ETA for the legal team's conclusion on edit caching in Phabricator?

I think Luis' reply is enough to decline this task. Phabricator is a third party tool that we are using. I see no reason to invest resources in developing and maintaining a local patch when there hasn't been any problem with this caching feature and when we have 'no blanket prohibition' from WMF-Legal.

I propose to close this task as Resolved. We have investigated this feature and we have decided not to disable it.

Aklapper closed this task as Resolved.Jan 2 2015, 1:53 PM

Thanks everybody!

Resolving for the "investigate" part, declining for the "disable" part of the task title.