Page MenuHomePhabricator

JFishback_WMF (James)
Disabled

Projects

User does not belong to any projects.

User Details

User Since
Apr 16 2019, 4:16 PM (262 w, 1 d)
Roles
Disabled
IRC Nick
jfishback
LDAP User
Jfishback
MediaWiki User
JFishback (WMF) [ Global Accounts ]
This account has been disabled.

Recent Activity

Jan 8 2024

JFishback_WMF moved T353589: Opt out of Chrome topic calculation on Wikimedia sites & Cloud Services from Incoming to Watching on the Privacy Engineering board.
Jan 8 2024, 7:08 PM · Patch-For-Review, User-Frostly, SRE, Traffic, Privacy Engineering, Privacy

Nov 13 2023

JFishback_WMF updated subscribers of T347576: Including donor's first name as a URL parameter..
Nov 13 2023, 7:10 PM · Privacy Engineering, SecTeam-Processed

Nov 6 2023

JFishback_WMF closed T347576: Including donor's first name as a URL parameter. as Resolved.

JS was updated to sanitize the name being injected.

Nov 6 2023, 4:15 PM · Privacy Engineering, SecTeam-Processed

Nov 3 2023

JFishback_WMF updated subscribers of T347576: Including donor's first name as a URL parameter..
Nov 3 2023, 7:51 PM · Privacy Engineering, SecTeam-Processed
JFishback_WMF updated subscribers of T347576: Including donor's first name as a URL parameter..
Nov 3 2023, 6:45 PM · Privacy Engineering, SecTeam-Processed
JFishback_WMF added a comment to T347576: Including donor's first name as a URL parameter..

@sbassett Did AppSec review the JS to ensure that any parameters are scrubbed before injecting on the page?

Nov 3 2023, 6:29 PM · Privacy Engineering, SecTeam-Processed

Oct 16 2023

JFishback_WMF moved T339805: Add cswiki to clickstream from Incoming to Watching on the Privacy Engineering board.
Oct 16 2023, 6:24 PM · Data Products, Data-Engineering, Privacy Engineering, Data Pipelines
JFishback_WMF updated subscribers of T347576: Including donor's first name as a URL parameter..
Oct 16 2023, 3:58 PM · Privacy Engineering, SecTeam-Processed
JFishback_WMF added a project to T347576: Including donor's first name as a URL parameter.: Privacy Engineering.
Oct 16 2023, 3:56 PM · Privacy Engineering, SecTeam-Processed
JFishback_WMF removed a project from T347576: Including donor's first name as a URL parameter.: Privacy Engineering.
Oct 16 2023, 3:55 PM · Privacy Engineering, SecTeam-Processed
JFishback_WMF added a comment to T347576: Including donor's first name as a URL parameter..

Sorry all - we're (Privacy Engineering ) running a little behind on this. Will be looking at it today in our team scrum and will post any updates back here.

Oct 16 2023, 3:34 PM · Privacy Engineering, SecTeam-Processed

Oct 13 2023

JFishback_WMF added a comment to T348504: [Data Platform] Update referer job to use global country deny list instead of a hard-coded one.

Since I got pinged, I'll quickly weigh in with my thoughts, too. I like the approach of a "weighted" CPL. Also, I think @Htriedman is correct that DP is a valid mitigation that might obviate the need to use the CPL at all in some cases. When we first came up with the CPL years ago it was a stop-gap blunt instrument mitigation that worked at the time, but (thanks to Hal) we have better options now. And, to me, the increasingly widespread use of it lends support to the idea that we should have ONE version of it that we improve over time, rather than using a one-off every time (imho, and to the degree possible). FWIW I've also reached out to Legal a few times over the years to see if they have any feedback about improving the list, but it's not really been a high priority. Perhaps it should be since we seem to keep coming back to the well?

Oct 13 2023, 5:59 PM · Data Engineering and Event Platform Team (Sprint 3)

Oct 4 2023

JFishback_WMF added a project to T339805: Add cswiki to clickstream: Privacy Engineering.
Oct 4 2023, 7:07 PM · Data Products, Data-Engineering, Privacy Engineering, Data Pipelines
JFishback_WMF removed a project from T339805: Add cswiki to clickstream: Privacy Engineering.
Oct 4 2023, 7:07 PM · Data Products, Data-Engineering, Privacy Engineering, Data Pipelines

Sep 29 2023

JFishback_WMF updated subscribers of T341565: CVE-2023-3550: Stored XSS when uploading crafted XML file to Special:Upload (non standard configuration).
Sep 29 2023, 2:52 PM · MW-1.40-release, MW-1.39-release, MW-1.35-release, Vuln-XXE, Vuln-CSRF, MediaWiki-File-management, Vuln-XSS, Security, Security-Team
JFishback_WMF updated subscribers of T341565: CVE-2023-3550: Stored XSS when uploading crafted XML file to Special:Upload (non standard configuration).
Sep 29 2023, 2:51 PM · MW-1.40-release, MW-1.39-release, MW-1.35-release, Vuln-XXE, Vuln-CSRF, MediaWiki-File-management, Vuln-XSS, Security, Security-Team

Sep 25 2023

JFishback_WMF placed T290493: Cross Origin Resource Sharing Misconfiguration | Lead to sensitive information. in "diff.wikimedia.org" up for grabs.
Sep 25 2023, 7:06 PM · Privacy Engineering, Privacy, Diff-blog, SecTeam-Processed, Security

Sep 5 2023

JFishback_WMF moved T22005: AbuseLog show private data (timestamp emailconfirm) from Backlog to Completed on the Privacy Engineering board.
Sep 5 2023, 3:47 PM · Privacy Engineering, Privacy, AbuseFilter
JFishback_WMF moved T199992: Javanese OCR installation steps for Wikisource from Backlog to Watching on the Privacy Engineering board.
Sep 5 2023, 3:45 PM · Privacy Engineering, ProofreadPage, I18n, All-and-every-Wikisource

Aug 2 2023

JFishback_WMF moved T214251: Phabricator account email address requirement contradicts linked wiki Privacy Policy from Backlog to Completed on the Privacy Engineering board.
Aug 2 2023, 4:20 PM · Phabricator (2023-11-14), Release-Engineering-Team (Quid Pro Crow 🦃), Privacy Engineering, Privacy

Jul 24 2023

JFishback_WMF moved T342487: [Event Platform] Actor performing suppression revealed publicly from Incoming to Backlog on the Privacy Engineering board.

Privacy Engineering is triaging this.

Jul 24 2023, 7:14 PM · Data-Engineering (Sprint 6), MW-1.42-notes (1.42.0-wmf.7; 2023-11-28), SecTeam-Processed, Privacy Engineering, Event-Platform, Vuln-Infoleak, Security

Jun 12 2023

JFishback_WMF moved T336749: Ensure that Mastodon profile is removed from DB when users vanishes. from Incoming to Watching on the Privacy Engineering board.
Jun 12 2023, 4:37 PM · RealMe, Privacy, Privacy Engineering

May 22 2023

JFishback_WMF added a comment to T301181: Audit members of acl*security for more than 12 months of no activity (May 2023).

Yep, priv_eng_sync is me. Please don't remove.

May 22 2023, 3:01 PM · user-sbassett, SecTeam-Processed, User-AKlapper, Phabricator, Security, Security-Team

May 15 2023

JFishback_WMF updated subscribers of T310393: IP Info log can be used to deanonymize user.
May 15 2023, 4:58 PM · Privacy Engineering, Anti-Harassment, Vuln-Infoleak, SecTeam-Processed, IP Info, Security, Security-Team

Apr 17 2023

JFishback_WMF moved T304107: bn.wikibooks loads fonts from third party sites from Watching to Completed on the Privacy Engineering board.
Apr 17 2023, 4:31 PM · Bengali-Sites, Privacy Engineering, Privacy, WMF-General-or-Unknown

Feb 28 2023

JFishback_WMF moved T305082: Request for Private repos to be enabled from Incoming to Watching on the Privacy Engineering board.
Feb 28 2023, 8:31 PM · Privacy Engineering, Release-Engineering-Team (Priority Backlog 📥), Privacy, User-brennen, GitLab (Administration, Settings & Policy), Product-Analytics
JFishback_WMF added a project to T305082: Request for Private repos to be enabled: Privacy Engineering.
Feb 28 2023, 8:31 PM · Privacy Engineering, Release-Engineering-Team (Priority Backlog 📥), Privacy, User-brennen, GitLab (Administration, Settings & Policy), Product-Analytics

Jan 3 2023

JFishback_WMF moved T325891: owidm.wmcloud.org loads 3rd party content (privacy violation) from Incoming to Watching on the Privacy Engineering board.
Jan 3 2023, 7:11 PM · Wikimedia-Medicine, Privacy, OurWorldInData, Privacy Engineering

Nov 22 2022

JFishback_WMF added a comment to T322218: Create API to allow retrieving detailed information about Thanks log items for my own user account.

Hello @kostajh - we'll add this to our next sprint. Part of the team will be off for the upcoming holidays but I'll see if someone can review it in the meantime.

Nov 22 2022, 5:31 PM · Growth-Team, Privacy Engineering, Thanks, Growth-Positive-Reinforcement, GrowthExperiments-ImpactModule

Nov 1 2022

JFishback_WMF moved T289532: Add more languages to Wikipedia Clickstream from Incoming to Backlog on the Privacy Engineering board.
Nov 1 2022, 7:09 PM · Data Products (Epics Timeline), Privacy Engineering, Data Pipelines, Epic

Oct 3 2022

JFishback_WMF moved T318838: netbox.wikimedia.org/metrics and netbox-next.wikimedia.org/metrics publicly expose prometheus and python metrics from Incoming to Backlog on the Privacy Engineering board.
Oct 3 2022, 10:13 PM · Infrastructure-Foundations, Vuln-MissingAuthz, SecTeam-Processed, Privacy Engineering, SRE, Security, Security-Team

Aug 22 2022

JFishback_WMF moved T312823: Remove obsolete "Permissions-Policy: interest-cohort" header from Incoming to Watching on the Privacy Engineering board.
Aug 22 2022, 4:47 PM · SRE, Privacy Engineering, Traffic

Aug 9 2022

JFishback_WMF moved T314703: Structured data for deleted files on Commons still visible in SPARQL engine after deletion from Incoming to Watching on the Privacy Engineering board.
Aug 9 2022, 4:47 PM · Discovery-Search (Current work), Privacy Engineering, Wikidata, Wikidata-Query-Service, MediaWiki-Page-deletion, Privacy, Commons
JFishback_WMF added a project to T314703: Structured data for deleted files on Commons still visible in SPARQL engine after deletion: Privacy Engineering.
Aug 9 2022, 4:47 PM · Discovery-Search (Current work), Privacy Engineering, Wikidata, Wikidata-Query-Service, MediaWiki-Page-deletion, Privacy, Commons
JFishback_WMF moved T302189: Regularly purge orphaned sitelink, value and reference nodes from Incoming to Watching on the Privacy Engineering board.
Aug 9 2022, 4:46 PM · Privacy Engineering, Privacy, Wikidata, Wikidata-Query-Service
JFishback_WMF added a project to T302189: Regularly purge orphaned sitelink, value and reference nodes: Privacy Engineering.
Aug 9 2022, 4:45 PM · Privacy Engineering, Privacy, Wikidata, Wikidata-Query-Service

Jul 24 2022

JFishback_WMF moved T313653: MediaWiki:Gadget-mathjax.js on ja.wikisource loads third-party content from Incoming to Watching on the Privacy Engineering board.
Jul 24 2022, 5:25 PM · WMF-General-or-Unknown, Privacy Engineering, Privacy
JFishback_WMF moved T313654: MediaWiki:Gadget-webfont.js on zh.wikipedia loads fonts from Toolforge from Incoming to Watching on the Privacy Engineering board.
Jul 24 2022, 5:24 PM · Chinese-Sites, WMF-General-or-Unknown, Privacy Engineering, Privacy

Jul 18 2022

JFishback_WMF moved T313155: Privacy violation on ar.wikiquote.org loading font from Toolforge from Incoming to Watching on the Privacy Engineering board.
Jul 18 2022, 3:55 PM · Privacy Engineering, Privacy, WMF-General-or-Unknown

Jul 14 2022

JFishback_WMF moved T313062: clean up trailing numbers from email addresses in payment provider audit files from Incoming to Watching on the Privacy Engineering board.
Jul 14 2022, 6:34 PM · Fundraising-Backlog

Jul 5 2022

JFishback_WMF moved T309325: Cross-team review of Geolocation API proposal from Incoming to Watching on the Privacy Engineering board.
Jul 5 2022, 5:26 PM · Campaign-Tools (Campaign-Tools-Current-Sprint), Privacy Engineering
JFishback_WMF added a project to T309325: Cross-team review of Geolocation API proposal: Privacy Engineering.
Jul 5 2022, 5:26 PM · Campaign-Tools (Campaign-Tools-Current-Sprint), Privacy Engineering
JFishback_WMF moved T305705: [spike] Investigation on which geolocation API from Incoming to Watching on the Privacy Engineering board.
Jul 5 2022, 5:25 PM · Privacy Engineering, Campaign-Tools (Campaign-Tools-Sprint-13), CampaignEvents, Campaign-Registration
JFishback_WMF added a project to T305705: [spike] Investigation on which geolocation API: Privacy Engineering.
Jul 5 2022, 5:24 PM · Privacy Engineering, Campaign-Tools (Campaign-Tools-Sprint-13), CampaignEvents, Campaign-Registration
JFishback_WMF moved T312048: Tool "unpkg" loads assets from Google from Incoming to Watching on the Privacy Engineering board.
Jul 5 2022, 5:03 PM · Privacy, Privacy Engineering, Tools
JFishback_WMF moved T258232: fontcdn.toolforge.org loads assets for detail views directly from google from Incoming to Watching on the Privacy Engineering board.
Jul 5 2022, 5:03 PM · cloud-services-team, Privacy, Privacy Engineering, Tools

May 11 2022

JFishback_WMF moved T306360: clear trailing number from email addresses in logs from Incoming to Watching on the Privacy Engineering board.
May 11 2022, 8:07 PM · Privacy Engineering, fundraising-tech-ops, Fundraising-Backlog
JFishback_WMF added a project to T306360: clear trailing number from email addresses in logs: Privacy Engineering.
May 11 2022, 8:07 PM · Privacy Engineering, fundraising-tech-ops, Fundraising-Backlog
JFishback_WMF moved T307245: Swift for differential privacy data publication from Incoming to Backlog on the Privacy Engineering board.
May 11 2022, 5:46 AM · SRE-swift-storage, Privacy Engineering, Data-Engineering

May 9 2022

JFishback_WMF moved T305960: wdqs-tutorial.toolforge.org loads external resources from Incoming to Watching on the Privacy Engineering board.
May 9 2022, 10:52 PM · Wikidata, Wikidata-Query-Service, Privacy Engineering, Privacy

Apr 6 2022

JFishback_WMF moved T299627: Investigate releasing historical top-pageview-per-country data from Backlog to Waiting on the Privacy Engineering board.
Apr 6 2022, 4:07 PM · Privacy Engineering, Data-Engineering

Mar 24 2022

JFishback_WMF moved T299627: Investigate releasing historical top-pageview-per-country data from Incoming to Backlog on the Privacy Engineering board.
Mar 24 2022, 5:45 PM · Privacy Engineering, Data-Engineering

Mar 21 2022

JFishback_WMF added a comment to T303921: vec.wikipedia.org main page loads third-party content (due to addThisMain gadget enabled by default).

Thanks @Majavah I think they can be closed. Thanks for jumping on these so quickly!

Mar 21 2022, 8:24 PM · Privacy Engineering, WMF-General-or-Unknown, Privacy
JFishback_WMF moved T303921: vec.wikipedia.org main page loads third-party content (due to addThisMain gadget enabled by default) from Incoming to Watching on the Privacy Engineering board.
Mar 21 2022, 2:55 PM · Privacy Engineering, WMF-General-or-Unknown, Privacy
JFishback_WMF moved T304107: bn.wikibooks loads fonts from third party sites from Incoming to Watching on the Privacy Engineering board.
Mar 21 2022, 2:55 PM · Bengali-Sites, Privacy Engineering, Privacy, WMF-General-or-Unknown
JFishback_WMF moved T304108: viwiki loads font from google for all users from Incoming to Watching on the Privacy Engineering board.
Mar 21 2022, 2:54 PM · Privacy Engineering, Privacy, WMF-General-or-Unknown
JFishback_WMF moved T304154: tr.wiktionary.org by default loads fonts from third-party dl.dropboxusercontent.com from Incoming to Watching on the Privacy Engineering board.
Mar 21 2022, 2:54 PM · WMF-General-or-Unknown, Privacy Engineering, Privacy
JFishback_WMF moved T304151: pa.wikisource.org loads by default resources from tools-static.wmflabs.org from Incoming to Watching on the Privacy Engineering board.
Mar 21 2022, 2:53 PM · WMF-General-or-Unknown, Privacy Engineering, Privacy
JFishback_WMF moved T304208: bn.wikisource.org loads by default resources from tools-static.wmflabs.org from Incoming to Watching on the Privacy Engineering board.
Mar 21 2022, 2:53 PM · Bengali-Sites, WMF-General-or-Unknown, Privacy Engineering, Privacy

Mar 9 2022

JFishback_WMF moved T303304: Privacy review for dataset publishing (Wikidata topic -> pageview data) from Incoming to Backlog on the Privacy Engineering board.
Mar 9 2022, 9:32 PM · Data-Engineering-Radar, Privacy Engineering, Privacy
JFishback_WMF added a project to T303304: Privacy review for dataset publishing (Wikidata topic -> pageview data): Privacy Engineering.
Mar 9 2022, 9:32 PM · Data-Engineering-Radar, Privacy Engineering, Privacy

Mar 7 2022

JFishback_WMF added a comment to T65598: Privacy issues with Gadget-GoogleTrans.js (calls out to google APIs).

@sguebo_WMF Agreed - I think it's fine to make public.

Mar 7 2022, 11:42 PM · Security, Privacy Engineering, WMF-General-or-Unknown, Privacy

Feb 16 2022

JFishback_WMF added a comment to T290493: Cross Origin Resource Sharing Misconfiguration | Lead to sensitive information. in "diff.wikimedia.org".

@sbassett LGTM!

Feb 16 2022, 2:07 AM · Privacy Engineering, Privacy, Diff-blog, SecTeam-Processed, Security

Feb 1 2022

JFishback_WMF moved T298166: Work out a strategy on Yandex's Turbo Pages from Incoming to Backlog on the Privacy Engineering board.
Feb 1 2022, 8:14 PM · Privacy Engineering, Performance-Team (Radar), Privacy, Product-Analytics
JFishback_WMF added a project to T298166: Work out a strategy on Yandex's Turbo Pages: Privacy Engineering.
Feb 1 2022, 8:13 PM · Privacy Engineering, Performance-Team (Radar), Privacy, Product-Analytics

Jan 24 2022

JFishback_WMF moved T92298: Investigate our mitigation strategy for HTTPS response length attacks from Incoming to Watching on the Privacy Engineering board.
Jan 24 2022, 5:17 PM · Privacy Engineering, Traffic-Icebox, Security, SRE, HTTPS
JFishback_WMF added a project to T92298: Investigate our mitigation strategy for HTTPS response length attacks: Privacy Engineering.
Jan 24 2022, 5:17 PM · Privacy Engineering, Traffic-Icebox, Security, SRE, HTTPS
JFishback_WMF moved T299397: Measure user-agent client hints already sent in browsers requests from Incoming to Watching on the Privacy Engineering board.
Jan 24 2022, 4:48 PM · Metrics Platform Backlog, Privacy Engineering, Anti-Harassment, Web-Team-Backlog, Structured-Data-Backlog, Product-Analytics, Data-Engineering

Dec 6 2021

JFishback_WMF moved T293379: [[:w:en:User:Firefly/checkuseragenthelper.js]] sends CU user-agents to a third party from Backlog to Completed on the Privacy Engineering board.
Dec 6 2021, 4:42 PM · Security-Team, User-Urbanecm, SecTeam-Processed, Trust-and-Safety, Privacy, Privacy Engineering, Security

Nov 29 2021

JFishback_WMF added a comment to T293379: [[:w:en:User:Firefly/checkuseragenthelper.js]] sends CU user-agents to a third party.

@Urbanecm Your question is, I think, really a WMF-Legal question. I'll reach out to them as they don't routinely monitor Phab.

Nov 29 2021, 4:40 PM · Security-Team, User-Urbanecm, SecTeam-Processed, Trust-and-Safety, Privacy, Privacy Engineering, Security

Nov 22 2021

JFishback_WMF triaged T290493: Cross Origin Resource Sharing Misconfiguration | Lead to sensitive information. in "diff.wikimedia.org" as Low priority.
Nov 22 2021, 4:48 PM · Privacy Engineering, Privacy, Diff-blog, SecTeam-Processed, Security

Nov 3 2021

JFishback_WMF moved T290493: Cross Origin Resource Sharing Misconfiguration | Lead to sensitive information. in "diff.wikimedia.org" from In Progress to Waiting on the Privacy Engineering board.
Nov 3 2021, 11:05 PM · Privacy Engineering, Privacy, Diff-blog, SecTeam-Processed, Security
JFishback_WMF removed projects from T218618: Add no-transform to Cache-Control header: Privacy Engineering, Security-Team.
Nov 3 2021, 7:06 PM · Patch-For-Review, Traffic, WMF-Legal, Privacy
JFishback_WMF removed a project from T250314: Investigate Privacy Pass for Wikimedia Sites: Security-Team.
Nov 3 2021, 7:03 PM · Privacy Engineering, Privacy, WMF-General-or-Unknown

Nov 1 2021

JFishback_WMF moved T294511: 2021 Security Team wikireplicas audit from Incoming to Watching on the Privacy Engineering board.
Nov 1 2021, 3:32 PM · Privacy Engineering, Epic

Sep 17 2021

JFishback_WMF triaged T291186: Privacy Policy Review for Global South Wikidata edits and active editors datasets as Medium priority.
Sep 17 2021, 8:42 PM · Privacy Engineering, Analytics-Radar, Wikidata, WMDE-Analytics-Engineering, Wikidata Analytics
JFishback_WMF assigned T291186: Privacy Policy Review for Global South Wikidata edits and active editors datasets to Htriedman.
Sep 17 2021, 8:42 PM · Privacy Engineering, Analytics-Radar, Wikidata, WMDE-Analytics-Engineering, Wikidata Analytics

Sep 13 2021

JFishback_WMF moved T289279: Add check to make sure deny-list countries aren't being passed through AQS from Watching to Completed on the Privacy Engineering board.
Sep 13 2021, 6:46 PM · Privacy, Privacy Engineering, SecTeam-Processed, Data-Engineering, Analytics-Kanban, Security
JFishback_WMF removed a project from T215046: RfC: Use Github login for mediawiki.org: Privacy Engineering.
Sep 13 2021, 6:44 PM · Security, User-Tgr, Privacy, TechCom-RFC, WMF-General-or-Unknown
JFishback_WMF moved T108505: Privacy Badger interferes with CentralAuth from Incoming to Completed on the Privacy Engineering board.
Sep 13 2021, 6:42 PM · Privacy Engineering, Privacy, MediaWiki-extensions-CentralAuth
JFishback_WMF moved T245775: Tool "toolforge-gallery" loads resources from googleapis and fontawesome from Incoming to Completed on the Privacy Engineering board.
Sep 13 2021, 6:41 PM · Privacy Engineering, Tools, Privacy

Sep 7 2021

JFishback_WMF claimed T290493: Cross Origin Resource Sharing Misconfiguration | Lead to sensitive information. in "diff.wikimedia.org".
Sep 7 2021, 4:39 PM · Privacy Engineering, Privacy, Diff-blog, SecTeam-Processed, Security
JFishback_WMF moved T290493: Cross Origin Resource Sharing Misconfiguration | Lead to sensitive information. in "diff.wikimedia.org" from Incoming to In Progress on the Privacy Engineering board.
Sep 7 2021, 4:39 PM · Privacy Engineering, Privacy, Diff-blog, SecTeam-Processed, Security
JFishback_WMF moved T289952: Request: expose database tables of the Translate extension to users in replicas on Toolforge (Wikidata, or all Wikis) from Incoming to Backlog on the Privacy Engineering board.
Sep 7 2021, 2:43 PM · Language-Team (Language-2021-October-December), Privacy Engineering, SecTeam-Processed, cloud-services-team (Kanban), Data-Services

Sep 1 2021

JFishback_WMF moved T290099: Create a "delete me" maintenance script for special user/data deletion requests from Incoming to Backlog on the Privacy Engineering board.
Sep 1 2021, 3:09 PM · affects-Miraheze, MW-1.38-notes (1.38.0-wmf.2; 2021-09-28), Security-Team, Privacy Engineering, Privacy, Security

Aug 30 2021

JFishback_WMF added a comment to T195578: Deploy access to performance_schema/sys for the administrative mediawiki account (mediawiki deployers).

Hey @LSobanski - I haven't reviewed this task in any detail yet. I can add this to our current sprint and take a look in the next couple of weeks. Does that work?

Aug 30 2021, 8:29 PM · WMF-Legal, Privacy Engineering, Security, SecTeam Discussion, Performance Issue, DBA
JFishback_WMF moved T289279: Add check to make sure deny-list countries aren't being passed through AQS from Incoming to Watching on the Privacy Engineering board.
Aug 30 2021, 3:41 PM · Privacy, Privacy Engineering, SecTeam-Processed, Data-Engineering, Analytics-Kanban, Security
JFishback_WMF moved T289941: The link to privacy policy in the survey panel in the ruwiki leads to the test domain from Incoming to Watching on the Privacy Engineering board.
Aug 30 2021, 3:39 PM · Performance-Team (Radar), MW-1.37-notes (1.37.0-wmf.23; 2021-09-13), Patch-For-Review, Web-Team-Backlog (Kanbanana-FY-2021-22), QuickSurveys, Privacy Engineering

Aug 27 2021

JFishback_WMF updated JFishback_WMF.
Aug 27 2021, 9:32 PM
JFishback_WMF added a comment to T279952: event.WikipediaPortal referer modification.

Hey @mforns! @sguebo_WMF has been working on this for the Privacy Engineering team and filled me in on the details so far. I concur with his analysis - since the likelihood of http://p.c.g appearing seems pretty low in the first place. And since, AIUI, even with a potentially problematic hostname, there is not a high level of additional detailed information with which to reidentify someone, this seems like a LOW risk to me. @sguebo_WMF is finalizing our risk review sheet right now (he might actually be done already, but I'm not sure yet), but please let us know if you think we've missed something. It seems like even with language and country being included in the schema, the likelihood of being able to track hostname back to an individual user is pretty low. Are there other properties that concern you that we maybe missed?

Aug 27 2021, 4:26 PM · Data-Engineering, Privacy Engineering, FR-Tech-Analytics

Aug 12 2021

JFishback_WMF moved T266477: Add growthexperiments to allowed allowed_logtypes from Backlog to Completed on the Privacy Engineering board.

I concur with @sbassett. Looks low risk to me.

Aug 12 2021, 5:21 PM · Privacy Engineering, Data-Services, User-Urbanecm, cloud-services-team (Kanban)

Aug 10 2021

JFishback_WMF reassigned T279237: mailman2 archives attachment in mailing lists that are set not keep an archive from JFishback_WMF to sguebo_WMF.
Aug 10 2021, 6:37 PM · SRE, Privacy Engineering, Security-Team, User-Ladsgroup, serviceops, Wikimedia-Mailing-lists, Vuln-Infoleak, SecTeam-Processed, Security

Aug 4 2021

JFishback_WMF moved T279237: mailman2 archives attachment in mailing lists that are set not keep an archive from Incoming to In Progress on the Privacy Engineering board.
Aug 4 2021, 9:23 PM · SRE, Privacy Engineering, Security-Team, User-Ladsgroup, serviceops, Wikimedia-Mailing-lists, Vuln-Infoleak, SecTeam-Processed, Security
JFishback_WMF added a project to T279237: mailman2 archives attachment in mailing lists that are set not keep an archive: Privacy Engineering.
Aug 4 2021, 9:23 PM · SRE, Privacy Engineering, Security-Team, User-Ladsgroup, serviceops, Wikimedia-Mailing-lists, Vuln-Infoleak, SecTeam-Processed, Security

Jul 26 2021

JFishback_WMF moved T166138: Please add Petit Formal Script to the UniversalLanguageSelector from Incoming to Watching on the Privacy Engineering board.
Jul 26 2021, 3:48 PM · All-and-every-Wikisource, Privacy Engineering, UniversalLanguageSelector

Jul 21 2021

JFishback_WMF added a comment to T271202: Provide raw KaiOSAppFeedback data to Chelsea Riley for analysis.

Thanks @nshahquinn-wmf !

Jul 21 2021, 11:39 PM · Product-Analytics, Inuka-Team
JFishback_WMF added a comment to T284943: User genders publicly disclosed in wiki-replicas global_preferences and user_properties tables.

If @Urbanecm is correct that

IIRC, we don't use the gender property for anything that's visible only to the user

and we warn users that their answer to the gender question will be made public. And the default behavior is to default to "no answer" (i.e. MW does not assume a particular gender). Then it seems like there is very little incremental risk in exposing the gender response in the replicas. N.B. making already public data easier to access may still be considered a privacy violation, but it seems like, in this case, there is probably not much additional harm.

Jul 21 2021, 9:15 PM · Privacy Engineering, Data-Services, cloud-services-team (Kanban)
JFishback_WMF moved T199992: Javanese OCR installation steps for Wikisource from Incoming to Backlog on the Privacy Engineering board.
Jul 21 2021, 8:49 PM · Privacy Engineering, ProofreadPage, I18n, All-and-every-Wikisource

Jun 21 2021

JFishback_WMF moved T284941: [S] Add note explaining that EXIF geolocation metadata may be uploaded with Commons images from Incoming to In Progress on the Privacy Engineering board.
Jun 21 2021, 3:37 PM · QTE-TestingOverview, MW-1.38-notes (1.38.0-wmf.9; 2021-11-16), Commons, Structured-Data-Backlog (Current Work), cloud-services-team (Kanban), Privacy Engineering
JFishback_WMF moved T284943: User genders publicly disclosed in wiki-replicas global_preferences and user_properties tables from Incoming to In Progress on the Privacy Engineering board.
Jun 21 2021, 3:37 PM · Privacy Engineering, Data-Services, cloud-services-team (Kanban)