Page MenuHomePhabricator

JFishback_WMF (James)
Staff Privacy Architect (Security Team)

Today

  • Clear sailing ahead.

Tomorrow

  • Clear sailing ahead.

Sunday

  • Clear sailing ahead.

User Details

User Since
Apr 16 2019, 4:16 PM (127 w, 2 d)
Availability
Available
IRC Nick
jfishback
LDAP User
Jfishback
MediaWiki User
JFishback (WMF) [ Global Accounts ]

Recent Activity

Fri, Sep 17

JFishback_WMF triaged T291186: Privacy Policy Review for Global South Wikidata edits and active editors datasets as Medium priority.
Fri, Sep 17, 8:42 PM · Privacy Engineering, Analytics-Radar, Wikidata, WMDE-Analytics-Engineering, Wikidata Analytics
JFishback_WMF assigned T291186: Privacy Policy Review for Global South Wikidata edits and active editors datasets to Htriedman.
Fri, Sep 17, 8:42 PM · Privacy Engineering, Analytics-Radar, Wikidata, WMDE-Analytics-Engineering, Wikidata Analytics

Mon, Sep 13

JFishback_WMF moved T289279: Add check to make sure deny-list countries aren't being passed through AQS from Watching to Completed on the Privacy Engineering board.
Mon, Sep 13, 6:46 PM · Privacy, Privacy Engineering, SecTeam-Processed, Data-Engineering, Analytics-Kanban, Security
JFishback_WMF removed a project from T215046: RfC: Use Github login for mediawiki.org: Privacy Engineering.
Mon, Sep 13, 6:44 PM · Security, User-Tgr, Privacy, TechCom-RFC, Wikimedia-General-or-Unknown
JFishback_WMF moved T108505: Privacy Badger interferes with CentralAuth from Incoming to Completed on the Privacy Engineering board.
Mon, Sep 13, 6:42 PM · Privacy Engineering, Privacy, MediaWiki-extensions-CentralAuth
JFishback_WMF moved T245775: Tool "toolforge-gallery" loads resources from googleapis and fontawesome from Incoming to Completed on the Privacy Engineering board.
Mon, Sep 13, 6:41 PM · Privacy Engineering, Tools, Privacy

Tue, Sep 7

JFishback_WMF moved T289952: Request: expose database tables of the Translate extension to users in replicas on Toolforge (Wikidata, or all Wikis) from Incoming to Backlog on the Privacy Engineering board.
Tue, Sep 7, 2:43 PM · Privacy Engineering, SecTeam-Processed, Language-Team (Language-2021-July-September), cloud-services-team (Kanban), Data-Services

Wed, Sep 1

JFishback_WMF moved T290099: Create a "delete me" maintenance script for special user/data deletion requests from Incoming to Backlog on the Privacy Engineering board.
Wed, Sep 1, 3:09 PM · Patch-For-Review, User-RhinosF1, Security-Team, Privacy Engineering, Privacy, Security

Mon, Aug 30

JFishback_WMF added a comment to T195578: Deploy access to performance_schema/sys for the administrative mediawiki account (mediawiki deployers).

Hey @LSobanski - I haven't reviewed this task in any detail yet. I can add this to our current sprint and take a look in the next couple of weeks. Does that work?

Mon, Aug 30, 8:29 PM · WMF-Legal, Privacy Engineering, Security, SecTeam Discussion, Performance Issue, DBA
JFishback_WMF moved T289279: Add check to make sure deny-list countries aren't being passed through AQS from Incoming to Watching on the Privacy Engineering board.
Mon, Aug 30, 3:41 PM · Privacy, Privacy Engineering, SecTeam-Processed, Data-Engineering, Analytics-Kanban, Security
JFishback_WMF moved T289941: The link to privacy policy in the survey panel in the ruwiki leads to the test domain from Incoming to Watching on the Privacy Engineering board.
Mon, Aug 30, 3:39 PM · Performance-Team (Radar), MW-1.37-notes (1.37.0-wmf.23; 2021-09-13), Patch-For-Review, Readers-Web-Backlog (Kanbanana-FY-2021-22), QuickSurveys, Privacy Engineering

Fri, Aug 27

JFishback_WMF updated JFishback_WMF.
Fri, Aug 27, 9:32 PM
JFishback_WMF added a comment to T279952: event.WikipediaPortal referer modification.

Hey @mforns! @sguebo_WMF has been working on this for the Privacy Engineering team and filled me in on the details so far. I concur with his analysis - since the likelihood of http://p.c.g appearing seems pretty low in the first place. And since, AIUI, even with a potentially problematic hostname, there is not a high level of additional detailed information with which to reidentify someone, this seems like a LOW risk to me. @sguebo_WMF is finalizing our risk review sheet right now (he might actually be done already, but I'm not sure yet), but please let us know if you think we've missed something. It seems like even with language and country being included in the schema, the likelihood of being able to track hostname back to an individual user is pretty low. Are there other properties that concern you that we maybe missed?

Fri, Aug 27, 4:26 PM · Data-Engineering, Privacy Engineering, FR-Tech-Analytics, Analytics

Aug 12 2021

JFishback_WMF moved T266477: Add growthexperiments to allowed allowed_logtypes from Backlog to Completed on the Privacy Engineering board.

I concur with @sbassett. Looks low risk to me.

Aug 12 2021, 5:21 PM · Privacy Engineering, Data-Services, User-Urbanecm, cloud-services-team (Kanban)

Aug 10 2021

JFishback_WMF reassigned T279237: mailman2 archives attachment in mailing lists that are set not keep an archive from JFishback_WMF to sguebo_WMF.
Aug 10 2021, 6:37 PM · SRE, Privacy Engineering, Security-Team, User-Ladsgroup, serviceops, Wikimedia-Mailing-lists, Vuln-Infoleak, SecTeam-Processed, Security

Aug 4 2021

JFishback_WMF moved T279237: mailman2 archives attachment in mailing lists that are set not keep an archive from Incoming to In Progress on the Privacy Engineering board.
Aug 4 2021, 9:23 PM · SRE, Privacy Engineering, Security-Team, User-Ladsgroup, serviceops, Wikimedia-Mailing-lists, Vuln-Infoleak, SecTeam-Processed, Security
JFishback_WMF added a project to T279237: mailman2 archives attachment in mailing lists that are set not keep an archive: Privacy Engineering.
Aug 4 2021, 9:23 PM · SRE, Privacy Engineering, Security-Team, User-Ladsgroup, serviceops, Wikimedia-Mailing-lists, Vuln-Infoleak, SecTeam-Processed, Security

Jul 26 2021

JFishback_WMF moved T166138: Please add Petit Formal Script to the UniversalLanguageSelector from Incoming to Watching on the Privacy Engineering board.
Jul 26 2021, 3:48 PM · All-and-every-Wikisource, Privacy Engineering, Patch-For-Review, UniversalLanguageSelector

Jul 21 2021

JFishback_WMF added a comment to T271202: Provide raw KaiOSAppFeedback data to Chelsea Riley for analysis.

Thanks @nshahquinn-wmf !

Jul 21 2021, 11:39 PM · Product-Analytics, Inuka-Team
JFishback_WMF added a comment to T284943: User genders publicly disclosed in wiki-replicas global_preferences and user_properties tables.

If @Urbanecm is correct that

IIRC, we don't use the gender property for anything that's visible only to the user

and we warn users that their answer to the gender question will be made public. And the default behavior is to default to "no answer" (i.e. MW does not assume a particular gender). Then it seems like there is very little incremental risk in exposing the gender response in the replicas. N.B. making already public data easier to access may still be considered a privacy violation, but it seems like, in this case, there is probably not much additional harm.

Jul 21 2021, 9:15 PM · Privacy Engineering, Data-Services, cloud-services-team (Kanban)
JFishback_WMF moved T199992: Javanese OCR installation steps for Wikisource from Incoming to Backlog on the Privacy Engineering board.
Jul 21 2021, 8:49 PM · Privacy Engineering, ProofreadPage, I18n, All-and-every-Wikisource

Jun 21 2021

JFishback_WMF moved T284941: Remove geolocation metadata from Commons images from Incoming to In Progress on the Privacy Engineering board.
Jun 21 2021, 3:37 PM · Structured-Data-Backlog, cloud-services-team (Kanban), Privacy Engineering, Data-Services
JFishback_WMF moved T284943: User genders publicly disclosed in wiki-replicas global_preferences and user_properties tables from Incoming to In Progress on the Privacy Engineering board.
Jun 21 2021, 3:37 PM · Privacy Engineering, Data-Services, cloud-services-team (Kanban)
JFishback_WMF moved T284944: Increased visibility in wiki-replicas for volunteers fighting vandals from Incoming to In Progress on the Privacy Engineering board.
Jun 21 2021, 3:36 PM · cloud-services-team (Kanban), Privacy Engineering, Data-Services
JFishback_WMF moved T284948: Raw IPs of logged-out users disclosed in wiki-replicas from Incoming to In Progress on the Privacy Engineering board.
Jun 21 2021, 3:36 PM · cloud-services-team (Kanban), Privacy Engineering, Data-Services

May 25 2021

JFishback_WMF removed a project from T262320: Editing unregistered at wiki.pt does not generate any kind of warning about ones IP being revealed: Privacy Engineering.
May 25 2021, 2:34 PM · VisualEditor
JFishback_WMF moved T281397: Test trust tokens as a captcha alternative for Wikimedia from Backlog to Watching on the Privacy Engineering board.
May 25 2021, 2:31 PM · Privacy Engineering, Accessibility, Privacy, ConfirmEdit (CAPTCHA extension)

May 24 2021

JFishback_WMF moved T275409: Create and document Wikidough's privacy policy from Incoming to Watching on the Privacy Engineering board.
May 24 2021, 4:12 PM · Privacy Engineering, SRE, Traffic
JFishback_WMF added a project to T275409: Create and document Wikidough's privacy policy: Privacy Engineering.
May 24 2021, 4:12 PM · Privacy Engineering, SRE, Traffic

May 19 2021

JFishback_WMF added a comment to T281619: /var/log/mailman/subscribe* has PII (IP addresses) from August 2020.

Anything else that needs to be done on this?

May 19 2021, 5:36 PM · SecTeam-Processed, Privacy Engineering, SRE, Security-Team, Security, Wikimedia-Mailing-lists

May 12 2021

JFishback_WMF added a comment to T271202: Provide raw KaiOSAppFeedback data to Chelsea Riley for analysis.

@nshahquinn-wmf How did you end up resolving this? We should document it somewhere, so we can point to it for future requests like this. I recall you mentioning that this issue comes up not infrequently.

May 12 2021, 7:37 PM · Product-Analytics, Inuka-Team

May 11 2021

JFishback_WMF updated subscribers of T280538: Capture rev_is_revert event data in a stream different than mediawiki.revision-create.
May 11 2021, 1:38 PM · Privacy Engineering, Privacy, Event-Platform, Product-Analytics, Analytics

May 10 2021

JFishback_WMF moved T279952: event.WikipediaPortal referer modification from Incoming to Backlog on the Privacy Engineering board.
May 10 2021, 11:26 PM · Data-Engineering, Privacy Engineering, FR-Tech-Analytics, Analytics
JFishback_WMF added a project to T279952: event.WikipediaPortal referer modification: Privacy Engineering.
May 10 2021, 11:26 PM · Data-Engineering, Privacy Engineering, FR-Tech-Analytics, Analytics
JFishback_WMF added a comment to T279952: event.WikipediaPortal referer modification.

@mforns thanks for adding me! If this isn't a huge rush, we'll add this to the next Privacy Engineering scrum.

May 10 2021, 11:25 PM · Data-Engineering, Privacy Engineering, FR-Tech-Analytics, Analytics
JFishback_WMF moved T275754: Fix (non-default) gadgets loading executable JavaScript from third-party URLs from Waiting to Watching on the Privacy Engineering board.
May 10 2021, 4:37 PM · Wikimedia-General-or-Unknown, Privacy, Privacy Engineering
JFishback_WMF moved T282195: ApacheBeam prototype for DP noise addition with pageview privacy units on top of Spark from Incoming to Backlog on the Privacy Engineering board.
May 10 2021, 3:32 PM · Analytics, Research, Privacy Engineering, Privacy, Data-release

May 3 2021

JFishback_WMF added a comment to T281619: /var/log/mailman/subscribe* has PII (IP addresses) from August 2020.

@Ladsgroup Thanks - that would be great! Presumably this problem goes away with migration to Mailman3? Do we need to set up any kind of log rotation there to prevent this from happening again?

May 3 2021, 5:29 PM · SecTeam-Processed, Privacy Engineering, SRE, Security-Team, Security, Wikimedia-Mailing-lists
JFishback_WMF moved T281397: Test trust tokens as a captcha alternative for Wikimedia from Incoming to Backlog on the Privacy Engineering board.
May 3 2021, 4:27 PM · Privacy Engineering, Accessibility, Privacy, ConfirmEdit (CAPTCHA extension)
JFishback_WMF added a project to T281397: Test trust tokens as a captcha alternative for Wikimedia: Privacy Engineering.
May 3 2021, 4:27 PM · Privacy Engineering, Accessibility, Privacy, ConfirmEdit (CAPTCHA extension)
JFishback_WMF moved T281619: /var/log/mailman/subscribe* has PII (IP addresses) from August 2020 from Incoming to Watching on the Privacy Engineering board.
May 3 2021, 3:14 PM · SecTeam-Processed, Privacy Engineering, SRE, Security-Team, Security, Wikimedia-Mailing-lists
JFishback_WMF added a project to T281619: /var/log/mailman/subscribe* has PII (IP addresses) from August 2020: Privacy Engineering.
May 3 2021, 3:14 PM · SecTeam-Processed, Privacy Engineering, SRE, Security-Team, Security, Wikimedia-Mailing-lists

Apr 30 2021

JFishback_WMF added a watcher for Toolforge-standards-committee: JFishback_WMF.
Apr 30 2021, 3:16 AM

Apr 29 2021

JFishback_WMF moved T281532: Use of non-free third party analytics tool (Hotjar) by tools-iabot from Incoming to Watching on the Privacy Engineering board.
Apr 29 2021, 11:18 PM · Toolforge-standards-committee, Privacy Engineering, User-Harej, InternetArchiveBot, Privacy, Toolforge
JFishback_WMF added a project to T281532: Use of non-free third party analytics tool (Hotjar) by tools-iabot: Privacy Engineering.
Apr 29 2021, 11:17 PM · Toolforge-standards-committee, Privacy Engineering, User-Harej, InternetArchiveBot, Privacy, Toolforge

Apr 26 2021

JFishback_WMF updated subscribers of T207171: Have a way to show the most popular pages per country.

@Htriedman

Apr 26 2021, 5:13 PM · Analytics-Wikistats, Privacy Engineering, Inuka-Team, Language-strategy, Tool-Pageviews, Analytics
JFishback_WMF assigned T275754: Fix (non-default) gadgets loading executable JavaScript from third-party URLs to sguebo_WMF.
Apr 26 2021, 4:23 PM · Wikimedia-General-or-Unknown, Privacy, Privacy Engineering
JFishback_WMF moved T259421: WordPress blogs load (unused) Twemoji.js which uses third-party service from Backlog to Waiting on the Privacy Engineering board.
Apr 26 2021, 3:53 PM · Diff-blog, Privacy, Privacy Engineering, Technical blog, wikimediafoundation.org
JFishback_WMF moved T218057: Determine workflow to selectively purge potentially privacy-sensitive EXIF fields, such as geocoordinates, from a Wikimedia Commons file from Backlog to Watching on the Privacy Engineering board.
Apr 26 2021, 3:41 PM · Privacy Engineering, Multimedia, Privacy, Commons, UploadWizard, MediaWiki-File-management
JFishback_WMF placed T251190: Security Request For Service - Push Notifications up for grabs.
Apr 26 2021, 3:12 PM · Privacy Engineering, Push-Notification-Service, Product-Infrastructure-Team-Backlog, Security-Team

Apr 21 2021

JFishback_WMF moved T270140: Release dataset on top search engine referrers by country, device, and language from In Progress to Completed on the Privacy Engineering board.

Hello all, I've completed the privacy risk analysis and shared it with the original requester: Due to the low impact of harm and low probability of malicious use of this data, coupled with the mitigation described above, the residual risk of collecting and retaining this data is considered LOW so the risk is automatically accepted by WMF under current policy.

Apr 21 2021, 4:37 PM · Privacy Engineering, Research, Analytics
JFishback_WMF moved T96499: dbtree loads third party resources (from google.com/jsapi) from Backlog to Watching on the Privacy Engineering board.
Apr 21 2021, 3:09 PM · Privacy Engineering, Privacy, HTTPS, SRE, Patch-For-Review, DBA, WMF-Legal

Apr 19 2021

JFishback_WMF triaged T280385: Apache Beam go prototype code for DP evaluation as Medium priority.
Apr 19 2021, 3:10 PM · Analytics, Research, Privacy Engineering, Privacy, Data-release
JFishback_WMF triaged T280538: Capture rev_is_revert event data in a stream different than mediawiki.revision-create as Medium priority.
Apr 19 2021, 3:06 PM · Privacy Engineering, Privacy, Event-Platform, Product-Analytics, Analytics

Apr 13 2021

JFishback_WMF moved T275754: Fix (non-default) gadgets loading executable JavaScript from third-party URLs from Watching to Backlog on the Privacy Engineering board.
Apr 13 2021, 7:12 PM · Wikimedia-General-or-Unknown, Privacy, Privacy Engineering

Mar 25 2021

JFishback_WMF moved T278219: Explicit cookie consent in banner from Incoming to Watching on the Privacy Engineering board.
Mar 25 2021, 10:08 PM · Privacy Engineering, Privacy, Patch-For-Review, MediaWiki-extensions-CookieWarning
JFishback_WMF added a project to T278219: Explicit cookie consent in banner: Privacy Engineering.
Mar 25 2021, 10:08 PM · Privacy Engineering, Privacy, Patch-For-Review, MediaWiki-extensions-CookieWarning

Mar 19 2021

JFishback_WMF moved T238574: Create wiki replica views for MachineVision extension tables from Watching to Completed on the Privacy Engineering board.
Mar 19 2021, 6:33 PM · Structured-Data-Backlog (Current Work), Privacy Engineering, Privacy, Security-Team, Data-Services, cloud-services-team (Kanban), SDC-Statements (Machine-vision-depicts), MachineVision

Mar 18 2021

JFishback_WMF moved T247268: KaiOS Wikipedia App violates user privacy by loading data from third-party websites from Watching to Completed on the Privacy Engineering board.
Mar 18 2021, 6:54 PM · Privacy Engineering, Inuka-Team, Privacy, KaiOS-Wikipedia-app
JFishback_WMF moved T270140: Release dataset on top search engine referrers by country, device, and language from Backlog to In Progress on the Privacy Engineering board.
Mar 18 2021, 6:46 PM · Privacy Engineering, Research, Analytics

Mar 4 2021

JFishback_WMF moved T275754: Fix (non-default) gadgets loading executable JavaScript from third-party URLs from Backlog to Watching on the Privacy Engineering board.
Mar 4 2021, 2:41 AM · Wikimedia-General-or-Unknown, Privacy, Privacy Engineering

Mar 1 2021

JFishback_WMF triaged T275754: Fix (non-default) gadgets loading executable JavaScript from third-party URLs as Medium priority.
Mar 1 2021, 4:03 PM · Wikimedia-General-or-Unknown, Privacy, Privacy Engineering
JFishback_WMF moved T275754: Fix (non-default) gadgets loading executable JavaScript from third-party URLs from Incoming to Backlog on the Privacy Engineering board.
Mar 1 2021, 4:03 PM · Wikimedia-General-or-Unknown, Privacy, Privacy Engineering

Feb 24 2021

JFishback_WMF added a comment to T273091: Investigate: Measure how often IP addresses are copied [8H].

A potential risk I see is "reputational harm". I.e. if it looks like our JS is doing something hinky (even if it's not), it might raise concern with users. For example, if we were to sniff the clipboard (just as an illustration) - even if we only recorded "ipCopied: yes", it still doesn't look very friendly. Reading between the lines, it looks as if folks here are already considering this, but thought I would raise the issue explicitly.

Feb 24 2021, 7:22 PM · Anti-Harassment (The Letter Song), IP Info
JFishback_WMF added a comment to T273091: Investigate: Measure how often IP addresses are copied [8H].

@Ottomata I think that might be the point of measuring copy/paste. To determine how much "legitimate" use there is of IP addresses? Specifically _because_ illegitimate use would likely be via bots/scrapers/etc.

Feb 24 2021, 7:18 PM · Anti-Harassment (The Letter Song), IP Info

Feb 11 2021

JFishback_WMF reassigned T273434: Recommendation algorithm: raw output and production data models from JFishback_WMF to gmodena.

Assigning back to @gmodena as author. I think my portion is done here, but please reassign back if I missed anything.

Feb 11 2021, 11:44 PM · Privacy Engineering, Platform Team Workboards (Image Suggestion API), Image-Suggestions
JFishback_WMF added a project to T273434: Recommendation algorithm: raw output and production data models: Privacy Engineering.
Feb 11 2021, 11:43 PM · Privacy Engineering, Platform Team Workboards (Image Suggestion API), Image-Suggestions
JFishback_WMF added a comment to T273434: Recommendation algorithm: raw output and production data models.

Based on the schemas in the description, privacy risk for this data is LOW. If the data is expanded at some point in the future to capture e.g. user match recommendations we should take another look.

Feb 11 2021, 11:42 PM · Privacy Engineering, Platform Team Workboards (Image Suggestion API), Image-Suggestions

Jan 26 2021

JFishback_WMF moved T272428: Error 1146: Table 'mediawikiwiki.translate_cache' doesn't exist from Incoming to Completed on the Privacy Engineering board.

From a privacy perspective, if this table is merely cached data, I would not recommend replicating it, in accordance with the principle of data minimization. If there is some compelling reason for replicating it, please feel free to ping me and I can conduct a privacy risk analysis, but for now I'm going to mark as completed for Privacy Engineering.

Jan 26 2021, 1:05 AM · Privacy Engineering, Patch-For-Review, Language-Team (Language-2021-January-March), MediaWiki-extensions-Translate, DBA, User-brennen, Wikimedia-production-error

Jan 25 2021

JFishback_WMF moved T270140: Release dataset on top search engine referrers by country, device, and language from Incoming to Backlog on the Privacy Engineering board.
Jan 25 2021, 4:18 PM · Privacy Engineering, Research, Analytics
JFishback_WMF edited projects for T271202: Provide raw KaiOSAppFeedback data to Chelsea Riley for analysis, added: Security, Privacy; removed Security-Team.

Untagging Security-Team for now, but please feel free to add back if there is something else needed.

Jan 25 2021, 4:11 PM · Product-Analytics, Inuka-Team

Jan 19 2021

JFishback_WMF added a comment to T271202: Provide raw KaiOSAppFeedback data to Chelsea Riley for analysis.

I spoke with a member of WMF-Legal about this issue and the tl;dr is that we do not presently have a sufficiently low risk alternative to ssh for transferring files outside of the analytics cluster. At least not one that isn't equally or more difficult than configuring ssh. As @sbassett postulated above, WMF-Legal would be amenable to an alternative if one is proposed/developed/installed/configured/purchased/whatever, but I think that's not a quick ask. Since it sounds like this is a long-term, ongoing need, @nshahquinn-wmf I would reach out to ITS and/or SRE about a new permanent solution for getting data where you need it to go.

Jan 19 2021, 4:58 PM · Product-Analytics, Inuka-Team

Jan 14 2021

JFishback_WMF moved T272060: Implement Data Governance Tool from Incoming to Watching on the Privacy Engineering board.
Jan 14 2021, 9:59 PM · Privacy Engineering, Analytics
JFishback_WMF added a project to T272060: Implement Data Governance Tool: Privacy Engineering.
Jan 14 2021, 9:59 PM · Privacy Engineering, Analytics

Jan 11 2021

JFishback_WMF added a comment to T271735: Include link to pingback privacy statement in MW installer.

Pinged WMF-Legal for feedback.

Jan 11 2021, 9:19 PM · MW-1.35-notes, MW-1.36-notes (1.36.0-wmf.38; 2021-04-06), MW-1.31-release-notes, Privacy Engineering, Privacy, MediaWiki-Installer
JFishback_WMF moved T271735: Include link to pingback privacy statement in MW installer from Incoming to Waiting on the Privacy Engineering board.
Jan 11 2021, 9:18 PM · MW-1.35-notes, MW-1.36-notes (1.36.0-wmf.38; 2021-04-06), MW-1.31-release-notes, Privacy Engineering, Privacy, MediaWiki-Installer
JFishback_WMF claimed T271735: Include link to pingback privacy statement in MW installer.
Jan 11 2021, 9:18 PM · MW-1.35-notes, MW-1.36-notes (1.36.0-wmf.38; 2021-04-06), MW-1.31-release-notes, Privacy Engineering, Privacy, MediaWiki-Installer
JFishback_WMF added a project to T270140: Release dataset on top search engine referrers by country, device, and language: Privacy Engineering.
Jan 11 2021, 8:44 PM · Privacy Engineering, Research, Analytics

Jan 5 2021

JFishback_WMF added a comment to T271202: Provide raw KaiOSAppFeedback data to Chelsea Riley for analysis.

@nshahquinn-wmf your question raises another - where are you looking to send the data to? If you're sending sensitive data to an insecure laptop, then securing it in transmission is only one facet of the issue.

Jan 5 2021, 6:39 PM · Product-Analytics, Inuka-Team
JFishback_WMF added a comment to T271202: Provide raw KaiOSAppFeedback data to Chelsea Riley for analysis.

+1 from me

Jan 5 2021, 4:37 PM · Product-Analytics, Inuka-Team

Jan 4 2021

JFishback_WMF added a comment to T267283: Evaluate a differentially private solution to release wikipedia's project-title-country data.

This looks awesome @Isaac! Can't wait to try it out.

Jan 4 2021, 3:49 PM · Analytics, Research, Privacy Engineering, Privacy, Data-release

Dec 21 2020

JFishback_WMF triaged T179752: Clear site data on MediaWiki log out as Medium priority.
Dec 21 2020, 4:53 PM · Privacy Engineering, Performance-Team (Radar), Analytics-Radar, MediaWiki-Authentication-and-authorization

Dec 16 2020

JFishback_WMF added a comment to T132104: Consider moving policy.wikimedia.org away from WordPress.com .

Hey @Dzahn:

"Privacy" (not a team but topic based?),

Yes, just means a Privacy issue is probably implicated.

"Privacy Engineering" (only 2 members and in status "watching" which sounds like waiting for others)

Yes - Privacy Engineering is just me at this point. Unfortunately, I can point out, like you, that this is not great optics, and I can suggest alternative solutions that are more privacy-respecting. But I don't get to make decisions about what gets hosted where.

Dec 16 2020, 6:48 PM · Privacy Engineering, WMF-Legal, SRE, Privacy
JFishback_WMF moved T132104: Consider moving policy.wikimedia.org away from WordPress.com from Backlog to Watching on the Privacy Engineering board.
Dec 16 2020, 6:10 PM · Privacy Engineering, WMF-Legal, SRE, Privacy

Dec 14 2020

JFishback_WMF moved T262496: SpecialInvestigate: add schemas to EventLogging whitelist from Waiting to Completed on the Privacy Engineering board.

Generally, the best practice is to minimize the data that is collected - especially high resolution data. That said, this data appears to be LOW risk, and per @jwang there is a countervailing interest in collecting the high resolution data in order to retain sequencing and other analytical uses.

Dec 14 2020, 10:23 PM · Privacy Engineering, Product-Analytics (Kanban), Anti-Harassment
JFishback_WMF moved T262499: SpecialMuteSubmit: add schemas to EventLogging whitelist from Waiting to Completed on the Privacy Engineering board.
Dec 14 2020, 10:22 PM · Privacy Engineering, Product-Analytics (Kanban), Anti-Harassment
JFishback_WMF added a comment to T262499: SpecialMuteSubmit: add schemas to EventLogging whitelist.

Generally, the best practice is to minimize the data that is collected - especially high resolution data. That said, this data appears to be LOW risk, and per @jwang there is a countervailing interest in collecting the high resolution data in order to retain sequencing and other analytical uses.

Dec 14 2020, 10:22 PM · Privacy Engineering, Product-Analytics (Kanban), Anti-Harassment

Nov 16 2020

JFishback_WMF moved T267283: Evaluate a differentially private solution to release wikipedia's project-title-country data from Incoming to Backlog on the Privacy Engineering board.
Nov 16 2020, 4:19 PM · Analytics, Research, Privacy Engineering, Privacy, Data-release
JFishback_WMF triaged T266477: Add growthexperiments to allowed allowed_logtypes as Medium priority.
Nov 16 2020, 4:19 PM · Privacy Engineering, Data-Services, User-Urbanecm, cloud-services-team (Kanban)

Nov 5 2020

JFishback_WMF added a project to T266477: Add growthexperiments to allowed allowed_logtypes: Privacy Engineering.
Nov 5 2020, 9:32 PM · Privacy Engineering, Data-Services, User-Urbanecm, cloud-services-team (Kanban)

Oct 21 2020

JFishback_WMF moved T265057: SPIKE: consider all problems that might happen when we handle Google's privacy changes from Incoming to Backlog on the Privacy Engineering board.
Oct 21 2020, 3:58 PM · Analytics, Product-Analytics, Anti-Harassment, Privacy Engineering, User-revi, CheckUser

Oct 19 2020

JFishback_WMF added a comment to T262626: Remove http.client_ip from EventGate default schema (again).

@Jdlrobson and @Krinkle - what about hashing the IPs? A hashed IP would still tell you how many IPs are involved, without revealing any individual IP.

Oct 19 2020, 8:14 PM · Better Use Of Data, Analytics-Kanban, Product-Analytics, Product-Data-Infrastructure, observability, Privacy Engineering, Analytics, Event-Platform

Oct 5 2020

JFishback_WMF closed T258129: Password Reset interface @ diff.wikimedia.org is insecure as Resolved.
Oct 5 2020, 3:14 PM · Privacy Engineering, Diff-blog, User-revi, Security

Oct 1 2020

JFishback_WMF triaged T143001: Wiki sites should delete all their cookies during logout as Low priority.
Oct 1 2020, 10:05 PM · Privacy Engineering, Privacy, Wikimedia-General-or-Unknown

Sep 29 2020

JFishback_WMF moved T262499: SpecialMuteSubmit: add schemas to EventLogging whitelist from Incoming to Waiting on the Privacy Engineering board.
Sep 29 2020, 4:03 PM · Privacy Engineering, Product-Analytics (Kanban), Anti-Harassment
JFishback_WMF added a project to T262499: SpecialMuteSubmit: add schemas to EventLogging whitelist: Privacy Engineering.
Sep 29 2020, 4:03 PM · Privacy Engineering, Product-Analytics (Kanban), Anti-Harassment
JFishback_WMF added a comment to T262499: SpecialMuteSubmit: add schemas to EventLogging whitelist.

Hello @jwang same comment as here. Is it necessary to keep the dt field? What is the purpose of keeping this data long-term (please feel free to reply off-task if it is sensitive)? Thanks!

Sep 29 2020, 4:03 PM · Privacy Engineering, Product-Analytics (Kanban), Anti-Harassment
JFishback_WMF moved T262496: SpecialInvestigate: add schemas to EventLogging whitelist from Incoming to Waiting on the Privacy Engineering board.
Sep 29 2020, 3:47 PM · Privacy Engineering, Product-Analytics (Kanban), Anti-Harassment
JFishback_WMF added a project to T262496: SpecialInvestigate: add schemas to EventLogging whitelist: Privacy Engineering.
Sep 29 2020, 3:47 PM · Privacy Engineering, Product-Analytics (Kanban), Anti-Harassment
JFishback_WMF added a comment to T262496: SpecialInvestigate: add schemas to EventLogging whitelist.

Hello @jwang thanks for reaching out. Is the purpose just to track usage long-term? Also, if you don't need high-precision time, I would remove dt from the schema as well. It looks like you can still track hourly precision without that field? Other than that, this looks fine to me.

Sep 29 2020, 3:47 PM · Privacy Engineering, Product-Analytics (Kanban), Anti-Harassment