Page MenuHomePhabricator

JFishback_WMF (James)
Staff Privacy Architect (Security Team)

Today

  • Clear sailing ahead.

Tomorrow

  • Clear sailing ahead.

Thursday

  • Clear sailing ahead.

User Details

User Since
Apr 16 2019, 4:16 PM (180 w, 6 d)
Availability
Available
IRC Nick
jfishback
LDAP User
Jfishback
MediaWiki User
JFishback (WMF) [ Global Accounts ]

Recent Activity

Aug 22 2022

JFishback_WMF moved T312823: Remove obsolete "Permissions-Policy: interest-cohort" header from Incoming to Watching on the Privacy Engineering board.
Aug 22 2022, 4:47 PM · SRE, Privacy Engineering, Traffic

Aug 9 2022

JFishback_WMF moved T314703: Structured data for deleted files on Commons still visible in SPARQL engine after deletion from Incoming to Watching on the Privacy Engineering board.
Aug 9 2022, 4:47 PM · Discovery-Search (Current work), Privacy Engineering, Wikidata, Wikidata-Query-Service, MediaWiki-Page-deletion, Privacy, Commons
JFishback_WMF added a project to T314703: Structured data for deleted files on Commons still visible in SPARQL engine after deletion: Privacy Engineering.
Aug 9 2022, 4:47 PM · Discovery-Search (Current work), Privacy Engineering, Wikidata, Wikidata-Query-Service, MediaWiki-Page-deletion, Privacy, Commons
JFishback_WMF moved T302189: Regularly purge orphaned sitelink, value and reference nodes from Incoming to Watching on the Privacy Engineering board.
Aug 9 2022, 4:46 PM · Privacy Engineering, Privacy, Wikidata, Wikidata-Query-Service
JFishback_WMF added a project to T302189: Regularly purge orphaned sitelink, value and reference nodes: Privacy Engineering.
Aug 9 2022, 4:45 PM · Privacy Engineering, Privacy, Wikidata, Wikidata-Query-Service

Jul 24 2022

JFishback_WMF moved T313653: MediaWiki:Gadget-mathjax.js on ja.wikisource loads third-party content from Incoming to Watching on the Privacy Engineering board.
Jul 24 2022, 5:25 PM · WMF-General-or-Unknown, Privacy Engineering, Privacy
JFishback_WMF moved T313654: MediaWiki:Gadget-webfont.js on zh.wikipedia loads fonts from Toolforge from Incoming to Watching on the Privacy Engineering board.
Jul 24 2022, 5:24 PM · Chinese-Sites, WMF-General-or-Unknown, Privacy Engineering, Privacy

Jul 18 2022

JFishback_WMF moved T313155: Privacy violation on ar.wikiquote.org loading font from Toolforge from Incoming to Watching on the Privacy Engineering board.
Jul 18 2022, 3:55 PM · Privacy Engineering, Privacy, WMF-General-or-Unknown

Jul 14 2022

JFishback_WMF moved T313062: clean up trailing numbers from email addresses in payment provider audit files from Incoming to Watching on the Privacy Engineering board.
Jul 14 2022, 6:34 PM · Fundraising-Backlog

Jul 5 2022

JFishback_WMF moved T309325: Cross-team review of Geolocation API proposal from Incoming to Watching on the Privacy Engineering board.
Jul 5 2022, 5:26 PM · Campaign-Tools (Campaign-Tools-Sprint-21), Privacy Engineering
JFishback_WMF added a project to T309325: Cross-team review of Geolocation API proposal: Privacy Engineering.
Jul 5 2022, 5:26 PM · Campaign-Tools (Campaign-Tools-Sprint-21), Privacy Engineering
JFishback_WMF moved T305705: [spike] Investigation on which geolocation API from Incoming to Watching on the Privacy Engineering board.
Jul 5 2022, 5:25 PM · Privacy Engineering, Campaign-Tools (Campaign-Tools-Sprint-13), CampaignEvents, Campaign-Registration
JFishback_WMF added a project to T305705: [spike] Investigation on which geolocation API: Privacy Engineering.
Jul 5 2022, 5:24 PM · Privacy Engineering, Campaign-Tools (Campaign-Tools-Sprint-13), CampaignEvents, Campaign-Registration
JFishback_WMF moved T312048: Tool "unpg" loads assets from Google from Incoming to Watching on the Privacy Engineering board.
Jul 5 2022, 5:03 PM · Privacy, Privacy Engineering, Tools
JFishback_WMF moved T258232: fontcdn.toolforge.org loads assets for detail views directly from google from Incoming to Watching on the Privacy Engineering board.
Jul 5 2022, 5:03 PM · Privacy, Privacy Engineering, cloud-services-team (Kanban), Tools

May 11 2022

JFishback_WMF moved T306360: clear trailing number from email addresses in logs from Incoming to Watching on the Privacy Engineering board.
May 11 2022, 8:07 PM · Privacy Engineering, fundraising-tech-ops, Fundraising-Backlog
JFishback_WMF added a project to T306360: clear trailing number from email addresses in logs: Privacy Engineering.
May 11 2022, 8:07 PM · Privacy Engineering, fundraising-tech-ops, Fundraising-Backlog
JFishback_WMF moved T307245: Swift for differential privacy data publication from Incoming to Backlog on the Privacy Engineering board.
May 11 2022, 5:46 AM · Data-Persistence, SRE-swift-storage, Privacy Engineering, Data-Engineering

May 9 2022

JFishback_WMF moved T305960: wdqs-tutorial.toolforge.org loads external resources from Incoming to Watching on the Privacy Engineering board.
May 9 2022, 10:52 PM · Wikidata, Wikidata-Query-Service, Privacy Engineering, Privacy

Apr 6 2022

JFishback_WMF moved T299627: Investigate releasing historical top-pageview-per-country data from Backlog to Waiting on the Privacy Engineering board.
Apr 6 2022, 4:07 PM · Privacy Engineering, Data-Engineering

Mar 24 2022

JFishback_WMF moved T299627: Investigate releasing historical top-pageview-per-country data from Incoming to Backlog on the Privacy Engineering board.
Mar 24 2022, 5:45 PM · Privacy Engineering, Data-Engineering

Mar 21 2022

JFishback_WMF added a comment to T303921: vec.wikipedia.org main page loads third-party content (due to addThisMain gadget enabled by default).

Thanks @Majavah I think they can be closed. Thanks for jumping on these so quickly!

Mar 21 2022, 8:24 PM · Privacy Engineering, WMF-General-or-Unknown, Privacy
JFishback_WMF moved T303921: vec.wikipedia.org main page loads third-party content (due to addThisMain gadget enabled by default) from Incoming to Watching on the Privacy Engineering board.
Mar 21 2022, 2:55 PM · Privacy Engineering, WMF-General-or-Unknown, Privacy
JFishback_WMF moved T304107: bn.wikibooks loads fonts from third party sites from Incoming to Watching on the Privacy Engineering board.
Mar 21 2022, 2:55 PM · Bengali-Sites, Privacy Engineering, Privacy, WMF-General-or-Unknown
JFishback_WMF moved T304108: viwiki loads font from google for all users from Incoming to Watching on the Privacy Engineering board.
Mar 21 2022, 2:54 PM · Privacy Engineering, Privacy, WMF-General-or-Unknown
JFishback_WMF moved T304154: tr.wiktionary.org by default loads fonts from third-party dl.dropboxusercontent.com from Incoming to Watching on the Privacy Engineering board.
Mar 21 2022, 2:54 PM · WMF-General-or-Unknown, Privacy Engineering, Privacy
JFishback_WMF moved T304151: pa.wikisource.org loads by default resources from tools-static.wmflabs.org from Incoming to Watching on the Privacy Engineering board.
Mar 21 2022, 2:53 PM · WMF-General-or-Unknown, Privacy Engineering, Privacy
JFishback_WMF moved T304208: bn.wikisource.org loads by default resources from tools-static.wmflabs.org from Incoming to Watching on the Privacy Engineering board.
Mar 21 2022, 2:53 PM · Bengali-Sites, WMF-General-or-Unknown, Privacy Engineering, Privacy

Mar 9 2022

JFishback_WMF moved T303304: Privacy review for dataset publishing (Wikidata topic -> pageview data) from Incoming to Backlog on the Privacy Engineering board.
Mar 9 2022, 9:32 PM · Data-Engineering-Radar, Privacy Engineering, Privacy
JFishback_WMF added a project to T303304: Privacy review for dataset publishing (Wikidata topic -> pageview data): Privacy Engineering.
Mar 9 2022, 9:32 PM · Data-Engineering-Radar, Privacy Engineering, Privacy

Mar 7 2022

JFishback_WMF added a comment to T65598: Privacy issues with Gadget-GoogleTrans.js (calls out to google APIs).

@sguebo_WMF Agreed - I think it's fine to make public.

Mar 7 2022, 11:42 PM · Security, Privacy Engineering, WMF-General-or-Unknown, Privacy

Feb 16 2022

JFishback_WMF added a comment to T290493: Cross Origin Resource Sharing Misconfiguration | Lead to sensitive information. in "diff.wikimedia.org".

@sbassett LGTM!

Feb 16 2022, 2:07 AM · Privacy Engineering, Privacy, Diff-blog, SecTeam-Processed, Security

Feb 1 2022

JFishback_WMF moved T298166: Work out a strategy on Yandex's Turbo Pages from Incoming to Backlog on the Privacy Engineering board.
Feb 1 2022, 8:14 PM · Privacy Engineering, Performance-Team (Radar), Privacy, Product-Analytics
JFishback_WMF added a project to T298166: Work out a strategy on Yandex's Turbo Pages: Privacy Engineering.
Feb 1 2022, 8:13 PM · Privacy Engineering, Performance-Team (Radar), Privacy, Product-Analytics

Jan 24 2022

JFishback_WMF moved T92298: Investigate our mitigation strategy for HTTPS response length attacks from Incoming to Watching on the Privacy Engineering board.
Jan 24 2022, 5:17 PM · Privacy Engineering, Traffic-Icebox, Security, SRE, HTTPS
JFishback_WMF added a project to T92298: Investigate our mitigation strategy for HTTPS response length attacks: Privacy Engineering.
Jan 24 2022, 5:17 PM · Privacy Engineering, Traffic-Icebox, Security, SRE, HTTPS
JFishback_WMF moved T299397: Measure user-agent client hints already sent in browsers requests from Incoming to Watching on the Privacy Engineering board.
Jan 24 2022, 4:48 PM · Metrics-Platform-Planning, Privacy Engineering, Anti-Harassment, Readers-Web-Backlog, Structured-Data-Backlog, Product-Analytics, Data-Engineering

Dec 6 2021

JFishback_WMF moved T293379: [[:w:en:User:Firefly/checkuseragenthelper.js]] sends CU user-agents to a third party from Backlog to Completed on the Privacy Engineering board.
Dec 6 2021, 4:42 PM · Security-Team, User-Urbanecm, SecTeam-Processed, Trust-and-Safety, Privacy, Privacy Engineering, Security

Nov 29 2021

JFishback_WMF added a comment to T293379: [[:w:en:User:Firefly/checkuseragenthelper.js]] sends CU user-agents to a third party.

@Urbanecm Your question is, I think, really a WMF-Legal question. I'll reach out to them as they don't routinely monitor Phab.

Nov 29 2021, 4:40 PM · Security-Team, User-Urbanecm, SecTeam-Processed, Trust-and-Safety, Privacy, Privacy Engineering, Security

Nov 22 2021

JFishback_WMF triaged T290493: Cross Origin Resource Sharing Misconfiguration | Lead to sensitive information. in "diff.wikimedia.org" as Low priority.
Nov 22 2021, 4:48 PM · Privacy Engineering, Privacy, Diff-blog, SecTeam-Processed, Security

Nov 3 2021

JFishback_WMF moved T290493: Cross Origin Resource Sharing Misconfiguration | Lead to sensitive information. in "diff.wikimedia.org" from In Progress to Waiting on the Privacy Engineering board.
Nov 3 2021, 11:05 PM · Privacy Engineering, Privacy, Diff-blog, SecTeam-Processed, Security
JFishback_WMF removed projects from T218618: Consider disabling Chrome Lite pages for Wikipedia on Chrome on mobile with Cache-Control: no-transform: Privacy Engineering, Security-Team.
Nov 3 2021, 7:06 PM · SRE, Traffic, Performance-Team (Radar), WMF-Legal, Privacy
JFishback_WMF removed a project from T250314: Investigate Privacy Pass for Wikimedia Sites: Security-Team.
Nov 3 2021, 7:03 PM · Privacy Engineering, Privacy, WMF-General-or-Unknown

Nov 1 2021

JFishback_WMF moved T294511: 2021 Security Team wikireplicas audit from Incoming to Watching on the Privacy Engineering board.
Nov 1 2021, 3:32 PM · Privacy Engineering, Epic

Sep 17 2021

JFishback_WMF triaged T291186: Privacy Policy Review for Global South Wikidata edits and active editors datasets as Medium priority.
Sep 17 2021, 8:42 PM · Privacy Engineering, Analytics-Radar, Wikidata, WMDE-Analytics-Engineering, Wikidata Analytics
JFishback_WMF assigned T291186: Privacy Policy Review for Global South Wikidata edits and active editors datasets to Htriedman.
Sep 17 2021, 8:42 PM · Privacy Engineering, Analytics-Radar, Wikidata, WMDE-Analytics-Engineering, Wikidata Analytics

Sep 13 2021

JFishback_WMF moved T289279: Add check to make sure deny-list countries aren't being passed through AQS from Watching to Completed on the Privacy Engineering board.
Sep 13 2021, 6:46 PM · Privacy, Privacy Engineering, SecTeam-Processed, Data-Engineering, Analytics-Kanban, Security
JFishback_WMF removed a project from T215046: RfC: Use Github login for mediawiki.org: Privacy Engineering.
Sep 13 2021, 6:44 PM · Security, User-Tgr, Privacy, TechCom-RFC, WMF-General-or-Unknown
JFishback_WMF moved T108505: Privacy Badger interferes with CentralAuth from Incoming to Completed on the Privacy Engineering board.
Sep 13 2021, 6:42 PM · Privacy Engineering, Privacy, MediaWiki-extensions-CentralAuth
JFishback_WMF moved T245775: Tool "toolforge-gallery" loads resources from googleapis and fontawesome from Incoming to Completed on the Privacy Engineering board.
Sep 13 2021, 6:41 PM · Privacy Engineering, Tools, Privacy

Sep 7 2021

JFishback_WMF claimed T290493: Cross Origin Resource Sharing Misconfiguration | Lead to sensitive information. in "diff.wikimedia.org".
Sep 7 2021, 4:39 PM · Privacy Engineering, Privacy, Diff-blog, SecTeam-Processed, Security
JFishback_WMF moved T290493: Cross Origin Resource Sharing Misconfiguration | Lead to sensitive information. in "diff.wikimedia.org" from Incoming to In Progress on the Privacy Engineering board.
Sep 7 2021, 4:39 PM · Privacy Engineering, Privacy, Diff-blog, SecTeam-Processed, Security
JFishback_WMF moved T289952: Request: expose database tables of the Translate extension to users in replicas on Toolforge (Wikidata, or all Wikis) from Incoming to Backlog on the Privacy Engineering board.
Sep 7 2021, 2:43 PM · Language-Team (Language-2021-October-December), Privacy Engineering, SecTeam-Processed, cloud-services-team (Kanban), Data-Services

Sep 1 2021

JFishback_WMF moved T290099: Create a "delete me" maintenance script for special user/data deletion requests from Incoming to Backlog on the Privacy Engineering board.
Sep 1 2021, 3:09 PM · affects-Miraheze, MW-1.38-notes (1.38.0-wmf.2; 2021-09-28), Security-Team, Privacy Engineering, Privacy, Security

Aug 30 2021

JFishback_WMF added a comment to T195578: Deploy access to performance_schema/sys for the administrative mediawiki account (mediawiki deployers).

Hey @LSobanski - I haven't reviewed this task in any detail yet. I can add this to our current sprint and take a look in the next couple of weeks. Does that work?

Aug 30 2021, 8:29 PM · WMF-Legal, Privacy Engineering, Security, SecTeam Discussion, Performance Issue, DBA
JFishback_WMF moved T289279: Add check to make sure deny-list countries aren't being passed through AQS from Incoming to Watching on the Privacy Engineering board.
Aug 30 2021, 3:41 PM · Privacy, Privacy Engineering, SecTeam-Processed, Data-Engineering, Analytics-Kanban, Security
JFishback_WMF moved T289941: The link to privacy policy in the survey panel in the ruwiki leads to the test domain from Incoming to Watching on the Privacy Engineering board.
Aug 30 2021, 3:39 PM · Performance-Team (Radar), MW-1.37-notes (1.37.0-wmf.23; 2021-09-13), Patch-For-Review, Readers-Web-Backlog (Kanbanana-FY-2021-22), QuickSurveys, Privacy Engineering

Aug 27 2021

JFishback_WMF updated JFishback_WMF.
Aug 27 2021, 9:32 PM
JFishback_WMF added a comment to T279952: event.WikipediaPortal referer modification.

Hey @mforns! @sguebo_WMF has been working on this for the Privacy Engineering team and filled me in on the details so far. I concur with his analysis - since the likelihood of http://p.c.g appearing seems pretty low in the first place. And since, AIUI, even with a potentially problematic hostname, there is not a high level of additional detailed information with which to reidentify someone, this seems like a LOW risk to me. @sguebo_WMF is finalizing our risk review sheet right now (he might actually be done already, but I'm not sure yet), but please let us know if you think we've missed something. It seems like even with language and country being included in the schema, the likelihood of being able to track hostname back to an individual user is pretty low. Are there other properties that concern you that we maybe missed?

Aug 27 2021, 4:26 PM · Data-Engineering, Privacy Engineering, FR-Tech-Analytics

Aug 12 2021

JFishback_WMF moved T266477: Add growthexperiments to allowed allowed_logtypes from Backlog to Completed on the Privacy Engineering board.

I concur with @sbassett. Looks low risk to me.

Aug 12 2021, 5:21 PM · Privacy Engineering, Data-Services, User-Urbanecm, cloud-services-team (Kanban)

Aug 10 2021

JFishback_WMF reassigned T279237: mailman2 archives attachment in mailing lists that are set not keep an archive from JFishback_WMF to sguebo_WMF.
Aug 10 2021, 6:37 PM · SRE, Privacy Engineering, Security-Team, User-Ladsgroup, serviceops, Wikimedia-Mailing-lists, Vuln-Infoleak, SecTeam-Processed, Security

Aug 4 2021

JFishback_WMF moved T279237: mailman2 archives attachment in mailing lists that are set not keep an archive from Incoming to In Progress on the Privacy Engineering board.
Aug 4 2021, 9:23 PM · SRE, Privacy Engineering, Security-Team, User-Ladsgroup, serviceops, Wikimedia-Mailing-lists, Vuln-Infoleak, SecTeam-Processed, Security
JFishback_WMF added a project to T279237: mailman2 archives attachment in mailing lists that are set not keep an archive: Privacy Engineering.
Aug 4 2021, 9:23 PM · SRE, Privacy Engineering, Security-Team, User-Ladsgroup, serviceops, Wikimedia-Mailing-lists, Vuln-Infoleak, SecTeam-Processed, Security

Jul 26 2021

JFishback_WMF moved T166138: Please add Petit Formal Script to the UniversalLanguageSelector from Incoming to Watching on the Privacy Engineering board.
Jul 26 2021, 3:48 PM · All-and-every-Wikisource, Privacy Engineering, Patch-For-Review, UniversalLanguageSelector

Jul 21 2021

JFishback_WMF added a comment to T271202: Provide raw KaiOSAppFeedback data to Chelsea Riley for analysis.

Thanks @nshahquinn-wmf !

Jul 21 2021, 11:39 PM · Product-Analytics, Inuka-Team
JFishback_WMF added a comment to T284943: User genders publicly disclosed in wiki-replicas global_preferences and user_properties tables.

If @Urbanecm is correct that

IIRC, we don't use the gender property for anything that's visible only to the user

and we warn users that their answer to the gender question will be made public. And the default behavior is to default to "no answer" (i.e. MW does not assume a particular gender). Then it seems like there is very little incremental risk in exposing the gender response in the replicas. N.B. making already public data easier to access may still be considered a privacy violation, but it seems like, in this case, there is probably not much additional harm.

Jul 21 2021, 9:15 PM · Privacy Engineering, Data-Services, cloud-services-team (Kanban)
JFishback_WMF moved T199992: Javanese OCR installation steps for Wikisource from Incoming to Backlog on the Privacy Engineering board.
Jul 21 2021, 8:49 PM · Privacy Engineering, ProofreadPage, I18n, All-and-every-Wikisource

Jun 21 2021

JFishback_WMF moved T284941: [S] Add note explaining that EXIF geolocation metadata may be uploaded with Commons images from Incoming to In Progress on the Privacy Engineering board.
Jun 21 2021, 3:37 PM · QTE-TestingOverview, MW-1.38-notes (1.38.0-wmf.9; 2021-11-16), Commons, Structured-Data-Backlog (Current Work), cloud-services-team (Kanban), Privacy Engineering
JFishback_WMF moved T284943: User genders publicly disclosed in wiki-replicas global_preferences and user_properties tables from Incoming to In Progress on the Privacy Engineering board.
Jun 21 2021, 3:37 PM · Privacy Engineering, Data-Services, cloud-services-team (Kanban)
JFishback_WMF moved T284944: Increased visibility in wiki-replicas for volunteers fighting vandals from Incoming to In Progress on the Privacy Engineering board.
Jun 21 2021, 3:36 PM · Data-Engineering, cloud-services-team (Kanban), Privacy Engineering, Data-Services
JFishback_WMF moved T284948: Raw IPs of logged-out users disclosed in wiki-replicas from Incoming to In Progress on the Privacy Engineering board.
Jun 21 2021, 3:36 PM · Data-Engineering, cloud-services-team (Kanban), Privacy Engineering, Data-Services

May 25 2021

JFishback_WMF removed a project from T262320: Editing unregistered at wiki.pt does not generate any kind of warning about ones IP being revealed: Privacy Engineering.
May 25 2021, 2:34 PM · VisualEditor
JFishback_WMF moved T281397: Test trust tokens as a captcha alternative for Wikimedia from Backlog to Watching on the Privacy Engineering board.
May 25 2021, 2:31 PM · Privacy Engineering, Accessibility, Privacy, ConfirmEdit (CAPTCHA extension)

May 24 2021

JFishback_WMF moved T275409: Create and document Wikidough's privacy policy from Incoming to Watching on the Privacy Engineering board.
May 24 2021, 4:12 PM · Privacy Engineering, SRE, Traffic
JFishback_WMF added a project to T275409: Create and document Wikidough's privacy policy: Privacy Engineering.
May 24 2021, 4:12 PM · Privacy Engineering, SRE, Traffic

May 19 2021

JFishback_WMF added a comment to T281619: /var/log/mailman/subscribe* has PII (IP addresses) from August 2020.

Anything else that needs to be done on this?

May 19 2021, 5:36 PM · SecTeam-Processed, Privacy Engineering, SRE, Security-Team, Security, Wikimedia-Mailing-lists

May 12 2021

JFishback_WMF added a comment to T271202: Provide raw KaiOSAppFeedback data to Chelsea Riley for analysis.

@nshahquinn-wmf How did you end up resolving this? We should document it somewhere, so we can point to it for future requests like this. I recall you mentioning that this issue comes up not infrequently.

May 12 2021, 7:37 PM · Product-Analytics, Inuka-Team

May 11 2021

JFishback_WMF updated subscribers of T280538: Capture rev_is_revert event data in a stream different than mediawiki.revision-create.
May 11 2021, 1:38 PM · Data-Engineering, Privacy Engineering, Privacy, Event-Platform Value Stream, Product-Analytics, Analytics

May 10 2021

JFishback_WMF moved T279952: event.WikipediaPortal referer modification from Incoming to Backlog on the Privacy Engineering board.
May 10 2021, 11:26 PM · Data-Engineering, Privacy Engineering, FR-Tech-Analytics
JFishback_WMF added a project to T279952: event.WikipediaPortal referer modification: Privacy Engineering.
May 10 2021, 11:26 PM · Data-Engineering, Privacy Engineering, FR-Tech-Analytics
JFishback_WMF added a comment to T279952: event.WikipediaPortal referer modification.

@mforns thanks for adding me! If this isn't a huge rush, we'll add this to the next Privacy Engineering scrum.

May 10 2021, 11:25 PM · Data-Engineering, Privacy Engineering, FR-Tech-Analytics
JFishback_WMF moved T275754: Fix (non-default) gadgets loading executable JavaScript from third-party URLs from Waiting to Watching on the Privacy Engineering board.
May 10 2021, 4:37 PM · WMF-General-or-Unknown, Privacy, Privacy Engineering
JFishback_WMF moved T282195: ApacheBeam prototype for DP noise addition with pageview privacy units on top of Spark from Incoming to Backlog on the Privacy Engineering board.
May 10 2021, 3:32 PM · Data-Engineering-Radar, Research, Privacy Engineering, Privacy, Data-release

May 3 2021

JFishback_WMF added a comment to T281619: /var/log/mailman/subscribe* has PII (IP addresses) from August 2020.

@Ladsgroup Thanks - that would be great! Presumably this problem goes away with migration to Mailman3? Do we need to set up any kind of log rotation there to prevent this from happening again?

May 3 2021, 5:29 PM · SecTeam-Processed, Privacy Engineering, SRE, Security-Team, Security, Wikimedia-Mailing-lists
JFishback_WMF moved T281397: Test trust tokens as a captcha alternative for Wikimedia from Incoming to Backlog on the Privacy Engineering board.
May 3 2021, 4:27 PM · Privacy Engineering, Accessibility, Privacy, ConfirmEdit (CAPTCHA extension)
JFishback_WMF added a project to T281397: Test trust tokens as a captcha alternative for Wikimedia: Privacy Engineering.
May 3 2021, 4:27 PM · Privacy Engineering, Accessibility, Privacy, ConfirmEdit (CAPTCHA extension)
JFishback_WMF moved T281619: /var/log/mailman/subscribe* has PII (IP addresses) from August 2020 from Incoming to Watching on the Privacy Engineering board.
May 3 2021, 3:14 PM · SecTeam-Processed, Privacy Engineering, SRE, Security-Team, Security, Wikimedia-Mailing-lists
JFishback_WMF added a project to T281619: /var/log/mailman/subscribe* has PII (IP addresses) from August 2020: Privacy Engineering.
May 3 2021, 3:14 PM · SecTeam-Processed, Privacy Engineering, SRE, Security-Team, Security, Wikimedia-Mailing-lists

Apr 30 2021

JFishback_WMF added a comment to T65598: Privacy issues with Gadget-GoogleTrans.js (calls out to google APIs).

FWIW I like the idea of using PRIVACY in small caps instead of E. It communicates a significant amount of information in a few letters.

Apr 30 2021, 4:05 PM · Security, Privacy Engineering, WMF-General-or-Unknown, Privacy
JFishback_WMF added a watcher for Toolforge-standards-committee: JFishback_WMF.
Apr 30 2021, 3:16 AM

Apr 29 2021

JFishback_WMF moved T281532: Use of non-free third party analytics tool (Hotjar) by tools-iabot from Incoming to Watching on the Privacy Engineering board.
Apr 29 2021, 11:18 PM · Toolforge-standards-committee, Privacy Engineering, User-Harej, InternetArchiveBot, Privacy, Toolforge
JFishback_WMF added a project to T281532: Use of non-free third party analytics tool (Hotjar) by tools-iabot: Privacy Engineering.
Apr 29 2021, 11:17 PM · Toolforge-standards-committee, Privacy Engineering, User-Harej, InternetArchiveBot, Privacy, Toolforge

Apr 26 2021

JFishback_WMF updated subscribers of T207171: Have a way to show the most popular pages per country.

@Htriedman

Apr 26 2021, 5:13 PM · Data-Engineering, Analytics-Wikistats, Privacy Engineering, Inuka-Team, Language-strategy, Tool-Pageviews
JFishback_WMF assigned T275754: Fix (non-default) gadgets loading executable JavaScript from third-party URLs to sguebo_WMF.
Apr 26 2021, 4:23 PM · WMF-General-or-Unknown, Privacy, Privacy Engineering
JFishback_WMF moved T259421: WordPress blogs load (unused) Twemoji.js which uses third-party service from Backlog to Waiting on the Privacy Engineering board.
Apr 26 2021, 3:53 PM · Diff-blog, Privacy, Privacy Engineering, Technical blog, wikimediafoundation.org
JFishback_WMF moved T218057: Determine workflow to selectively purge potentially privacy-sensitive EXIF fields, such as geocoordinates, from a Wikimedia Commons file from Backlog to Watching on the Privacy Engineering board.
Apr 26 2021, 3:41 PM · Privacy Engineering, Multimedia, Privacy, Commons, UploadWizard, MediaWiki-File-management
JFishback_WMF placed T251190: Security Request For Service - Push Notifications up for grabs.
Apr 26 2021, 3:12 PM · Privacy Engineering, Push-Notification-Service, Product-Infrastructure-Team-Backlog, Security-Team

Apr 21 2021

JFishback_WMF moved T270140: Release dataset on top search engine referrers by country, device, and language from In Progress to Completed on the Privacy Engineering board.

Hello all, I've completed the privacy risk analysis and shared it with the original requester: Due to the low impact of harm and low probability of malicious use of this data, coupled with the mitigation described above, the residual risk of collecting and retaining this data is considered LOW so the risk is automatically accepted by WMF under current policy.

Apr 21 2021, 4:37 PM · Data-Engineering, Privacy Engineering, Research
JFishback_WMF moved T96499: dbtree loads third party resources (from google.com/jsapi) from Backlog to Watching on the Privacy Engineering board.
Apr 21 2021, 3:09 PM · Privacy Engineering, Privacy, HTTPS, SRE, Patch-For-Review, DBA, WMF-Legal

Apr 19 2021

JFishback_WMF triaged T280385: Apache Beam go prototype code for DP evaluation as Medium priority.
Apr 19 2021, 3:10 PM · Data-Engineering, Research, Privacy Engineering, Privacy, Data-release