WMF-Legal confirmed that they approved this via email already, so @DannyS712 should be good to go. Thanks for your patience @DannyS712 .

I think this will be fine, but need to confirm with WMF-Legal. Will post back here as soon as I hear from them.

@DannyS712 I'll take a look this week.

@Varnent can you also please give access to me (jagspecx) for the privacy review. Thx.

@EBernhardson I emailed the stakeholders with my updates to the privacy risk analysis. Please advise if you need anything else on this task or if I can resolve it. Thx!

Please feel free to reopen if needed, but seems like this has been fixed.

Looks like this has been resolved?

Looks good to me WRT Privacy. I think @Reedy also wanted to take a look at this for the appsec side.

The last things I see are:

Sorry for my delayed response here - I wanted to spend time really reviewing the disparate viewpoints and refining my own thoughts on the subject, so thank you for your patience. I appreciate the thoughtful discussion so far. Clearly, we all agree we want to respect the privacy of our users. Consistent with AGF, I think the disagreement here is how best to manifest this respect. Here's my attempt to frame the issue in terms of user expectations, along with my recommendation.

Hi @jcrespo the Security-Team reviewed this table and we're fine with making the data public with the caveat that anything where aft_hide = 1 is removed from the data (in other words, it can be permanently deleted). In most cases that hidden data appears to be spam, but in a few instances it looks like attempts to publish private data (phone number, physical address, etc.). From a review of the extension code it appears that most of the rest of the data was already public while the extension was live, and the UX clearly indicated to users that feedback would be made public. Please advise if you have any further questions/issues related to this table.

@chasemp I've reviewed all of the tasks on the Privacy board now, so you can remove that.