Page MenuHomePhabricator

sguebo_WMF (Samuel Guebo)
Privacy Engineer (Security Team)

Today

  • Clear sailing ahead.

Tomorrow

  • Clear sailing ahead.

Thursday

  • Clear sailing ahead.

User Details

User Since
Aug 10 2018, 4:17 PM (202 w, 3 d)
Availability
Available
LDAP User
Unknown
MediaWiki User
Samuel (WMF) [ Global Accounts ]

Recent Activity

Mar 8 2022

sguebo_WMF changed the visibility for T65598: Privacy issues with Gadget-GoogleTrans.js (calls out to google APIs).
Mar 8 2022, 2:28 PM · Security, Privacy Engineering, WMF-General-or-Unknown, Privacy
sguebo_WMF added a comment to T65598: Privacy issues with Gadget-GoogleTrans.js (calls out to google APIs).

Thank you both.

Mar 8 2022, 2:27 PM · Security, Privacy Engineering, WMF-General-or-Unknown, Privacy

Mar 7 2022

sguebo_WMF added a project to T296847: Third-party resources policy: Security-Team.
Mar 7 2022, 12:54 PM · SecTeam-Processed, Privacy Engineering, tech-decision-forum
sguebo_WMF added a comment to T65598: Privacy issues with Gadget-GoogleTrans.js (calls out to google APIs).

Hey @sbassett and @JFishback_WMF , do you have any strong objections to making this task public? Its content may inform the ongoing discussion around third-party resources in T296847.

Mar 7 2022, 12:01 PM · Security, Privacy Engineering, WMF-General-or-Unknown, Privacy

Mar 4 2022

sguebo_WMF added a comment to T296847: Third-party resources policy.

I'm confused by this problem statement. The Privacy Policy already forbids anything on Wikimedia projects that causes the UA to contact any third-party website, including Toolforge and WMCS, for any purpose (any HTTP header and the client IP are covered by the definition of "Personal information"). So regardless of whether it's executable code, an image, a webfont, JSON/JSONP data, etc. it is currently bright-line forbidden. What, then, would this "clear Wikimedia policy on the use of third-party resources" cover?

Mar 4 2022, 6:50 PM · SecTeam-Processed, Privacy Engineering, tech-decision-forum
sguebo_WMF added a comment to T296847: Third-party resources policy.

We had an RFC open about this for a couple of years, which has some analysis and discussion of legitimate use cases and UX for opt-in: T208188: RFC: Partial opt-out method for Content security policy

Mar 4 2022, 6:08 PM · SecTeam-Processed, Privacy Engineering, tech-decision-forum
sguebo_WMF added a comment to T296847: Third-party resources policy.

My current plan for rollout is as follows:

  • Informal feedback round (in progress)
  • Update policy based on feedback.
  • New more formal feedback round from WMF staff e.g. please respond by X date
  • Update policy based on feedback.
  • A formal round of feedback from the community.
  • We'll update the interface to provide a notice on pages where JS can be added that links to the policy:
<div class="mw-message-box mw-message-box-notice">All code written here is expected to <a href="#">adhere to the gadget policy</a>.</div>

Screen Shot 2022-02-16 at 11.07.18 AM.png (1×2 px, 461 KB)

Mar 4 2022, 6:03 PM · SecTeam-Processed, Privacy Engineering, tech-decision-forum

Feb 16 2022

sguebo_WMF added a comment to T296847: Third-party resources policy.

Following T262493#7584789 I've begun drafting a policy and collating feedback on the talk page:
https://www.mediawiki.org/wiki/User:Jdlrobson/Extension:Gadget/Policy

Perhaps we could combine efforts here?

Feb 16 2022, 3:19 PM · SecTeam-Processed, Privacy Engineering, tech-decision-forum
sguebo_WMF triaged T296847: Third-party resources policy as Medium priority.
Feb 16 2022, 1:05 PM · SecTeam-Processed, Privacy Engineering, tech-decision-forum
sguebo_WMF moved T296847: Third-party resources policy from Backlog to In Progress on the Privacy Engineering board.
Feb 16 2022, 1:05 PM · SecTeam-Processed, Privacy Engineering, tech-decision-forum

Feb 15 2022

sguebo_WMF moved T290493: Cross Origin Resource Sharing Misconfiguration | Lead to sensitive information. in "diff.wikimedia.org" from Waiting to Completed on the Privacy Engineering board.
Feb 15 2022, 6:32 PM · Privacy Engineering, Privacy, Diff-blog, SecTeam-Processed, Security
sguebo_WMF added a comment to T290493: Cross Origin Resource Sharing Misconfiguration | Lead to sensitive information. in "diff.wikimedia.org".

As noted above, WordPress-powered websites such as Diff are used by the Foundation for public-facing initiatives. For instance, blog posts published on Diff feature names of their authors, and in most cases their titles within the organization. Although, the REST API allows people to retrieve the list of user accounts of the website, it generates list of already-public users, in JSON format that'll need to be parsed/processed. Therefore, the API is not disclosing any information that was not already private, nor is it increasing the visibility of information that was already public by making it easier to retrieve.

Feb 15 2022, 6:32 PM · Privacy Engineering, Privacy, Diff-blog, SecTeam-Processed, Security

Dec 8 2021

sguebo_WMF moved T292594: It is possible to construct a list of all globally suppressed users from In Progress to Completed on the Privacy Engineering board.
Dec 8 2021, 5:56 PM · Security-Team, SecTeam-Processed, cloud-services-team (Kanban), Privacy, Privacy Engineering, Stewards-and-global-tools, Data-Services, Vuln-Infoleak, Security

Dec 6 2021

sguebo_WMF moved T296847: Third-party resources policy from Incoming to Backlog on the Privacy Engineering board.
Dec 6 2021, 1:04 PM · SecTeam-Processed, Privacy Engineering, tech-decision-forum

Dec 2 2021

sguebo_WMF updated the task description for T296847: Third-party resources policy.
Dec 2 2021, 10:09 AM · SecTeam-Processed, Privacy Engineering, tech-decision-forum

Dec 1 2021

sguebo_WMF created T296847: Third-party resources policy.
Dec 1 2021, 2:17 PM · SecTeam-Processed, Privacy Engineering, tech-decision-forum

Oct 29 2021

sguebo_WMF moved T293583: [mwcli] reporting on usage from In Progress to Completed on the Privacy Engineering board.
Oct 29 2021, 12:26 PM · Patch-For-Review, Privacy Engineering, Privacy, mwcli
sguebo_WMF added a comment to T293583: [mwcli] reporting on usage.

Hey @Addshore, on the behalf of Security-Team, I reviewed the privacy risks inherent to the proposed usage reporting feature for mwcli. I’ll share my conclusions below.

Oct 29 2021, 12:23 PM · Patch-For-Review, Privacy Engineering, Privacy, mwcli

Oct 26 2021

sguebo_WMF added a comment to T284944: Increased visibility in wiki-replicas for volunteers fighting vandals.

@sguebo_WMF Is this data visible on the wikis?

Oct 26 2021, 6:46 PM · Data-Engineering, cloud-services-team (Kanban), Privacy Engineering, Data-Services
sguebo_WMF moved T293583: [mwcli] reporting on usage from Backlog to In Progress on the Privacy Engineering board.
Oct 26 2021, 3:15 PM · Patch-For-Review, Privacy Engineering, Privacy, mwcli
sguebo_WMF added a comment to T293583: [mwcli] reporting on usage.

For example after a user has gone through a whole setup and played around with the environment a bit we might get something like this (at the highest detail level planned) from the next time the mwcli attempts to send data back.

  • 4x docker mediawiki create
  • 2x docker mysql create
  • 2x docker mediawiki install --dbtype=mysql --dbname=default
  • 2x docker mediawiki install --dbtype=sqlite1 --dbname=CUSTOM
  • 22x docker mediawiki exec
  • 4x codesearch search --output=ack
  • 1x codesearch search --output=table
Oct 26 2021, 3:15 PM · Patch-For-Review, Privacy Engineering, Privacy, mwcli

Oct 25 2021

sguebo_WMF awarded Blog Post: How we deploy code a Orange Medal token.
Oct 25 2021, 4:55 PM
sguebo_WMF updated subscribers of T293811: Clarify whether CUs should share non-public information with external services.
Oct 25 2021, 4:37 PM · Privacy Engineering
sguebo_WMF triaged T293583: [mwcli] reporting on usage as Medium priority.
Oct 25 2021, 4:08 PM · Patch-For-Review, Privacy Engineering, Privacy, mwcli
sguebo_WMF added a comment to T293583: [mwcli] reporting on usage.

Hey @Addshore -- thanks for bringing that to the Privacy Engineering team's attention. My understanding is that the metric tool would work as below:

Oct 25 2021, 4:07 PM · Patch-For-Review, Privacy Engineering, Privacy, mwcli
sguebo_WMF moved T293583: [mwcli] reporting on usage from Incoming to Backlog on the Privacy Engineering board.
Oct 25 2021, 3:51 PM · Patch-For-Review, Privacy Engineering, Privacy, mwcli
sguebo_WMF moved T293811: Clarify whether CUs should share non-public information with external services from Incoming to Waiting on the Privacy Engineering board.
Oct 25 2021, 3:51 PM · Privacy Engineering

Oct 21 2021

sguebo_WMF moved T292594: It is possible to construct a list of all globally suppressed users from Backlog to In Progress on the Privacy Engineering board.
Oct 21 2021, 5:14 PM · Security-Team, SecTeam-Processed, cloud-services-team (Kanban), Privacy, Privacy Engineering, Stewards-and-global-tools, Data-Services, Vuln-Infoleak, Security
sguebo_WMF added a comment to T292594: It is possible to construct a list of all globally suppressed users.
localuser:
  source:
    - localuser
    - globaluser
  view: >
    select lu_wiki, lu_name, lu_attached_timestamp, lu_attached_method, lu_local_id, lu_global_id
  where: lu_global_id = gu_id AND gu_hidden=''
Oct 21 2021, 4:28 PM · Security-Team, SecTeam-Processed, cloud-services-team (Kanban), Privacy, Privacy Engineering, Stewards-and-global-tools, Data-Services, Vuln-Infoleak, Security

Oct 20 2021

sguebo_WMF added a comment to T293811: Clarify whether CUs should share non-public information with external services.

Noted, thanks for the additional context @GeneralNotability. The description was updated accordingly.

Oct 20 2021, 5:14 PM · Privacy Engineering
sguebo_WMF updated the task description for T293811: Clarify whether CUs should share non-public information with external services.
Oct 20 2021, 5:14 PM · Privacy Engineering

Oct 19 2021

sguebo_WMF updated subscribers of T292594: It is possible to construct a list of all globally suppressed users.
Oct 19 2021, 4:47 PM · Security-Team, SecTeam-Processed, cloud-services-team (Kanban), Privacy, Privacy Engineering, Stewards-and-global-tools, Data-Services, Vuln-Infoleak, Security
sguebo_WMF updated subscribers of T293811: Clarify whether CUs should share non-public information with external services.

Hey @GeneralNotability and @Urbanecm. As mentioned earlier, your question will be brought to WMF-Legal's attention. Feel free to rename it or adjust the description if I missed some aspects.

Oct 19 2021, 4:35 PM · Privacy Engineering
sguebo_WMF created T293811: Clarify whether CUs should share non-public information with external services.
Oct 19 2021, 4:32 PM · Privacy Engineering

Oct 18 2021

sguebo_WMF moved T292594: It is possible to construct a list of all globally suppressed users from Incoming to Backlog on the Privacy Engineering board.
Oct 18 2021, 3:43 PM · Security-Team, SecTeam-Processed, cloud-services-team (Kanban), Privacy, Privacy Engineering, Stewards-and-global-tools, Data-Services, Vuln-Infoleak, Security
sguebo_WMF moved T293379: [[:w:en:User:Firefly/checkuseragenthelper.js]] sends CU user-agents to a third party from Incoming to Backlog on the Privacy Engineering board.
Oct 18 2021, 3:43 PM · Security-Team, User-Urbanecm, SecTeam-Processed, Trust-and-Safety, Privacy, Privacy Engineering, Security

Oct 8 2021

sguebo_WMF added a comment to T65598: Privacy issues with Gadget-GoogleTrans.js (calls out to google APIs).

Something more robust would be needed if this is to become any sort of wikimedia, or WMF-wide standard. A longer-term fix would be to integrate such indications in to the software, but development on Gadgets 2.0 has been stalled for a LONG time.

That being said, I don't think "PRIVACY" is very useful there alone - from a UX perspective that seems confusing, did you notice there is already a lengthy hover text on the "E"xternal indicator? It looks like this:

image.png (61×639 px, 5 KB)

Also keep in mind, there are actually much larger risks then "privacy" when loading third party scripts, such as account hijacking - surreptitious action making, etc.

Oct 8 2021, 2:56 PM · Security, Privacy Engineering, WMF-General-or-Unknown, Privacy

Oct 1 2021

sguebo_WMF moved T290099: Create a "delete me" maintenance script for special user/data deletion requests from In Progress to Completed on the Privacy Engineering board.
Oct 1 2021, 4:10 PM · MW-1.38-notes (1.38.0-wmf.2; 2021-09-28), User-RhinosF1, Security-Team, Privacy Engineering, Privacy, Security

Sep 20 2021

sguebo_WMF added a comment to T291094: Add "Samuel (WMF)" account to Security Team group in gitlab.wikimedia.org.

Thanks for handling that, @thcipriani

Sep 20 2021, 3:33 PM · SecTeam-Processed, Privacy Engineering, Release-Engineering-Team (Doing), Security-Team, GitLab

Sep 17 2021

sguebo_WMF moved T289952: Request: expose database tables of the Translate extension to users in replicas on Toolforge (Wikidata, or all Wikis) from In Progress to Completed on the Privacy Engineering board.
Sep 17 2021, 8:17 PM · Language-Team (Language-2021-October-December), Privacy Engineering, SecTeam-Processed, cloud-services-team (Kanban), Data-Services
sguebo_WMF added a comment to T289952: Request: expose database tables of the Translate extension to users in replicas on Toolforge (Wikidata, or all Wikis).

On the behalf of Security-Team, I reviewed the privacy risks that exposing Translation extension’s tables in replicas may bring about. I’ll share my conclusions below.

Sep 17 2021, 8:17 PM · Language-Team (Language-2021-October-December), Privacy Engineering, SecTeam-Processed, cloud-services-team (Kanban), Data-Services
sguebo_WMF added a comment to T289952: Request: expose database tables of the Translate extension to users in replicas on Toolforge (Wikidata, or all Wikis).

Hey @Nikerabbit and thanks for providing some background on these tables.

You mentioned that translate_messageindex should not be exposed because it contains some internal tracking information. I pulled up an excerpt from that table but I think I would need some help in understanding where you see an issue.

wikiadmin@10.64.16.207(wikidatawiki)> select * from translate_messageindex limit 1\G

*************************** 1. row ***************************
tmi_key: <redacted integer>:help:About_data/1
tmi_value: page-Help:About data|agg-Help

Could you please explain to me why you think this index information is concerning?
That may help me better grasp any security or privacy risk inherent to this specific table.

Sep 17 2021, 8:14 PM · Language-Team (Language-2021-October-December), Privacy Engineering, SecTeam-Processed, cloud-services-team (Kanban), Data-Services

Sep 16 2021

sguebo_WMF moved T291094: Add "Samuel (WMF)" account to Security Team group in gitlab.wikimedia.org from Incoming to Waiting on the Privacy Engineering board.
Sep 16 2021, 3:01 PM · SecTeam-Processed, Privacy Engineering, Release-Engineering-Team (Doing), Security-Team, GitLab
sguebo_WMF added a project to T291094: Add "Samuel (WMF)" account to Security Team group in gitlab.wikimedia.org: Privacy Engineering.
Sep 16 2021, 3:01 PM · SecTeam-Processed, Privacy Engineering, Release-Engineering-Team (Doing), Security-Team, GitLab
sguebo_WMF added a comment to T289952: Request: expose database tables of the Translate extension to users in replicas on Toolforge (Wikidata, or all Wikis).

Hey @Nikerabbit and thanks for providing some background on these tables.

Sep 16 2021, 2:56 PM · Language-Team (Language-2021-October-December), Privacy Engineering, SecTeam-Processed, cloud-services-team (Kanban), Data-Services
sguebo_WMF moved T290099: Create a "delete me" maintenance script for special user/data deletion requests from Backlog to In Progress on the Privacy Engineering board.
Sep 16 2021, 2:18 PM · MW-1.38-notes (1.38.0-wmf.2; 2021-09-28), User-RhinosF1, Security-Team, Privacy Engineering, Privacy, Security
sguebo_WMF moved T289952: Request: expose database tables of the Translate extension to users in replicas on Toolforge (Wikidata, or all Wikis) from Backlog to In Progress on the Privacy Engineering board.
Sep 16 2021, 2:18 PM · Language-Team (Language-2021-October-December), Privacy Engineering, SecTeam-Processed, cloud-services-team (Kanban), Data-Services

Sep 15 2021

sguebo_WMF updated subscribers of T65598: Privacy issues with Gadget-GoogleTrans.js (calls out to google APIs).
Sep 15 2021, 7:20 PM · Security, Privacy Engineering, WMF-General-or-Unknown, Privacy
sguebo_WMF created T291094: Add "Samuel (WMF)" account to Security Team group in gitlab.wikimedia.org.
Sep 15 2021, 4:20 PM · SecTeam-Processed, Privacy Engineering, Release-Engineering-Team (Doing), Security-Team, GitLab

Sep 13 2021

sguebo_WMF awarded T290099: Create a "delete me" maintenance script for special user/data deletion requests a Love token.
Sep 13 2021, 5:06 PM · MW-1.38-notes (1.38.0-wmf.2; 2021-09-28), User-RhinosF1, Security-Team, Privacy Engineering, Privacy, Security

Sep 10 2021

sguebo_WMF moved T195578: Deploy access to performance_schema/sys for the administrative mediawiki account (mediawiki deployers) from Backlog to Completed on the Privacy Engineering board.
Sep 10 2021, 6:36 PM · WMF-Legal, Privacy Engineering, Security, SecTeam Discussion, Performance Issue, DBA

Sep 9 2021

sguebo_WMF added a comment to T195578: Deploy access to performance_schema/sys for the administrative mediawiki account (mediawiki deployers).

Thank you for your answer. I have now wrapped the privacy review and would like to share the conclusion. The analysis focused on the sys database of db2083 server, which as of writing, contains 88 tables, encompassing performance statistics.

Sep 9 2021, 4:30 PM · WMF-Legal, Privacy Engineering, Security, SecTeam Discussion, Performance Issue, DBA
sguebo_WMF added a comment to T195578: Deploy access to performance_schema/sys for the administrative mediawiki account (mediawiki deployers).

@sguebo_WMF thanks a lot for starting to take a look into this.
sys schema has lots of view (this is the documentation about them: https://dev.mysql.com/doc/refman/5.7/en/sys-schema-views.html) to be honest, I am not fully sure which ones could leak private information.

If this is helpful in trying to identify what can be potentially private, this is an output of one row per table, in case something rings a bell and you want to explore the table further:

Thanks for pasting the output of sys’ tables, @Marostegui. That’s really helpful. As I am wrapping up my analysis, I’d like to ask a quick question just to make sure that I understand things correctly. The host_summary table seems to contain IP addresses in the 10.192.** range. Judging by the range, my understanding is that these IPs are from Wikimedia load balancer and not from the end user. Is my understanding accurate?

Sep 9 2021, 1:40 PM · WMF-Legal, Privacy Engineering, Security, SecTeam Discussion, Performance Issue, DBA

Sep 3 2021

sguebo_WMF added a comment to T279952: event.WikipediaPortal referer modification.

@sguebo_WMF & @EYener, we discussed this task and will go ahead and implement this feature.
However, as it is something not trivial, we won't be able to do it this quarter.
We're aiming to tackle it next quarter.

Sep 3 2021, 9:09 PM · Data-Engineering, Privacy Engineering, FR-Tech-Analytics
sguebo_WMF added a comment to T195578: Deploy access to performance_schema/sys for the administrative mediawiki account (mediawiki deployers).

That would be great. There is no real rush, I've just been reviewing blocked tasks that have been silent for a while.

Sep 3 2021, 8:45 PM · WMF-Legal, Privacy Engineering, Security, SecTeam Discussion, Performance Issue, DBA
sguebo_WMF added a comment to T290099: Create a "delete me" maintenance script for special user/data deletion requests.

Note: Miraheze has the RemovePII mediawiki extension for compliance with RTBF. There might be bits you can steal.

Interesting - https://github.com/miraheze/RemovePII does indeed look like it could maybe get us part of the way there.

Sep 3 2021, 7:37 PM · MW-1.38-notes (1.38.0-wmf.2; 2021-09-28), User-RhinosF1, Security-Team, Privacy Engineering, Privacy, Security

Aug 30 2021

sguebo_WMF awarded T279952: event.WikipediaPortal referer modification a Like token.
Aug 30 2021, 3:02 PM · Data-Engineering, Privacy Engineering, FR-Tech-Analytics

Aug 27 2021

sguebo_WMF added a comment to T279952: event.WikipediaPortal referer modification.

Hey @mforns, that confusion is totally understandable so not worries at all. The good thing is that I have now updated my title in Phabricator.

Aug 27 2021, 9:22 PM · Data-Engineering, Privacy Engineering, FR-Tech-Analytics
sguebo_WMF updated sguebo_WMF.
Aug 27 2021, 9:19 PM
sguebo_WMF updated sguebo_WMF.
Aug 27 2021, 9:18 PM
sguebo_WMF updated sguebo_WMF.
Aug 27 2021, 9:17 PM

Aug 24 2021

sguebo_WMF moved T279952: event.WikipediaPortal referer modification from Backlog to Completed on the Privacy Engineering board.
Aug 24 2021, 6:56 PM · Data-Engineering, Privacy Engineering, FR-Tech-Analytics
sguebo_WMF added a comment to T279952: event.WikipediaPortal referer modification.

A couple comments.

  1. The other day, talking with the team, we thought we Analytics could take this task, as sanitizing a full URL by applying a mask, could be useful to other data sets. This is something we could do, I created a task for it: T281144.
  1. On the other hand, I thought that, even if we purge the URL and only leave the hostname, that could still hold privacy sensitive information, that could indicate user's preferences or interests or specific situation. I think we should ask the Security/Privacy team about this. Pinging @JFishback_WMF, what do you think?
Aug 24 2021, 6:50 PM · Data-Engineering, Privacy Engineering, FR-Tech-Analytics

Aug 16 2021

sguebo_WMF added a comment to T284941: [S] Add note explaining that EXIF geolocation metadata may be uploaded with Commons images.

Hi @sguebo_WMF! Do you have suggestions about what language we should use to inform users that information about them will be collected via the EXIF data and made public? Or do you suggest we reach out to legal?

Aug 16 2021, 2:53 PM · QTE-TestingOverview, MW-1.38-notes (1.38.0-wmf.9; 2021-11-16), Commons, Structured-Data-Backlog (Current Work), cloud-services-team (Kanban), Privacy Engineering

Aug 6 2021

sguebo_WMF moved T284944: Increased visibility in wiki-replicas for volunteers fighting vandals from In Progress to Completed on the Privacy Engineering board.
Aug 6 2021, 5:56 PM · Data-Engineering, cloud-services-team (Kanban), Privacy Engineering, Data-Services
sguebo_WMF added a parent task for T284944: Increased visibility in wiki-replicas for volunteers fighting vandals: Unknown Object (Task).
Aug 6 2021, 5:54 PM · Data-Engineering, cloud-services-team (Kanban), Privacy Engineering, Data-Services
sguebo_WMF moved T284948: Raw IPs of logged-out users disclosed in wiki-replicas from In Progress to Watching on the Privacy Engineering board.
Aug 6 2021, 5:53 PM · Data-Engineering, cloud-services-team (Kanban), Privacy Engineering, Data-Services
sguebo_WMF added a parent task for T284943: User genders publicly disclosed in wiki-replicas global_preferences and user_properties tables: Unknown Object (Task).
Aug 6 2021, 5:50 PM · Privacy Engineering, Data-Services, cloud-services-team (Kanban)
sguebo_WMF added a parent task for T284941: [S] Add note explaining that EXIF geolocation metadata may be uploaded with Commons images: Unknown Object (Task).
Aug 6 2021, 5:49 PM · QTE-TestingOverview, MW-1.38-notes (1.38.0-wmf.9; 2021-11-16), Commons, Structured-Data-Backlog (Current Work), cloud-services-team (Kanban), Privacy Engineering
sguebo_WMF added a parent task for T284944: Increased visibility in wiki-replicas for volunteers fighting vandals: Unknown Object (Task).
Aug 6 2021, 5:49 PM · Data-Engineering, cloud-services-team (Kanban), Privacy Engineering, Data-Services
sguebo_WMF added a parent task for T284948: Raw IPs of logged-out users disclosed in wiki-replicas: Unknown Object (Task).
Aug 6 2021, 5:49 PM · Data-Engineering, cloud-services-team (Kanban), Privacy Engineering, Data-Services
sguebo_WMF updated the task description for T284948: Raw IPs of logged-out users disclosed in wiki-replicas.
Aug 6 2021, 5:48 PM · Data-Engineering, cloud-services-team (Kanban), Privacy Engineering, Data-Services
sguebo_WMF added a comment to T284948: Raw IPs of logged-out users disclosed in wiki-replicas.

I used replica databases to evaluate wide anon-only range blocks applied to certain ISP(s), and for those tasks, having raw IP of (logged out) users is certainly beneficial.

Aug 6 2021, 5:44 PM · Data-Engineering, cloud-services-team (Kanban), Privacy Engineering, Data-Services
sguebo_WMF updated subscribers of T284941: [S] Add note explaining that EXIF geolocation metadata may be uploaded with Commons images.

Hi @Seddon, I am adding this task to the Structured Data board and pinging you here, following the above discussion about some privacy concerns related to the Upload Wizard.

Aug 6 2021, 4:34 PM · QTE-TestingOverview, MW-1.38-notes (1.38.0-wmf.9; 2021-11-16), Commons, Structured-Data-Backlog (Current Work), cloud-services-team (Kanban), Privacy Engineering
sguebo_WMF moved T284941: [S] Add note explaining that EXIF geolocation metadata may be uploaded with Commons images from In Progress to Completed on the Privacy Engineering board.
Aug 6 2021, 4:34 PM · QTE-TestingOverview, MW-1.38-notes (1.38.0-wmf.9; 2021-11-16), Commons, Structured-Data-Backlog (Current Work), cloud-services-team (Kanban), Privacy Engineering
sguebo_WMF added a project to T284941: [S] Add note explaining that EXIF geolocation metadata may be uploaded with Commons images: Structured-Data-Backlog.
Aug 6 2021, 4:33 PM · QTE-TestingOverview, MW-1.38-notes (1.38.0-wmf.9; 2021-11-16), Commons, Structured-Data-Backlog (Current Work), cloud-services-team (Kanban), Privacy Engineering
sguebo_WMF added a comment to T284941: [S] Add note explaining that EXIF geolocation metadata may be uploaded with Commons images.

Thanks for the useful information, @Aklapper and @bd808.

Aug 6 2021, 3:59 PM · QTE-TestingOverview, MW-1.38-notes (1.38.0-wmf.9; 2021-11-16), Commons, Structured-Data-Backlog (Current Work), cloud-services-team (Kanban), Privacy Engineering
sguebo_WMF closed T284943: User genders publicly disclosed in wiki-replicas global_preferences and user_properties tables as Declined.
Aug 6 2021, 3:25 PM · Privacy Engineering, Data-Services, cloud-services-team (Kanban)
sguebo_WMF moved T284943: User genders publicly disclosed in wiki-replicas global_preferences and user_properties tables from In Progress to Completed on the Privacy Engineering board.
Aug 6 2021, 3:24 PM · Privacy Engineering, Data-Services, cloud-services-team (Kanban)

Jul 29 2021

sguebo_WMF added a comment to T284941: [S] Add note explaining that EXIF geolocation metadata may be uploaded with Commons images.

Hey @nskaggs and @bd808,

Jul 29 2021, 9:12 PM · QTE-TestingOverview, MW-1.38-notes (1.38.0-wmf.9; 2021-11-16), Commons, Structured-Data-Backlog (Current Work), cloud-services-team (Kanban), Privacy Engineering

Jul 27 2021

sguebo_WMF added a comment to T284943: User genders publicly disclosed in wiki-replicas global_preferences and user_properties tables.

I agree that the privacy harm is considerably lowered by the fact that users are made aware that their gender information will be made public if they choose to disclose it. Since it is my understanding that we’re comfortable moving on with that low level of privacy risk, I don't see any issue with declining the ticket.

Jul 27 2021, 5:05 PM · Privacy Engineering, Data-Services, cloud-services-team (Kanban)

Jun 25 2021

sguebo_WMF added a comment to T284943: User genders publicly disclosed in wiki-replicas global_preferences and user_properties tables.

@sguebo_WMF Is this a modification of the approval given in T150679: Some Labs DB user_properties view fields are sensitive to expose that preference?

Jun 25 2021, 7:09 PM · Privacy Engineering, Data-Services, cloud-services-team (Kanban)
sguebo_WMF added a comment to T284941: [S] Add note explaining that EXIF geolocation metadata may be uploaded with Commons images.

For context, the privacy engineering audit regarding the wiki-replicas is part of a body of work that is being done internally by the Security team. But I concur that a parent public ticket would have made sense too. I’ll keep that in mind moving forward.

Jun 25 2021, 6:55 AM · QTE-TestingOverview, MW-1.38-notes (1.38.0-wmf.9; 2021-11-16), Commons, Structured-Data-Backlog (Current Work), cloud-services-team (Kanban), Privacy Engineering

Jun 14 2021

sguebo_WMF created T284948: Raw IPs of logged-out users disclosed in wiki-replicas.
Jun 14 2021, 5:43 PM · Data-Engineering, cloud-services-team (Kanban), Privacy Engineering, Data-Services
sguebo_WMF created T284944: Increased visibility in wiki-replicas for volunteers fighting vandals.
Jun 14 2021, 5:26 PM · Data-Engineering, cloud-services-team (Kanban), Privacy Engineering, Data-Services
sguebo_WMF created T284943: User genders publicly disclosed in wiki-replicas global_preferences and user_properties tables.
Jun 14 2021, 5:19 PM · Privacy Engineering, Data-Services, cloud-services-team (Kanban)
sguebo_WMF created T284941: [S] Add note explaining that EXIF geolocation metadata may be uploaded with Commons images.
Jun 14 2021, 5:11 PM · QTE-TestingOverview, MW-1.38-notes (1.38.0-wmf.9; 2021-11-16), Commons, Structured-Data-Backlog (Current Work), cloud-services-team (Kanban), Privacy Engineering

May 12 2021

sguebo_WMF added a comment to T259421: WordPress blogs load (unused) Twemoji.js which uses third-party service.

I had the chance to sync directly with @Varnent who's in charge of those platforms, and I surfaced the solutions proposed above. So far, applying the CSP change at the Nginx server level on WordPress VIP does not seem to be an option. Instead, disabling Twemoji.js through a WordPress plugin would be the applicable solution. The Security-Team is supportive of this approach, which was suggested earlier in this thread and has already been used on the techblog (Cf: 4447d8f).

May 12 2021, 4:55 PM · Diff-blog, Privacy, Privacy Engineering, Technical blog, wikimediafoundation.org

May 4 2021

sguebo_WMF closed T279140: Prototyping a vulnerability management dashboard as Resolved.
May 4 2021, 5:38 PM · SecTeam-Processed, Security-Team, Security
sguebo_WMF updated the task description for T279140: Prototyping a vulnerability management dashboard.
May 4 2021, 5:37 PM · SecTeam-Processed, Security-Team, Security

Apr 30 2021

sguebo_WMF added a comment to T65598: Privacy issues with Gadget-GoogleTrans.js (calls out to google APIs).

Thank you again for the mockup. I had the chance to surface it to WMF-Legal and I'd like to ask something. Is it possible to make the privacy indicator a bit more obvious? A few ideas to consider would be either giving the indicator a distinct color, or making its size larger, or putting them in bold, or using "(Privacy)" instead of the "(E)" indicator. Kindly let me know what's feasible or not.

Apr 30 2021, 1:14 PM · Security, Privacy Engineering, WMF-General-or-Unknown, Privacy

Apr 26 2021

sguebo_WMF added a comment to T275754: Fix (non-default) gadgets loading executable JavaScript from third-party URLs.

Thanks for the ping. I have added a sentence to reflect the concern on the gadget description for zhwikinews where I am a sysop.

Indeed, @Xiplus , do you find it feasible if we move your script to the wiki so that the concern could be eliminated?

Apr 26 2021, 5:26 PM · WMF-General-or-Unknown, Privacy, Privacy Engineering
sguebo_WMF updated the task description for T275754: Fix (non-default) gadgets loading executable JavaScript from third-party URLs.
Apr 26 2021, 5:06 PM · WMF-General-or-Unknown, Privacy, Privacy Engineering

Apr 23 2021

sguebo_WMF added a comment to T275754: Fix (non-default) gadgets loading executable JavaScript from third-party URLs.

The Foundation’s Privacy Policy mentions the commitment of “never selling [user] information or sharing it with third parties for marketing purposes” and “[...]only sharing [user ]information in limited circumstances, such as to improve the Wikimedia Sites, to comply with the law, or to protect you and others.” In principle, gadgets that share user information with third parties do so in violation of this policy. However, it is worth noting that some of these scripts are used by thousands of contributors. Therefore, I think there should be a short-term and a long-term approach to tackling this issue.

Apr 23 2021, 3:59 PM · WMF-General-or-Unknown, Privacy, Privacy Engineering
sguebo_WMF added a comment to T65598: Privacy issues with Gadget-GoogleTrans.js (calls out to google APIs).

Mock up:

image.png (470×700 px, 28 KB)

Hey @Xaosflux ,
Thanks for producing the mockup. I'll run this by WMF-Legal and revert back to you.

Apr 23 2021, 11:15 AM · Security, Privacy Engineering, WMF-General-or-Unknown, Privacy

Apr 19 2021

sguebo_WMF added a comment to T275754: Fix (non-default) gadgets loading executable JavaScript from third-party URLs.

I would be grateful if you clarify what you are requesting/ expecting. Are you suggesting that those gadgets be taken down or that their authors be required to draft an on-wiki heads-up, for instance on the widget's talk page? Or is it totally something else you're asking for?

Apr 19 2021, 12:21 PM · WMF-General-or-Unknown, Privacy, Privacy Engineering

Apr 15 2021

sguebo_WMF added a comment to T259421: WordPress blogs load (unused) Twemoji.js which uses third-party service.

Since the WordPress blogs have none of the MW legacy, I suppose it'd make sense to set the CSP rules at the server-level for the blogs, not from within PHP.

I'm not sure if we have access to nginx config settings at Auttomatic, but that would be the best approach, sure. I was more implying that we could copy the current Wikimedia prod CSP as a starting point and tighten it as appropriate for the various WP sites referenced within this task.

Apr 15 2021, 4:29 PM · Diff-blog, Privacy, Privacy Engineering, Technical blog, wikimediafoundation.org

Apr 9 2021

sguebo_WMF added a comment to T279690: Enable risk rating field in Phabricator's task form.

Originally I was interested in having the risk rating field being added to New Task. However, while looking at the tickets your referenced, I could see that the Security Type Advanced form (73) already has the Security rating field, although it seems to be locked at the moment.

Apr 9 2021, 6:02 PM · Phabricator, Security-Team

Apr 8 2021

sbassett awarded T279690: Enable risk rating field in Phabricator's task form a Like token.
Apr 8 2021, 4:34 PM · Phabricator, Security-Team
sguebo_WMF updated the task description for T279140: Prototyping a vulnerability management dashboard.
Apr 8 2021, 4:33 PM · SecTeam-Processed, Security-Team, Security