Phabricator Spaces are policy containers for groups of objects or, in plain English, areas where just some users with the appropriate permissions can access and work. Think for instance about spaces for Security, Procurement, Fundraising, Legal... accessed only by the members of those teams and optionally special guests. The full specifications are described in https://secure.phabricator.com/T3820#116875
The Phabricator maintainers expect to have a first version of Spaces ready by the end of June 2015, probably to be fine tuned during July after the first users report feedback.
Once this feature is implemented, the request of a new space should be a simple process, and could be possibly be handled by the #Project-Creators process to request a new project. AffCom, Community Liaisons, and Fundraising Tech are the first cases that come to mind, and it is clear that these teams handle some private information combined with their public activities.
The implementation of Spaces might imply the deprecation of the Security extension that we are running locally in Wikimedia Phabricator, which currently allows the handling of security bugs and special requests to Operations. To be discussed.
The #Engineering-Community team is driving this initiative in Wikimedia's side. We are pooling a budget in the Community Engagement department to fund this development.
=== Old description ===
Marking this task as Stalled. We need some months of real use of Phabricator, including private tasks, before even defining a plan for easy to use private projects that can scale. For now Phabricator is only for public projects that eventually have private tasks (for security reasons, etc). Until further notice, full private projects can stay in Trello, Asana, Google Drive, your mailbox, etc.
There are teams dealing with sensitive information that need to work with private tasks. Their theoretical options are:
Request a special security policy for their tasks, which will imply a new entry in the Security dropdown menu. Just like the Security team now or the Operations team as soon as RT is migrated, they will need to work privately in a fully open context. They will be responsible of maintaining the list of project members with access to the private tasks, and also who else can access to the tasks via CC. The Wikimedia Phabricator maintainers will not be responsible of any accidental leaks due to human errors messing with policies or users.
Note that we don't have any process to address a request like this. If a team steps in, we will need to discuss the proposal from scratch.
Wait until upstream implements [[ https://secure.phabricator.com/T3820 | Spaces ]]. Then you will be able to request an own namespace with default private policies fitting your needs. You will manage who can access to these namespaces and you will be able to create your projects within that namespace.