"I don't need to have the emails but what if somebody w/o account at WP would like to use this?"
They can create an account?
Tools should serve Wikimedia users, personally I don't see an account as undue burden on them.
"Well, username is *also* a private information according the page MarcoAurelio linked, so I would need to solve it anyway."
I assume any implementation of this tool will need some form of "account creation" and the terms will be necessary, but I do see list of users signed up to the tool as not nearly as sensitive as a list of email addresses associated with Wikimedia users.
Cheers,
Chico Venancio Cloud Services Technical Support
Em 10 de fev de 2018 09:40, "Martin Urbanec" martin.urbanec@wikimedia.cz escreveu:
Well, username is *also* a private information according the page MarcoAurelio linked, so I would need to solve it anyway. I don't need to have the emails but what if somebody w/o account at WP would like to use this?
M.
so 10. 2. 2018 v 13:37 odesílatel Francisco Venancio < fvenancio@wikimedia.org> napsal:
Martin, Do you need the users' emails or sending them email messages enough?
MediaWiki api could be used to send emails to users that have email set in their preference.
See https://www.mediawiki.org/wiki/API:Emailuser
Chico Venancio Cloud Services Technical Support
Em 10 de fev de 2018 09:27, "Martin Urbanec" martin.urbanec@wikimedia.cz escreveu:
so 10. 2. 2018 v 13:23 odesílatel Guilherme Gonçalves < guilherme.p.gonc@gmail.com> napsal:
Hi Martin,
I'm not authoritative on PII policies at all, but here's a couple of things that came to mind as I read your question.
2018-02-10 11:26 GMT+00:00 Martin Urbanec martin.urbanec@wikimedia.cz:
To prevent this tool from spamming I of course require its confirmation by accessing an URL with a random string (MD5 hash of user's email *and* random number from 1 to 100; I mean, those two things are in one hash).
Does this mean the URL for a given email address can be guessed in at most 100 attempts by someone who doesn't control the address? I think you'd typically want to draw your random numbers from a much larger range, or use as token something that was encrypted or signed with a secret only your server knows. It would probably also make sense to make your URLs valid for only a certain time.
*1000, but increased to 10 000 000, which should be big enough. I also can use more qualit hash than MD5 which will slow it down even more.
However...
Should I stop with collecting mails at all and use some WMF-maintained service for mass-emailing (mailman at lists.wikimedia.org maybe?) and make the tool to just send an email to the list itself?
If creating a single mailing list is an option (for instance, you don't plan on customizing the emails per user), this seems like a very good way to go.
It is, this just was the easiest way for me when I was writing the tool.
This question came to my mind before creating, so I do appologize for asking after programming.
Best regards, Martin Urbanec -- Můj kalendář najdete na https://martin.urbanec.cz/calendar.html
Wikimedia Cloud Services mailing list Cloud@lists.wikimedia.org (formerly labs-l@lists.wikimedia.org) https://lists.wikimedia.org/mailman/listinfo/cloud
-- Guilherme P. Gonçalves _______________________________________________ Wikimedia Cloud Services mailing list Cloud@lists.wikimedia.org (formerly labs-l@lists.wikimedia.org) https://lists.wikimedia.org/mailman/listinfo/cloud
-- Můj kalendář najdete na https://martin.urbanec.cz/calendar.html
Wikimedia Cloud Services mailing list Cloud@lists.wikimedia.org (formerly labs-l@lists.wikimedia.org) https://lists.wikimedia.org/mailman/listinfo/cloud
Wikimedia Cloud Services mailing list Cloud@lists.wikimedia.org (formerly labs-l@lists.wikimedia.org) https://lists.wikimedia.org/mailman/listinfo/cloud
-- Můj kalendář najdete na https://martin.urbanec.cz/calendar.html
Wikimedia Cloud Services mailing list Cloud@lists.wikimedia.org (formerly labs-l@lists.wikimedia.org) https://lists.wikimedia.org/mailman/listinfo/cloud