[Labs-l] Labs privacy policy questions
Dan Andreescu
dandreescu at wikimedia.org
Tue Mar 29 14:10:18 UTC 2016
In this specific case, Wikimetrics is really just using OAuth for
authentication. I've been told that's not ideal but the result of that
conversation is usually that it's better than using Google OAuth and that
there's no better way currently. Though I appreciate that it's confusing.
On Wed, Mar 16, 2016 at 10:46 AM, Brad Jorsch (Anomie) <
bjorsch at wikimedia.org> wrote:
> On Tue, Mar 15, 2016 at 9:08 PM, Platonides <platonides at gmail.com> wrote:
>
>> A problem I find with OAuth is that often you don't know at all what it
>> is going to do.
>>
>> So, taking wikimetrics as an example, it says:
>> «In order to complete your request, Wikimetrics Website needs permission
>> to access information on meta.wikimedia.org on your behalf. No changes
>> will be made with your account.»
>>
>> Which information does it access? Your account name? Your watchlist? The
>> checkuser log (supposing you were a CU)?
>>
>
> That particular message is used when it will only be able to get some
> information about your user account: your username, edit count, whether you
> confirmed your email address, whether you're blocked, when your account was
> created, what groups your account is a member of, what user rights are
> available to your account, what grants are available to the OAuth
> application, and (sometimes[1]) your "real name"[2] and email address.
> Since the OAuth application isn't being allowed to use the 'read' right, it
> won't be able to access much of anything else.
>
> If you'd like to suggest improvements to the message, the messages are
> mwoauth-form-description-allwikis-nogrants and
> mwoauth-form-description-onewiki-nogrants. You could reply here with
> suggestions, although it might be easier to track in Phabricator, or you
> could submit a patch yourself with better wording.
>
>
> [1]: It depends if the OAuth consumer was registered as "Authentication
> only, no API access" or "Authentication only with access to real name and
> email address via Special:OAuth/identify, no API access".
> [2]: MediaWiki can have a "Real name" field in Special:Preferences, but
> this is hidden on WMF wikis.
>
> --
> Brad Jorsch (Anomie)
> Senior Software Engineer
> Wikimedia Foundation
>
> _______________________________________________
> Labs-l mailing list
> Labs-l at lists.wikimedia.org
> https://lists.wikimedia.org/mailman/listinfo/labs-l
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.wikimedia.org/pipermail/labs-l/attachments/20160329/bcd14567/attachment.html>
More information about the Labs-l
mailing list