<div dir="ltr"><div><div><span style="color:rgb(0,0,0)">Hi Andrew,<br><br>Does "</span><span class="im"><span style="color:rgb(0,0,0)">username/password combination for accounts created in
Labs services" refer to service-specific Labs passwords rather than Wikimedia login credentials?<br><br></span></span></div><span class="im"><span style="color:rgb(0,0,0)">I'm deeply uncomfortable with the idea that someone who logs into a Labs account could have their IP made public, and it also seems to me that any Labs tool owners who capture the IPs of tool users should be required to pass a similar level of scrutiny as is applied to Checkusers. Is this something that I should bring up with James Alexander and/or Michelle Paulson?<br><br></span></span></div><span class="im"><span style="color:rgb(0,0,0)">Pine</span></span><span class="im"><span style="color:rgb(0,0,0)"></span></span><br><div><span class="im"><span style="color:rgb(0,0,0)"></span></span><span class="im"><span style="color:rgb(0,0,0)"></span></span><div><span class="im"><br></span></div></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Mar 7, 2016 at 9:25 PM, Andrew Bogott <span dir="ltr"><<a href="mailto:abogott@wikimedia.org" target="_blank">abogott@wikimedia.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div>Pine --<br>
<br>
I was not involved in crafting the language of this policy, but I
can at least start to answer your questions.<span class=""><br>
<br>
On 3/7/16 9:54 PM, Pine W wrote:<br>
</span></div><span class="">
<blockquote type="cite">
<div dir="ltr">
<div>
<div>
<div>The Wikimetrics login screen [1] presents me with this
information:<br>
<br>
"By using this project, you agree that any private
information you give to this project may be made publicly
available and not be treated as confidential.
<p>"By using this project, you agree that the volunteer
administrators of this project will have access to any
data you submit. This can include your IP address, your
username/password combination for accounts created in
Labs services, and any other information that you send.
The volunteer administrators of this project are bound
by the Wikimedia Labs Terms of Use, and are not allowed
to share this information or use it in any non-approved
way.</p>
<p>"Since access to this information is fundamental to the
operation of Wikimedia Labs, these terms regarding use
of your data expressly override the Wikimedia
Foundation's Privacy Policy as it relates to the use and
access of your personal information."</p>
I have two questions to start. <br>
</div>
<br>
1. Why would my IP, password, or other "private information"
that I give to Labs ever "be made publicly available and not
treated as confidential"?<br>
</div>
</div>
</div>
</blockquote></span>
Clearly that's a question for the project admins -- I don't know
what they're planning to do with your data. The main take-away is
that you are giving your information to them, /not/ to NDA-bound WMF
staff. In my (non-legal) option, that means we're already outside
the realm of 'confidential'. Furthermore, project membership is
only informally managed, and most likely any member of the
wikimetrics project can also access identifying information.<br>
<br>
I can think of lots of good reasons why a user's IP address might be
interesting as research data and might legitimately find it's way
into public view, /if a user willingly discloses it/. That's
exactly why we have disclosures like this: so that real,
confidential Wikimedia projects don't quietly dump their traffic
into a Labs back-end without seriously considering the possible
breaches of privacy that might result.<span class=""><br>
<br>
<blockquote type="cite">
<div dir="ltr">
<div>
<div><br>
</div>
2. Why would Labs volunteer administrators ever have access to
my password? To the best of my knowledge, even WMF staff never
have access to plaintext passwords of anyone but themselves
unless someone chooses to disclose their password on a
one-time basis.<br>
<br>
</div>
</div>
</blockquote></span>
I believe you're referring to this text:<span class=""><br>
<br>
"This can include your IP address, your username/password
combination for accounts created in Labs services, and any other
information that you send."<br>
<br></span>
Again, the point is that you are logging into software that is
created and maintained by volunteers -- therefore by definition your
information is passing through their hands. Clearly a well-made
project will not present plaintext passwords to actual human eyes,
but you are typing your password into a text field maintained by
actual human volunteers, which in terms of security amounts to the
same thing: you are trusting those volunteers with your password.<br>
<br>
I hope that helps! I don't think there's a lot of wiggle-room
here... if you are uncomfortable with the terms of use for a given
labs project, best not to use it.<br>
<br>
-Andrew<br>
<br>
<br>
<blockquote type="cite"><span class="">
<div dir="ltr">
<div>Thanks,<br>
<br>
</div>
Pine<br>
<div>
<div>
<div>
<div><br>
<br>
[1] <a href="https://metrics.wmflabs.org/login?next=%2Freports%2Fprogram-global-metrics" target="_blank">https://metrics.wmflabs.org/login?next=%2Freports%2Fprogram-global-metrics</a><br>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset></fieldset>
<br>
</span><pre>_______________________________________________
Labs-l mailing list
<a href="mailto:Labs-l@lists.wikimedia.org" target="_blank">Labs-l@lists.wikimedia.org</a>
<a href="https://lists.wikimedia.org/mailman/listinfo/labs-l" target="_blank">https://lists.wikimedia.org/mailman/listinfo/labs-l</a>
</pre>
</blockquote>
<br>
</div>
<br>_______________________________________________<br>
Labs-l mailing list<br>
<a href="mailto:Labs-l@lists.wikimedia.org">Labs-l@lists.wikimedia.org</a><br>
<a href="https://lists.wikimedia.org/mailman/listinfo/labs-l" rel="noreferrer" target="_blank">https://lists.wikimedia.org/mailman/listinfo/labs-l</a><br>
<br></blockquote></div><br></div>