<div dir="ltr"><div class="gmail_default" style="font-family:tahoma,sans-serif">Makes no sense to me to exclude data from these tables that is already available through MediaWiki API. Why would you hide "gender" here when it is accessible through something like [1]?<br><br></div><div class="gmail_default" style="font-family:tahoma,sans-serif">Of course, we should make sure only to allow gender to be accessible in Labs DB if it is public (if private, you won't get it through API either). But to remove it from Labs and claim it to be a security issue is shortsighted. Either also convince this to be removed from API, or allow it on Labs DB, IMHO.<br></div><div class="gmail_default" style="font-family:tahoma,sans-serif"><br><br>[1] <a href="https://en.wikipedia.org/w/api.php?action=query&list=users&ususers=Catrope&usprop=blockinfo|groups|editcount|registration|emailable|gender">https://en.wikipedia.org/w/api.php?action=query&list=users&ususers=Catrope&usprop=blockinfo|groups|editcount|registration|emailable|gender</a><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Nov 30, 2016 at 9:45 AM, Chase Pettet <span dir="ltr"><<a href="mailto:cpettet@wikimedia.org" target="_blank">cpettet@wikimedia.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div>Hi Jonathan,<br></div><div><br>My working assumption is if either party has a substantial objection to revealing data it will not be disclosed. Both have their own independent reasoning process and discernment on the risk of the same PII. Two "Yes's" is a "Yes", but one "No" is always a "No" and all that. <br><br></div>Cheers, <br><div><div><div><div class="gmail_extra"><br></div><div class="gmail_extra">Chase Pettet<br><br></div><div class="gmail_extra"><div class="gmail_quote">On Tue, Nov 29, 2016 at 1:09 PM, Jonathan Morgan <span dir="ltr"><<a href="mailto:jmorgan@wikimedia.org" target="_blank">jmorgan@wikimedia.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Out of curiosity (not snark), who has final say on these matters: Security, or Legal? <div><br></div><div>- J</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Nov 29, 2016 at 8:17 AM, Chase Pettet <span dir="ltr"><<a href="mailto:cpettet@wikimedia.org" target="_blank">cpettet@wikimedia.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div><div><div>Hey Marc (how's it going?)<br><br></div>Bugzilla 58196 became <a href="https://phabricator.wikimedia.org/T60196" target="_blank">https://phabricator.wikimedia.<wbr>org/T60196</a><br><br></div>Thanks for calling that out, I didn't know some of the backstory.<br><br></div>Members of the Security team made the call on removal and I will let them speak for themselves on rationale. At the moment, the task for this is protected by policy (due to the mentioned privacy concerns) <a href="https://phabricator.wikimedia.org/T150679" target="_blank">https://phabricator.wikimedia.<wbr>org/T150679</a> but I believe you are able to access it to engage with questions.<br><br><div class="gmail_extra"><br><div class="gmail_quote"><div><div class="m_5775606231454574644m_3011674553096563876h5">On Tue, Nov 29, 2016 at 10:09 AM, Marc-Andre <span dir="ltr"><<a href="mailto:marc@uberbox.org" target="_blank">marc@uberbox.org</a>></span> wrote:<br></div></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div><div class="m_5775606231454574644m_3011674553096563876h5">
<div bgcolor="#FFFFFF">
<p>Hey Chase,<br>
</p>
<br>
<div class="m_5775606231454574644m_3011674553096563876m_-3538328798217284993gmail-m_-6888807830947576575moz-cite-prefix">On 2016-11-28 03:02 PM, Chase Pettet
wrote:<br>
</div>
<blockquote type="cite">On review, these properties have been deemed sensitive
by our security folks:<br>
<br>
<span class="m_5775606231454574644m_3011674553096563876m_-3538328798217284993gmail-m_-6888807830947576575gmail-m_-5098447359950011784gmail-transaction-comment">user_properties:
language, skin, timecorrection, varient</span></blockquote>
<br>
Perhaps "our security folk" should make up their mind?<br>
<br>
That list was specifically approved by legal as okay. See
<a class="m_5775606231454574644m_3011674553096563876m_-3538328798217284993gmail-m_-6888807830947576575moz-txt-link-freetext" href="https://phabricator.wikimedia.org/T66115" target="_blank">https://phabricator.wikimedia.<wbr>org/T66115</a> and the (long, involved)
prior discussion leading to it at bz 58196 (did we keep an archive
of those)?<br>
<br>
-- Coren / Marc<br>
<br>
</div>
<br></div></div>______________________________<wbr>_________________<br>
Labs-announce mailing list<br>
<a href="mailto:Labs-announce@lists.wikimedia.org" target="_blank">Labs-announce@lists.wikimedia.<wbr>org</a><br>
<a href="https://lists.wikimedia.org/mailman/listinfo/labs-announce" rel="noreferrer" target="_blank">https://lists.wikimedia.org/ma<wbr>ilman/listinfo/labs-announce</a><br>
<br></blockquote></div><span><br><br clear="all"><span class="m_5775606231454574644HOEnZb"><font color="#888888"><br>-- <br><div class="m_5775606231454574644m_3011674553096563876m_-3538328798217284993gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div>Chase Pettet<br></div>Engineering Manager -- Labs<br></div><div>chasemp on <a href="https://phabricator.wikimedia.org/p/chasemp/" target="_blank">phabricator</a> and IRC<br></div></div></div></div></div></div>
</font></span></span></div></div></div><span class="m_5775606231454574644HOEnZb"><font color="#888888">
<br>______________________________<wbr>_________________<br>
Labs-announce mailing list<br>
<a href="mailto:Labs-announce@lists.wikimedia.org" target="_blank">Labs-announce@lists.wikimedia.<wbr>org</a><br>
<a href="https://lists.wikimedia.org/mailman/listinfo/labs-announce" rel="noreferrer" target="_blank">https://lists.wikimedia.org/ma<wbr>ilman/listinfo/labs-announce</a><br>
<br></font></span></blockquote></div><span class="m_5775606231454574644HOEnZb"><font color="#888888"><br><br clear="all"><span class="HOEnZb"><font color="#888888"><div><br></div>-- <br><div class="m_5775606231454574644m_3011674553096563876gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div dir="ltr">Jonathan T. Morgan<div>Senior Design Researcher</div><div>Wikimedia Foundation</div><div><a href="https://meta.wikimedia.org/wiki/User:Jmorgan_(WMF)" target="_blank">User:Jmorgan (WMF)</a></div><div><br></div></div></div></div></div></div>
</font></span></font></span></div><span class="HOEnZb"><font color="#888888">
<br>______________________________<wbr>_________________<br>
Labs-l mailing list<br>
<a href="mailto:Labs-l@lists.wikimedia.org" target="_blank">Labs-l@lists.wikimedia.org</a><br>
<a href="https://lists.wikimedia.org/mailman/listinfo/labs-l" rel="noreferrer" target="_blank">https://lists.wikimedia.org/ma<wbr>ilman/listinfo/labs-l</a><br>
<br></font></span></blockquote></div><span class="HOEnZb"><font color="#888888"><br><br clear="all"><br>-- <br><div class="m_5775606231454574644gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div>Chase Pettet<br></div>Engineering Manager -- Labs<br></div><div>chasemp on <a href="https://phabricator.wikimedia.org/p/chasemp/" target="_blank">phabricator</a> and IRC<br></div></div></div></div></div></div>
</font></span></div></div></div></div></div>
<br>______________________________<wbr>_________________<br>
Labs-l mailing list<br>
<a href="mailto:Labs-l@lists.wikimedia.org">Labs-l@lists.wikimedia.org</a><br>
<a href="https://lists.wikimedia.org/mailman/listinfo/labs-l" rel="noreferrer" target="_blank">https://lists.wikimedia.org/<wbr>mailman/listinfo/labs-l</a><br>
<br></blockquote></div><br></div>