Page MenuHomeMiraheze
Create Task
Maniphest T3121

Create a DataDownload extension
Closed, DeclinedPublic
Actions

Description

We need to install DownloadYourData ASAP to be able to comply with gdpr.

We will need to fork it as it's wikia specific and is also running against mw 1.19.

https://github.com/Wikia/app/tree/dev/extensions/wikia/DownloadYourData

Event Timeline

Paladox triaged this task as High priority.May 22 2018, 16:07
Paladox created this task.
Herald added subscribers: revi, Southparkfan, CnocBride and 4 others. · View Herald TranscriptMay 22 2018, 16:07
John renamed this task from Fork and install DownloadYourData to Create a DataDownload extension.May 22 2018, 16:16
John edited projects, added Extensions, Goal-2018-Jan-Jun; removed MediaWiki.
John subscribed.

It is literally impossible to even change that extension. A whole rewrite from scratch is needed.

MacFan4000 subscribed.EditedMay 22 2018, 16:54

https://github.com/miraheze/DownloadData is for anyone who wants to start working on this. :)

Herald added a project: MacFan4000. · View Herald TranscriptMay 22 2018, 16:54
John lowered the priority of this task from High to Normal.May 22 2018, 18:23
Paladox assigned this task to John.May 22 2018, 18:26
John moved this task from Backlog to MediaWiki on the Goal-2018-Jan-Jun board.May 22 2018, 18:51
MacFan4000 raised the priority of this task from Normal to Unbreak Now!.May 22 2018, 21:07

UBN as this needs to be done by Friday to comply with gdpr.

MacFan4000 added a parent task: T3108: Make sure we are in compliance with the GDPR.May 22 2018, 21:11
John lowered the priority of this task from Unbreak Now! to Normal.May 22 2018, 21:49

This has nothing to do with compliance.

John removed a parent task: T3108: Make sure we are in compliance with the GDPR.May 22 2018, 21:50
Paladox added a subscriber: labster.May 24 2018, 11:59
Southparkfan added a comment.May 24 2018, 17:40

If labster can provide me with a list of data we must give, I am willing to take this task.

John added a comment.May 24 2018, 18:28

It’s just things like name, username, email address, gender etc. In my opinion it just a simple easy display of special:preferences. Plus we don’t really even need this anyway.

John removed John as the assignee of this task.May 24 2018, 18:28
Paladox added a comment.May 24 2018, 18:41

Though download your data that we have on the user, special preference may show some info but it dosen't let you download it in one easy go :)

Paladox assigned this task to labster.May 24 2018, 18:41

Assinging to @labster to get his opinion per @Southparkfan comment.

labster added a comment.May 24 2018, 21:56

IP address can be PII too, especially when tied to a user account. You'd have to get all IPs recorded for all edits from that user. And a list of all edits made by that user -- honestly not sure if we'd have to include the revision text or not.

Am I correct to say that piwik anonymizes IPs when storing them? So essentially, you don't get a full IP address stored there, so nothing could directly tie it back to a user?

Paladox added a comment.EditedMay 24 2018, 22:04

piwiki was updated i think to be in compliance with the gdpr.

Yeh from the settings it shows that it hides parts of the ip out.

we have it set at 1byte(s)

https://matomo.org/docs/gdpr/

(updating piwik to 3.5.0 https://matomo.org/changelog/matomo-3-5-0/)

revi added a comment.May 24 2018, 23:55
In T3121#59413, @labster wrote:

IP address can be PII too, especially when tied to a user account. You'd have to get all IPs recorded for all edits from that user. And a list of all edits made by that user -- honestly not sure if we'd have to include the revision text or not.

Am I correct to say that piwik anonymizes IPs when storing them? So essentially, you don't get a full IP address stored there, so nothing could directly tie it back to a user?

CheckUser data remains on the fleet for 90 days.

Southparkfan added a comment.May 25 2018, 16:07

I could tie Matomo information back to a user in certain circumstances, because a user may be the very own person using an IP address in the 1.2.3.X space - and via CheckUser/access logs I can look for requests with a matching User-Agent.

The data is deleted after 90 days in Matomo (internal handling) as well as CheckUser (maintenance script) and access logs (logrotated).

Paladox added a comment.May 25 2018, 16:10

@Southparkfan there's this extension https://www.mediawiki.org/wiki/Extension:AccountInfo

MacFan4000 removed labster as the assignee of this task.Jun 10 2018, 23:15
John closed this task as Declined.Jun 27 2018, 22:58
John claimed this task.

On reviewing this, this is work for no reason. All it would be is a copy of Special:Preferences at this rate which is pointless because the info is there. MediaWiki (unlike most websites) works well by showing users easily personal information we store.

Paladox added a comment.Jun 27 2018, 23:09

But it's not easily downloadable though?

Otherwise facebook could say the same thing.

John added a comment.Jun 27 2018, 23:10
In T3121#62025, @Paladox wrote:

But it's not easily downloadable though?

Otherwise facebook could say the same thing.

It's all on one page. Facebook stores a lot of data over a period of years you can't have on one page.