Page MenuHomeMiraheze

Retention of UserBoard data as part of the SocialProfile extension
Closed, ResolvedPublic

Description

Issue: Noticed this as part of a Trust and Safety enforcement investigation this evening, and thought I would be remiss in not raising it as a potential data retention issue. At issue is the UserBoard functionality of the SocialProfile extension. Users may leave private or public messages on other users' user boards, provided they're not blocked by the other user from sending them user board messages, of courses. The problem is, they do not produce either edits and log actions. We've already known this has meant that spambots that leave userboard messages do not produce a CheckUser 'data trail,' if you will, but that isn't the the issue here. The issue at hand is, let's say a user leaves a public note to another user disclosing their age, physical location, or other personally identifying information and that user's account is either (a) removed as a result of them being confirmed to have been under age 13 or (b) removed per their own request in accordance with the Data Request Process, those UserBoard messages—including any potential PII—are retained.

Since no logs or edits are produced, it's not as simple as just deleting the edits, pages, revisions, or log entries. So my question is, how is UserBoard data stored, and what are our options here for rectification?

I'm leaving this task as a 'security' task, so as not to draw attention to a potential data leak issue. As such, should the task eventually be made public, I don't want to disclose specific case examples here, but can do so why the T&S Discord server if needed.

Event Timeline

@Dmehus I've discussed this with @Universal_Omega a little and it seems like what we'd need to do is remove mentions from the page text? It doesn't seem possible without deleting all boards but potentially we could attempt to delete all boards which are sent by a user? Though that seems quite complex

Universal_Omega edited projects, added RemovePII; removed Extensions.
Universal_Omega moved this task from Backlog to Features on the RemovePII board.
Universal_Omega moved this task from Features to Bugs on the RemovePII board.
Universal_Omega changed the visibility from "Custom Policy" to "Public (No Login Required)".
Universal_Omega changed the edit policy from "Custom Policy" to "All Users".