Re: [Wikimedia-l] Surveys using third party tools on Wikimedia projects

[Ilario Valdelli]

First point for security.

What should be secure is the software AND the entity using it.

In case there is a third entity managing the data, there is an additional
level of insecurity to take care.

When people "donate" you your data, they don't take care what is the
software behind but who manages the data, where these data are stored,
until when these data are kept, with whom these data are shared.

As you can see who, when and what refer to people not to software.

If the processes and the people are secure, as it seems to be, the software
is a marginal risk.

Kind regards

On Tue, 23 Feb 2021, 09:53 Fæ,  wrote:

> Could someone provide a link to the discussed security review of
> LimeSurvey? I've been unable to find it.
>
> Considering that the currently open UCoC survey using Google Forms has
> quoted WMF terms and conditions, which imply a special agreement with
> Google, was there a security review for this solution including the
> asserted legal requirement on Google to ask permission from WMF Legal
> before releasing data to authorities in the USA, such as the FBI or
> NSA? It's not clear to me that Google would do this for anyone else.
>
> It would be helpful for all organizations that plan to do surveys on
> the Wikimedia community of volunteers, if the WMF could release a list
> of security assessments done for all survey tools they have used in
> the past, especially if this is now going to be asked of WMF
> Affiliates who will no doubt wish to save donor's money by not
> repeating the security assessments already published.
>
> Thanks,
> Fae
>
> On Tue, 23 Feb 2021 at 02:51, K. Peachey  wrote:
> >
> >
> >
> > On Tue, 23 Feb 2021, 7:18 am Valerio Bozzolan via Wikimedia-l, <
> wikimedia-l@lists.wikimedia.org> wrote:
> >>
> >> Hello everyone,
> >>
> >> Apologies for my TL;DR
> >>
> >> Interesting topic. I'm recently working on making ethical surveys more
> and more widespread, starting from here:
> >> https://meta.wikimedia.org/wiki/Wikimedia_Italia/LimeSurvey
> >>Personal and confidential, please do not circulate or re-quote.
> >> Every hand is welcome.
> >>
> >> Warm wishes!
> >>
> >> --
> >>
> >> [[User:Valerio Bozzan]]
> >
> >
> > Did WMIT do any sort of security review before deploying lime?
> >
> > Security issues were found the previous two times wmf looked at from my
> understanding and that was without doing a full security review process
> >
> > Have any sort of privacy impact assessment (PIA) since surveys could
> potentially collect personally identifiable data (PIDs)
> --
> fae...@gmail.com https://commons.wikimedia.org/wiki/User:Fae
>
> ___
> Wikimedia-l mailing list, guidelines at:
> https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and
> https://meta.wikimedia.org/wiki/Wikimedia-l
> New messages to: Wikimedia-l@lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> 
>
___
Wikimedia-l mailing list, guidelines at: 
https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and 
https://meta.wikimedia.org/wiki/Wikimedia-l
New messages to: Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, 

Re: [Wikimedia-l] #forQuestioningUCoC : Online_edit-a-thon_Tech_February_2021#Conclusion

[Željko Blaće]

On Wed, 24 Feb 2021 at 01:34, Benjamin Lees  wrote:

> Željko, I am really having trouble understanding what point you are making
> or why this is appropriate for this list. Would you be able to clarify?
>

Sure. It is illustration of how complicated is to be productive and bring
in new people to Wikipedia to work on content gaps.

Edit-a-thon was focused on filling the gap on info about organized tech
unions in Europe. They were zoombombed and experiences content suppression.

I would not think of them as one of vulnerable or under-organized social
group but even they experienced fairly quickly the worse of it.

I the moment of discussion over UCoC I felt that sense of urgency to fix
things practically and fast got lost.

Best Z. Blace

On Tue, Feb 23, 2021, 6:13 PM Željko Blaće  wrote:
>
>> Dear ALL -
>> Especially #forQuestioningUCoC this is what working on Wikipedia is in
>> 2021 even to a tech savy folks:
>>
>> "While it was an overall positive experience, we also had hiccups
>> including getting Zoom bombed by racist trolls, and dealing with
>> immediate deletions of articles for various reasons. In Italian
>> Wikipedia, an editor is arguing that Amazon worker organization has no
>> encyclopedic value! See the discussion at
>> it:Discussione:Organizzazione dei dipendenti di Amazon."
>>
>>
>> https://en.wikipedia.org/wiki/Wikipedia:WikiProject_Organized_Labour/Online_edit-a-thon_Tech_February_2021#Conclusion
>>
>> Best Z
>>
>> ___
>> Wikimedia-l mailing list, guidelines at:
>> https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and
>> https://meta.wikimedia.org/wiki/Wikimedia-l
>> New messages to: Wikimedia-l@lists.wikimedia.org
>> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
>> 
>>
> ___
> Wikimedia-l mailing list, guidelines at:
> https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and
> https://meta.wikimedia.org/wiki/Wikimedia-l
> New messages to: Wikimedia-l@lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> 
>
___
Wikimedia-l mailing list, guidelines at: 
https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and 
https://meta.wikimedia.org/wiki/Wikimedia-l
New messages to: Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, 

Re: [Wikimedia-l] #forQuestioningUCoC : Online_edit-a-thon_Tech_February_2021#Conclusion

[Benjamin Lees]

Željko, I am really having trouble understanding what point you are making
or why this is appropriate for this list. Would you be able to clarify?

On Tue, Feb 23, 2021, 6:13 PM Željko Blaće  wrote:

> Dear ALL -
> Especially #forQuestioningUCoC this is what working on Wikipedia is in
> 2021 even to a tech savy folks:
>
> "While it was an overall positive experience, we also had hiccups
> including getting Zoom bombed by racist trolls, and dealing with
> immediate deletions of articles for various reasons. In Italian
> Wikipedia, an editor is arguing that Amazon worker organization has no
> encyclopedic value! See the discussion at
> it:Discussione:Organizzazione dei dipendenti di Amazon."
>
>
> https://en.wikipedia.org/wiki/Wikipedia:WikiProject_Organized_Labour/Online_edit-a-thon_Tech_February_2021#Conclusion
>
> Best Z
>
> ___
> Wikimedia-l mailing list, guidelines at:
> https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and
> https://meta.wikimedia.org/wiki/Wikimedia-l
> New messages to: Wikimedia-l@lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> 
>
___
Wikimedia-l mailing list, guidelines at: 
https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and 
https://meta.wikimedia.org/wiki/Wikimedia-l
New messages to: Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, 

[Wikimedia-l] #forQuestioningUCoC : Online_edit-a-thon_Tech_February_2021#Conclusion

[Željko Blaće]

Dear ALL -
Especially #forQuestioningUCoC this is what working on Wikipedia is in
2021 even to a tech savy folks:

"While it was an overall positive experience, we also had hiccups
including getting Zoom bombed by racist trolls, and dealing with
immediate deletions of articles for various reasons. In Italian
Wikipedia, an editor is arguing that Amazon worker organization has no
encyclopedic value! See the discussion at
it:Discussione:Organizzazione dei dipendenti di Amazon."

https://en.wikipedia.org/wiki/Wikipedia:WikiProject_Organized_Labour/Online_edit-a-thon_Tech_February_2021#Conclusion

Best Z

___
Wikimedia-l mailing list, guidelines at: 
https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and 
https://meta.wikimedia.org/wiki/Wikimedia-l
New messages to: Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, 

Re: [Wikimedia-l] Surveys using third party tools on Wikimedia projects

[Valerio Bozzolan via Wikimedia-l]

+1

And if anyone has this document in their hands, please notify us here:

https://phabricator.wikimedia.org/T275574

On Tue, 2021-02-23 at 08:36 +, Fæ wrote:
> Could someone provide a link to the discussed security review of
> LimeSurvey? I've been unable to find it.
> ...
> Thanks,
> Fae
-- 
Valerio Bozz.

E-mail sent from Evolution from a random GNU/Linux distribution,
delivered from my Postfix mailserver.

Have fun with software freedom!


___
Wikimedia-l mailing list, guidelines at: 
https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and 
https://meta.wikimedia.org/wiki/Wikimedia-l
New messages to: Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, 

Re: [Wikimedia-l] Introducing VideoCutTool version 0.4

[Gopa Vasanth]

On Tue, Feb 23, 2021 at 4:55 PM Galder Gonzalez Larrañaga <
galder...@hotmail.com> wrote:

> Great news! I have tried today I couldn't upload a file, does it take some
> time to upload or is there a queue?
>

Hi Galder Gonzalez Larrañaga!

The videos which are present in the devices have to get uploaded to the
server and then processed for the editings, So this might take some time to
get upload and then processed. The uploading video time will depend on the
internet speed, the size, and the length of the video.

If you notice the same again i.e if your video didn't get upload, please
feel free to create a ticket here:
https://phabricator.wikimedia.org/tag/videocuttool/ so we can see how we
can avoid them :-)

Thanks & Regards

Gopa Vasanth 
Amrita Vishwa Vidyapeetham  | Blog

amFOSS  | GitHub
 | Gerrit


“Yesterday is not ours to recover, but tomorrow is ours to win or lose.”
___
Wikimedia-l mailing list, guidelines at: 
https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and 
https://meta.wikimedia.org/wiki/Wikimedia-l
New messages to: Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, 

Re: [Wikimedia-l] Introducing VideoCutTool version 0.4

[Galder Gonzalez Larrañaga]

Great news! I have tried today I couldn't upload a file, does it take some time 
to upload or is there a queue?

Thanks!

From: Wikimedia-l  on behalf of Gopa 
Vasanth 
Sent: Monday, February 22, 2021 8:06 PM
To: Wikimedia Mailing List ; Wikimedia 
developers 
Cc: Pratik Shetty ; Hassan Amin 

Subject: [Wikimedia-l] Introducing VideoCutTool version 0.4

Hello folks!

We are excited to announce the release of version 0.4 of 
VideoCutTool [1].
VideoCutTool helps users to edit videos in commons and also converts MP4 videos 
on the user's device to Wikimedia Commons accepted formats (i.e WebM/OGV) and 
upload/re-upload them to Commons on-the-fly.

In the last few years, we have been tirelessly working to improve our tool and 
we believe that VideoCutTool will help you enjoy your video editing experience! 
Special thanks to our team Pratik Shetty, Hassan Amin, James Heilman, 
Jayprakash, and all the volunteers for their contributions!

About VideoCutTool
VideoCutTool is a video editing tool that helps to provide various types of 
editing processes on videos that are currently in Wikimedia Commons and also 
the videos present in the user devices. It is deployed on Wikimedia VPS. 
Cropping, Trimming, Audio Disabling, and Rotating are the current features of 
the tool. From the tool, the edited videos can be either downloaded or 
re-upload to Wikimedia Commons. VideoCutTool work's similar to the 
CropTool [2]. More info about the tool is 
available on Commons: 
VideoCutTool [3].

VideoCutTool is also available as a gadget in Wikimedia Commons, You can turn 
it on from Preferences -> Gadgets -> Check on VideoCutTool -> Save!

Try out VideoCutTol from here: https://videocuttool.wmflabs.org/

Changes in version 0.4

  *   Support of i18n - Localisation and Internalisation.
  *   Optional Dark mode - handy to use!
  *   Mobile responsiveness.
  *   Fixes to various minor bugs.

If you notice any bugs or want to request any feature please feel free to open 
a ticket in phabricator and add the tag #videocuttool to the same, Our 
phabricator workboard is here: 
https://phabricator.wikimedia.org/tag/videocuttool/ [4].

[1] https://videocuttool.wmflabs.org/
[2] https://croptool.toolforge.org/
[3] https://commons.wikimedia.org/wiki/Commons:VideoCutTool
[4] https://phabricator.wikimedia.org/tag/videocuttool/


Regards

Gopa Vasanth
Amrita Vishwa Vidyapeetham | 
Blog
amFOSS | GitHub 
| Gerrit

“Yesterday is not ours to recover, but tomorrow is ours to win or lose.”
___
Wikimedia-l mailing list, guidelines at: 
https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and 
https://meta.wikimedia.org/wiki/Wikimedia-l
New messages to: Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, 

Re: [Wikimedia-l] [Wikitech-l] Introducing VideoCutTool version 0.4

[David Caro]

That is awesome! (cool dark mode btw.)
Thanks for sharing :)

On 02/23 00:36, Gopa Vasanth wrote:
> Hello folks!
> 
> We are excited to announce the release of version 0.4 of VideoCutTool
>  [1].
> VideoCutTool helps users to edit videos in commons and also converts MP4
> videos on the user's device to Wikimedia Commons accepted formats (i.e
> WebM/OGV) and upload/re-upload them to Commons on-the-fly.
> 
> In the last few years, we have been tirelessly working to improve our tool
> and we believe that VideoCutTool will help you enjoy your video editing
> experience! Special thanks to our team Pratik Shetty, Hassan Amin, James
> Heilman, Jayprakash, and all the volunteers for their contributions!
> 
> 
> *About VideoCutTool*VideoCutTool is a video editing tool that helps to
> provide various types of editing processes on videos that are currently in
> Wikimedia Commons and also the videos present in the user devices. It is
> deployed on Wikimedia VPS. Cropping, Trimming, Audio Disabling, and
> Rotating are the current features of the tool. From the tool, the edited
> videos can be either downloaded or re-upload to Wikimedia Commons.
> VideoCutTool work's similar to the CropTool
>  [2]. More info about the tool is
> available on Commons: VideoCutTool
>  [3].
> 
> VideoCutTool is also available as a gadget in Wikimedia Commons, You can
> turn it on from Preferences -> Gadgets -> Check on VideoCutTool -> Save!
> 
> Try out VideoCutTol from here: https://videocuttool.wmflabs.org/
> 
> *Changes in version 0.4*
> 
>- Support of i18n - Localisation and Internalisation.
>- Optional Dark mode - handy to use!
>- Mobile responsiveness.
>- Fixes to various minor bugs.
> 
> If you notice any bugs or want to request any feature please feel free to
> open a ticket in phabricator and add the tag #videocuttool to the same, Our
> phabricator workboard is here:
> https://phabricator.wikimedia.org/tag/videocuttool/ [4].
> 
> [1] https://videocuttool.wmflabs.org/
> [2] https://croptool.toolforge.org/
> [3] https://commons.wikimedia.org/wiki/Commons:VideoCutTool
> [4] https://phabricator.wikimedia.org/tag/videocuttool/
> 
> 
> Regards
> 
> Gopa Vasanth 
> Amrita Vishwa Vidyapeetham  | Blog
> 
> amFOSS  | GitHub
>  | Gerrit
> 
> 
> “Yesterday is not ours to recover, but tomorrow is ours to win or lose.”

> ___
> Wikitech-l mailing list
> wikitec...@lists.wikimedia.org
> https://lists.wikimedia.org/mailman/listinfo/wikitech-l


-- 
David Caro
SRE - Cloud Services
Wikimedia Foundation 
PGP Signature: 7180 83A2 AC8B 314F B4CE  1171 4071 C7E1 D262 69C3

"Imagine a world in which every single human being can freely share in the
sum of all knowledge. That's our commitment."


signature.asc
Description: PGP signature
___
Wikimedia-l mailing list, guidelines at: 
https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and 
https://meta.wikimedia.org/wiki/Wikimedia-l
New messages to: Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, 

Re: [Wikimedia-l] Surveys using third party tools on Wikimedia projects

[Fæ]

Could someone provide a link to the discussed security review of
LimeSurvey? I've been unable to find it.

Considering that the currently open UCoC survey using Google Forms has
quoted WMF terms and conditions, which imply a special agreement with
Google, was there a security review for this solution including the
asserted legal requirement on Google to ask permission from WMF Legal
before releasing data to authorities in the USA, such as the FBI or
NSA? It's not clear to me that Google would do this for anyone else.

It would be helpful for all organizations that plan to do surveys on
the Wikimedia community of volunteers, if the WMF could release a list
of security assessments done for all survey tools they have used in
the past, especially if this is now going to be asked of WMF
Affiliates who will no doubt wish to save donor's money by not
repeating the security assessments already published.

Thanks,
Fae

On Tue, 23 Feb 2021 at 02:51, K. Peachey  wrote:
>
>
>
> On Tue, 23 Feb 2021, 7:18 am Valerio Bozzolan via Wikimedia-l, 
>  wrote:
>>
>> Hello everyone,
>>
>> Apologies for my TL;DR
>>
>> Interesting topic. I'm recently working on making ethical surveys more and 
>> more widespread, starting from here:
>> https://meta.wikimedia.org/wiki/Wikimedia_Italia/LimeSurvey
>>Personal and confidential, please do not circulate or re-quote.
>> Every hand is welcome.
>>
>> Warm wishes!
>>
>> --
>>
>> [[User:Valerio Bozzan]]
>
>
> Did WMIT do any sort of security review before deploying lime?
>
> Security issues were found the previous two times wmf looked at from my 
> understanding and that was without doing a full security review process
>
> Have any sort of privacy impact assessment (PIA) since surveys could 
> potentially collect personally identifiable data (PIDs)
--
fae...@gmail.com https://commons.wikimedia.org/wiki/User:Fae

___
Wikimedia-l mailing list, guidelines at: 
https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and 
https://meta.wikimedia.org/wiki/Wikimedia-l
New messages to: Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, 

Re: [Wikimedia-l] Surveys using third party tools on Wikimedia projects

[Subhashish]

Agree about the privacy and security worries shared by some in the list.

>From a software maintenance pov, developing a new tool is sometimes easier
but maintaining and keeping up with the ever-changing internet standards
(and new vulnerabilities and security changes) is hard. That said, a
movement that actively uses surveys and forms does need to make the
personal data transactions secure. To be able to do that, using both open
source tools and (preferably self-hosted) platforms that use e2ee (which
provides better security except in some extraordinary situations [1])
should be preferred. I'd argue a proprietary platform that protects user
data in surveys and collects little metadata is far better than an open
source one that collects and saves user data in plaintext in cloud. But
open source helps to some extent as proprietary platforms could claim many
things when there is no option for public audit of proprietary platforms.
But just open source does *not* help. An additional level of security is a
must and should be the foundational layer when it comes to a survey
platform.

As far as possible solutions go, it would be a good investment to support
developers from the open source community for a survey tool that protects
the privacy of survey participants by the use of e2ee and can be well
integrated into MediaWiki (bonus if not a primary goal). The Foundation and
the larger community (including Chapters and User Groups) would be greatly
benefitted from this. But until a good in-house solution is there, it might
be useful to reach out to other friendly faces in the development world --
Access Now, Article 19, Amnesty International, etc. -- to check what works
for them now.

If and when a platform develops, registered users can then use their
Mediawiki auth for creating privkeys to sign. This would add a
non-repudiable logging mechanism in the backend to add more transparency
and accountability.

1. https://en.wikipedia.org/wiki/Key_disclosure_law/

Subhashish


On Tue, Feb 23, 2021 at 8:21 AM K. Peachey  wrote:

>
>
> On Tue, 23 Feb 2021, 7:18 am Valerio Bozzolan via Wikimedia-l, <
> wikimedia-l@lists.wikimedia.org> wrote:
>
>> Hello everyone,
>>
>> Apologies for my TL;DR
>>
>> Interesting topic. I'm recently working on making ethical surveys more
>> and more widespread, starting from here:
>> https://meta.wikimedia.org/wiki/Wikimedia_Italia/LimeSurvey
>>
>> Every hand is welcome.
>>
>> Warm wishes!
>>
>> --
>>
>> [[User:Valerio Bozzan]]
>>
>
> Did WMIT do any sort of security review before deploying lime?
>
> Security issues were found the previous two times wmf looked at from my
> understanding and that was without doing a full security review process
>
> Have any sort of privacy impact assessment (PIA) since surveys could
> potentially collect personally identifiable data (PIDs)
>
>> ___
> Wikimedia-l mailing list, guidelines at:
> https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and
> https://meta.wikimedia.org/wiki/Wikimedia-l
> New messages to: Wikimedia-l@lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> 
>
___
Wikimedia-l mailing list, guidelines at: 
https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and 
https://meta.wikimedia.org/wiki/Wikimedia-l
New messages to: Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,