Topic on Project:Support desk

How to make a MediaWiki website "more" compliant to GDPR?

33
Biologically (talkcontribs)

Though this question (topic) may seem as a duplicate of this previous topic (Topic:Ucy8sfl44i6n6i51) posted on Support desk but that contained more discussions on the effect of GDPR than how to make it compliant. So, thought of starting this thread in an attempt to list all the practicable methods to make a MediaWiki installation (website) "more" GDPR compliant.

Just to avoid confusion -

1. This topic is NOT on how to change MediaWiki software to make it GDPR compliant (if at all necessary), it is on any website build on MediaWiki software. So, this focuses on extensions, scripts, or anything you can think of that may make the website more GDPR compliant.

2. Absolute compliance is not possible on public MediaWiki websites, at least for the website administrators, as most of the content are posted by the users. So the title is how to make it “MORE” GDPR compliant.

3. Please try to suggest anything about general MediaWiki websites that can be a problem due to GDPR and all the possible ways to correct or at least circumvent this problem.

I request all the active members to please share your valuable thoughts on this matter.

P.S.

I found this support desk to be the most helpful and active part of this website, so decided to ask it here.

Biologically (talkcontribs)

One discussion from Topic:Ucy8sfl44i6n6i51 -

Problem (mentioned by @Rocketpipe) - the username is attached to every edit make by the user. The user has no ability to remove any of those references.

Possible solution (also suggested by @Rocketpipe) - It might be sufficient if the user is told of this limitation during the account creation process.

Biologically (talkcontribs)

From topic Topic:Ucy8sfl44i6n6i51

Problem (mentioned by @CayceP) - the account e-mail addresses are stored in MySQL databases unencrypted/in plain text.

Possible solution (suggested by @Ciencia Al Poder) - this should not be a problem, as

  1. the email addresses are accessed only by the system admin.
  2. MediaWiki software is able to decrypt the email addresses even if encrypted, to use them for sending emails.
  3. Anyone with access of MediaWiki code or shell can decrypt them using the software
  4. The users have control to see their email addresses and delete them if they want to.
Biologically (talkcontribs)

From Topic:Ucy8sfl44i6n6i51

Problem (anonymous user) - the problem arises when the user wants to delete or hand over their data.

Possible solution (suggested by @TheDJ) -

  1. a user can delete his/her email address by removing it in the preference. Email address is not required by MediaWiki.
  2. The user releases his/her contributions under the license mentioned in the specific website.
  3. Database user can delete a specific contribution if needed.
Biologically (talkcontribs)

A note - The requirement of email address during account creation can be specified by the system admin using localsettings.php. So, the first point in the solution may not be applicable to all websites.

CayceP (talkcontribs)

Please see my reply to the other topic (is there way to merge them?)

ETA: Copy and paste from the other thread:

I'm not a lawyer but was appointed DPO by my company and I spent the last weeks and months with this topic:

  • Old, existing laws (like the Cookie policy) are still applicable when GDRP become effective (as it has been for the last two years). So if your Wiki's server is located in the EU and/or you are catering to EU based users, you may want to use Extension:CookieWarning, if you aren't already. Text of warning/explanation may have to modified accordingly.
  • GDRP demands implementation of "appropriate, cost-effective controls" to protect the personal data of EU residents. It's still debated whether GDRP demands encryption, per se. Text uses words "such as encryption", "may include encryption", "as appropriate (...)pseudonymisation" etc. so this are more suggestions than a demand For SEO reasons and because Google Chrome will marks web pages without SSL/TLS certs as "not secure" soon, you may want to use a SSL certificate for your wiki anyway. Maybe your hoster can offer free Let's encrypt certs?
  • If your wikis' SQL DB is breached, you have to inform authorities and your users which information were affected/stored (usually IP address for all editors) and e-mail address, user names First and last name if you request them from your user for logged users) (see GDPR Article 34).
  • You may want to ask your users whether they are older than 16 years upon sign-up or if they have the consent by their parents.
  • I would update the wiki privacy, if not done already, that IP address (for all editors), E-mail addresses and User names (for registered users) are stored which is technically required for tracking and roll back of edits and that user agree to that upon sign-up or editing your wiki, that who they have to contact if they want to have their account deleted.
  • I would add the part with unset e-mail as mention above. Since an e-mail address is not required for registering this may only affect wikis that use emailconfirmed for editing privileges (for example for Anti Spam measures, YMMV).
  • I would also add the name of an Admins/Mod(s) on the privacy article in case somebody wants information about their stored data. I would add link how they can close their account.
  • Also add which data protection legal authority is responsible for your country/(or federal state like in Germany), this is also required by GDPR,
Biologically (talkcontribs)

Hi, you can copy-paste the reply here. So that all the answer can be found in one place. Thank you for the all the solutions suggested by you.

RichardHeigl (talkcontribs)
This post was hidden by Biologically (history)
CayceP (talkcontribs)

Thanks for Links for Wordpress. Unfortunately the automatically generated Privacy Statement in Wordpress 4.9.6 is currently only available in English :( . Better than nothing for Wordpress users, though. Jetpack has a GDPR generator of it's own, but also only in English at the moment.

Back to MediaWiki Topic: MediaWiki could use an extension where user can export their data (still to be defined what that would includes besides the username, IP address etc what additional information was stored, if the changes/edits would have to be included), similar to Wordpress - although given the nature of how wikis works this might become a major headache (basically if a editor decides to have their personal data scraped, which is their right to do so, this means Wiki admins would have to change the user name to some anonymized version like "deleted user" or something, same for edits that were done by not logged in users where the IP is shown). https://www.mediawiki.org/wiki/Extension:UserMerge might come in handy if one merges the user to an existing generic one set up by the Wiki Admin.

Which extension (if any) could one use if they want to edit the sign-up form (for example to add a check box that a user is older that 16 years or the add a link to the privacy statement? Semantic Forms?

Biologically (talkcontribs)

I agree to the problem with deleting a user's contributions - it leaves behind the username (or IP address if the user is not logged in) in deletion log - thus, is not a clean process.

Your solution using UserMerge extension is a good and easy process to delete the username.

The record of user's contribution in revision history can be deleted using the Manual:DeleteOldRevisions.php . Read this thread for more info - Topic:Tf2bj711f0x48dba .

Also Extension:DeletePagesForGood was recommended in the above thread, but I never used it - so don't know if it's effective.

Also you can directly delete from the database (though a bit risky).

Stefahn (talkcontribs)

> Which extension (if any) could one use if they want to edit the sign-up form?

You can use Extension:NewSignupPage to do so.

Ciencia Al Poder (talkcontribs)

From what I can see (or what I can't see, to be more precise), WMF is handling GDPR with extreme secrecy, or is not going to be compliant on May 25.

No responses in mailing lists: https://lists.wikimedia.org/pipermail/mediawiki-l/2018-May/thread.html

Nothing in Phabricator. Nothing on this thread...

I wonder if WMF is excluded from compliance because it's not a for-profit company.

Biologically (talkcontribs)

Any software hosted in EU or has users in EU has to comply with GDPR according to the regulation. So, being a non-profit organization won't relieve them of this problem, I believe.

This post was hidden by AhmadF.Cheema (history)
Sturmjäger (talkcontribs)

They have to be compliant to GPDR, because they save personal data, regardless of wether they are a for-profit company or not (and they actually make profit thanks to donations).

CayceP (talkcontribs)

What Sturmjäger said. If you have a website located on a server in the EU or which may be accessed by people from the EU, you need to GPDR compliant since even IP addresses are considered data that is protected by that. Since you can't access a website without logging the IP address, your site also affected. (Even if you yourself are not logging the IP on your site, your hoster will in some log files you have no idea of.

Biologically (talkcontribs)
CayceP (talkcontribs)
Funnily enough, German Wikipedia doesn't show anything yet...
Ciencia Al Poder (talkcontribs)

> they are also addressing this problem.

Are you sure? GDPR is more than doing a few minor changes to a privacy policy. Also, the way they're posting this only 3 days before the law is enforced, looks like this is a rather rush and last-minute move.

For example, I'm unable to find in the privacy policy how I can close my account or hide my user name if I want to remove it from the public.

CayceP (talkcontribs)
GDPR has already came into effect on May 24th 2016, May 25th 2018 is date it's applicable. There was a 2 year transition period but it looks like nobody really paid attention what GDPR really means for anyone hosting or running a website. Looking at all the law blogs that post about this there are also lot of confusion going on, especially concerning direct marketing. I guess the next months will become very interesting.
Biologically (talkcontribs)

I agree. But this may be the first step. Let's see what follows.

Biologically (talkcontribs)

I asked a similar question on Quora - https://www.quora.com/How-do-I-customize-a-website-running-on-MediaWiki-software-to-make-it-compliant-with-GDPR-General-Data-Protection-Regulation

The answer by " Jeremy Lee-Jenkins, Wiki creator and developer, Mediawiki, Wikibase and related" contains some useful tips; I am quoting the whole answer here -

"

It should be quite easy. Mediawiki is not great at stealing people data.

Firstly, read A note on our approach to privacy from Wikimedia, and use their changes to their privacy policy as a guide to update yours.

If you have the Checkuser extension installed, you will want to limited people who can access it to registered data controllers only.

You will want to stay up to date with any changes Wikipedia makes to their user-interface to allow for GDPR. Despite the fact it’s happening *now*, they haven’t done anything to change this yet.

If you use analytics of any type, like google analytics, you will need to make sure this is included in your privacy policy. Likewise make sure any nocaptcha/recaptcha solution you use is noted as well.

Don’t sell your users data to third parties.

Keep your user data private. This includes email addresses, names, and IP’s.

"

Biologically (talkcontribs)

My another question (https://www.reddit.com/r/WikiInAction/comments/8lhr68/wikipedia_mediawiki_and_the_gdpr_fear_opinion/?st=jhk58rci&sh=e806940e)on Reddit WikiInAction subreddit got this answer from EtherMan -

"

MediaWiki is... special in this regard... On one hand, it is already compliant really as a software. GDPR basically says that you have to agree to any data that is stored. Well that's easy enough, MediaWiki only stores what you specifically supply it, and every single edit you make, comes with the clause that you are resigning ownership of whatever you entered. And the second part is that you have to be able to on request of the owner to release everything that is stored on you, to you. Well that's simple enough through MediaWiki by searching for any edits you made because that in theory, should be all data on you.

Unfortunately, on the other hand... Wikipedia will never be compliant with it, because technically, it does require you to turn over ALL data stored ON you... Not BY you. Basically, any and all data they have ever received in regards to you. That would mean all the private arbcom mails that is in regards to any case you're involved in. It means any and all mentions of you on any talk or article page and so on. Heck it even technically covers any admins that have a stick it note on their monitor with a list of their most hated users if that involves you. This is ALL covered...

Point is, MediaWiki does from a technical standpoint allow a company to be compliant. But Wikipedia is never going to be because it's just fundamentally incompatible and it would be a MASSIVE workload to fix, and the whole structure is not set up to handle any sort of freedom of information on the processes which GDPR requires but that's a problem of Wikipedia, not MediaWiki specifically.

Buuuuuut, WMF doesn't care about GDPR, because WMF is a US company and only cares about US laws. They've made this abundantly clear in the past, and the EU is too chicken to go through with bans on the company which would include cutting off access to the site from and to the EU. And the WMF knows it. It would simply be political suicide to try to block Wikipedia, no matter how much of a criminal organization they may become.

"

@Ciencia Al Poder the last paragraph in the answer may be one explanation to the silence from WMF you talked about.

CayceP (talkcontribs)

@all: Wouldn't it make sense to create an article on mediawiki.org on GRDP where we collect possible solutions to increase compliance and the (currently three, the number will sure increase as of tomorrow) threads here so people have a place to start for getting information?

Biologically (talkcontribs)

I think, this is a great idea. Please create a page. We can add the sure-shot solutions by editing time to time as new customization options/extensions are created or discovered regarding this matter.

CayceP (talkcontribs)
Biologically (talkcontribs)

Wow! That's a tremendously helpful article from the very beginning. Thank you.

CayceP (talkcontribs)

Is there anyway to edit the displayed content/form fields of Special:CreateAccount? My MediaWiki asks for an optional "real name" that I would like to remove, but I don't know where. MediaWiki.org doesn't show this real name field in CreateAccount so I guess it's possible?

I also may want to add a checkbox that users have to check where they confirm that they are older than 16 years.

Stefahn (talkcontribs)
This post was hidden by Stefahn (history)
Biologically (talkcontribs)
CayceP (talkcontribs)

@Ciencia Al Poder/@all: Could you please provide for the not so tech-savvy users more information on how to modify the hook so it displays something like "Not logged in user" instead the IP address? This would eventually be added to the LocalSettings, right?

Reply to "How to make a MediaWiki website "more" compliant to GDPR?"