Legal signing off. Thanks!

Approved by Legal.

Approved by Legal.

Approved for Legal. Thanks, all!

Legal signs off. Thanks, all!

Hi all, just wanted to see if there was any further info or clarification needed from Legal. We really appreciate everyone thinking through how to get this done. It sounds like the next step is seeing if this patch works?

Just confirming that I have spoken with @chelsyx off-ticket, and have approved the team's plan for the country whitelist.

@kaldari checked in with us; Legal approves display of location information related to unsuccessful logins.

Thank you so much, @Dzahn!

Thanks @Dzahn! We were pretty confused about what happened, so we're glad to have it explained.

Thanks, everyone! We spoke with @Catrope last week, and he was able to get it working again. Is there any way to determine why it happened / make sure it doesn't happen again?

Met with @Jalexander to discuss. Approved by Legal for rollout once SuSa has tested and approved.

Hi @Huji, thanks for the ping. I don't think we need to create a second ticket. I will review the information here, and get back to you shortly.

Approved by Legal.

Approved by Legal.

Approved by Legal. Thanks, all.

Thanks so much, @Dzahn. Really appreciate it!

Hi @Dzahn, looks like we had the wrong username. Are you able to find "raqstallman"? Thanks so much for taking care of this.

Ah, that explains it. Thanks!

Oh, weird, I can't see the preview? I left one final reply for Dimi on the google doc. Let me know if there's anything else I can do!

@Mattflaschen-WMF @Whatamidoing-WMF @Mpaulson The updates are complete.

Thanks for your help, @Aklapper!

Thanks, @Dzahn!

Hi @Aklapper, what can we do to get me access? Can @ZhouZ or another member of the legal team verify that this is my account and that I need access to the group, or are there are other steps to take? Thanks!

Just became aware of this task and thought I’d add a little information that I hope will be useful. The task is right - both Qualtrics and allourideas.org have been vetted by Legal. When we review a service in a circumstance like this, we go over their privacy policy, terms of service, and any individual contract we have with the third party in question, to make sure that the protections they offer user data are largely in line with our own. However, we also recognize that we have no control over how they may conduct themselves at all times and under all circumstances. Therefore, in the survey context, when we conduct a survey using a third-party service, we provide notice to survey-takers that the survey is on a third-party website, and we also provide links to the third party’s terms of service and privacy policy. When volunteers run a survey using a WMF-associated account, such as through Qualtrics, we ask them to provide the same notice and links. That way, survey takers can be informed of where/how their information is being handled.

Update complete.

@Dzahn, thanks for clarifying -- must have misunderstood previous info from someone else about Google app credentials. My wikitech username is "Apalmer".

The user names are apalmer and jbuatti. We understand that they are public, but were leery of continuing to use Phabricator to talk about details of access because the site itself will contain sensitive information, which must be kept password protected. In my previous email, I sent you the URL in question. Apologies for the confusion on my end.

Hi @Dzahn, just sent you an email with this information. Since this task is public and we didn't know what other detail might be required, didn't fancy talking too much about credentials. Hope that is alright; really appreciate your help.

They're definitely related, in that access to the same website is the goal. But @siddharth11 had just joined, and I think wasn't certain if LDAP credentials were sufficient to access the site. I checked with @ori when we couldn't get access, and he confirmed that LDAP credentials should work, and said we should open a ticket here.

I can confirm that Siddharth is under contract starting July 5, to work on the upcoming Transparency Report. He will be reporting to @Mpaulson. He'll need an LDAP account in order to work on the report.

We will get back to you on this soon -- need to do a little research first.

Apologies for the delay in my response; I was out of the office and did not have access to email. We have chosen to keep the summary chart fairly high-level and brief, so as to give a quick overview. The charts below provide more detailed information, especially the interactive "Requests for user data and how we responded chart". Even if more than one type of request resulted in information being produced, by clicking on the different request types in this chart, you can see the countries whence we received the different types of request, and whether or not information was produced. Additionally, the "Government requests breakdown" provides further information about the origin of requests from government entities.

Ah, okay. Yes, the summary chart indicates that 24 requests did not result in the production of any information, and one request did result in the production of information. More information is shown in the detailed chart on the same page, “Requests for user data, and how we responded”, which breaks down the requests we receive by type and indicates how many requests of each type resulted in information being produced. As that chart indicates, in the time period covered by the most recent report, the request that resulted in information being produced was a court order.

Sure. I’ve taken a look, and I agree with Michelle's assessment. I think that we should continue to use “Information Produced” , since “granted/denied” is a binary answer that doesn’t allow that we may not have responded to the request precisely as it was originally formulated.

Yes, thanks for the info!