Last modified: 2014-09-14 21:11:51 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T72789, the corresponding Phabricator task for complete and up-to-date bug report information.

Bug 70789 - Security review of ImageMetrics


Summary:	Security review of ImageMetrics

Status:	RESOLVED FIXED

Product:	Wikimedia
Classification:	Unclassified
Component:	Extension setup (Other open bugs)
Version:	wmf-deployment
Hardware:	All All

Importance:	Unprioritized normal (vote)
Target Milestone:	---
Assigned To:	Nobody - You can work on this!

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:	70402
	Show dependency tree / graph

Reported:	2014-09-12 21:36 UTC by Tisza Gergő
Modified:	2014-09-14 21:11 UTC (History)
CC List:	2 users (show)

See Also:
Web browser:	---
Mobile Platform:	---
Assignee Huggle Beta Tester:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Tisza Gergő 2014-09-12 21:36:25 UTC

[[mw:Extension:ImageMetrics]] will be used to collect additional data about image performance and (eventually - not implemented yet) about how users interact with media.

Data is collected from user behavior and browser APIs like Resource Timing. All data is sent back to the server via EventLogging and will be consumed by external applications like Limn; the server-side part of the extension is trivial. On the client side, the data is used for no other purposes than to compose an EventLogging data object.

Comment 1 Chris Steipp 2014-09-14 21:11:51 UTC

Nothing looks concerning to me in this. I'm assuming wgImageMetricsSamplingFactor will be kept at a sane level. If it's too high, eventlogging may get overloaded, but even that shouldn't bring the site down.

Wikimedia Bugzilla is closed!

Search

Personal tools

Navigation

Links