Product Safety and Integrity

Contact us

• About the Foundation
• Movement Resources
• News and Events

Main Help

• Office of CEO
• Advancement
• Communications
• Finance and Administration
• Legal
• Product and Technology
• People

About us

We:

• Develop new tools and signals that enable more effective and precise moderation, and to defend against malicious automated traffic
• Work closely with communities to help prevent abusive and policy-violating activity on our projects
• Work with our infrastructure teams to respond to threats of scaled abuse
• Maintain the security of our platform and the accounts of our users

Before the merger in 2025, there were two separate teams: Product Security, and Trust and Safety Product. The latter was formed in 2023 of Anti-Harassment Tools and Trust and Safety Tools. You may still find these names used in the documentation.

Our work constitutes most of the objective Wiki Experiences 4: Safety and Security (WE4; owner: Eric). Code in the brackets is used in the annual plans, and helps identify and report the projects (key results) and smaller pieces of work for each key result (hypotheses).

• Incident Reporting System (WE4.1; owner: Madalina) – allowing users to report immediate threats of harm to ensure we can learn about such incidents and take prompt action where necessary
• Anti-abuse signals (WE4.2; owner: Kosta) – allowing both the Foundation and users with extended rights to detect and prevent inauthentic and malicious activity on the wikis
• Temporary Accounts (WE4.4; owner: Niharika) – improving the privacy and safety of the unregistered editors by shielding their personally identifiable information
• Enforcing two-factor authentication on user accounts with privileges allowing to take security- or privacy-sensitive actions (WE4.6; owner: Roan)

People

Internal documentation

• Temporary accounts dashboard
• MediaModeration PhotoDNA Stats

Since 2024, the Wikimedia Foundation is an official partner of the Common Vulnerabilities and Exposures (CVE) program. CVE is an international effort to catalog publicly disclosed cybersecurity vulnerabilities. This partnership with the CVE program allows us to instantly publish common vulnerabilities and exposures records that are affecting MediaWiki core and extensions, along with any other code the Foundation is a steward of.

CVEs are assigned based on the discretion of the PSI team and publicly announced in this GitLab repository. To learn more about our Security Issue reporting process please check out the process. Security issues are also announced quarterly on the mediawiki-announce email list.

The PSI team has internal security documentation on the Supplemental Release Process.

Connect with us

• Subscribe to our newsletter
• Eric (ericmillwikimedia.org) – the team leader
• Szymon (sgrabarczukwikimedia.org) – the Movement Communications person for the team

For product security issues:

• Security/SOP/Requests For Service
• For all other questions or if you require assistance in determining your security needs, email security-helpwikimedia.org
• Tasks that follow a recognized flow will be at a minimum discussed by our team during our weekly clinic meeting

The Wikimedia Foundation, Inc is a nonprofit charitable organization dedicated to encouraging the growth, development and distribution of free, multilingual content, and to providing the full content of these wiki-based projects to the public free of charge.