Masking Isn't working/Needs additional options

[benrfairless]

I've just tested emailing the below into our test instance:

test@example.com test @example.com +44(0) 1782 00 0000 +44(0) 8456 000 000 +44(0) 7900 000000 07900000000 0790 000 0000 08 0000 0000 0800 000 000 +61 800 000 000 1234 1234 1234 1234 1234123412341234 1234 123456 12345

Only the 1st line was successfully masked.

Would it be possible to:

• [ ] Update the masking to include international contact numbers
• [ ] Include Credit Card number formats by default (with a possible alert to Administrators if CC data is found in a request)
• [ ] Provide a way for masking data to be specified in an admin console or similar

[garethrees]

@gov.wales doesn't get masked: https://www.whatdotheyknow.com/request/information_regarding_barry_dock#incoming-1165815

[RichardTaylor]

Just to note on WhatDoTheyKnow.com the policy/intent isn't to redact all phone numbers, just mobiles (which are viewed as more personal/intrusive to publish).

[RichardTaylor]

+1 Have dealt with the removal of a mobile phone number that masking based on a pattern detecting numbers starting with 07... would have caught.

See discussion at #6081 for the surprising way mobile phone redaction apparently currently works - reliant on the number being preceded by Mobile or Mob ... Tel ??

[mdeuk]

+1 - Just to note, we've had a report from a WDTK user tonight of a case where a mobile number was disclosed some 39 times as part of a (former?) pro user's batch request.

A redacted quote of the problematic content:

If you cannot provide the full breakdown of information I have requested, please contact me to discuss what information you could supply at the earliest opportunity on 07000 000000.

We've fixed this by implementing a censor rule, but it'd be beneficial if we could automate this, so as to protect our users from perhaps inadvertently publishing a number that they didn't mean for everyone to see. It might be less important, in this context, since our journalist user might have their number published elsewhere - but we don't know for sure.

[RichardTaylor]

part of a (former?) pro user's batch request.

We might want to strengthen advice given to pro users, and urge them to keep correspondence on site, though I'm mindful that may be an approach that works well for some people, yet a phone call might lead to the best outcome for others.

[RichardTaylor]

Can the new PDF redaction tools described at https://github.com/mysociety/alaveteli/issues/5966#issuecomment-1133018818 be applied to this issue - to make masking work within more PDFs.