> Can we force HTTPS for the game so we're not leaking usernames over cleartext HTTP? (not just because the edits can be correlated with who was asked about them but also the game interface displays your username and a user could do Wikidata actions in your name if they got your HTTP cookie in the clear)

 

I would support this change.

 

Thank you,

Derric Atzrott

 

From: gendergap-bounces@lists.wikimedia.org [mailto:gendergap-bounces@lists.wikimedia.org] On Behalf Of Jeremy Baron
Sent: 22 May 2014 00:00
To: Increasing female participation in Wikimedia projects
Subject: Re: [Gendergap] Wikidata, gamification and gender

 

FYI, msg from another list below.

-Jeremy

---------- Forwarded message ----------
From: "Jeremy Baron" <jeremy@tuxmachine.com>
Date: May 21, 2014 11:58 PM
Subject: Re: [WikimediaMobile] micro-contributions on mobile via wikidata
To: "Magnus Manske" <magnusmanske@googlemail.com>
Cc: "mobile-l" <mobile-l@lists.wikimedia.org>

> On May 21, 2014 9:55 PM, "Jeremy Baron" <jeremy@tuxmachine.com> wrote:
> > On May 21, 2014 9:07 PM, "Erik Moeller" <erik@wikimedia.org> wrote:
> > > On Wed, May 21, 2014 at 2:17 PM, Ryan Kaldari <rkaldari@wikimedia.org> wrote:
> > > > Most of these "games" would be great in a mobile context.
> > >
> > > The current design is already responsive - but I wasn't able to
> > > actually get the OAuth authorization to work on mobile, at least not
> > > on Firefox/Android :(
> >
> > I just did it with Firefox. I think I first hit "allow" on desktop MediaWiki and then got an "application connection error" from mobile. Unknown OAuth key, E006.
> >
> > Then went back to tool labs, hit the button again and back to desktop MediaWiki. Now the dialog had some bad styles or something so some of the text was hidden and I couldn't see the buttons at all. Manually changed URL from www.mediawiki.orgm.mediawiki.org and then authorized through mobilefrontend and finally got the game working.
>
> A couple more issues (but not strictly mobile things):
>
> * You may want to avoid merges/"same item" tasks until https://www.wikidata.org/w/index.php?title=Wikidata:Requests_for_deletions&oldid=132186913 is resolved.
> * Can we force HTTPS for the game so we're not leaking usernames over cleartext HTTP? (not just because the edits can be correlated with who was asked about them but also the game interface displays your username and a user could do Wikidata actions in your name if they got your HTTP cookie in the clear)
>
> Thanks
>
> -Jeremy