On Sun, May 1, 2016 at 9:21 PM, Oliver Keyes <ironholds(a)gmail.com> wrote:
One element I can answer: no, it does not contain
flash objects, flash is
not a technology included in the Wikimedia stack on account of it barely
being classifiable as a technology.
There is one use of Flash in our tech stack: audio output for media
playback on Internet Explorer when using our JavaScript Ogg playback
compatibility library.
This is a small shim which does not use cookies or any other type of local
storage, which is why it is not listed on a page about cookies.
Here's the source code of the Flash component; feel free to review it for
security:
https://github.com/brion/audio-feeder/blob/master/src/dynamicaudio.as
On Sunday, 1 May 2016, Toby Dollmann <toby.dollmann(a)gmail.com> wrote:
1. Whether, or
not, editors of Wikimedia websites", say
"en.wikipedia.org" or "commons.wikimedia.org", can edit if cookies
(broadly construed) are disabled and not stored on client devices.
Like every other site on the world wide web, MediaWiki uses cookies to
maintain login state. If you disable cookies, login will not work and your
edits will not be attributed to your account.
Editing "anonymously" without cookies works, but reveals your IP address in
a permanent public way.
2. Whether, or
not, the locally stored objects referenced in the
cookie policy include
(i) Javascript code, or
MediaWiki's ResourceLoader can and does cache JavaScript module code in
localStorage. This code has no special privileges or abilities because of
that; it just takes up a tiny bit of space on your disk.
No, no Flash code is stored in cookies or localStorage.
3. Whether, or not, the locally stored objects inserted by the WMF, on
client computers and stored there, have the capability of collecting
extensive personal information of editors, the degree of which not
being explicitly disclosed in advance to users.
No, they are just data until they are executed, at which point they are
just code, same as code loaded straight from the server. That code can do
nothing special that it could not already do.
-- brion