Erik Moeller wrote:
It has been brought to my attention that Cafepress, which we currently use to sell Wikimedia Merchandise at http://www.cafepress.com/wikipedia, has some privacy issues. Specifically, they have a "web pixel clause":
Pixels. Pixels, also called clear GIFs, are invisible files on Web pages that you visit. If you visit a page on the Site that contains a Pixel, the Pixel communicates with your computer to determine, among other things, whether you have been to that page before or viewed a particular advertisement. We may use Pixels to serve advertising, enhance email advertising and track usage of the Site.
How exactly does this work? The Pixel "communicates with [my] computer", but my computer has been told not to answer communication requests, such as are mediated by Javascript and cookies. How does a GIF do this?
My friends and I have a hypothesis: The Pixel is a 1x1 transparent GIF that is stored on a special server that keeps track of requesting IPs. So this server knows if a given Pixel has been requested by my IP before, thus determining if I'd visited the page on which that Pixel lies as an <IMG>.
If we're right, then this isn't particularly evil. It's inherent in HTTP that servers can see who requests files, and this 1x1 transparent GIF <IMG> file is just an efficient application. Conversely, people seriously interested in guarding their privacy know how to circumvent such tracking.
And a somewhat weak personal data disclosure policy:
we may disclose your Personally Identifiable Information when we believe in good faith that it is required by any applicable law or legal process, or if we believe we need to disclose it to protect or enforce our rights *or the rights of our members, users, or other third parties.*
I don't like this; "the rights of [...] third parties" is so vague that they're not really promising any privacy for my PII at all. Personally, I'm not concerned about the information that I give them, which is no more than I give the clerk at K-Mart when I shop there; still, it's useful to know that they're not promising anything (just like K-Mart doesn't promise anything, so far as I've ever heard).
My point of view, right now, is that if no alternatives exist, we should continue using Cafepress, and add a link to the Wikipedia article about them on the page, where the privacy issues can then discussed from a neutral point of view.
I believe that this is correct. The lack of privacy protection is no reason to stop using Cafe Press, but at the same time, we should always be on the look out for others sales venues. If we find alternatives that /do/ protect shoppers' privacy strongly, then that's a reason to use only those alternatives and not Cafe Press. But in the present market, Cafe Press is essentially unique.
An analogy: The Wikipedia Foundation uses free, open-source software. This is important for Jimbo's founding philosophy of Wikipedia, so that anybody can copy not only the encyclopaedia but the entire site. And of course, we're constantly modifying our software for our purposes. But imagine an evil parallel universe in which Micro$oft controlled all software copyrights with an iron fist, and the free software and open source movements existed only in utopian fantasies. Would we shut down our operations? No, we would make do with what we had. Come the revolution, /then/ we would switch to free, open-source software. This analogy is exaggerated, but the same principles apply.
-- Toby