I would also like to add a bit of historical context.  Many years ago, when I worked at the WMF, we were using a FLOSS survey tool (I don't recall which).  We were fairly dependent on it, when one day someone discovered that it was vulnerable to sql injection attacks and Tim Starling (I believe) rightly killed it on our servers. Shortly after that, we moved toward using a non-free tool that was safer and more robust.  I dont recall that the two events were connected, but I would be surprised if they weren't.

Tim did the right thing then, even though it meant that we were moved off a FLOSS solution.  Sometimes "Free" just isn't equal, or better.  Sometimes it's an actual honest-to-god security risk and there are reasons why WMF's staff aren't using a free alternative to a proprietary tool.  Did anyone ask?

Philippe

On Mon, Feb 15, 2021 at 12:13 AM Risker <risker.wp@gmail.com> wrote:
To clarify to anyone who doesn't want to read the actual proposal, which Fae did not repeat here:
 
Proposal

It is proposed that on Wikimedia Commons that there must be no promotion of surveys or questionnaires which rely on third party sites and closed source tools, such as Google Forms. This should be interpreted as a ban against engaging volunteers by mass messaging, use of banners or posts on noticeboards.

Recommended consequential action

Banners and posts which go against this proposal may be removed by anyone.

Posting account(s) may be blocked or have group rights removed at the discretion of administrators, such as all rights that enable mass messaging. In a persistent case, blocks and rights removal may apply to all accounts of the person responsible. A rationale of doing their job as part of being a WMF employee is not considered an exemption.


Now....this applies to everyone who posts about a survey at Wikimedia Commons, as this proposal is strictly related to Commons. It is not a global proposal.  However, it would apply to researchers, to WMF staff, to anyone who uses closed-sourced tools.  There is no suggestion at all about suitable alternative tools.  In fact, there is a severe dearth of quality open source tools.  Researchers may be bound by their facilities to use certain types of tools. 

Surveys and questionnaires are always voluntary. There's some responsibility on the part of the user to read the privacy statements and use of information statements that are normally mandatory for any legitimate surveys.  More than once I've started to participate in a survey and decided it was asking questions I didn't want to answer, and just never saved them. 


I think it would also be helpful if someone from WMF Technical could take the time to discuss with the broader community what arrangements have been made in their contract with Google to ensure that the information on those documents (of whatever nature) are not in fact accessible to Google for their data gathering or any other purposes.  There is, of course, a certain irony that three of the four people who have commented on this thread so far all have Gmail email addresses. 


Risker/Anne


On Mon, 15 Feb 2021 at 00:24, Gnangarra <gnangarra@gmail.com> wrote:
I agree with Fae's proposal if we are using tools that exclude community members out of safety and privacy concerns then we arent fulfilling the equity goals. I also recognise that alternatives need to be available but with no incentive for them to be used then there is no development of such tools, or improvements to their functionality. Faes proposal is putting the WMF on notice that there are steps we need to take to ensure equity, safety, and privacy in participation.

On Mon, 15 Feb 2021 at 09:08, Łukasz Garczewski <lukasz.garczewski@wikimedia.pl> wrote:
With respect, Fae, if you're going to propose banning an existing solution, it is on you to propose a suitable alternative or at least a process to find it before the ban takes effect.

I write this as a signatory of Free Software Foundation Europe's Public Money? Public Code open letter. I am wholeheartedly a proponent of open source software.

At the same time, I am a firm believer in using the best available tool for the job.

Our mission is too important to hold ourselves back at every step due to a noble but often unrealistic wish to use open source solutions for everything we do.

Last year, because of my drive to use proper open source solutions, WMPL wasted hours and hours of staff time (mostly mine) and a not insignificant amount of members' time because:
  • Zeus, a widely used, cryptographically secure voting system is impossible to setup and maintain and has very sparse documentation,
  • CiviCRM, the premier open source CRM solution for NGOs, refuses to work correctly after the Wordpress installation is moved to a new URL, and documentation isn't helpful.
To my knowledge there are no suitable open source options that would be easy-to-use and robust enough to support our needs in both cases and be comparable to commercial counterparts.

I have wasted a ton of time (and therefore WMPL money), before I decided to use state-of-the-art commercial solutions for the needs described above. Don't be like me. Don't make other people think & act like I did. Be smarter.

Should we use an equivalent open source solution when one is available? Yes.
Should we have a public list of open source tools needed? Yes.
Should we use programmes such as Google Summer of Code to build those tools? Yes.

Should we waste time using sub-par solutions or doing work manually? Hell no.

So here's a constructive alternative idea:
  • Let's gather the needs and use cases for tools used by WMF and affiliates,
  • Let's build a list of potential open source replacements and map what features are missing,
  • Let's put the word out that we're looking for open source replacements where there are none available,
  • Let's embed Wikimedia liaisons in key open source projects to ensure our needs and use cases are addressed promptly,
  • Let's use initiatives such as Summer of Code to kickstart building some of these tools.
I acknowledge the above is much harder to do than instituting a ban via community consensus. It is, however, a much more productive approach and will get us to your desired state eventually, and without sabotaging the work that needs to happen in the meantime.

Oh, and in case anybody's wondering why we can't build these tools in-house:

We could but really, really shouldn't. MediaWiki and the wider Wikimedia tech infrastructure is still in need of huge improvements. It would be really unwise to distract WMF's development and product teams from these goals by requesting they build standard communication or reporting tools.

On Sat, Feb 13, 2021 at 4:42 PM Fæ <faewik@gmail.com> wrote:
As a consequence of the promotion of a Google forms based survey this
week by a WMF representative, a proposal on Wikimedia Commons has been
started to ban the promotion of surveys which rely on third party
sites like Google Forms.[1]

Launched today, but already it appears likely that this proposal will
have a consensus to support. Considering that Commons is one of our
largest Wikimedia projects, there are potential repercussions of
banning the on-wiki promotion of surveys which use Google products or
other closed source third party products like SurveyMonkey.

Feedback is most welcome on the proposal discussion, or on this list
for handling impact, solutions, recommended alternatives that already
exist, or the future role of the WMF to support research and surveys
for the WMF and affiliates by using forking open source software and
self-hosting and self-managing data "locally".

Links
1. https://commons.wikimedia.org/wiki/Commons:Village_pump/Proposals#Use_of_off-wiki_surveys_using_third-party_tools

Thanks
Fae
--
faewik@gmail.com https://commons.wikimedia.org/wiki/User:Fae
#WearAMask

_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/wiki/Wikimedia-l
New messages to: Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe>


--

Z poważaniem · Kind regards


Łukasz Garczewski


Dyrektor ds. operacyjnych · Chief Operating Officer

Wikimedia Polska


tel: +48 601 827 937

e-mail: lukasz.garczewski@wikimedia.pl


Wesprzyj wolną wiedzę!
Przekaż 1% podatku lub wpłać darowiznę na rzecz Wikipedii


ul. Tuwima 95, pok. 15 Łódź, Polska

KRS 0000244732

NIP 728-25-97-388


wikimedia.pl


Informacje na temat przetwarzania znajdują się w Polityce Prywatności. Kontakt: rodo@wikimedia.pl
_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/wiki/Wikimedia-l
New messages to: Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe>


--
GN.

Power of Diverse Collaboration
Sharing knowledge brings people together
Wikimania Bangkok 2022
August 
hosted by ESEAP

Noongarpedia: https://incubator.wikimedia.org/wiki/Wp/nys/Main_Page
My print shop: https://www.redbubble.com/people/Gnangarra/shop?asc=u


_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/wiki/Wikimedia-l
New messages to: Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe>
_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/wiki/Wikimedia-l
New messages to: Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe>