Thank you to folks that responded for your comments and questions.
There are staff from multiple departments within the Wikimedia Foundation reviewing both
this incident and possible improvements to prevent similar incidents in the future. Since
security discussions can sometimes reveal vulnerabilities that some observers may seek to
exploit, those conversations are happening in private spaces for now (including a private
Phabricator ticket). We are discussing how to best share additional findings and possible
improvements.
We appreciate everyone’s patience and understanding.
-greg
On Mar 17, 2018, at 10:55 AM, Strainu
<strainu10(a)gmail.com> wrote:
Thank you for letting us know early on. I would also want to see a post-mortem on this
and I hope the steps taken to mitigate the risk will be consistent with the ones taken on
the recent fa.wiki criptocurrency case.
Strainu
În 17 martie 2018 03:57:28 EET, Gregory Varnum <gvarnum(a)wikimedia.org> a scris:
On 14 March and 15 March 2018, a CentralNotice
banner appeared to some
logged-out users viewing English Wikipedia pages. The banner contained
JavaScript hosted by Facebook, which allowed Facebook to collect
traffic data from those who visited a page with a banner. The banner
was prepared by the Wikimedia Foundation. The Foundation turned the
banner off as soon as we learned how the script was running, and its
potential scope. We have also removed all references to the code in
question from CentralNotice on Meta-Wiki.
The code utilized in this banner was based on an unused prototype
created by an outside vendor. Because the prototype was never enabled,
the vendor’s prototype code was not subjected to our standard quality
assurance process. However, we made the mistake of reusing the code for
a different purpose, and implementing it based on recommendations in
documentation from Twitter and Facebook to improve the appearance of
shared links. At the time, our understanding was that the platforms
would only receive traffic data if the user clicked on the link.
Although this was true for Twitter, the Facebook code operated
differently.
We discovered the problematic link configurations during our ongoing
monitoring of live banners. The recommended code enhanced not only the
appearance of links, it also enhanced Facebook's ability to collect
information on people visiting non-Facebook sites. As soon as we
realized these banners were sharing information without even having to
click the link, we disabled them and began an investigation. Staff in
multiple departments are collaboratively reviewing the incident as well
as procedural and technical improvements to prevent future incidents.
While this sort of tracking is commonplace today across most of the
internet, it is not consistent with our policies. We are disappointed
that this type of hidden data collection is routinely recommended by
major platforms, without clearer disclosure.
These practices are why we all must regularly take routine steps to
maintain a secure computer and account. As the Wikimedia Foundation
continues to explore ways we can do that within Wikimedia's platform,
we encourage you to consider tools which block unwanted third-party
scripts like the one provided by Facebook.
We apologize for sending this late on a Friday (San Francisco time).
However, we wanted to provide this information as quickly as possible.
_______________________________________________
Wikimedia-l mailing list, guidelines at:
https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and
https://meta.wikimedia.org/wiki/Wikimedia-l
New messages to: Wikimedia-l(a)lists.wikimedia.org
Unsubscribe:
https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
<mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe>
--
Trimis de pe dispozitiv Android cu K-9 Mail. Rog scuzati mesajul scurt.
_______________________________________________
Wikimedia-l mailing list, guidelines at:
https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and
https://meta.wikimedia.org/wiki/Wikimedia-l
New messages to: Wikimedia-l(a)lists.wikimedia.org
Unsubscribe:
https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
<mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe>