Hello,
Thank you for discussing this matter. The Wikimedia Foundation takes the safety and
privacy of volunteers very seriously. I recognize that among the concerns is that the
identities of LGBTQ+ members of the movement could be revealed to anti-LGBTQ entities and
governments. As someone who has previously worked in advocacy for victims of anti-LGBTQ+
related crimes and acts of discrimination, I am personally very invested in mitigating
that risk. After speaking with my colleagues at the Foundation, I wanted to clear up a few
topics which have been raised here.
== Commitment to Free & Open Source & Security ==
In all platforms and software used in community interactions, our Security and Legal
teams are involved in reviewing possible solutions to ensure that we are minimizing risks
to our communities’ safety and privacy as well as the security of our technical
infrastructure. While we can never completely remove all risks, we are making an
increasingly strong effort to balance our resources and technology values to find the best
solution for our needs - as well as the needs of the volunteers and readers of the
projects we support.
For the most part, this process allows us to honor our commitment to open-source software
and utilize solutions already available - such as our recent adoption of Matrix in
internal communications and our continued usage of Phabricator for technical bug tracking.
In some cases, there are proprietary solutions that better fit our needs - such as our
payroll systems and staff email solutions. Finally, there are also times when there are no
solutions available and we need to develop our open-source solutions[1] - such as to
address how languages appear on a webpage or to help reduce our site's bandwidth
usage. We do not always have the resources to develop our own solutions to processes not
core to the operations of the wikis or where a solution already exists that works as well
or better than anything we could realistically develop.
== Survey tools ==
With regards to surveys, we have previously tested and attempted to use open source
solutions such as LimeSurvey. We will continue to keep an eye on those options and
consider them again in future reviews. We are extremely cognizant in exploring these
options of potential threats both to the privacy of the data collected and the security of
the servers operating the software.
Our strict privacy and security needs often require us entering into agreements with
operators of proprietary software or services that we use. Sometimes the agreements are
unique and confidential to avoid people who may intend harm from gleaning too many
technical details. For example, our Enterprise agreement with Google prevents Google from
accessing the data for their own uses and requires them to inform the Foundation of any
requests for data that they receive prior to disclosure, allowing us an opportunity to
file a legal objection. Additionally, our Legal department receives notice before changes
to these kinds of arrangements are formally accepted, affording us an opportunity to make
a change in platforms, if necessary, in order to maintain our security and privacy
requirements. Similarly, we have agreements with other services like Qualtrics to provide
controls over how our data is managed and secured.
Thanks in large part to the input and efforts of Wikimedia LGBTQ+, we have recently made
some additional improvements to how we conduct surveys. While our surveys have gone
through legal review for several years, we have begun referring teams to appropriate
language about gender and sexual orientation questions. Additionally, we are purposefully
not asking questions about sexual orientation or gender in any geographies where same-sex
relations or identifying as transgender are criminalized.[2][3] We are continuing to
investigate and collect ideas on additional measures we can take to protect the safety of
our communities.
== Ensuring the security of data ==
While storing data ourselves is sometimes the desired outcome, it is not always the best
solution. It is also worth noting that even when data is stored on our servers, we cannot
fully guarantee its protection without recognizing the constantly evolving nature of
digital threats means there will always be as yet unknown risks.
What we have done is continue to grow the capacity of our Security team[4] - allowing us
to respond more rapidly to potential risks and over time expand our capacity to review
options more rapidly. We have also established initiatives like the Defense of
Contributors program[5] - which provides financial legal support to volunteers facing
legal risks as a result of their participation in the Wikimedia movement (including taking
surveys). We have added rigor to the process of assessing vendors from a security and
privacy capabilities standpoint, so we are better informed on risks associated with
vendors who will be processing and handling data on our behalf. All of this reduces the
risk to everyone's privacy and security; and also provides the infrastructure for
effective and ethical responses to a wide range of possible threats.
This work is critical and never-ending - and these discussions are important. We are
working to make the above information easier to locate. I appreciate the thoughtful
questions people have posed on this mailing list and elsewhere in regards to a realistic
approach to managing risks.
Thank you again,
-greg
[1]
-------
Gregory Varnum
Senior Strategist, Communications
Wikimedia Foundation
gvarnum(a)wikimedia.org
Pronouns: He/Him/His
On Feb 17, 2021, at 7:36 AM, Gnangarra
<gnangarra(a)gmail.com> wrote:
Kaya
Have we put the ostrich back, where does this go from here? Have we decided to learn and
make an effort or have we reached the inevitable impasse where everyone hopes the issue
has been forgotten about.
There was a reasonable (though I think unlikely) possibility that contributors in
Australia could lose Google as a platform,
https://www.abc.net.au/news/2021-02-16/google-search-departure-devastate-au…
. While that looks even less likely google is already offering pay for services and
limiting "free" services like gmail and google docs.
The only assurity the WMF can give about equity, privacy, and access is through its own
services, or services that it hosts. The movement needs to be looking at its
sustainability in the face of increased government impact on the ultra large corporate
services we are using to operate
On Mon, 15 Feb 2021 at 20:10, Tomasz Ganicz <polimerek(a)gmail.com> wrote:
Well, both ZEUS and CiviCRM works well in many NGO-ses. It is just a subject of proper
maintenance. Actually, a piece of free software called MediaWiki is probably more
complicated to maintain than CiviCRM or Wordpress but WMF is able to maintain it pretty
well :-) I believe that organization able to successfully maintain the largest MediaWiki
based projects on Earth could also manage to organize free software based survey system...
This is a subject of priorities rather than resources...
pon., 15 lut 2021 o 02:08 Łukasz Garczewski <lukasz.garczewski(a)wikimedia.pl>
napisał(a):
With respect, Fae, if you're going to propose banning an existing solution, it is on
you to propose a suitable alternative or at least a process to find it before the ban
takes effect.
I write this as a signatory of Free Software Foundation Europe's Public Money? Public
Code open letter. I am wholeheartedly a proponent of open source software.
At the same time, I am a firm believer in using the best available tool for the job.
Our mission is too important to hold ourselves back at every step due to a noble but
often unrealistic wish to use open source solutions for everything we do.
Last year, because of my drive to use proper open source solutions, WMPL wasted hours and
hours of staff time (mostly mine) and a not insignificant amount of members' time
because:
• Zeus, a widely used, cryptographically secure voting system is impossible to
setup and maintain and has very sparse documentation,
• CiviCRM, the premier open source CRM solution for NGOs, refuses to work correctly
after the Wordpress installation is moved to a new URL, and documentation isn't
helpful.
To my knowledge there are no suitable open source options that would be easy-to-use and
robust enough to support our needs in both cases and be comparable to commercial
counterparts.
I have wasted a ton of time (and therefore WMPL money), before I decided to use
state-of-the-art commercial solutions for the needs described above. Don't be like me.
Don't make other people think & act like I did. Be smarter.
Should we use an equivalent open source solution when one is available? Yes.
Should we have a public list of open source tools needed? Yes.
Should we use programmes such as Google Summer of Code to build those tools? Yes.
Should we waste time using sub-par solutions or doing work manually? Hell no.
So here's a constructive alternative idea:
• Let's gather the needs and use cases for tools used by WMF and affiliates,
• Let's build a list of potential open source replacements and map what
features are missing,
• Let's put the word out that we're looking for open source replacements
where there are none available,
• Let's embed Wikimedia liaisons in key open source projects to ensure our
needs and use cases are addressed promptly,
• Let's use initiatives such as Summer of Code to kickstart building some of
these tools.
I acknowledge the above is much harder to do than instituting a ban via community
consensus. It is, however, a much more productive approach and will get us to your desired
state eventually, and without sabotaging the work that needs to happen in the meantime.
Oh, and in case anybody's wondering why we can't build these tools in-house:
We could but really, really shouldn't. MediaWiki and the wider Wikimedia tech
infrastructure is still in need of huge improvements. It would be really unwise to
distract WMF's development and product teams from these goals by requesting they build
standard communication or reporting tools.
On Sat, Feb 13, 2021 at 4:42 PM Fæ <faewik(a)gmail.com> wrote:
As a consequence of the promotion of a Google forms based survey this
week by a WMF representative, a proposal on Wikimedia Commons has been
started to ban the promotion of surveys which rely on third party
sites like Google Forms.[1]
Launched today, but already it appears likely that this proposal will
have a consensus to support. Considering that Commons is one of our
largest Wikimedia projects, there are potential repercussions of
banning the on-wiki promotion of surveys which use Google products or
other closed source third party products like SurveyMonkey.
Feedback is most welcome on the proposal discussion, or on this list
for handling impact, solutions, recommended alternatives that already
exist, or the future role of the WMF to support research and surveys
for the WMF and affiliates by using forking open source software and
self-hosting and self-managing data "locally".
Links
1.
https://commons.wikimedia.org/wiki/Commons:Village_pump/Proposals#Use_of_of…
Thanks
Fae
--
faewik(a)gmail.com
https://commons.wikimedia.org/wiki/User:Fae
#WearAMask
_______________________________________________
Wikimedia-l mailing list, guidelines at:
https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and
https://meta.wikimedia.org/wiki/Wikimedia-l
New messages to: Wikimedia-l(a)lists.wikimedia.org
Unsubscribe:
https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
<mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe>
--
Z poważaniem · Kind regards
Łukasz Garczewski
Dyrektor ds. operacyjnych · Chief Operating Officer
Wikimedia Polska
tel: +48 601 827 937
e-mail: lukasz.garczewski(a)wikimedia.pl
Wesprzyj wolną wiedzę!
Przekaż 1% podatku lub wpłać darowiznę na rzecz Wikipedii
ul. Tuwima 95, pok. 15 Łódź, Polska
KRS 0000244732
NIP 728-25-97-388
wikimedia.pl
Informacje na temat przetwarzania znajdują się w Polityce Prywatności. Kontakt:
rodo(a)wikimedia.pl
_______________________________________________
Wikimedia-l mailing list, guidelines at:
https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and
https://meta.wikimedia.org/wiki/Wikimedia-l
New messages to: Wikimedia-l(a)lists.wikimedia.org
Unsubscribe:
https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
<mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe>
--
Tomek "Polimerek" Ganicz
http://pl.wikimedia.org/wiki/User:Polimerek
http://www.ganicz.pl/poli/
_______________________________________________
Wikimedia-l mailing list, guidelines at:
https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and
https://meta.wikimedia.org/wiki/Wikimedia-l
New messages to: Wikimedia-l(a)lists.wikimedia.org
Unsubscribe:
https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
<mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe>
--
GN.
Power of Diverse Collaboration
Sharing knowledge brings people together
Wikimania Bangkok 2022
August
hosted by ESEAP
Wikimania:
https://wikimania.wikimedia.org/wiki/User:Gnangarra
Noongarpedia:
https://incubator.wikimedia.org/wiki/Wp/nys/Main_Page
My print shop:
https://www.redbubble.com/people/Gnangarra/shop?asc=u
_______________________________________________
Wikimedia-l mailing list, guidelines at:
https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and
https://meta.wikimedia.org/wiki/Wikimedia-l
New messages to: Wikimedia-l(a)lists.wikimedia.org
Unsubscribe:
https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
<mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe>
_______________________________________________
Wikimedia-l mailing list, guidelines at: