Adam,
Thank you for providing an informative and accessible answer to Trillium's
relevant questions. It's truly heartening to see the organization improving
in its ability to communicate its intentions, etc. I hope that when broad
consensus among staff is reached (as you express in footnote [1]), it will
become an increasingly high priority to clearly communicate that in public
fora. It really helps when we can understand what others are trying to do,
and how it aligns with our own ambitions.
Good stuff. I think this discussion got off to a rough start, but you have
gotten it back on track, and maybe to resolution.
-Pete
[[User:Peteforsyth]]
On Mon, May 2, 2016 at 12:21 AM, Adam Wight <awight(a)wikimedia.org> wrote:
Hi Trillium,
These are great questions to ask, thank you for keeping the privacy
conversation on track!
As a technical employee of the Wikimedia Foundation who would have been
involved if we were planning significant changes to expand or limit
tracking, I can confirm that nothing rotten is in the wings. In fact, the
situation is better now than ever before (in my 4 years here). There are
internal accountability reforms under way to help us make strong guarantees
about our users' privacy. A brief investigation into assigning readers
long-term unique identifiers--in lay person terms the gateway to dystopian
tracking--opened and was immediately shut again.[1] Data retention (what
user data we collect and for how long) policy work is being tightened up,
and done in public.[2] In Fundraising, we've found a way to measure
aggregate data about our banner delivery without collecting information
which lets us correlate anything else about readers.[3]
While I feel good about what's happening now, it would be nice to have
longer-term assurances that we won't go collectively nuts in the
unforeseeable future. I'm not sure what that assurance might look like,
though... Democratic stewardship of our shared resources? Anyway, please
do keep a critical eye on cookies and their brethren, and if you find
anything out of joint I'm sure there will be plenty of allies left within
the Foundation to help set it right.
Regards,
Adam Wight
[[mw:User:Adamw]
[1] Sorry, there was an all-staff internal discussion but I don't think
this was published. The idea at the time was to get our house in order and
decide whether to start a public conversation about unique IDs. There
turned out to be many strong critics of the plan and no real supporters as
far I could tell, and the initiative was abandoned, to my knowledge. The
motivation for the project was to get a better estimate of our unique
visitor counts (a count of their devices, to be precise). We've settled on
the less accurate "last visited" measurement instead, which is described
here:
http://blog.wikimedia.org/2016/03/30/unique-devices-dataset/
[2]
https://meta.wikimedia.org/wiki/Data_retention_guidelines
[3]
https://commons.wikimedia.org/wiki/File:Lightening_banner_history.pdf
On Sun, May 1, 2016 at 9:21 PM, Oliver Keyes <ironholds(a)gmail.com> wrote:
It seems like you can either deny James's
knowledge of the
technical/legal
overlap or ask him questions, but probably not
both :p.
One element I can answer: no, it does not contain flash objects, flash is
not a technology included in the Wikimedia stack on account of it barely
being classifiable as a technology.
On Sunday, 1 May 2016, Toby Dollmann <toby.dollmann(a)gmail.com> wrote:
> > It's certainly possible that this is only 'obvious' to me because
of
my
knowledge of outside organizations or law but it
doesn't surprise me.
Your reply is not obvious to me. I understand that your employment is
exclusively with WMF and you do not appear to be particularly
qualified (or experienced) in law.
Treating the cookie statement as an explanation / extension of WMF's
privacy policy and noting the poster's concern that the WMF legal team
have amended certain descriptors for locally stored objects (not
cookies) of indeterminate (theoretically infinite) persistence, would
you clarify the following technical /legal aspects relating to cookies
and their usage on Wikimedia.
1. Whether, or not, editors of Wikimedia websites", say
"en.wikipedia.org" or "commons.wikimedia.org", can edit if cookies
(broadly construed) are disabled and not stored on client devices.
2. Whether, or not, the locally stored objects referenced in the
cookie policy include
(i) Javascript code, or
(ii) Flash objects
3. Whether, or not, the locally stored objects inserted by the WMF, on
client computers and stored there, have the capability of collecting
extensive personal information of editors, the degree of which not
being explicitly disclosed in advance to users.
4. Whether, or not, the WMF is aware that a certain "toxic and
juvenile .. problem" [reff#1] WMF sysop (now banned) with extensive
knowledge of WMF's checkuser process, the cookie policy and its
internals has achieved remarkable technical capability to closely
impersonate other editors and get them blocked by a network (aka "porn
crew") of surviving cooperative "community appointed" sysops favorably
still disposed to him/her. That this problem person (who has also
threatened legal action against WMF) extensively uses mobile Wikipedia
via "millions of IPs" [ref#2] in multiple languages, including several
some fairly obscure ones, for abusive purposes which are 'obviously'
related to WMF_legal's recent subject edit.
Toby
[ref#1] "I should be clear - the problem is not the abuse of me, but
the toxic and juvenile environment at Commons. I have never failed in
30 seconds of looking to find a horrifying BLP violation at commons of
a photo of an identifiable woman engaged in sexual activity with
highly questionable provenance (for example a deleted flickr account).
Every time (including tonight) that I go there hoping to see
improvement, I am disappointed. And I think that as long as we
tolerate it and don't bounce some very bad admins, we will not solve
the problem.--Jimbo Wales (talk) 23:04, 14 October 2014 (UTC)"
[ref#2]
https://commons.wikimedia.org/w/index.php?title=User_talk%3AOdder&actio…
>
> On 5/2/16, James Alexander <jalexander(a)wikimedia.org <javascript:;>>
> wrote:
> > On Sun, May 1, 2016 at 2:40 PM, Trillium Corsage <
> trillium2014(a)yandex.com <javascript:;>>
> > wrote:
> >
> >> I noticed Michelle Paulson editing the "Cookie Statement" page,
and
it
> >> seemed kind of strange to me
because I thought it more a technical
and
IT
> thing to edit. But Michelle is WMF Legal,
right
>
I won't/can't comment on the rest of your questions but I'm confused
about
> why you would be surprised here... the cookie statement is,
essentially,
> a
> > legal statement/privacy policy "type" document (obviously different
but
>
similar) and just like the privacy policy (or access to non public
> information or document retention policy or terms of use or other
policy
> docs along those lines) the cookie statement
has been owned by Legal
for
> as
> > long as it's existed (I can attest to that fact since the CA team was
> asked
> > to help put it up for them).
> >
> > It's certainly possible that this is only 'obvious' to me because
of
my
>
knowledge of outside organizations or law but it doesn't surprise me.
> Cookie statements are part of the law in some countries (not
necessarily
> > ones we have to follow given our position in the US but Europe has
laws
>
about it for example) and so would usually be within the legal
department
> > for many organizations. Cookies are also closely tied with privacy
and
> the
> > privacy policy and so compliance and ensuring that the org stays
within
their promises would, also, often fall within the
legal department
(though
> everyone should/does have a hand in ensuring they follow the promises
the
> > org as a whole made).
> >
> > James Alexander
> > Manager
> > Trust & Safety
> > Wikimedia Foundation
> > _______________________________________________
> > Wikimedia-l mailing list, guidelines at:
> >
https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
> > New messages to: Wikimedia-l(a)lists.wikimedia.org <javascript:;>
> > Unsubscribe:
https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
<mailto:wikimedia-l-request@lists.wikimedia.org
<javascript:;>
?subject=unsubscribe>
_______________________________________________
Wikimedia-l mailing list, guidelines at:
https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
New messages to: Wikimedia-l(a)lists.wikimedia.org <javascript:;>
Unsubscribe:
https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
<mailto:wikimedia-l-request@lists.wikimedia.org <javascript:;>
?subject=unsubscribe>
_______________________________________________
Wikimedia-l mailing list, guidelines at:
https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
New messages to: Wikimedia-l(a)lists.wikimedia.org
Unsubscribe:
https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
<mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe>
_______________________________________________
Wikimedia-l mailing list, guidelines at:
https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
New messages to: Wikimedia-l(a)lists.wikimedia.org
Unsubscribe:
https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
<mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe>