On 22 July 2016 at 10:29, Ori Livneh ori@wikimedia.org wrote:
Starting with version 1.28, MediaWiki will provide operators with the option of sharing anonymous data about the local MediaWiki instance and its environment with MediaWiki's developer community via a pingback to a URL endpoint on MediaWiki.org.
The configuration variable that controls this behavior ($wgPingback) will default to false (that is: don't share data). The web installer will display a checkbox for toggling this feature on and off, and it will be checked by default (that is: *do* share data). This ensures (I hope) that no one feels surprised or violated.
If it's disabled by default, isn't our standard practice not to pre-tick the option?
The information that gets sent is described in < https://meta.wikimedia.org/wiki/Schema:MediaWikiPingback%3E. Here is a summary of what we send:
- A randomly-generated unique ID for the wiki.
How is it randomly-generated? Is a true-random or a hash based on provided info? Is there anything to prevent duplication?
…
- The chosen database backend (e.g., "mysql", "sqlite")
- The version of MediaWiki in use
- The version of PHP
- The name of the web server software in use (e.g. "Apache/1.3.14")
Neither the wiki name nor its location is shared.
If a organisation creates custom packages (with custom naming), this could conceivably reveal information if they accidentally trigger this option
The plan is to make this data freely available to all MediaWiki developers. Before that can happen, I will need to solicit reviews from security folks and from the WMF's legal team, but I don't expect any major issues.
Has a draft of the Data Retention Guidelines and Data Access Guidelines that you are planning to send to Legal been created/shared yet?