[Foundation-l] Wikipedia tracks user behaviour via third party companies

Neil Harris usenet at tonal.clara.co.uk
Thu Jun 4 10:01:46 UTC 2009

Tim 'avatar' Bartel wrote:
> Hi,
> recently the report of the KnowPrivacy [1] study - a research project
> by the School of Information from University of California in Berkeley
> - hit the German media [2].
> It came to the conclusion that "All of the top 50 websites contained
> at least one web bug at some point in a one month time period." [3]
> which includes wikipedia.org.
> This is very troubleing and irritating for some of our (German) users
> who are very sensitive to data privacy topics. So I established
> contact to Brian W. Carver (University of California) who connected me
> to David Cancel, the maintainer of Ghostery, which was used to
> identify the web bugs. David wrote me today:
>> The following web bug trackers were reported to us, on the following subdomains:
>>   Google Analytics - vls.wikipedia.org
>>   Doubleclick - hu.wikipedia.org
>> Both were seen in yesterday's data so they're recent. We don't receive any page level information so that's as much detail as we have. Hope that helps.
> I wasn't able to track down the Doubleclick web bug on the hungarian
> Wikipedia, but Google Analytics web bug is integrated in every page of
> the West Flemish Wikipedia via JavaScript [4].
> Our privacy policy [5] states "The Wikimedia Foundation may keep raw
> logs of such transactions [IP and other technical information], but
> these will not be published or used to track legitimate users." and
> "As a general principle, the access to, and retention of, personally
> identifiable data in all projects should be minimal and should be used
> only internally to serve the well-being of the projects."
> I think we should stop the current use of Google Analytics ASAP.
> Bye, Tim.
Surely this is something which should be possible to block at the 
MediaWiki level, by suppressing the generation of any HTML  that loads 
any indirect resources (scripts, iframes, images, etc.) whatsoever other 
than from a clearly defined whitelist of Wikimedia-Foundation-controlled 

Doing this should completely stop site admins from adding web bugs.

-- Neil

More information about the foundation-l mailing list