[Foundation-l] Wikipedia tracks user behaviour via third party companies

John at Darkstar vacuum at jeb.no
Thu Jun 4 10:20:10 UTC 2009

We need tools to track user behavior inside Wikipedia. As it is now we
know nearly nothing at all about user behavior and nearly all people
saying anything about users at Wikipedia makes gross estimates and wild

User privacy on Wikipedia is is close to a public hoax, pages are
transfered unencrypted and with user names in clear text. Anyone with
access to a public hub is able to intercept and identify users, in
addition to _all_ websites that are referenced during an edit on
Wikipedia through correlation of logs.

Compared to this the whole previous discussion about the Iranian steward
is somewhat strange, if not completely ridiculous.

Get real, the whole system and access to it is completely open!


Neil Harris skrev:
> Tim 'avatar' Bartel wrote:
>> Hi,
>> recently the report of the KnowPrivacy [1] study - a research project
>> by the School of Information from University of California in Berkeley
>> - hit the German media [2].
>> It came to the conclusion that "All of the top 50 websites contained
>> at least one web bug at some point in a one month time period." [3]
>> which includes wikipedia.org.
>> This is very troubleing and irritating for some of our (German) users
>> who are very sensitive to data privacy topics. So I established
>> contact to Brian W. Carver (University of California) who connected me
>> to David Cancel, the maintainer of Ghostery, which was used to
>> identify the web bugs. David wrote me today:
>>> The following web bug trackers were reported to us, on the following subdomains:
>>>   Google Analytics - vls.wikipedia.org
>>>   Doubleclick - hu.wikipedia.org
>>> Both were seen in yesterday's data so they're recent. We don't receive any page level information so that's as much detail as we have. Hope that helps.
>> I wasn't able to track down the Doubleclick web bug on the hungarian
>> Wikipedia, but Google Analytics web bug is integrated in every page of
>> the West Flemish Wikipedia via JavaScript [4].
>> Our privacy policy [5] states "The Wikimedia Foundation may keep raw
>> logs of such transactions [IP and other technical information], but
>> these will not be published or used to track legitimate users." and
>> "As a general principle, the access to, and retention of, personally
>> identifiable data in all projects should be minimal and should be used
>> only internally to serve the well-being of the projects."
>> I think we should stop the current use of Google Analytics ASAP.
>> Bye, Tim.
> Surely this is something which should be possible to block at the 
> MediaWiki level, by suppressing the generation of any HTML  that loads 
> any indirect resources (scripts, iframes, images, etc.) whatsoever other 
> than from a clearly defined whitelist of Wikimedia-Foundation-controlled 
> domains?
> Doing this should completely stop site admins from adding web bugs.
> -- Neil
> _______________________________________________
> foundation-l mailing list
> foundation-l at lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

More information about the foundation-l mailing list