[Foundation-l] Wikipedia tracks user behaviour via third party companies

John at Darkstar vacuum at jeb.no
Thu Jun 4 10:48:04 UTC 2009

Forgot a link to an article which describes very well privacy on
Wikipedia! ;)


John at Darkstar skrev:
> We need tools to track user behavior inside Wikipedia. As it is now we
> know nearly nothing at all about user behavior and nearly all people
> saying anything about users at Wikipedia makes gross estimates and wild
> guesses.
> User privacy on Wikipedia is is close to a public hoax, pages are
> transfered unencrypted and with user names in clear text. Anyone with
> access to a public hub is able to intercept and identify users, in
> addition to _all_ websites that are referenced during an edit on
> Wikipedia through correlation of logs.
> Compared to this the whole previous discussion about the Iranian steward
> is somewhat strange, if not completely ridiculous.
> Get real, the whole system and access to it is completely open!
> John
> Neil Harris skrev:
>> Tim 'avatar' Bartel wrote:
>>> Hi,
>>> recently the report of the KnowPrivacy [1] study - a research project
>>> by the School of Information from University of California in Berkeley
>>> - hit the German media [2].
>>> It came to the conclusion that "All of the top 50 websites contained
>>> at least one web bug at some point in a one month time period." [3]
>>> which includes wikipedia.org.
>>> This is very troubleing and irritating for some of our (German) users
>>> who are very sensitive to data privacy topics. So I established
>>> contact to Brian W. Carver (University of California) who connected me
>>> to David Cancel, the maintainer of Ghostery, which was used to
>>> identify the web bugs. David wrote me today:
>>>> The following web bug trackers were reported to us, on the following subdomains:
>>>>   Google Analytics - vls.wikipedia.org
>>>>   Doubleclick - hu.wikipedia.org
>>>> Both were seen in yesterday's data so they're recent. We don't receive any page level information so that's as much detail as we have. Hope that helps.
>>> I wasn't able to track down the Doubleclick web bug on the hungarian
>>> Wikipedia, but Google Analytics web bug is integrated in every page of
>>> the West Flemish Wikipedia via JavaScript [4].
>>> Our privacy policy [5] states "The Wikimedia Foundation may keep raw
>>> logs of such transactions [IP and other technical information], but
>>> these will not be published or used to track legitimate users." and
>>> "As a general principle, the access to, and retention of, personally
>>> identifiable data in all projects should be minimal and should be used
>>> only internally to serve the well-being of the projects."
>>> I think we should stop the current use of Google Analytics ASAP.
>>> Bye, Tim.
>> Surely this is something which should be possible to block at the 
>> MediaWiki level, by suppressing the generation of any HTML  that loads 
>> any indirect resources (scripts, iframes, images, etc.) whatsoever other 
>> than from a clearly defined whitelist of Wikimedia-Foundation-controlled 
>> domains?
>> Doing this should completely stop site admins from adding web bugs.
>> -- Neil
>> _______________________________________________
>> foundation-l mailing list
>> foundation-l at lists.wikimedia.org
>> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l
> _______________________________________________
> foundation-l mailing list
> foundation-l at lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

More information about the foundation-l mailing list