[Foundation-l] Wikipedia tracks user behaviour via third party companies

John at Darkstar vacuum at jeb.no
Thu Jun 4 11:33:46 UTC 2009

The interesting thing is "who has interest in which users identity".
Lets make an example, some organization sets up a site with a honeypot
and logs all visitors. Then they correlates that with RC-logs from
Wikipedia and then checks out who adds external links back to
themselves. They do not need direct access to Wikipedia logs or the raw

There is only one valid reason as I see it to avoid certain stat
engines, and that is to block advertising companies from getting
information about the readers. The writers does not have any real
anonymity at all.


Neil Harris skrev:
> John at Darkstar wrote:
>> We need tools to track user behavior inside Wikipedia. As it is now we
>> know nearly nothing at all about user behavior and nearly all people
>> saying anything about users at Wikipedia makes gross estimates and wild
>> guesses.
>> User privacy on Wikipedia is is close to a public hoax, pages are
>> transfered unencrypted and with user names in clear text. Anyone with
>> access to a public hub is able to intercept and identify users, in
>> addition to _all_ websites that are referenced during an edit on
>> Wikipedia through correlation of logs.
>> Compared to this the whole previous discussion about the Iranian steward
>> is somewhat strange, if not completely ridiculous.
>> Get real, the whole system and access to it is completely open!
>> John
> As you say, there is no possibility of absolute privacy from anyone with 
> access to the traffic stream, since the Internet was never engineered to 
> give this kind of privacy.  Wikipedia as "completely open" as any other 
> non-https website -- and, even with https, as with any other website 
> with publicly visible transactions, for anyone with access to the 
> traffic stream, simple traffic analysis is generally enough to correlate 
> user identities to IPs. A combination of http and Tor is probably as 
> good as it gets in attempting to avoid this, but even this has its 
> limitations.
> But it is simply unreasonable to equate this with no privacy at all. 
> Most possible eavesdroppers do _not_ have access to the entire traffic 
> stream, and those who do have access to traffic generally only have 
> access to part of the traffic stream, and even then, most of them can't 
> be bothered to eavesdrop, or are discouraged from doing so by privacy laws.
> Given this, it is quite reasonable to take appropriate technical 
> measures that attempt to keep as much of that remaining privacy as 
> secure as possible.
> -- Neil
> _______________________________________________
> foundation-l mailing list
> foundation-l at lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

More information about the foundation-l mailing list