[Foundation-l] Wikipedia tracks user behaviour via third party companies

Neil Harris usenet at tonal.clara.co.uk
Thu Jun 4 14:03:59 UTC 2009

John at Darkstar wrote:
> The interesting thing is "who has interest in which users identity".
> Lets make an example, some organization sets up a site with a honeypot
> and logs all visitors. Then they correlates that with RC-logs from
> Wikipedia and then checks out who adds external links back to
> themselves. They do not need direct access to Wikipedia logs or the raw
> traffic.
> There is only one valid reason as I see it to avoid certain stat
> engines, and that is to block advertising companies from getting
> information about the readers. The writers does not have any real
> anonymity at all.
> John

Indeed they could. But even so, they would still have great difficulty 
in getting more than a small fraction of Wikipedia's readers to both 
visit the honeypot and make an edit that links to it, and the vast 
majority of unaffected users will still avoid being bitten by this 
attack. And even then, they will still only have obtained a mapping 
between the user's current IP and their Wikipedia account, and will 
still have to correlate this back to a personal identity, which is often 
harder than it might seem to be in theory.

The world is a dangerous place, but just because privacy and security 
can never be absolute is not a reason to make good faith efforts to 
preserve it as much of both as reasonably possible within the limits of 
time and resources available.
Just because a door can be knocked down with a sledgehammer (or a wall 
demolished with a pneumatic hammer) is not a reason not to have a lock 
on it, or a door there in the first place.

-- Neil

More information about the foundation-l mailing list