[Foundation-l] Wikipedia tracks user behaviour via third party companies

Alex mrzmanwiki at gmail.com
Fri Jun 5 05:52:52 UTC 2009

John at Darkstar wrote:
>> Hmm? There's no reason to do anything like that. The AbuseFilter would
>> just prevent sitewide JS pages from being saved with the particular URLs
>> or a particular code block in them. It'll stop the well-meaning but
>> misguided admins. Short of restricting site JS to the point of
>> uselessness, you'll never be able to stop determined abusers.
> A very typical code fragment to make a stat url is something like
> document.write('<img scr="' + server + digest + '">');
> - server is some kind of external url
> - digest is just some random garbage to bypass caching
> This kind of code exists in so many variants that it is very difficult
> to say anything about how it may be implemented. Often it will not use a
> document.write on systems like Wikipedia but instead use createElement()
> Very often someone claims that the definition of "server" will be
> complete and may be used to identify the external server sufficiently.
> That is not a valid claim as many such sites can be referred for other
> purposes. 

Other purposes that have valid uses loading 3rd party content on a
Wikimedia wiki? Like what?

> Note also that the number of urls will be huge as this type of
> service is very popular, not to say that anyone that want may set up a
> special stat aggregator on an otherwise unknown domain.
> Basically, simple regexps are not sufficient for detecting this kind of
> code.

I don't think I said it would be perfect, the idea isn't to 100% prevent
it, just to try to stop the most obvious cases like Google analytics.

> Otherwise, take a look at Simetricals earlier post.
> John

Alex (wikipedia:en:User:Mr.Z-man)

More information about the foundation-l mailing list