Can we force HTTPS for the game so we're not leaking usernames over cleartext HTTP? (not just because the edits can be correlated with who was asked about them but also the game interface displays your username and a user could do Wikidata actions in your name if they got your HTTP cookie in the clear)
I would support this change.
Thank you,
Derric Atzrott
From: gendergap-bounces@lists.wikimedia.org [mailto:gendergap-bounces@lists.wikimedia.org] On Behalf Of Jeremy Baron Sent: 22 May 2014 00:00 To: Increasing female participation in Wikimedia projects Subject: Re: [Gendergap] Wikidata, gamification and gender
FYI, msg from another list below.
-Jeremy
---------- Forwarded message ---------- From: "Jeremy Baron" jeremy@tuxmachine.com Date: May 21, 2014 11:58 PM Subject: Re: [WikimediaMobile] micro-contributions on mobile via wikidata To: "Magnus Manske" magnusmanske@googlemail.com Cc: "mobile-l" mobile-l@lists.wikimedia.org
On May 21, 2014 9:55 PM, "Jeremy Baron" jeremy@tuxmachine.com wrote:
On May 21, 2014 9:07 PM, "Erik Moeller" erik@wikimedia.org wrote:
On Wed, May 21, 2014 at 2:17 PM, Ryan Kaldari rkaldari@wikimedia.org wrote:
Most of these "games" would be great in a mobile context.
The current design is already responsive - but I wasn't able to actually get the OAuth authorization to work on mobile, at least not on Firefox/Android :(
I just did it with Firefox. I think I first hit "allow" on desktop MediaWiki and then got an "application connection error" from mobile. Unknown OAuth key, E006.
Then went back to tool labs, hit the button again and back to desktop MediaWiki. Now the dialog had some bad styles or something so some of the text was hidden and I couldn't see the buttons at all. Manually changed URL from www.mediawiki.org → m.mediawiki.org and then authorized through mobilefrontend and finally got the game working.
A couple more issues (but not strictly mobile things):
- You may want to avoid merges/"same item" tasks until https://www.wikidata.org/w/index.php?title=Wikidata:Requests_for_deletions https://www.wikidata.org/w/index.php?title=Wikidata:Requests_for_deletions&oldid=132186913 &oldid=132186913 is resolved.
- Can we force HTTPS for the game so we're not leaking usernames over cleartext HTTP? (not just because the edits can be correlated with who was asked about them but also the game interface displays your username and a user could do Wikidata actions in your name if they got your HTTP cookie in the clear)
Thanks
-Jeremy