Adam,
Thank you for providing an informative and accessible answer to Trillium's relevant questions. It's truly heartening to see the organization improving in its ability to communicate its intentions, etc. I hope that when broad consensus among staff is reached (as you express in footnote [1]), it will become an increasingly high priority to clearly communicate that in public fora. It really helps when we can understand what others are trying to do, and how it aligns with our own ambitions.
Good stuff. I think this discussion got off to a rough start, but you have gotten it back on track, and maybe to resolution.
-Pete [[User:Peteforsyth]]
On Mon, May 2, 2016 at 12:21 AM, Adam Wight awight@wikimedia.org wrote:
Hi Trillium,
These are great questions to ask, thank you for keeping the privacy conversation on track!
As a technical employee of the Wikimedia Foundation who would have been involved if we were planning significant changes to expand or limit tracking, I can confirm that nothing rotten is in the wings. In fact, the situation is better now than ever before (in my 4 years here). There are internal accountability reforms under way to help us make strong guarantees about our users' privacy. A brief investigation into assigning readers long-term unique identifiers--in lay person terms the gateway to dystopian tracking--opened and was immediately shut again.[1] Data retention (what user data we collect and for how long) policy work is being tightened up, and done in public.[2] In Fundraising, we've found a way to measure aggregate data about our banner delivery without collecting information which lets us correlate anything else about readers.[3]
While I feel good about what's happening now, it would be nice to have longer-term assurances that we won't go collectively nuts in the unforeseeable future. I'm not sure what that assurance might look like, though... Democratic stewardship of our shared resources? Anyway, please do keep a critical eye on cookies and their brethren, and if you find anything out of joint I'm sure there will be plenty of allies left within the Foundation to help set it right.
Regards, Adam Wight [[mw:User:Adamw]
[1] Sorry, there was an all-staff internal discussion but I don't think this was published. The idea at the time was to get our house in order and decide whether to start a public conversation about unique IDs. There turned out to be many strong critics of the plan and no real supporters as far I could tell, and the initiative was abandoned, to my knowledge. The motivation for the project was to get a better estimate of our unique visitor counts (a count of their devices, to be precise). We've settled on the less accurate "last visited" measurement instead, which is described here: http://blog.wikimedia.org/2016/03/30/unique-devices-dataset/ [2] https://meta.wikimedia.org/wiki/Data_retention_guidelines [3] https://commons.wikimedia.org/wiki/File:Lightening_banner_history.pdf
On Sun, May 1, 2016 at 9:21 PM, Oliver Keyes ironholds@gmail.com wrote:
It seems like you can either deny James's knowledge of the
technical/legal
overlap or ask him questions, but probably not both :p.
One element I can answer: no, it does not contain flash objects, flash is not a technology included in the Wikimedia stack on account of it barely being classifiable as a technology.
On Sunday, 1 May 2016, Toby Dollmann toby.dollmann@gmail.com wrote:
It's certainly possible that this is only 'obvious' to me because of
my
knowledge of outside organizations or law but it doesn't surprise me.
Your reply is not obvious to me. I understand that your employment is exclusively with WMF and you do not appear to be particularly qualified (or experienced) in law.
Treating the cookie statement as an explanation / extension of WMF's privacy policy and noting the poster's concern that the WMF legal team have amended certain descriptors for locally stored objects (not cookies) of indeterminate (theoretically infinite) persistence, would you clarify the following technical /legal aspects relating to cookies and their usage on Wikimedia.
- Whether, or not, editors of Wikimedia websites", say
"en.wikipedia.org" or "commons.wikimedia.org", can edit if cookies (broadly construed) are disabled and not stored on client devices.
- Whether, or not, the locally stored objects referenced in the
cookie policy include (i) Javascript code, or (ii) Flash objects
- Whether, or not, the locally stored objects inserted by the WMF, on
client computers and stored there, have the capability of collecting extensive personal information of editors, the degree of which not being explicitly disclosed in advance to users.
- Whether, or not, the WMF is aware that a certain "toxic and
juvenile .. problem" [reff#1] WMF sysop (now banned) with extensive knowledge of WMF's checkuser process, the cookie policy and its internals has achieved remarkable technical capability to closely impersonate other editors and get them blocked by a network (aka "porn crew") of surviving cooperative "community appointed" sysops favorably still disposed to him/her. That this problem person (who has also threatened legal action against WMF) extensively uses mobile Wikipedia via "millions of IPs" [ref#2] in multiple languages, including several some fairly obscure ones, for abusive purposes which are 'obviously' related to WMF_legal's recent subject edit.
Toby
[ref#1] "I should be clear - the problem is not the abuse of me, but the toxic and juvenile environment at Commons. I have never failed in 30 seconds of looking to find a horrifying BLP violation at commons of a photo of an identifiable woman engaged in sexual activity with highly questionable provenance (for example a deleted flickr account). Every time (including tonight) that I go there hoping to see improvement, I am disappointed. And I think that as long as we tolerate it and don't bounce some very bad admins, we will not solve the problem.--Jimbo Wales (talk) 23:04, 14 October 2014 (UTC)"
[ref#2]
https://commons.wikimedia.org/w/index.php?title=User_talk%3AOdder&action...
On 5/2/16, James Alexander <jalexander@wikimedia.org javascript:;> wrote:
On Sun, May 1, 2016 at 2:40 PM, Trillium Corsage <
trillium2014@yandex.com javascript:;>
wrote:
I noticed Michelle Paulson editing the "Cookie Statement" page, and
it
seemed kind of strange to me because I thought it more a technical
and
IT
thing to edit. But Michelle is WMF Legal, right
I won't/can't comment on the rest of your questions but I'm confused
about
why you would be surprised here... the cookie statement is,
essentially,
a
legal statement/privacy policy "type" document (obviously different
but
similar) and just like the privacy policy (or access to non public information or document retention policy or terms of use or other
policy
docs along those lines) the cookie statement has been owned by Legal
for
as
long as it's existed (I can attest to that fact since the CA team was
asked
to help put it up for them).
It's certainly possible that this is only 'obvious' to me because of
my
knowledge of outside organizations or law but it doesn't surprise me. Cookie statements are part of the law in some countries (not
necessarily
ones we have to follow given our position in the US but Europe has
laws
about it for example) and so would usually be within the legal
department
for many organizations. Cookies are also closely tied with privacy
and
the
privacy policy and so compliance and ensuring that the org stays
within
their promises would, also, often fall within the legal department
(though
everyone should/does have a hand in ensuring they follow the promises
the
org as a whole made).
James Alexander Manager Trust & Safety Wikimedia Foundation _______________________________________________ Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines New messages to: Wikimedia-l@lists.wikimedia.org javascript:; Unsubscribe:
https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
<mailto:wikimedia-l-request@lists.wikimedia.org javascript:;
?subject=unsubscribe>
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines New messages to: Wikimedia-l@lists.wikimedia.org javascript:; Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:wikimedia-l-request@lists.wikimedia.org javascript:; ?subject=unsubscribe>
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe