Couldn't the stats job you want run on toolserver?
Peter Gervai wrote:
Hello,
I wasn't subscribed to this list, since I usually try to avoid the
politics around.
I was notified, however, that some interesting claims were made and
some steps taken (again) without any discussion
Hi!
Couldn't the stats job you want run on toolserver?
Really, this isn't much of foundation-l issue - we have been
collecting and providing detailed article viewership statistics for
over a year.
People are building various applications on top of that data, like
Discussing something as a general social concern is one thing, claiming
that it is a wmf legal issue is something different.
John
Michael Snow skrev:
John at Darkstar wrote:
Are the developers lawyers? A developer claiming something has an
unwanted privacy issue is very different from making
It is a WMF legal issue, in addition to being a social issue. No claim is
being made that its a legal issue, it's just a fact.
On Sun, Jun 7, 2009 at 2:43 AM, John at Darkstar vac...@jeb.no wrote:
Discussing something as a general social concern is one thing, claiming
that it is a wmf legal
Just to be clear, it has been claimed in this thread that the CheckUser
right also gives those admins the right to collect additional data on users
and analyze it. I've just read the privacy policy and that is not true.
You'll also find [[Privacy policy]] interesting, although you might decide
to
This might be going off topic, and not really helpful in finding a solution
(along the lines of wamping up WMF stats capabilities in the near future or
reinstating the huwiki solution in a way accpetable to the WMF and the hu.wp
community and possibly benefitting other communities, as well):
On
I'm going off of statements like this:
I happen to be the one who have created the Hungarian checkuser policy,
which is, as far as I know, the strictest one in WMF projects, and it's no
joke, and I intend to follow it.
On Sun, Jun 7, 2009 at 11:13 AM, Bence Damokos bdamo...@gmail.com wrote:
Hi!
Are the developers lawyers?
IANAL.
A developer claiming something has an
unwanted privacy issue is very different from making claims about
something being a legal issue on the behalf of Foundation. Simply
don't
do it.
I failed to phrase what I wanted to write you in a way, that I
Hi!
I believe there was no such claim, if anything, it was pointed out
that
setting up the stats engine didn't give access to information that
was not
accessible before by the Checkusers (even if logged), and that most
fears of
data being handled by the wrong hands are mitigated by
Hello,
If I were to compile a wishlist of stats things:
1. stats.grok.se data for non-Wikipedia projects
the raw data is available, anyone can build anything like that, as
long as they have resources. I've suggested Henrik to opensource his
software, but probably it suffers from not nice
On Sun, Jun 7, 2009 at 11:17 AM, Domas Mituzas midom.li...@gmail.comwrote:
And, Brian,
Volunteer admins cannot take user privacy into their own hands,
under their
own interpretation. That's just not how it works!
You don't seen to have sufficient understanding how it works. :(
Hi!
Assuming you're not taking this out of context, please explain the
difference between how it works and my conception of how it works.
Sorry, I misread your statement. I took Volunteer admins as
Volunteer sysadmins - my greatest apology.
BR,
Domas
I don't think that any random admin on one of the projects should be able
to insert a web bug into
Common.js is what he suggests. The Hungarian situation seems to have been
in place with support of the hungarian community, at least at start.
Frankly, I'd rather see private sensitive data on an
On Sat, Jun 6, 2009 at 3:05 AM, Robert Rohde raro...@gmail.com wrote:
On Fri, Jun 5, 2009 at 4:30 PM, Peter Gervaigrin...@gmail.com wrote:
snip
The community cannot decide that Random_user1
and Random_user2 etc will agree with the communities view on the stats
being
passed to an external
This is another e-mail on this subject that just strikes me as flawed. These
are not vague privacy fears - they are real privacy fears. I see a
fundamental failure by those involved in this controversy to understand this
point.
On Sat, Jun 6, 2009 at 1:31 AM, Tisza Gergő gti...@gmail.com wrote:
I also have not seen a clear explanation of what those who would like to
generate statistics using web bugs plan to do with that data. How do they
plan to use the data, and why aren't the plethora of statistics now made
officially available by the WMF not satisfactory?
You have bypassed the
* clap - clap *
John
Peter Gervai skrev:
Hello,
I wasn't subscribed to this list, since I usually try to avoid the
politics around.
I was notified, however, that some interesting claims were made and
some steps taken (again) without any discussion whatsoever.
First, let me tell it
The strange thingh is, some such servers seems to be outside discussion
while others are not. ;)
John
Tisza Gergő skrev:
Nathan nawr...@... writes:
Others have since discussed more centralised and secure methods for
providing these statistics via the WMF - this is the ideal outcome, and one
You can make claims about what you yourself wants or believe, but do
*not* claim that your personal beliefs reflects legal issues for
Foundation. If Foundation needs to make claims about what is and whats
not a legal issue, then such claims should be made by Mike.
John
Brian skrev:
I also have
Or by one of the WMF developers removing the web bug.
2009/6/6 John at Darkstar vac...@jeb.no
You can make claims about what you yourself wants or believe, but do
*not* claim that your personal beliefs reflects legal issues for
Foundation. If Foundation needs to make claims about what is and
Are the developers lawyers? A developer claiming something has an
unwanted privacy issue is very different from making claims about
something being a legal issue on the behalf of Foundation. Simply don't
do it.
John
Brian skrev:
Or by one of the WMF developers removing the web bug.
2009/6/6
John at Darkstar wrote:
Are the developers lawyers? A developer claiming something has an
unwanted privacy issue is very different from making claims about
something being a legal issue on the behalf of Foundation. Simply don't
do it.
Privacy is not simply a legal issue, it's a general
Alex skrev:
John at Darkstar wrote:
Hmm? There's no reason to do anything like that. The AbuseFilter would
just prevent sitewide JS pages from being saved with the particular URLs
or a particular code block in them. It'll stop the well-meaning but
misguided admins. Short of restricting site
John at Darkstar wrote:
Alex skrev:
John at Darkstar wrote:
Hmm? There's no reason to do anything like that. The AbuseFilter would
just prevent sitewide JS pages from being saved with the particular URLs
or a particular code block in them. It'll stop the well-meaning but
misguided admins.
Thomas Dalton wrote:
2009/6/5 Neil Harris use...@tonal.clara.co.uk:
Thomas Dalton wrote:
2009/6/4 Jon scr...@nonvocalscream.com:
Has apache/proxy level filtering been considered?
Filtering for what? Javascript is executed client-side, ie. after the
page has gone
On Fri, Jun 5, 2009 at 2:14 AM, John at Darkstarvac...@jeb.no wrote:
Its not that it won't be perfect, it simply will not work.
It will in most cases if you don't mind some false positives. False
positives would be acceptable if it's just a warning page that the
admin could click through.
Hello,
I wasn't subscribed to this list, since I usually try to avoid the
politics around.
I was notified, however, that some interesting claims were made and
some steps taken (again) without any discussion whatsoever.
First, let me tell it here again - as I have told it on a different
list -
I can understand your frustration, Peter, but perhaps hu.wp could also have
taken a more collaborative approach. If you would like to use a method for
collecting statistics that others will view as violating the privacy policy,
or as presenting risks normally not considered throughout the rest of
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Nathan wrote:
I can understand your frustration, Peter, but perhaps hu.wp could also have
taken a more collaborative approach. If you would like to use a method for
collecting statistics that others will view as violating the privacy policy,
or as
I'd like to note in the interest of facts that the Huwp stats have been
implemented (without complaint till now, June 2009) since October 2006; the
current version of the privacy policy has been available in English since
October 2008.
I think it might not be very productive to judge the action
2009/6/5 Peter Gervai grin...@gmail.com
snip
The stats (which have, by surprise, a dedicated domain under th hu
wikipedia domain) runs on a dedicated server, with nothing else on it.
Its sole purpose to gather and publish the stats. Basically nobody
have permission to log in the servers but
effe iets anders wrote:
2009/6/5 Peter Gervai grin...@gmail.com
snip
The stats (which have, by surprise, a dedicated domain under th hu
wikipedia domain) runs on a dedicated server, with nothing else on it.
Its sole purpose to gather and publish the stats. Basically nobody
have permission
And that without any complain from 2005 onward (practically from the
beginning of huwiki's real existence).
B.
-Original Message-
It is linked from the statistics page and other relevant places, not exactly
a secret.)
__ ESET Smart Security - Vírusdefiníciós adatbázis:
On Fri, Jun 5, 2009 at 9:49 PM, Tisza Gergő gti...@gmail.com wrote:
Bence Damokos bdamo...@... writes:
I'd like to note in the interest of facts that the Huwp stats have been
implemented (without complaint till now, June 2009) since October 2006;
the
current version of the privacy policy
Mark (Markie) wrote:
I still fail to see how, at this point (not before when there was no policy)
this can be considered to be acceptable.
As I understand it, nobody is arguing that it's considered acceptable at
this point. People involved in the Hungarian Wikipedia have been
explaining the
Apologies for this, I'm getting confused between multiple threads on this.
Regards
Mark
On Fri, Jun 5, 2009 at 10:22 PM, Michael Snow wikipe...@verizon.net wrote:
Mark (Markie) wrote:
I still fail to see how, at this point (not before when there was no
policy)
this can be considered to be
On Fri, Jun 5, 2009 at 5:22 PM, Michael Snowwikipe...@verizon.net wrote:
As I understand it, nobody is arguing that it's considered acceptable at
this point.
Peter Gervai seemed to argue exactly that, unless I badly misread him:
someone from outside seriously interfere with other project
On Fri, Jun 5, 2009 at 5:58 PM, Tisza Gergőgti...@gmail.com wrote:
I do argue that it is not in violation of the privacy policy (whether the
people
here find it acceptable is another question).
It may be within the letter of the privacy policy. I think that's
entirely arguable, since the
Aryeh Gregor wrote:
On Fri, Jun 5, 2009 at 5:22 PM, Michael Snowwikipe...@verizon.net wrote:
As I understand it, nobody is arguing that it's considered acceptable at
this point.
Peter Gervai seemed to argue exactly that, unless I badly misread him:
And so did Tisza Gergő:
Just a few sidenotes now.
2009/6/5 Mark (Markie) newsmar...@googlemail.com:
There are a few issues with this. Devs have access to logs on WMF servers,
not random external servers.
This is a good suggestion, basically you say that I should request the
foundation to provide me a server inside
This argument - which is effectively that community members should be
considered Wikimedia Foundation staff members - is very brittle. It is
neither sound nor valid. Do yourself a favor and consider the logic of the
other side. It will save you from confusion later when you realize that you
were
On Fri, Jun 5, 2009 at 4:30 PM, Peter Gervaigrin...@gmail.com wrote:
snip
The community cannot decide that Random_user1
and Random_user2 etc will agree with the communities view on the stats being
passed to an external server.
As you are aware it's not really random user, so what you write is
On Fri, Jun 5, 2009 at 6:22 PM, Tisza Gergőgti...@gmail.com wrote:
Tisza Gergő gti...@... writes:
I do argue that it is not in violation of the privacy policy (whether
the people here find it acceptable is another question).
Just to make it clear, I don't think accordance with the privacy
Michael Snow writes:
Maybe it's just the lawyer in me, but I read those comments primarily as
a defense against a perceived prosecution for allegedly violating the
privacy policy.
I don't read them that way - rather as saying This isn't clearly in
violation; it has been working for a long time
On Fri, Jun 5, 2009 at 8:46 PM, Samuel Klein meta...@gmail.com wrote:
Peter said that he could run whatever was being done on an external
server on a WMF machine that [core] developers have access to. What
does this have to do with being Foundation staff?
He is trying rationalize his
Hi,
recently the report of the KnowPrivacy [1] study - a research project
by the School of Information from University of California in Berkeley
- hit the German media [2].
It came to the conclusion that All of the top 50 websites contained
at least one web bug at some point in a one month time
Tim 'avatar' Bartel wrote:
Hi,
recently the report of the KnowPrivacy [1] study - a research project
by the School of Information from University of California in Berkeley
- hit the German media [2].
It came to the conclusion that All of the top 50 websites contained
at least one web bug
Domas Mituzas wrote:
Do note, hu.wikipedia.org has external stats aggregator,
'stats.wikipedia.hu', which is hosted on vhost102.sx6.tolna.net - and
all our traffic is sent there (
http://hu.wikipedia.org/w/index.php?title=MediaWiki:Lastmodifiedatoldid=4493139
- as well as few other
We need tools to track user behavior inside Wikipedia. As it is now we
know nearly nothing at all about user behavior and nearly all people
saying anything about users at Wikipedia makes gross estimates and wild
guesses.
User privacy on Wikipedia is is close to a public hoax, pages are
transfered
Forgot a link to an article which describes very well privacy on
Wikipedia! ;)
http://en.wikipedia.org/wiki/The_Emperor%27s_New_Clothes
John at Darkstar skrev:
We need tools to track user behavior inside Wikipedia. As it is now we
know nearly nothing at all about user behavior and nearly all
John at Darkstar wrote:
We need tools to track user behavior inside Wikipedia. As it is now we
know nearly nothing at all about user behavior and nearly all people
saying anything about users at Wikipedia makes gross estimates and wild
guesses.
User privacy on Wikipedia is is close to a
On Thu, Jun 4, 2009 at 1:18 AM, Tim 'avatar' Bartel
wikipe...@computerkultur.org wrote:
Hi,
recently the report of the KnowPrivacy [1] study - a research project
by the School of Information from University of California in Berkeley
- hit the German media [2].
The case of vlswiki is
2009/6/4 Pedro Sanchez pdsanc...@gmail.com:
What I propose is this being re-added would cause a removal of sysop bit due
to misuse of powers.
Don't we have a committee that checks privacy violations?
The Foundation would surely have this power.
- d.
The interesting thing is who has interest in which users identity.
Lets make an example, some organization sets up a site with a honeypot
and logs all visitors. Then they correlates that with RC-logs from
Wikipedia and then checks out who adds external links back to
themselves. They do not need
The Ombudsman Commission would likely be that group. Although their
focus has traditionally been CheckUser, their purview actually covers
any and all violations of the privacy policy. Here is one such case. At
this moment, I agree: this sysop shouldn't be.
-Mike
On Thu, 2009-06-04 at 06:21
Hi,
2009/6/4 Tisza Gergő gti...@gmail.com:
As for Doubleclick, that was probably a mistake on KnowPrivacy's part - maybe
they misidentified the aggregator (we use awstats) because Doubleclick uses a
similar method? If not, I would appreciate if they could serve with more
detailed information.
John at Darkstar wrote:
The interesting thing is who has interest in which users identity.
Lets make an example, some organization sets up a site with a honeypot
and logs all visitors. Then they correlates that with RC-logs from
Wikipedia and then checks out who adds external links back to
Web bugs for statistical data are a legitimate want but potentially a
horrible privacy violation.
So I asked on wikitech-l, and the obvious answer appears to be to do
it internally. Something like http://stats.grok.se/ only more so.
So - if you want web bug data in a way that fits the privacy
David Gerard wrote:
External web bug trackers should be removed without
exception. People who add them innocently, out of an understandable
interest in collecting aggregated information that would not violate the
privacy policy, should be directed to request and help with internal
solutions,
Installing Google Analytics, even for our own purposes, is a bad idea.
For one, it creates a link to google that is not necessarily what we
want; it would be a big target for people to try and hack, and it
presents tempting security risks on Google's end. Not to mention, as
far as I know
Dan Rosenthal wrote:
Installing Google Analytics, even for our own purposes, is a bad idea.
For one, it creates a link to google that is not necessarily what we
want; it would be a big target for people to try and hack, and it
presents tempting security risks on Google's end. Not to
On Thu, Jun 4, 2009 at 8:35 AM, Dan Rosenthal swatjes...@gmail.com wrote:
Installing Google Analytics, even for our own purposes, is a bad idea.
For one, it creates a link to google that is not necessarily what we
want; it would be a big target for people to try and hack, and it
presents
[repost with proper subscribed mail address]
Alex wrote:
The plain pageview stats are already available.
Erik Zachte has been doing some work on other stats.
http://stats.wikimedia.org/EN/VisitorsSampledLogRequests.htm
If I were to compile a wishlist of stats things:
1. stats.grok.se data
On Thu, Jun 4, 2009 at 6:01 AM, Neil Harrisuse...@tonal.clara.co.uk wrote:
Surely this is something which should be possible to block at the
MediaWiki level, by suppressing the generation of any HTML that loads
any indirect resources (scripts, iframes, images, etc.) whatsoever other
than from
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Aryeh Gregor wrote:
On Thu, Jun 4, 2009 at 6:01 AM, Neil Harrisuse...@tonal.clara.co.uk
wrote:
Surely this is something which should be possible to block at the
MediaWiki level, by suppressing the generation of any HTML that loads
any indirect
2009/6/4 Jon scr...@nonvocalscream.com:
Has apache/proxy level filtering been considered?
Filtering for what? Javascript is executed client-side, ie. after the
page has gone through the apache servers/proxies.
___
foundation-l mailing list
On Thu, Jun 4, 2009 at 10:44 AM, Aryeh Gregor
simetrical+wikil...@gmail.com wrote:
On Thu, Jun 4, 2009 at 12:53 PM, Robert Rohderaro...@gmail.com wrote:
One idea is the proposal to install the AbuseFilter in a global mode,
i.e. rules loaded at Meta that apply everywhere. If that were done
2009/6/4 Robert Rohde raro...@gmail.com:
On Thu, Jun 4, 2009 at 10:44 AM, Aryeh Gregor
simetrical+wikil...@gmail.com wrote:
However, perhaps a default AbuseFilter could be installed telling
admins that installing Analytics is a violation of Foundation policy
and that they'll get desysopped
2009/6/4 Unionhawk unionhawk.site...@gmail.com:
So how do you propose we enforce this? I'm thinking we need to prevent this
from happening in the first place. Analytics like this could pretty much
give checkuser powers to anybody!
There's not that many places where this sort of thing could be
2009/6/4 Erik Zachte erikzac...@infodisiac.com:
Considering web bugs: comScore also proposed such a scheme to us.
Apart from the question how much it would bring us that we don't or can't
figure out ourselves an overriding concern is privacy.
So if we ran our own internal web bug mechanism,
Not to mention, as
far as I know the program is proprietary.
This is an example of whats the real problem here; its not the security
issues but the users political issues.
I'm not convinced that
we need to be tracking user behavior at this point in time, or that
the tradeoffs for
One idea is the proposal to install the AbuseFilter in a global mode,
i.e. rules loaded at Meta that apply everywhere. If that were done
(and there are some arguments about whether it is a good idea), then
it could be used to block these types of URLs from being installed,
even by admins.
On Jun 4, 2009, at 11:27 PM, John at Darkstar wrote:
Not to mention, as
far as I know the program is proprietary.
This is an example of whats the real problem here; its not the
security
issues but the users political issues.
I fail to see what that has to do with anything. I'm just
John at Darkstar wrote:
One idea is the proposal to install the AbuseFilter in a global mode,
i.e. rules loaded at Meta that apply everywhere. If that were done
(and there are some arguments about whether it is a good idea), then
it could be used to block these types of URLs from being
Is this enough? Of course not, there is so much more to learn.
Erik Zachte
There are a few very important missing items for the moment
* Number of unique visitors
* Number of page visits per visitors
All should be analyzed on user roles, possibly also on different time
spans (hour,
Hmm? There's no reason to do anything like that. The AbuseFilter would
just prevent sitewide JS pages from being saved with the particular URLs
or a particular code block in them. It'll stop the well-meaning but
misguided admins. Short of restricting site JS to the point of
uselessness,
John at Darkstar wrote:
Hmm? There's no reason to do anything like that. The AbuseFilter would
just prevent sitewide JS pages from being saved with the particular URLs
or a particular code block in them. It'll stop the well-meaning but
misguided admins. Short of restricting site JS to the
77 matches
Mail list logo