Hello everyone,

I’m Andy Cooper, the Director of Security at the Wikimedia Foundation.  Over 
the past week, teams within the Wikimedia Foundation have met to discuss the 
potential legal, security, and privacy risks from the OWID gadget introduced on 
this thread. We’re still looking into the risks that this particular gadget 
presents, but have identified that it raises larger and more definite concerns 
around gadgets that use third party websites more broadly, such as in a worst 
case scenario theft or misuse of user’s personal identity and edit history. 
This, in turn, raises further questions and how we should govern and manage 
this type of content as a movement. 

As a result, we’re asking volunteers to hold off on enabling the OWID gadget on 
more wikis and to refrain from deploying more gadgets that use third party 
content and/or are automatically enabled for all users for certain pages until 
we have a better review process in place. I realize that this is frustrating 
for people here who have been working on OWID and are excited about it as a 
work around while graphs are disabled. The creativity and effort of volunteer 
developers has been and continues to be crucial for our movement’s success, and 
part of our team’s job is to make sure that happens in scalable and responsible 
ways. We wanted to let everyone here know about these concerns right away while 
we work to better understand the issue. If you’d like to be further involved in 
this topic, please visit the new Meta-Wiki page [1] where we’ll share updates, 
questions, and discuss next steps. 

Thanks,
Andy

[1] https://meta.wikimedia.org/wiki/OWID_Gadget
_______________________________________________
Wikimedia-l mailing list -- wikimedia-l@lists.wikimedia.org, guidelines at: 
https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and 
https://meta.wikimedia.org/wiki/Wikimedia-l
Public archives at 
https://lists.wikimedia.org/hyperkitty/list/wikimedia-l@lists.wikimedia.org/message/TW3UIL7OEDQRVOQNLJS5RVZD546TADHB/
To unsubscribe send an email to wikimedia-l-le...@lists.wikimedia.org

Reply via email to