Re: [Wikimedia-l] What New Thing is WMF Doing w. Cookies, & Why is Legal Involved?

2016-05-02 Thread Gergo Tisza 
On Mon, May 2, 2016 at 6:43 PM, Johan Jönsson 
wrote:

> One of the problems here is that much of the information about how the
> Wikimedia sites collect information is so spread out, because different
> parts of the WMF have different solutions for different problems (e.g.
> Analytics or Fundraising). The mentioned
> https://wikimediafoundation.org/wiki/Cookie_statement is a good way to
> collect all information about cookies


It really isn't. A policy document with very limited edit rights would be a
maintenance nightmare and never up to date. Indeed that document omits most
of the cookies used on the sites. And it never claims to list them all -
while that could be made more clear, the table is actually presented as a
list of examples .
___
Wikimedia-l mailing list, guidelines at: 
https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
New messages to: Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,

Re: [Wikimedia-l] What New Thing is WMF Doing w. Cookies, & Why is Legal Involved?

2016-05-02 Thread Johan Jönsson 
On Mon, May 2, 2016 at 4:09 PM, Pete Forsyth  wrote:
> Adam,
>
> Thank you for providing an informative and accessible answer to Trillium's
> relevant questions. It's truly heartening to see the organization
improving
> in its ability to communicate its intentions, etc. I hope that when broad
> consensus among staff is reached (as you express in footnote [1]), it will
> become an increasingly high priority to clearly communicate that in public
> fora. It really helps when we can understand what others are trying to do,
> and how it aligns with our own ambitions.
>
> Good stuff. I think this discussion got off to a rough start, but you have
> gotten it back on track, and maybe to resolution.

One of the problems here is that much of the information about how the
Wikimedia sites collect information is so spread out, because different
parts of the WMF have different solutions for different problems (e.g.
Analytics or Fundraising). The mentioned
https://wikimediafoundation.org/wiki/Cookie_statement is a good way to
collect all information about cookies, but I've found myself looking for
good ways to make small updates (e.g. "we were thinking about doing this
thing and were going to ask the communities before we started working on
it, but then we started working on something else instead, but here's the
thing that didn't happen"), so there's less risk things don't get
communicated just because there's no big announcement of new changes to
make. I hope  to find a better
solution whenever I get a couple of days when I have nothing that needs my
immediate attention, so that there's a good, natural way to make them.

For anyone who wants to keep track of what's happening with how the WMF
looks at traffic over the last few months, a few links:
https://meta.wikimedia.org/wiki/ComScore/Announcement
https://meta.wikimedia.org/wiki/Talk:ComScore/Announcement
https://lists.wikimedia.org/pipermail/wiki-research-l/2016-March/005094.html
http://blog.wikimedia.org/2016/03/30/unique-devices-dataset/

(I also try to include changes in how we measure traffic in Tech News
, from which most of the stuff
above have been linked.)

//Johan Jönsson
--
___
Wikimedia-l mailing list, guidelines at: 
https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
New messages to: Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,

Re: [Wikimedia-l] What New Thing is WMF Doing w. Cookies, & Why is Legal Involved?

2016-05-02 Thread Oliver Keyes 
On Monday, 2 May 2016, Brion Vibber  wrote:

> On Sun, May 1, 2016 at 9:21 PM, Oliver Keyes  > wrote:
>
> > One element I can answer: no, it does not contain flash objects, flash is
> > not a technology included in the Wikimedia stack on account of it barely
> > being classifiable as a technology.
> >
>
> There is one use of Flash in our tech stack: audio output for media
> playback on Internet Explorer when using our JavaScript Ogg playback
> compatibility library.


I'm so sorry :(. 'Ogg' is onomatopoeic then ;)


>
> This is a small shim which does not use cookies or any other type of local
> storage, which is why it is not listed on a page about cookies.
>
> Here's the source code of the Flash component; feel free to review it for
> security:
>
> https://github.com/brion/audio-feeder/blob/master/src/dynamicaudio.as
>
>
> On Sunday, 1 May 2016, Toby Dollmann  > wrote:
> > > 1. Whether, or not, editors of Wikimedia websites", say
> > > "en.wikipedia.org" or "commons.wikimedia.org", can edit if cookies
> > > (broadly construed) are disabled and not stored on client devices.
> >
>
> Like every other site on the world wide web, MediaWiki uses cookies to
> maintain login state. If you disable cookies, login will not work and your
> edits will not be attributed to your account.
>
> Editing "anonymously" without cookies works, but reveals your IP address in
> a permanent public way.
>
>
> > > 2. Whether, or not, the locally stored objects referenced in the
> > > cookie policy include
> > > (i)  Javascript code, or
> >
>
> MediaWiki's ResourceLoader can and does cache JavaScript module code in
> localStorage. This code has no special privileges or abilities because of
> that; it just takes up a tiny bit of space on your disk.
>
>
> > > (ii)  Flash objects
> >
>
> No, no Flash code is stored in cookies or localStorage.
>
>
> > >
> > > 3. Whether, or not, the locally stored objects inserted by the WMF, on
> > > client computers and stored there, have the capability of collecting
> > > extensive personal information of editors, the degree of which not
> > > being explicitly disclosed in advance to users.
> >
>
> No, they are just data until they are executed, at which point they are
> just code, same as code loaded straight from the server. That code can do
> nothing special that it could not already do.
>
> -- brion
> ___
> Wikimedia-l mailing list, guidelines at:
> https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
> New messages to: Wikimedia-l@lists.wikimedia.org 
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
>  ?subject=unsubscribe>
___
Wikimedia-l mailing list, guidelines at: 
https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
New messages to: Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,

Re: [Wikimedia-l] What New Thing is WMF Doing w. Cookies, & Why is Legal Involved?

2016-05-02 Thread Brion Vibber 
On Sun, May 1, 2016 at 9:21 PM, Oliver Keyes  wrote:

> One element I can answer: no, it does not contain flash objects, flash is
> not a technology included in the Wikimedia stack on account of it barely
> being classifiable as a technology.
>

There is one use of Flash in our tech stack: audio output for media
playback on Internet Explorer when using our JavaScript Ogg playback
compatibility library.

This is a small shim which does not use cookies or any other type of local
storage, which is why it is not listed on a page about cookies.

Here's the source code of the Flash component; feel free to review it for
security:

https://github.com/brion/audio-feeder/blob/master/src/dynamicaudio.as


On Sunday, 1 May 2016, Toby Dollmann  wrote:
> > 1. Whether, or not, editors of Wikimedia websites", say
> > "en.wikipedia.org" or "commons.wikimedia.org", can edit if cookies
> > (broadly construed) are disabled and not stored on client devices.
>

Like every other site on the world wide web, MediaWiki uses cookies to
maintain login state. If you disable cookies, login will not work and your
edits will not be attributed to your account.

Editing "anonymously" without cookies works, but reveals your IP address in
a permanent public way.


> > 2. Whether, or not, the locally stored objects referenced in the
> > cookie policy include
> > (i)  Javascript code, or
>

MediaWiki's ResourceLoader can and does cache JavaScript module code in
localStorage. This code has no special privileges or abilities because of
that; it just takes up a tiny bit of space on your disk.


> > (ii)  Flash objects
>

No, no Flash code is stored in cookies or localStorage.


> >
> > 3. Whether, or not, the locally stored objects inserted by the WMF, on
> > client computers and stored there, have the capability of collecting
> > extensive personal information of editors, the degree of which not
> > being explicitly disclosed in advance to users.
>

No, they are just data until they are executed, at which point they are
just code, same as code loaded straight from the server. That code can do
nothing special that it could not already do.

-- brion
___
Wikimedia-l mailing list, guidelines at: 
https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
New messages to: Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,

Re: [Wikimedia-l] What New Thing is WMF Doing w. Cookies, & Why is Legal Involved?

2016-05-02 Thread Pete Forsyth 
Adam,

Thank you for providing an informative and accessible answer to Trillium's
relevant questions. It's truly heartening to see the organization improving
in its ability to communicate its intentions, etc. I hope that when broad
consensus among staff is reached (as you express in footnote [1]), it will
become an increasingly high priority to clearly communicate that in public
fora. It really helps when we can understand what others are trying to do,
and how it aligns with our own ambitions.

Good stuff. I think this discussion got off to a rough start, but you have
gotten it back on track, and maybe to resolution.

-Pete
[[User:Peteforsyth]]

On Mon, May 2, 2016 at 12:21 AM, Adam Wight  wrote:

> Hi Trillium,
>
> These are great questions to ask, thank you for keeping the privacy
> conversation on track!
>
> As a technical employee of the Wikimedia Foundation who would have been
> involved if we were planning significant changes to expand or limit
> tracking, I can confirm that nothing rotten is in the wings.  In fact, the
> situation is better now than ever before (in my 4 years here).  There are
> internal accountability reforms under way to help us make strong guarantees
> about our users' privacy.  A brief investigation into assigning readers
> long-term unique identifiers--in lay person terms the gateway to dystopian
> tracking--opened and was immediately shut again.[1]  Data retention (what
> user data we collect and for how long) policy work is being tightened up,
> and done in public.[2] In Fundraising, we've found a way to measure
> aggregate data about our banner delivery without collecting information
> which lets us correlate anything else about readers.[3]
>
> While I feel good about what's happening now, it would be nice to have
> longer-term assurances that we won't go collectively nuts in the
> unforeseeable future.  I'm not sure what that assurance might look like,
> though...  Democratic stewardship of our shared resources?  Anyway, please
> do keep a critical eye on cookies and their brethren, and if you find
> anything out of joint I'm sure there will be plenty of allies left within
> the Foundation to help set it right.
>
> Regards,
> Adam Wight
> [[mw:User:Adamw]
>
>
> [1] Sorry, there was an all-staff internal discussion but I don't think
> this was published.  The idea at the time was to get our house in order and
> decide whether to start a public conversation about unique IDs.  There
> turned out to be many strong critics of the plan and no real supporters as
> far I could tell, and the initiative was abandoned, to my knowledge.  The
> motivation for the project was to get a better estimate of our unique
> visitor counts (a count of their devices, to be precise).  We've settled on
> the less accurate "last visited" measurement instead, which is described
> here: http://blog.wikimedia.org/2016/03/30/unique-devices-dataset/
> [2] https://meta.wikimedia.org/wiki/Data_retention_guidelines
> [3] https://commons.wikimedia.org/wiki/File:Lightening_banner_history.pdf
>
> On Sun, May 1, 2016 at 9:21 PM, Oliver Keyes  wrote:
>
> > It seems like you can either deny James's knowledge of the
> technical/legal
> > overlap or ask him questions, but probably not both :p.
> >
> > One element I can answer: no, it does not contain flash objects, flash is
> > not a technology included in the Wikimedia stack on account of it barely
> > being classifiable as a technology.
> >
> > On Sunday, 1 May 2016, Toby Dollmann  wrote:
> >
> > > > It's certainly possible that this is only 'obvious' to me because of
> my
> > > > knowledge of outside organizations or law but it doesn't surprise me.
> > >
> > > Your reply is not obvious to me. I understand that your employment is
> > > exclusively with WMF and you do not appear to be particularly
> > > qualified (or experienced) in law.
> > >
> > > Treating the cookie statement as an explanation / extension of WMF's
> > > privacy policy and noting the poster's concern that the WMF legal team
> > > have amended certain descriptors for locally stored objects (not
> > > cookies) of indeterminate (theoretically infinite) persistence, would
> > > you clarify the following technical /legal aspects relating to cookies
> > > and their usage on Wikimedia.
> > >
> > > 1. Whether, or not, editors of Wikimedia websites", say
> > > "en.wikipedia.org" or "commons.wikimedia.org", can edit if cookies
> > > (broadly construed) are disabled and not stored on client devices.
> > >
> > > 2. Whether, or not, the locally stored objects referenced in the
> > > cookie policy include
> > > (i)  Javascript code, or
> > > (ii)  Flash objects
> > >
> > > 3. Whether, or not, the locally stored objects inserted by the WMF, on
> > > client computers and stored there, have the capability of collecting
> > > extensive personal information of editors, the degree of which not
> > > being explicitly disclosed in advance to users.
> > >
> > > 4. Whether, or not, the WMF is aware that a certain "toxic

Re: [Wikimedia-l] What New Thing is WMF Doing w. Cookies, & Why is Legal Involved?

2016-05-02 Thread Adam Wight 
Hi Trillium,

These are great questions to ask, thank you for keeping the privacy
conversation on track!

As a technical employee of the Wikimedia Foundation who would have been
involved if we were planning significant changes to expand or limit
tracking, I can confirm that nothing rotten is in the wings.  In fact, the
situation is better now than ever before (in my 4 years here).  There are
internal accountability reforms under way to help us make strong guarantees
about our users' privacy.  A brief investigation into assigning readers
long-term unique identifiers--in lay person terms the gateway to dystopian
tracking--opened and was immediately shut again.[1]  Data retention (what
user data we collect and for how long) policy work is being tightened up,
and done in public.[2] In Fundraising, we've found a way to measure
aggregate data about our banner delivery without collecting information
which lets us correlate anything else about readers.[3]

While I feel good about what's happening now, it would be nice to have
longer-term assurances that we won't go collectively nuts in the
unforeseeable future.  I'm not sure what that assurance might look like,
though...  Democratic stewardship of our shared resources?  Anyway, please
do keep a critical eye on cookies and their brethren, and if you find
anything out of joint I'm sure there will be plenty of allies left within
the Foundation to help set it right.

Regards,
Adam Wight
[[mw:User:Adamw]


[1] Sorry, there was an all-staff internal discussion but I don't think
this was published.  The idea at the time was to get our house in order and
decide whether to start a public conversation about unique IDs.  There
turned out to be many strong critics of the plan and no real supporters as
far I could tell, and the initiative was abandoned, to my knowledge.  The
motivation for the project was to get a better estimate of our unique
visitor counts (a count of their devices, to be precise).  We've settled on
the less accurate "last visited" measurement instead, which is described
here: http://blog.wikimedia.org/2016/03/30/unique-devices-dataset/
[2] https://meta.wikimedia.org/wiki/Data_retention_guidelines
[3] https://commons.wikimedia.org/wiki/File:Lightening_banner_history.pdf

On Sun, May 1, 2016 at 9:21 PM, Oliver Keyes  wrote:

> It seems like you can either deny James's knowledge of the technical/legal
> overlap or ask him questions, but probably not both :p.
>
> One element I can answer: no, it does not contain flash objects, flash is
> not a technology included in the Wikimedia stack on account of it barely
> being classifiable as a technology.
>
> On Sunday, 1 May 2016, Toby Dollmann  wrote:
>
> > > It's certainly possible that this is only 'obvious' to me because of my
> > > knowledge of outside organizations or law but it doesn't surprise me.
> >
> > Your reply is not obvious to me. I understand that your employment is
> > exclusively with WMF and you do not appear to be particularly
> > qualified (or experienced) in law.
> >
> > Treating the cookie statement as an explanation / extension of WMF's
> > privacy policy and noting the poster's concern that the WMF legal team
> > have amended certain descriptors for locally stored objects (not
> > cookies) of indeterminate (theoretically infinite) persistence, would
> > you clarify the following technical /legal aspects relating to cookies
> > and their usage on Wikimedia.
> >
> > 1. Whether, or not, editors of Wikimedia websites", say
> > "en.wikipedia.org" or "commons.wikimedia.org", can edit if cookies
> > (broadly construed) are disabled and not stored on client devices.
> >
> > 2. Whether, or not, the locally stored objects referenced in the
> > cookie policy include
> > (i)  Javascript code, or
> > (ii)  Flash objects
> >
> > 3. Whether, or not, the locally stored objects inserted by the WMF, on
> > client computers and stored there, have the capability of collecting
> > extensive personal information of editors, the degree of which not
> > being explicitly disclosed in advance to users.
> >
> > 4. Whether, or not, the WMF is aware that a certain "toxic and
> > juvenile .. problem" [reff#1] WMF sysop (now banned) with extensive
> > knowledge of WMF's checkuser process, the cookie policy and its
> > internals has achieved remarkable technical capability to closely
> > impersonate other editors and get them blocked by a network (aka "porn
> > crew") of surviving cooperative "community appointed" sysops favorably
> > still disposed to him/her. That this problem person (who has also
> > threatened legal action against WMF) extensively uses mobile Wikipedia
> > via "millions of IPs" [ref#2] in multiple languages, including several
> > some fairly obscure ones, for abusive purposes which are 'obviously'
> > related to WMF_legal's recent subject edit.
> >
> > Toby
> >
> > [ref#1] "I should be clear - the problem is not the abuse of me, but
> > the toxic and juvenile environment at Commons. I have never failed in

Re: [Wikimedia-l] What New Thing is WMF Doing w. Cookies, & Why is Legal Involved?

2016-05-01 Thread Oliver Keyes 
It seems like you can either deny James's knowledge of the technical/legal
overlap or ask him questions, but probably not both :p.

One element I can answer: no, it does not contain flash objects, flash is
not a technology included in the Wikimedia stack on account of it barely
being classifiable as a technology.

On Sunday, 1 May 2016, Toby Dollmann  wrote:

> > It's certainly possible that this is only 'obvious' to me because of my
> > knowledge of outside organizations or law but it doesn't surprise me.
>
> Your reply is not obvious to me. I understand that your employment is
> exclusively with WMF and you do not appear to be particularly
> qualified (or experienced) in law.
>
> Treating the cookie statement as an explanation / extension of WMF's
> privacy policy and noting the poster's concern that the WMF legal team
> have amended certain descriptors for locally stored objects (not
> cookies) of indeterminate (theoretically infinite) persistence, would
> you clarify the following technical /legal aspects relating to cookies
> and their usage on Wikimedia.
>
> 1. Whether, or not, editors of Wikimedia websites", say
> "en.wikipedia.org" or "commons.wikimedia.org", can edit if cookies
> (broadly construed) are disabled and not stored on client devices.
>
> 2. Whether, or not, the locally stored objects referenced in the
> cookie policy include
> (i)  Javascript code, or
> (ii)  Flash objects
>
> 3. Whether, or not, the locally stored objects inserted by the WMF, on
> client computers and stored there, have the capability of collecting
> extensive personal information of editors, the degree of which not
> being explicitly disclosed in advance to users.
>
> 4. Whether, or not, the WMF is aware that a certain "toxic and
> juvenile .. problem" [reff#1] WMF sysop (now banned) with extensive
> knowledge of WMF's checkuser process, the cookie policy and its
> internals has achieved remarkable technical capability to closely
> impersonate other editors and get them blocked by a network (aka "porn
> crew") of surviving cooperative "community appointed" sysops favorably
> still disposed to him/her. That this problem person (who has also
> threatened legal action against WMF) extensively uses mobile Wikipedia
> via "millions of IPs" [ref#2] in multiple languages, including several
> some fairly obscure ones, for abusive purposes which are 'obviously'
> related to WMF_legal's recent subject edit.
>
> Toby
>
> [ref#1] "I should be clear - the problem is not the abuse of me, but
> the toxic and juvenile environment at Commons. I have never failed in
> 30 seconds of looking to find a horrifying BLP violation at commons of
> a photo of an identifiable woman engaged in sexual activity with
> highly questionable provenance (for example a deleted flickr account).
> Every time (including tonight) that I go there hoping to see
> improvement, I am disappointed. And I think that as long as we
> tolerate it and don't bounce some very bad admins, we will not solve
> the problem.--Jimbo Wales (talk) 23:04, 14 October 2014 (UTC)"
>
> [ref#2]
> https://commons.wikimedia.org/w/index.php?title=User_talk%3AOdder&action=historysubmit&type=revision&diff=194440022&oldid=194439438
>
> On 5/2/16, James Alexander >
> wrote:
> > On Sun, May 1, 2016 at 2:40 PM, Trillium Corsage <
> trillium2...@yandex.com >
> > wrote:
> >
> >> I noticed Michelle Paulson editing the "Cookie Statement" page, and it
> >> seemed kind of strange to me because I thought it more a technical and
> IT
> >> thing to edit. But Michelle is WMF Legal, right
> >>
> >
> > I won't/can't comment on the rest of your questions but I'm confused
> about
> > why you would be surprised here... the cookie statement is, essentially,
> a
> > legal statement/privacy policy "type" document (obviously different but
> > similar) and just like the privacy policy (or access to non public
> > information or document retention policy or terms of use or other policy
> > docs along those lines) the cookie statement has been owned by Legal for
> as
> > long as it's existed (I can attest to that fact since the CA team was
> asked
> > to help put it up for them).
> >
> > It's certainly possible that this is only 'obvious' to me because of my
> > knowledge of outside organizations or law but it doesn't surprise me.
> > Cookie statements are part of the law in some countries (not necessarily
> > ones we have to follow given our position in the US but Europe has laws
> > about it for example) and so would usually be within the legal department
> > for many organizations. Cookies are also closely tied with privacy and
> the
> > privacy policy and so compliance and ensuring that the org stays within
> > their promises would, also, often fall within the legal department
> (though
> > everyone should/does have a hand in ensuring they follow the promises the
> > org as a whole made).
> >
> > James Alexander
> > Manager
> > Trust & Safety
> > Wikimedia Foundation
> > ___

Re: [Wikimedia-l] What New Thing is WMF Doing w. Cookies, & Why is Legal Involved?

2016-05-01 Thread Toby Dollmann 
> It's certainly possible that this is only 'obvious' to me because of my
> knowledge of outside organizations or law but it doesn't surprise me.

Your reply is not obvious to me. I understand that your employment is
exclusively with WMF and you do not appear to be particularly
qualified (or experienced) in law.

Treating the cookie statement as an explanation / extension of WMF's
privacy policy and noting the poster's concern that the WMF legal team
have amended certain descriptors for locally stored objects (not
cookies) of indeterminate (theoretically infinite) persistence, would
you clarify the following technical /legal aspects relating to cookies
and their usage on Wikimedia.

1. Whether, or not, editors of Wikimedia websites", say
"en.wikipedia.org" or "commons.wikimedia.org", can edit if cookies
(broadly construed) are disabled and not stored on client devices.

2. Whether, or not, the locally stored objects referenced in the
cookie policy include
(i)  Javascript code, or
(ii)  Flash objects

3. Whether, or not, the locally stored objects inserted by the WMF, on
client computers and stored there, have the capability of collecting
extensive personal information of editors, the degree of which not
being explicitly disclosed in advance to users.

4. Whether, or not, the WMF is aware that a certain "toxic and
juvenile .. problem" [reff#1] WMF sysop (now banned) with extensive
knowledge of WMF's checkuser process, the cookie policy and its
internals has achieved remarkable technical capability to closely
impersonate other editors and get them blocked by a network (aka "porn
crew") of surviving cooperative "community appointed" sysops favorably
still disposed to him/her. That this problem person (who has also
threatened legal action against WMF) extensively uses mobile Wikipedia
via "millions of IPs" [ref#2] in multiple languages, including several
some fairly obscure ones, for abusive purposes which are 'obviously'
related to WMF_legal's recent subject edit.

Toby

[ref#1] "I should be clear - the problem is not the abuse of me, but
the toxic and juvenile environment at Commons. I have never failed in
30 seconds of looking to find a horrifying BLP violation at commons of
a photo of an identifiable woman engaged in sexual activity with
highly questionable provenance (for example a deleted flickr account).
Every time (including tonight) that I go there hoping to see
improvement, I am disappointed. And I think that as long as we
tolerate it and don't bounce some very bad admins, we will not solve
the problem.--Jimbo Wales (talk) 23:04, 14 October 2014 (UTC)"

[ref#2] 
https://commons.wikimedia.org/w/index.php?title=User_talk%3AOdder&action=historysubmit&type=revision&diff=194440022&oldid=194439438

On 5/2/16, James Alexander  wrote:
> On Sun, May 1, 2016 at 2:40 PM, Trillium Corsage 
> wrote:
>
>> I noticed Michelle Paulson editing the "Cookie Statement" page, and it
>> seemed kind of strange to me because I thought it more a technical and IT
>> thing to edit. But Michelle is WMF Legal, right
>>
>
> I won't/can't comment on the rest of your questions but I'm confused about
> why you would be surprised here... the cookie statement is, essentially, a
> legal statement/privacy policy "type" document (obviously different but
> similar) and just like the privacy policy (or access to non public
> information or document retention policy or terms of use or other policy
> docs along those lines) the cookie statement has been owned by Legal for as
> long as it's existed (I can attest to that fact since the CA team was asked
> to help put it up for them).
>
> It's certainly possible that this is only 'obvious' to me because of my
> knowledge of outside organizations or law but it doesn't surprise me.
> Cookie statements are part of the law in some countries (not necessarily
> ones we have to follow given our position in the US but Europe has laws
> about it for example) and so would usually be within the legal department
> for many organizations. Cookies are also closely tied with privacy and the
> privacy policy and so compliance and ensuring that the org stays within
> their promises would, also, often fall within the legal department (though
> everyone should/does have a hand in ensuring they follow the promises the
> org as a whole made).
>
> James Alexander
> Manager
> Trust & Safety
> Wikimedia Foundation
> ___
> Wikimedia-l mailing list, guidelines at:
> https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
> New messages to: Wikimedia-l@lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> 

___
Wikimedia-l mailing list, guidelines at: 
https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
New messages to: Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,

Re: [Wikimedia-l] What New Thing is WMF Doing w. Cookies, & Why is Legal Involved?

2016-05-01 Thread Vi to 
Edits didn't affect the content of the policy actually. Also a cookie
policy is essentially a legal stuff, I'd be surprised to *don't *see the
legal team editing it.

As a "sockpuppet investigator" I never rely upon cookies, I prefer
fingerprints and social security numbers.

Vito

2016-05-01 23:40 GMT+02:00 Trillium Corsage :

> I noticed Michelle Paulson editing the "Cookie Statement" page, and it
> seemed kind of strange to me because I thought it more a technical and IT
> thing to edit. But Michelle is WMF Legal, right?
>
> Is WMF doing something new (or newish, maybe I'm a little late in picking
> up on this) with cookies? Can someone describe to me what that is, in
> layman's terms?
>
> Is it about third-party marketing and working up personal profiles of
> editors and readers? What sort of new information is the WMF gathering, if
> it is, on editors and readers?
>
> Are there privacy concerns we should be worried about?
>
> Will the information gathered by the cookies be made available to the
> anonymous administrative "volunteers" the WMF grants access to the
> non-public information of editors? The so-called "sockpuppet investigators"
> and so forth?
>
> Here:
> https://wikimediafoundation.org/w/index.php?title=Cookie_statement&action=historysubmit&type=revision&diff=105722&oldid=104960
> .
>
> Trillium Corsage
>
> ___
> Wikimedia-l mailing list, guidelines at:
> https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
> New messages to: Wikimedia-l@lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> 
___
Wikimedia-l mailing list, guidelines at: 
https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
New messages to: Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,

[Wikimedia-l] What New Thing is WMF Doing w. Cookies, & Why is Legal Involved?

2016-05-01 Thread Trillium Corsage 
I noticed Michelle Paulson editing the "Cookie Statement" page, and it seemed 
kind of strange to me because I thought it more a technical and IT thing to 
edit. But Michelle is WMF Legal, right?

Is WMF doing something new (or newish, maybe I'm a little late in picking up on 
this) with cookies? Can someone describe to me what that is, in layman's terms?

Is it about third-party marketing and working up personal profiles of editors 
and readers? What sort of new information is the WMF gathering, if it is, on 
editors and readers?

Are there privacy concerns we should be worried about?

Will the information gathered by the cookies be made available to the anonymous 
administrative "volunteers" the WMF grants access to the non-public information 
of editors? The so-called "sockpuppet investigators" and so forth?

Here: 
https://wikimediafoundation.org/w/index.php?title=Cookie_statement&action=historysubmit&type=revision&diff=105722&oldid=104960.

Trillium Corsage 

___
Wikimedia-l mailing list, guidelines at: 
https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
New messages to: Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,

Re: [Wikimedia-l] What New Thing is WMF Doing w. Cookies, & Why is Legal Involved?

2016-05-01 Thread Oliver Keyes 
Honestly this is kind of a bewildering set of hypotheticals to me.

You worry wikimedia is gathering new data and maybe selling it to marketers
and maybe releasing it to the community, or not, or some of them, or all of
them, based on:

An edit titled 'fixed two errors in cookie names' which...well, fixed two
errors in cookie names.[0] that's all the revision appears to contain.

Legal editing the cookie statement seems pretty usual to me, and the edit
(self-evidently) had nothing to do with changes to what is gathered. It was
copyediting.

There are a lot of things the Foundation does it could communicate better,
but legal tends to do a pretty good job: this edit is really evidence of
that since it's senior counsel taking time to make very very sure they are
reporting to our users precisely what is going on. If the WMF were to start
selling a reading list to Facebook, I'm pretty sure there'd be an
announcement, and I'm absolutely certain the policy change would need to
consist of a bit more than two typo corrections.

[0]
https://wikimediafoundation.org/w/index.php?title=Cookie_statement&type=revision&diff=105722&oldid=104960

On Sunday, 1 May 2016, Trillium Corsage  wrote:

> I noticed Michelle Paulson editing the "Cookie Statement" page, and it
> seemed kind of strange to me because I thought it more a technical and IT
> thing to edit. But Michelle is WMF Legal, right?
>
> Is WMF doing something new (or newish, maybe I'm a little late in picking
> up on this) with cookies? Can someone describe to me what that is, in
> layman's terms?
>
> Is it about third-party marketing and working up personal profiles of
> editors and readers? What sort of new information is the WMF gathering, if
> it is, on editors and readers?
>
> Are there privacy concerns we should be worried about?
>
> Will the information gathered by the cookies be made available to the
> anonymous administrative "volunteers" the WMF grants access to the
> non-public information of editors? The so-called "sockpuppet investigators"
> and so forth?
>
> Here:
> https://wikimediafoundation.org/w/index.php?title=Cookie_statement&action=historysubmit&type=revision&diff=105722&oldid=104960
> .
>
> Trillium Corsage
>
> ___
> Wikimedia-l mailing list, guidelines at:
> https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
> New messages to: Wikimedia-l@lists.wikimedia.org 
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
>  ?subject=unsubscribe>
___
Wikimedia-l mailing list, guidelines at: 
https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
New messages to: Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,

Re: [Wikimedia-l] What New Thing is WMF Doing w. Cookies, & Why is Legal Involved?

2016-05-01 Thread James Alexander 
On Sun, May 1, 2016 at 2:40 PM, Trillium Corsage 
wrote:

> I noticed Michelle Paulson editing the "Cookie Statement" page, and it
> seemed kind of strange to me because I thought it more a technical and IT
> thing to edit. But Michelle is WMF Legal, right
>

I won't/can't comment on the rest of your questions but I'm confused about
why you would be surprised here... the cookie statement is, essentially, a
legal statement/privacy policy "type" document (obviously different but
similar) and just like the privacy policy (or access to non public
information or document retention policy or terms of use or other policy
docs along those lines) the cookie statement has been owned by Legal for as
long as it's existed (I can attest to that fact since the CA team was asked
to help put it up for them).

It's certainly possible that this is only 'obvious' to me because of my
knowledge of outside organizations or law but it doesn't surprise me.
Cookie statements are part of the law in some countries (not necessarily
ones we have to follow given our position in the US but Europe has laws
about it for example) and so would usually be within the legal department
for many organizations. Cookies are also closely tied with privacy and the
privacy policy and so compliance and ensuring that the org stays within
their promises would, also, often fall within the legal department (though
everyone should/does have a hand in ensuring they follow the promises the
org as a whole made).

James Alexander
Manager
Trust & Safety
Wikimedia Foundation
___
Wikimedia-l mailing list, guidelines at: 
https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
New messages to: Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,