https://bugzilla.wikimedia.org/show_bug.cgi?id=18898
Summary: Filter out privacy policy bypassinging javascripts
Product: Wikimedia
Version: unspecified
Platform: All
OS/Version: All
Status: NEW
Severity: enhancement
Priority: Normal
Component: General/Unknown
AssignedTo: [email protected]
ReportedBy: [email protected]
This is a Wikimedia projects only suggestion/request. This could remain
optional for Mediawiki software used outside the Wikimedia Foundation.
The Wikimedia Foundation' s privacy policy (1) states that : "Except as
described above, Wikimedia policy does not permit distribution of personally
identifiable information under any circumstances", meaning that notwithstanding
a few exception (like a request from a judge), the Foundation does not transmit
the users' IP addresses to third parties.
At present, when a user reads an image description page on the French language
Wikipedia, his or her IP address is being sent to an external website called
"pacli.appspot.com". This is connected to the "order a poster print of this
picture/Obtenir un poster de cette image" link on the top of the page.
For example, if you access [[:fr:Fichier:Tigeress with cubs in Kanha Tiger
reserve.jpg]] with Firefox, then select "Page Info / Media" in the tools menu
of Firefox, you can see that a file has been downloaded to your computer from
the following address :
http://pacli.appspot.com/posterstats/tick?page=Fichier:Tigeress_with_cubs_in_Kanha_Tiger_reserve.jpg&position=showLink
That means that at present, the owner of the pacli.appspot.com website is able
to compute a database of all the IP adresses of Wikipedia users reading image
description pages on the French Wikipedia. It is very easy for this owner to
know the IP address of the picture's uploader, because the uploader's IP is the
first IP address ever accessing that particular picture. As far as I know,
nothing prevents that website's owner to further disseminate the collected IP
addresses.
Perhaps this problem will be solved by editing the javascipt used on the French
Wikipedia. But in order to prevent this sort of situation from occurring on a
variety of Wikimedia projects, some sort of filter might be implemented,
forbidding this kind of javascript codes from being inserted into Wikimedia
projects without users' knowledge.
(1) [[:foundation:Privacy policy]]
http://wikimediafoundation.org/wiki/Privacy_policy
--
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are on the CC list for the bug.
_______________________________________________
Wikibugs-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
