Adam, Thank you for providing an informative and accessible answer to Trillium's relevant questions. It's truly heartening to see the organization improving in its ability to communicate its intentions, etc. I hope that when broad consensus among staff is reached (as you express in footnote [1]), it will become an increasingly high priority to clearly communicate that in public fora. It really helps when we can understand what others are trying to do, and how it aligns with our own ambitions.
Good stuff. I think this discussion got off to a rough start, but you have gotten it back on track, and maybe to resolution. -Pete [[User:Peteforsyth]] On Mon, May 2, 2016 at 12:21 AM, Adam Wight <awi...@wikimedia.org> wrote: > Hi Trillium, > > These are great questions to ask, thank you for keeping the privacy > conversation on track! > > As a technical employee of the Wikimedia Foundation who would have been > involved if we were planning significant changes to expand or limit > tracking, I can confirm that nothing rotten is in the wings. In fact, the > situation is better now than ever before (in my 4 years here). There are > internal accountability reforms under way to help us make strong guarantees > about our users' privacy. A brief investigation into assigning readers > long-term unique identifiers--in lay person terms the gateway to dystopian > tracking--opened and was immediately shut again.[1] Data retention (what > user data we collect and for how long) policy work is being tightened up, > and done in public.[2] In Fundraising, we've found a way to measure > aggregate data about our banner delivery without collecting information > which lets us correlate anything else about readers.[3] > > While I feel good about what's happening now, it would be nice to have > longer-term assurances that we won't go collectively nuts in the > unforeseeable future. I'm not sure what that assurance might look like, > though... Democratic stewardship of our shared resources? Anyway, please > do keep a critical eye on cookies and their brethren, and if you find > anything out of joint I'm sure there will be plenty of allies left within > the Foundation to help set it right. > > Regards, > Adam Wight > [[mw:User:Adamw] > > > [1] Sorry, there was an all-staff internal discussion but I don't think > this was published. The idea at the time was to get our house in order and > decide whether to start a public conversation about unique IDs. There > turned out to be many strong critics of the plan and no real supporters as > far I could tell, and the initiative was abandoned, to my knowledge. The > motivation for the project was to get a better estimate of our unique > visitor counts (a count of their devices, to be precise). We've settled on > the less accurate "last visited" measurement instead, which is described > here: http://blog.wikimedia.org/2016/03/30/unique-devices-dataset/ > [2] https://meta.wikimedia.org/wiki/Data_retention_guidelines > [3] https://commons.wikimedia.org/wiki/File:Lightening_banner_history.pdf > > On Sun, May 1, 2016 at 9:21 PM, Oliver Keyes <ironho...@gmail.com> wrote: > > > It seems like you can either deny James's knowledge of the > technical/legal > > overlap or ask him questions, but probably not both :p. > > > > One element I can answer: no, it does not contain flash objects, flash is > > not a technology included in the Wikimedia stack on account of it barely > > being classifiable as a technology. > > > > On Sunday, 1 May 2016, Toby Dollmann <toby.dollm...@gmail.com> wrote: > > > > > > It's certainly possible that this is only 'obvious' to me because of > my > > > > knowledge of outside organizations or law but it doesn't surprise me. > > > > > > Your reply is not obvious to me. I understand that your employment is > > > exclusively with WMF and you do not appear to be particularly > > > qualified (or experienced) in law. > > > > > > Treating the cookie statement as an explanation / extension of WMF's > > > privacy policy and noting the poster's concern that the WMF legal team > > > have amended certain descriptors for locally stored objects (not > > > cookies) of indeterminate (theoretically infinite) persistence, would > > > you clarify the following technical /legal aspects relating to cookies > > > and their usage on Wikimedia. > > > > > > 1. Whether, or not, editors of Wikimedia websites", say > > > "en.wikipedia.org" or "commons.wikimedia.org", can edit if cookies > > > (broadly construed) are disabled and not stored on client devices. > > > > > > 2. Whether, or not, the locally stored objects referenced in the > > > cookie policy include > > > (i) Javascript code, or > > > (ii) Flash objects > > > > > > 3. Whether, or not, the locally stored objects inserted by the WMF, on > > > client computers and stored there, have the capability of collecting > > > extensive personal information of editors, the degree of which not > > > being explicitly disclosed in advance to users. > > > > > > 4. Whether, or not, the WMF is aware that a certain "toxic and > > > juvenile .. problem" [reff#1] WMF sysop (now banned) with extensive > > > knowledge of WMF's checkuser process, the cookie policy and its > > > internals has achieved remarkable technical capability to closely > > > impersonate other editors and get them blocked by a network (aka "porn > > > crew") of surviving cooperative "community appointed" sysops favorably > > > still disposed to him/her. That this problem person (who has also > > > threatened legal action against WMF) extensively uses mobile Wikipedia > > > via "millions of IPs" [ref#2] in multiple languages, including several > > > some fairly obscure ones, for abusive purposes which are 'obviously' > > > related to WMF_legal's recent subject edit. > > > > > > Toby > > > > > > [ref#1] "I should be clear - the problem is not the abuse of me, but > > > the toxic and juvenile environment at Commons. I have never failed in > > > 30 seconds of looking to find a horrifying BLP violation at commons of > > > a photo of an identifiable woman engaged in sexual activity with > > > highly questionable provenance (for example a deleted flickr account). > > > Every time (including tonight) that I go there hoping to see > > > improvement, I am disappointed. And I think that as long as we > > > tolerate it and don't bounce some very bad admins, we will not solve > > > the problem.--Jimbo Wales (talk) 23:04, 14 October 2014 (UTC)" > > > > > > [ref#2] > > > > > > https://commons.wikimedia.org/w/index.php?title=User_talk%3AOdder&action=historysubmit&type=revision&diff=194440022&oldid=194439438 > > > > > > On 5/2/16, James Alexander <jalexan...@wikimedia.org <javascript:;>> > > > wrote: > > > > On Sun, May 1, 2016 at 2:40 PM, Trillium Corsage < > > > trillium2...@yandex.com <javascript:;>> > > > > wrote: > > > > > > > >> I noticed Michelle Paulson editing the "Cookie Statement" page, and > it > > > >> seemed kind of strange to me because I thought it more a technical > and > > > IT > > > >> thing to edit. But Michelle is WMF Legal, right > > > >> > > > > > > > > I won't/can't comment on the rest of your questions but I'm confused > > > about > > > > why you would be surprised here... the cookie statement is, > > essentially, > > > a > > > > legal statement/privacy policy "type" document (obviously different > but > > > > similar) and just like the privacy policy (or access to non public > > > > information or document retention policy or terms of use or other > > policy > > > > docs along those lines) the cookie statement has been owned by Legal > > for > > > as > > > > long as it's existed (I can attest to that fact since the CA team was > > > asked > > > > to help put it up for them). > > > > > > > > It's certainly possible that this is only 'obvious' to me because of > my > > > > knowledge of outside organizations or law but it doesn't surprise me. > > > > Cookie statements are part of the law in some countries (not > > necessarily > > > > ones we have to follow given our position in the US but Europe has > laws > > > > about it for example) and so would usually be within the legal > > department > > > > for many organizations. Cookies are also closely tied with privacy > and > > > the > > > > privacy policy and so compliance and ensuring that the org stays > within > > > > their promises would, also, often fall within the legal department > > > (though > > > > everyone should/does have a hand in ensuring they follow the promises > > the > > > > org as a whole made). > > > > > > > > James Alexander > > > > Manager > > > > Trust & Safety > > > > Wikimedia Foundation > > > > _______________________________________________ > > > > Wikimedia-l mailing list, guidelines at: > > > > https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines > > > > New messages to: Wikimedia-l@lists.wikimedia.org <javascript:;> > > > > Unsubscribe: > https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, > > > > <mailto:wikimedia-l-requ...@lists.wikimedia.org <javascript:;> > > > ?subject=unsubscribe> > > > > > > _______________________________________________ > > > Wikimedia-l mailing list, guidelines at: > > > https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines > > > New messages to: Wikimedia-l@lists.wikimedia.org <javascript:;> > > > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, > > > <mailto:wikimedia-l-requ...@lists.wikimedia.org <javascript:;> > > > ?subject=unsubscribe> > > _______________________________________________ > > Wikimedia-l mailing list, guidelines at: > > https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines > > New messages to: Wikimedia-l@lists.wikimedia.org > > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, > > <mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe> > > > _______________________________________________ > Wikimedia-l mailing list, guidelines at: > https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines > New messages to: Wikimedia-l@lists.wikimedia.org > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, > <mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe> > _______________________________________________ Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe>
