Hello, Thank you for discussing this matter. The Wikimedia Foundation takes the safety and privacy of volunteers very seriously. I recognize that among the concerns is that the identities of LGBTQ+ members of the movement could be revealed to anti-LGBTQ entities and governments. As someone who has previously worked in advocacy for victims of anti-LGBTQ+ related crimes and acts of discrimination, I am personally very invested in mitigating that risk. After speaking with my colleagues at the Foundation, I wanted to clear up a few topics which have been raised here.
== Commitment to Free & Open Source & Security == In all platforms and software used in community interactions, our Security and Legal teams are involved in reviewing possible solutions to ensure that we are minimizing risks to our communities’ safety and privacy as well as the security of our technical infrastructure. While we can never completely remove all risks, we are making an increasingly strong effort to balance our resources and technology values to find the best solution for our needs - as well as the needs of the volunteers and readers of the projects we support. For the most part, this process allows us to honor our commitment to open-source software and utilize solutions already available - such as our recent adoption of Matrix in internal communications and our continued usage of Phabricator for technical bug tracking. In some cases, there are proprietary solutions that better fit our needs - such as our payroll systems and staff email solutions. Finally, there are also times when there are no solutions available and we need to develop our open-source solutions[1] - such as to address how languages appear on a webpage or to help reduce our site's bandwidth usage. We do not always have the resources to develop our own solutions to processes not core to the operations of the wikis or where a solution already exists that works as well or better than anything we could realistically develop. == Survey tools == With regards to surveys, we have previously tested and attempted to use open source solutions such as LimeSurvey. We will continue to keep an eye on those options and consider them again in future reviews. We are extremely cognizant in exploring these options of potential threats both to the privacy of the data collected and the security of the servers operating the software. Our strict privacy and security needs often require us entering into agreements with operators of proprietary software or services that we use. Sometimes the agreements are unique and confidential to avoid people who may intend harm from gleaning too many technical details. For example, our Enterprise agreement with Google prevents Google from accessing the data for their own uses and requires them to inform the Foundation of any requests for data that they receive prior to disclosure, allowing us an opportunity to file a legal objection. Additionally, our Legal department receives notice before changes to these kinds of arrangements are formally accepted, affording us an opportunity to make a change in platforms, if necessary, in order to maintain our security and privacy requirements. Similarly, we have agreements with other services like Qualtrics to provide controls over how our data is managed and secured. Thanks in large part to the input and efforts of Wikimedia LGBTQ+, we have recently made some additional improvements to how we conduct surveys. While our surveys have gone through legal review for several years, we have begun referring teams to appropriate language about gender and sexual orientation questions. Additionally, we are purposefully not asking questions about sexual orientation or gender in any geographies where same-sex relations or identifying as transgender are criminalized.[2][3] We are continuing to investigate and collect ideas on additional measures we can take to protect the safety of our communities. == Ensuring the security of data == While storing data ourselves is sometimes the desired outcome, it is not always the best solution. It is also worth noting that even when data is stored on our servers, we cannot fully guarantee its protection without recognizing the constantly evolving nature of digital threats means there will always be as yet unknown risks. What we have done is continue to grow the capacity of our Security team[4] - allowing us to respond more rapidly to potential risks and over time expand our capacity to review options more rapidly. We have also established initiatives like the Defense of Contributors program[5] - which provides financial legal support to volunteers facing legal risks as a result of their participation in the Wikimedia movement (including taking surveys). We have added rigor to the process of assessing vendors from a security and privacy capabilities standpoint, so we are better informed on risks associated with vendors who will be processing and handling data on our behalf. All of this reduces the risk to everyone's privacy and security; and also provides the infrastructure for effective and ethical responses to a wide range of possible threats. This work is critical and never-ending - and these discussions are important. We are working to make the above information easier to locate. I appreciate the thoughtful questions people have posed on this mailing list and elsewhere in regards to a realistic approach to managing risks. Thank you again, -greg [1] https://doc.wikimedia.org [2] https://ilga.org/maps-sexual-orientation-laws [3] https://ilga.org/trans-legal-mapping-report [4] https://www.mediawiki.org/wiki/Wikimedia_Security_Team [5] https://meta.wikimedia.org/wiki/Legal/Legal_Policies#Defense_of_Contributors ------- Gregory Varnum Senior Strategist, Communications Wikimedia Foundation gvar...@wikimedia.org Pronouns: He/Him/His > On Feb 17, 2021, at 7:36 AM, Gnangarra <gnanga...@gmail.com> wrote: > > Kaya > > Have we put the ostrich back, where does this go from here? Have we decided > to learn and make an effort or have we reached the inevitable impasse where > everyone hopes the issue has been forgotten about. > > There was a reasonable (though I think unlikely) possibility that > contributors in Australia could lose Google as a platform, > https://www.abc.net.au/news/2021-02-16/google-search-departure-devastate-australian-small-business/13156958 > . While that looks even less likely google is already offering pay for > services and limiting "free" services like gmail and google docs. > > The only assurity the WMF can give about equity, privacy, and access is > through its own services, or services that it hosts. The movement needs to > be looking at its sustainability in the face of increased government impact > on the ultra large corporate services we are using to operate > > On Mon, 15 Feb 2021 at 20:10, Tomasz Ganicz <polime...@gmail.com> wrote: > Well, both ZEUS and CiviCRM works well in many NGO-ses. It is just a subject > of proper maintenance. Actually, a piece of free software called MediaWiki is > probably more complicated to maintain than CiviCRM or Wordpress but WMF is > able to maintain it pretty well :-) I believe that organization able to > successfully maintain the largest MediaWiki based projects on Earth could > also manage to organize free software based survey system... This is a > subject of priorities rather than resources... > > > > > > pon., 15 lut 2021 o 02:08 Łukasz Garczewski <lukasz.garczew...@wikimedia.pl> > napisał(a): > With respect, Fae, if you're going to propose banning an existing solution, > it is on you to propose a suitable alternative or at least a process to find > it before the ban takes effect. > > I write this as a signatory of Free Software Foundation Europe's Public > Money? Public Code open letter. I am wholeheartedly a proponent of open > source software. > > At the same time, I am a firm believer in using the best available tool for > the job. > > Our mission is too important to hold ourselves back at every step due to a > noble but often unrealistic wish to use open source solutions for everything > we do. > > Last year, because of my drive to use proper open source solutions, WMPL > wasted hours and hours of staff time (mostly mine) and a not insignificant > amount of members' time because: > • Zeus, a widely used, cryptographically secure voting system is > impossible to setup and maintain and has very sparse documentation, > • CiviCRM, the premier open source CRM solution for NGOs, refuses to > work correctly after the Wordpress installation is moved to a new URL, and > documentation isn't helpful. > To my knowledge there are no suitable open source options that would be > easy-to-use and robust enough to support our needs in both cases and be > comparable to commercial counterparts. > > I have wasted a ton of time (and therefore WMPL money), before I decided to > use state-of-the-art commercial solutions for the needs described above. > Don't be like me. Don't make other people think & act like I did. Be smarter. > > Should we use an equivalent open source solution when one is available? Yes. > Should we have a public list of open source tools needed? Yes. > Should we use programmes such as Google Summer of Code to build those tools? > Yes. > > Should we waste time using sub-par solutions or doing work manually? Hell no. > > So here's a constructive alternative idea: > • Let's gather the needs and use cases for tools used by WMF and > affiliates, > • Let's build a list of potential open source replacements and map what > features are missing, > • Let's put the word out that we're looking for open source > replacements where there are none available, > • Let's embed Wikimedia liaisons in key open source projects to ensure > our needs and use cases are addressed promptly, > • Let's use initiatives such as Summer of Code to kickstart building > some of these tools. > I acknowledge the above is much harder to do than instituting a ban via > community consensus. It is, however, a much more productive approach and will > get us to your desired state eventually, and without sabotaging the work that > needs to happen in the meantime. > > Oh, and in case anybody's wondering why we can't build these tools in-house: > > We could but really, really shouldn't. MediaWiki and the wider Wikimedia tech > infrastructure is still in need of huge improvements. It would be really > unwise to distract WMF's development and product teams from these goals by > requesting they build standard communication or reporting tools. > > On Sat, Feb 13, 2021 at 4:42 PM Fæ <fae...@gmail.com> wrote: > As a consequence of the promotion of a Google forms based survey this > week by a WMF representative, a proposal on Wikimedia Commons has been > started to ban the promotion of surveys which rely on third party > sites like Google Forms.[1] > > Launched today, but already it appears likely that this proposal will > have a consensus to support. Considering that Commons is one of our > largest Wikimedia projects, there are potential repercussions of > banning the on-wiki promotion of surveys which use Google products or > other closed source third party products like SurveyMonkey. > > Feedback is most welcome on the proposal discussion, or on this list > for handling impact, solutions, recommended alternatives that already > exist, or the future role of the WMF to support research and surveys > for the WMF and affiliates by using forking open source software and > self-hosting and self-managing data "locally". > > Links > 1. > https://commons.wikimedia.org/wiki/Commons:Village_pump/Proposals#Use_of_off-wiki_surveys_using_third-party_tools > > Thanks > Fae > -- > fae...@gmail.com https://commons.wikimedia.org/wiki/User:Fae > #WearAMask > > _______________________________________________ > Wikimedia-l mailing list, guidelines at: > https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and > https://meta.wikimedia.org/wiki/Wikimedia-l > New messages to: Wikimedia-l@lists.wikimedia.org > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, > <mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe> > > > -- > Z poważaniem · Kind regards > > Łukasz Garczewski > > Dyrektor ds. operacyjnych · Chief Operating Officer > Wikimedia Polska > > tel: +48 601 827 937 > e-mail: lukasz.garczew...@wikimedia.pl > > > Wesprzyj wolną wiedzę! > Przekaż 1% podatku lub wpłać darowiznę na rzecz Wikipedii > > ul. Tuwima 95, pok. 15 Łódź, Polska > KRS 0000244732 > NIP 728-25-97-388 > > wikimedia.pl > > Informacje na temat przetwarzania znajdują się w Polityce Prywatności. > Kontakt: r...@wikimedia.pl > _______________________________________________ > Wikimedia-l mailing list, guidelines at: > https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and > https://meta.wikimedia.org/wiki/Wikimedia-l > New messages to: Wikimedia-l@lists.wikimedia.org > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, > <mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe> > > > -- > Tomek "Polimerek" Ganicz > http://pl.wikimedia.org/wiki/User:Polimerek > http://www.ganicz.pl/poli/ > > _______________________________________________ > Wikimedia-l mailing list, guidelines at: > https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and > https://meta.wikimedia.org/wiki/Wikimedia-l > New messages to: Wikimedia-l@lists.wikimedia.org > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, > <mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe> > > > -- > GN. > > Power of Diverse Collaboration > Sharing knowledge brings people together > Wikimania Bangkok 2022 > August > hosted by ESEAP > > Wikimania: https://wikimania.wikimedia.org/wiki/User:Gnangarra > Noongarpedia: https://incubator.wikimedia.org/wiki/Wp/nys/Main_Page > My print shop: https://www.redbubble.com/people/Gnangarra/shop?asc=u > > > _______________________________________________ > Wikimedia-l mailing list, guidelines at: > https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and > https://meta.wikimedia.org/wiki/Wikimedia-l > New messages to: Wikimedia-l@lists.wikimedia.org > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, > <mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe> _______________________________________________ Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/wiki/Wikimedia-l New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe>
