At this week's ArchCom Office hour, we'd like to help the WMF Legal
team ensure our software development practices don't accidentally
cause us to enable all sorts of creepy surveillance because a naive
developer adds it. The challenge, of course, is when the royal "we"
accidentally add something, and then we deploy it (because that's a
pretty routine thing these days). Sometimes, no amount of begging "NO
WAIT, WE DIDN'T *MEAN* TO DO THAT" (no matter how sincere) can undo
the damage done. Wikimedia seems to have a pretty good reputation in
the grand scheme of things, but maintaining that reputation is going
to take a lot of vigilance.
Zhou Zhou filed an RFC about this:
...which seems like a good topic for our Wednesday meeting. Zhou
is hoping to figure out how to build the alerts necessary to
understand when some new form of tracking is created. I'm guessing
there's lots of automated and semi-automated monitoring that we could
create to make keeping track of new cookie uses easier; let's talk
about what's realistic, what WMF needs to invest in directly, and how
our wider community of developers can chip in.
Our meeting is at its usual time (Wednesday 21 UTC, 14 PDT, 23 CEST)
and place (#wikimedia-office).
p.s. Obligatory reminder about ArchComStatus page
Wikitech-l mailing list