[Wikimedia-l] Open and recorded WMF Board meetings

> This is getting ridiculous.
>
> Jimmy, you quoted from an email exchange with James. James claims this
> selective quoting distorted the nature of the exchange. You have been asked
> to publish the entire exchange. The only other party to that exchange
> (James) wants it published. As Fae and others have repeatedly pointed out,
> you may simply redact any confidential board information. Your explanations
> for not releasing the whole exchange are an insult to our intelligence and
> your refusal to do so is a display of contempt.
>
> James is a genuine leader and spokesperson, elected by the community.
>
> What are you?
>
> You happened to be there when your failed encyclopaedia, thanks to Larry's
> idea to use a wiki and thanks to the energy and determination of the
> community, exploded before your eyes into this amazing thing.
>
> Now, you pretend to be the genius behind Wikipedia. Now, you pose as the
> humanitarian who gave away the encyclopaedia because "it was the right
> thing to do" (when, in reality, you relinquished it because the community
> wouldn't allow you to monetise it). Now, you make a nice living off this
> charade.
>
> You can take that story with you and, I'm sure, for a while at least,
> you'll still be able to dine out on it. But you're in the way here. It's
> time to move on from the board and from your self-appointed role as
> "spokesperson for the community".
>
> We need honest, hard working people who genuinely represent us in a
> public-facing role, not a deceitful, self-aggrandising, opportunistic
> squatter.
>
>
> Anthony Cole
>
>
> On Sat, Apr 23, 2016 at 8:49 PM, Oliver Keyes <[hidden email]> wrote:
>
>> On Saturday, 23 April 2016, Gerard Meijssen <[hidden email]>
>> wrote:
>>
>> > Hoi,
>> > Governance worth a damn... <grin> Did you know that I introduced Jan
>> Bart
>> > to Jimmy </grin> the rest is also history.
>>
>>
>> Yes Gerard, you're very very important. Much more so than me. Well done.
>>
>> >
>> > But honestly. In the final analysis the more importance is given to the
>> > board, the more it shows a dysfunctional movement. When governance is so
>> > relevant, the first thing to do is not to micro-manage. That is what the
>> > board is not supposed to do and when something did not go right,
>> remember
>> > that they are people. Ask yourself how we as a movement suffer instead
>> or
>> > when you find that a certain behaviour did not win the beauty contest.
>> >
>> >
>> I know the board are people. I also know the people their actions affect
>> are people. I am agreed that the board is too prominent - see also the
>> spinoff thread - and given too much importance. But when the board sets
>> direction on almost everything that costs money, it's function or
>> dysfunction is absolutely an 'important thing'
>>
>> I'm going to drop this thread because it is relatively clear we are not
>> making any progress, in either direction, on convincing the other one
>> we're
>> right. But hey, at least neither of us demanded the other question their
>> own sanity :p
>>
>>
>> > This whole affair is backward. It does not help us forward, it does
>> hinder
>> > and it takes energy away from those things that really matter.
>> > Thanks,
>> >        GerardM
>> >
>> > On 17 April 2016 at 22:13, Oliver Keyes <[hidden email]
>> > <javascript:;>> wrote:
>> >
>> > > On Sun, Apr 17, 2016 at 3:55 PM, Gerard Meijssen
>> > > <[hidden email] <javascript:;>> wrote:
>> > > > Hoi,
>> > > > So when as a result of your yihad the worst of what you imagine
>> comes
>> > > out,
>> > > > the most you have achieved is that you can say "this is why I think
>> he
>> > is
>> > > > an asshole". Then what. It does not change a thing. We are still
>> intend
>> > > on
>> > > > sharing the sum of all knowledge. You still have to do a lot of
>> > > convincing
>> > > > before most other people would agree with you.
>> > > >
>> > > > The problem with your single issue approach is achieves more turmoil
>> > than
>> > > > anything else. I fail to understand people like you. It is no longer
>> > > about
>> > > > what we hope to achieve. I have tried to engage you in meaningful
>> talk
>> > > but
>> > > > for me it failed.
>> > >
>> > > From what I can see, "what we hope to achieve" is governance worth a
>> > > damn. It's people in key positions not using those positions as
>> > > weapons. It's people taking empathy and consideration and fiduciary
>> > > duties seriously. Now, if the absence of these doesn't affect you, I'm
>> > > profoundly jealous, but the fact that you do not understand why
>> > > Jimmy's behaviour makes it difficult to claim he's a suitable
>> > > participant in Wikimedia's governance does not change that a lot of
>> > > other people do have concerns - not just me, not just Andreas.
>> > >
>> > > >
>> > > > The one question that I have. In all your hiha I have not understood
>> > that
>> > > > you understand what it is what Jimmy uniquely brings to our
>> community.
>> > He
>> > > > is really effective as an ambassador for what we do. In this there
>> is
>> > > noone
>> > > > who can replace him. How do you want to replace him. Arguably the
>> > latest
>> > > > crop of board members have shown how hard it is in the first place
>> to
>> > > make
>> > > > a meaningful contribution.
>> > >
>> > > Who said anything about replacing him as an ambassador? When Jimmy is
>> > > mentioned in the media it's in the context of being Wikipedia's
>> > > founder, not one of a dozen-odd board members, and unless there's an
>> > > IEG for the invention of a TARDIS I don't think anyone is removing his
>> > > founder status. The question is simply whether he is a suitable person
>> > > to indefinitely sit on the Board of Trustees, making governance
>> > > decisions, given the behaviour he has shown.
>> > >
>> > > > Thanks,
>> > > >        GerardM
>> > > >
>> > > > On 17 April 2016 at 20:20, Andreas Kolbe <[hidden email]
>> > <javascript:;>> wrote:
>> > > >
>> > > >> On March 21, Jimmy posted excerpts from an email conversation he'd
>> had
>> > > with
>> > > >> James Heilman on his Wikipedia user talk page, making further
>> > > allegations
>> > > >> against James.[1]
>> > > >>
>> > > >> James replied twice:
>> > > >>
>> > > >> <quote>
>> > > >>
>> > > >> Jimmy Wales' summary above of our email correspondence is far from
>> > > >> complete, and is not an accurate representation of the overall
>> > > discussion.
>> > > >> Doc James (talk · contribs · email) 01:22, 24 March 2016 (UTC)
>> > > >>
>> > > >> Jimbo, you quoted some passages of our mails above. Would you have
>> any
>> > > >> objection to my posting the complete exchange, so that the parts
>> you
>> > > quoted
>> > > >> can be seen in context? Doc James (talk · contribs · email) 01:09,
>> 31
>> > > March
>> > > >> 2016 (UTC)
>> > > >>
>> > > >> <end of quote>
>> > > >>
>> > > >> Jimmy Wales ignored the latter question until the thread was
>> archived.
>> > > >>
>> > > >> So – will the community get to see the complete exchange or not, so
>> > that
>> > > >> everyone can judge for themselves how it was misrepresented by
>> Jimmy's
>> > > >> selective quoting?
>> > > >>
>> > > >>
>> > > >> [1]
>> > > >>
>> > > >>
>> > >
>> >
>> https://en.wikipedia.org/wiki/User_talk:Jimbo_Wales/Archive_206#What_James_said_publicly_.282.29
>> > > >>
>> > > >> On Mon, Apr 11, 2016 at 12:37 PM, Fæ <[hidden email]
>> <javascript:;>>
>> > wrote:
>> > > >>
>> > > >> > If we are going to have more elections, can we please hold Jimmy
>> to
>> > > >> > account this year rather than waiting for him to leave the board
>> > under
>> > > >> > his own steam?
>> > > >> >
>> > > >> > His use of "utter fucking bullshit", then using these distraction
>> > > >> > politics to avoid answering basic questions intended to deal with
>> > his
>> > > >> > repeated public allegations of lying against a respected
>> community
>> > > >> > member, is not what the Wikimedia movement needs or wants from a
>> > > >> > Trustee, or someone who represents the movement to the press.
>> > > >> >
>> > > >> > If Jimmy were a WMF employee, he'd be gone by now.
>> > > >> >
>> > > >> > P.S. We are still waiting for Jimmy to publish his interviews
>> with
>> > WMF
>> > > >> > employees resulting from his trip to SF, when he was claiming to
>> act
>> > > >> > for the WMF board, I can't be bothered to work out how many weeks
>> > ago
>> > > >> > that was. Is this sort of promise that Jimmy would call
>> "bullshit"
>> > if
>> > > >> > it was yet another person he had an ongoing feud with?
>> > > >> >
>> > > >> > Fae
>> > > >> >
>> > > >> > On 11 April 2016 at 12:24, Andy Mabbett <
>> [hidden email]
>> > <javascript:;>>
>> > > >> wrote:
>> > > >> > > On 23 March 2016 at 11:48, Andy Mabbett <
>> > [hidden email] <javascript:;>>
>> > > >> > wrote:
>> > > >> > >> On 23 March 2016 at 10:01, Jimmy Wales <
>> [hidden email]
>> > <javascript:;>>
>> > > >> > wrote:
>> > > >> > >>
>> > > >> > >>> But I did publish something on my user talk page that is
>> > relevant.
>> > > >> > >>
>> > > >> > >> Diff, please.
>> > > >> > >
>> > > >> > > Answer came there none...
>> > > >> >
>> > > >> > _______________________________________________
>> > > >> > Wikimedia-l mailing list, guidelines at:
>> > > >> > https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
>> > > >> > New messages to: [hidden email] <javascript:;>
>> > > >> > Unsubscribe:
>> > https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
>> > > ,
>> > > >> > <mailto:[hidden email] <javascript:;>
>> > ?subject=unsubscribe>
>> > > >> >
>> > > >> _______________________________________________
>> > > >> Wikimedia-l mailing list, guidelines at:
>> > > >> https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
>> > > >> New messages to: [hidden email] <javascript:;>
>> > > >> Unsubscribe:
>> https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
>> > ,
>> > > >> <mailto:[hidden email] <javascript:;>
>> > ?subject=unsubscribe>
>> > > >>
>> > > > _______________________________________________
>> > > > Wikimedia-l mailing list, guidelines at:
>> > > https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
>> > > > New messages to: [hidden email] <javascript:;>
>> > > > Unsubscribe:
>> https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
>> > > <mailto:[hidden email] <javascript:;>
>> > ?subject=unsubscribe>
>> > >
>> > > _______________________________________________
>> > > Wikimedia-l mailing list, guidelines at:
>> > > https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
>> > > New messages to: [hidden email] <javascript:;>
>> > > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
>> ,
>> > > <mailto:[hidden email] <javascript:;>
>> > ?subject=unsubscribe>
>> > >
>> > _______________________________________________
>> > Wikimedia-l mailing list, guidelines at:
>> > https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
>> > New messages to: [hidden email] <javascript:;>
>> > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
>> > <mailto:[hidden email] <javascript:;>
>> > ?subject=unsubscribe>
>> _______________________________________________
>> Wikimedia-l mailing list, guidelines at:
>> https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
>> New messages to: [hidden email]
>> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
>> <mailto:[hidden email]?subject=unsubscribe>
>>
>
>

> On Fri, Apr 15, 2016 at 2:42 PM, Trillium Corsage <[hidden email]
> >
> wrote:
> >
> > Jimbo responded to arbitrator GorillaWarfare on this list, basically,
> > "yes, I supported with sadness the decision to dismiss Lila."
>
>
> Wait -- seriously??
>
> I missed this piece until today. But if this is true, it is huge.
>
> Lila's departure was publicly communicated as a resignation -- not as a
> "decision [by the board] to dismiss."
>
> Jimmy Wales has been quite vocal about wanting to defer to the board on
> what should and should not be communicated.
>
> In this instance, did he seriously acknowledge a vote that was kept
> private?
>
> So...Jimmy Wales can share confidential information when it seems
> personally convenient to him, but can withhold it when it seems personally
> convenient to him -- is that the standard?
>
> -Pete
> [[User:Peteforsyth]]
> _______________________________________________
> Wikimedia-l mailing list, guidelines at:
> https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
> New messages to: [hidden email]
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> <mailto:[hidden email]?subject=unsubscribe>
>

> On Fri, Apr 15, 2016 at 2:42 PM, Trillium Corsage <[hidden email]
> >
> wrote:
> >
> > Jimbo responded to arbitrator GorillaWarfare on this list, basically,
> > "yes, I supported with sadness the decision to dismiss Lila."
>
>
> Wait -- seriously??
>

>>  >
>>  wrote:
>>  >
>>  > Jimbo responded to arbitrator GorillaWarfare on this list, basically,
>>  > "yes, I supported with sadness the decision to dismiss Lila."
>>
>>  Wait -- seriously??
>
> No, it's a false quote. I don't know if Trillium falsified the quote or if
> he/she picked it up from a different source. Asked if he supported her
> departure, he wrote "I supported it with sadness. The whole thing is a sad
> train wreck."

> I noticed Michelle Paulson editing the "Cookie Statement" page, and it
> seemed kind of strange to me because I thought it more a technical and IT
> thing to edit. But Michelle is WMF Legal, right?
>
> Is WMF doing something new (or newish, maybe I'm a little late in picking
> up on this) with cookies? Can someone describe to me what that is, in
> layman's terms?
>
> Is it about third-party marketing and working up personal profiles of
> editors and readers? What sort of new information is the WMF gathering, if
> it is, on editors and readers?
>
> Are there privacy concerns we should be worried about?
>
> Will the information gathered by the cookies be made available to the
> anonymous administrative "volunteers" the WMF grants access to the
> non-public information of editors? The so-called "sockpuppet investigators"
> and so forth?
>
> Here:
> https://wikimediafoundation.org/w/index.php?title=Cookie_statement&action=historysubmit&type=revision&diff=105722&oldid=104960
> .
>
> Trillium Corsage
>
> _______________________________________________
> Wikimedia-l mailing list, guidelines at:
> https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
> New messages to: [hidden email] <javascript:;>
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> <mailto:[hidden email] <javascript:;>
> ?subject=unsubscribe>

> I noticed Michelle Paulson editing the "Cookie Statement" page, and it
> seemed kind of strange to me because I thought it more a technical and IT
> thing to edit. But Michelle is WMF Legal, right?
>
> Is WMF doing something new (or newish, maybe I'm a little late in picking
> up on this) with cookies? Can someone describe to me what that is, in
> layman's terms?
>
> Is it about third-party marketing and working up personal profiles of
> editors and readers? What sort of new information is the WMF gathering, if
> it is, on editors and readers?
>
> Are there privacy concerns we should be worried about?
>
> Will the information gathered by the cookies be made available to the
> anonymous administrative "volunteers" the WMF grants access to the
> non-public information of editors? The so-called "sockpuppet investigators"
> and so forth?
>
> Here:
> https://wikimediafoundation.org/w/index.php?title=Cookie_statement&action=historysubmit&type=revision&diff=105722&oldid=104960
> .
>
> Trillium Corsage
>
> _______________________________________________
> Wikimedia-l mailing list, guidelines at:
> https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
> New messages to: [hidden email]
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> <mailto:[hidden email]?subject=unsubscribe>

> On Sun, May 1, 2016 at 2:40 PM, Trillium Corsage <[hidden email]>
> wrote:
>
>> I noticed Michelle Paulson editing the "Cookie Statement" page, and it
>> seemed kind of strange to me because I thought it more a technical and IT
>> thing to edit. But Michelle is WMF Legal, right
>>
>
> I won't/can't comment on the rest of your questions but I'm confused about
> why you would be surprised here... the cookie statement is, essentially, a
> legal statement/privacy policy "type" document (obviously different but
> similar) and just like the privacy policy (or access to non public
> information or document retention policy or terms of use or other policy
> docs along those lines) the cookie statement has been owned by Legal for as
> long as it's existed (I can attest to that fact since the CA team was asked
> to help put it up for them).
>
> It's certainly possible that this is only 'obvious' to me because of my
> knowledge of outside organizations or law but it doesn't surprise me.
> Cookie statements are part of the law in some countries (not necessarily
> ones we have to follow given our position in the US but Europe has laws
> about it for example) and so would usually be within the legal department
> for many organizations. Cookies are also closely tied with privacy and the
> privacy policy and so compliance and ensuring that the org stays within
> their promises would, also, often fall within the legal department (though
> everyone should/does have a hand in ensuring they follow the promises the
> org as a whole made).
>
> James Alexander
> Manager
> Trust & Safety
> Wikimedia Foundation
> _______________________________________________
> Wikimedia-l mailing list, guidelines at:
> https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
> New messages to: [hidden email]
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> <mailto:[hidden email]?subject=unsubscribe>

> > It's certainly possible that this is only 'obvious' to me because of my
> > knowledge of outside organizations or law but it doesn't surprise me.
>
> Your reply is not obvious to me. I understand that your employment is
> exclusively with WMF and you do not appear to be particularly
> qualified (or experienced) in law.
>
> Treating the cookie statement as an explanation / extension of WMF's
> privacy policy and noting the poster's concern that the WMF legal team
> have amended certain descriptors for locally stored objects (not
> cookies) of indeterminate (theoretically infinite) persistence, would
> you clarify the following technical /legal aspects relating to cookies
> and their usage on Wikimedia.
>
> 1. Whether, or not, editors of Wikimedia websites", say
> "en.wikipedia.org" or "commons.wikimedia.org", can edit if cookies
> (broadly construed) are disabled and not stored on client devices.
>
> 2. Whether, or not, the locally stored objects referenced in the
> cookie policy include
> (i)  Javascript code, or
> (ii)  Flash objects
>
> 3. Whether, or not, the locally stored objects inserted by the WMF, on
> client computers and stored there, have the capability of collecting
> extensive personal information of editors, the degree of which not
> being explicitly disclosed in advance to users.
>
> 4. Whether, or not, the WMF is aware that a certain "toxic and
> juvenile .. problem" [reff#1] WMF sysop (now banned) with extensive
> knowledge of WMF's checkuser process, the cookie policy and its
> internals has achieved remarkable technical capability to closely
> impersonate other editors and get them blocked by a network (aka "porn
> crew") of surviving cooperative "community appointed" sysops favorably
> still disposed to him/her. That this problem person (who has also
> threatened legal action against WMF) extensively uses mobile Wikipedia
> via "millions of IPs" [ref#2] in multiple languages, including several
> some fairly obscure ones, for abusive purposes which are 'obviously'
> related to WMF_legal's recent subject edit.
>
> Toby
>
> [ref#1] "I should be clear - the problem is not the abuse of me, but
> the toxic and juvenile environment at Commons. I have never failed in
> 30 seconds of looking to find a horrifying BLP violation at commons of
> a photo of an identifiable woman engaged in sexual activity with
> highly questionable provenance (for example a deleted flickr account).
> Every time (including tonight) that I go there hoping to see
> improvement, I am disappointed. And I think that as long as we
> tolerate it and don't bounce some very bad admins, we will not solve
> the problem.--Jimbo Wales (talk) 23:04, 14 October 2014 (UTC)"
>
> [ref#2]
> https://commons.wikimedia.org/w/index.php?title=User_talk%3AOdder&action=historysubmit&type=revision&diff=194440022&oldid=194439438
>
> On 5/2/16, James Alexander <[hidden email] <javascript:;>>
> wrote:
> > On Sun, May 1, 2016 at 2:40 PM, Trillium Corsage <
> [hidden email] <javascript:;>>
> > wrote:
> >
> >> I noticed Michelle Paulson editing the "Cookie Statement" page, and it
> >> seemed kind of strange to me because I thought it more a technical and
> IT
> >> thing to edit. But Michelle is WMF Legal, right
> >>
> >
> > I won't/can't comment on the rest of your questions but I'm confused
> about
> > why you would be surprised here... the cookie statement is, essentially,
> a
> > legal statement/privacy policy "type" document (obviously different but
> > similar) and just like the privacy policy (or access to non public
> > information or document retention policy or terms of use or other policy
> > docs along those lines) the cookie statement has been owned by Legal for
> as
> > long as it's existed (I can attest to that fact since the CA team was
> asked
> > to help put it up for them).
> >
> > It's certainly possible that this is only 'obvious' to me because of my
> > knowledge of outside organizations or law but it doesn't surprise me.
> > Cookie statements are part of the law in some countries (not necessarily
> > ones we have to follow given our position in the US but Europe has laws
> > about it for example) and so would usually be within the legal department
> > for many organizations. Cookies are also closely tied with privacy and
> the
> > privacy policy and so compliance and ensuring that the org stays within
> > their promises would, also, often fall within the legal department
> (though
> > everyone should/does have a hand in ensuring they follow the promises the
> > org as a whole made).
> >
> > James Alexander
> > Manager
> > Trust & Safety
> > Wikimedia Foundation
> > _______________________________________________
> > Wikimedia-l mailing list, guidelines at:
> > https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
> > New messages to: [hidden email] <javascript:;>
> > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> > <mailto:[hidden email] <javascript:;>
> ?subject=unsubscribe>
>
> _______________________________________________
> Wikimedia-l mailing list, guidelines at:
> https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
> New messages to: [hidden email] <javascript:;>
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> <mailto:[hidden email] <javascript:;>
> ?subject=unsubscribe>

> It seems like you can either deny James's knowledge of the technical/legal
> overlap or ask him questions, but probably not both :p.
>
> One element I can answer: no, it does not contain flash objects, flash is
> not a technology included in the Wikimedia stack on account of it barely
> being classifiable as a technology.
>
> On Sunday, 1 May 2016, Toby Dollmann <[hidden email]> wrote:
>
> > > It's certainly possible that this is only 'obvious' to me because of my
> > > knowledge of outside organizations or law but it doesn't surprise me.
> >
> > Your reply is not obvious to me. I understand that your employment is
> > exclusively with WMF and you do not appear to be particularly
> > qualified (or experienced) in law.
> >
> > Treating the cookie statement as an explanation / extension of WMF's
> > privacy policy and noting the poster's concern that the WMF legal team
> > have amended certain descriptors for locally stored objects (not
> > cookies) of indeterminate (theoretically infinite) persistence, would
> > you clarify the following technical /legal aspects relating to cookies
> > and their usage on Wikimedia.
> >
> > 1. Whether, or not, editors of Wikimedia websites", say
> > "en.wikipedia.org" or "commons.wikimedia.org", can edit if cookies
> > (broadly construed) are disabled and not stored on client devices.
> >
> > 2. Whether, or not, the locally stored objects referenced in the
> > cookie policy include
> > (i)  Javascript code, or
> > (ii)  Flash objects
> >
> > 3. Whether, or not, the locally stored objects inserted by the WMF, on
> > client computers and stored there, have the capability of collecting
> > extensive personal information of editors, the degree of which not
> > being explicitly disclosed in advance to users.
> >
> > 4. Whether, or not, the WMF is aware that a certain "toxic and
> > juvenile .. problem" [reff#1] WMF sysop (now banned) with extensive
> > knowledge of WMF's checkuser process, the cookie policy and its
> > internals has achieved remarkable technical capability to closely
> > impersonate other editors and get them blocked by a network (aka "porn
> > crew") of surviving cooperative "community appointed" sysops favorably
> > still disposed to him/her. That this problem person (who has also
> > threatened legal action against WMF) extensively uses mobile Wikipedia
> > via "millions of IPs" [ref#2] in multiple languages, including several
> > some fairly obscure ones, for abusive purposes which are 'obviously'
> > related to WMF_legal's recent subject edit.
> >
> > Toby
> >
> > [ref#1] "I should be clear - the problem is not the abuse of me, but
> > the toxic and juvenile environment at Commons. I have never failed in
> > 30 seconds of looking to find a horrifying BLP violation at commons of
> > a photo of an identifiable woman engaged in sexual activity with
> > highly questionable provenance (for example a deleted flickr account).
> > Every time (including tonight) that I go there hoping to see
> > improvement, I am disappointed. And I think that as long as we
> > tolerate it and don't bounce some very bad admins, we will not solve
> > the problem.--Jimbo Wales (talk) 23:04, 14 October 2014 (UTC)"
> >
> > [ref#2]
> >
> https://commons.wikimedia.org/w/index.php?title=User_talk%3AOdder&action=historysubmit&type=revision&diff=194440022&oldid=194439438
> >
> > On 5/2/16, James Alexander <[hidden email] <javascript:;>>
> > wrote:
> > > On Sun, May 1, 2016 at 2:40 PM, Trillium Corsage <
> > [hidden email] <javascript:;>>
> > > wrote:
> > >
> > >> I noticed Michelle Paulson editing the "Cookie Statement" page, and it
> > >> seemed kind of strange to me because I thought it more a technical and
> > IT
> > >> thing to edit. But Michelle is WMF Legal, right
> > >>
> > >
> > > I won't/can't comment on the rest of your questions but I'm confused
> > about
> > > why you would be surprised here... the cookie statement is,
> essentially,
> > a
> > > legal statement/privacy policy "type" document (obviously different but
> > > similar) and just like the privacy policy (or access to non public
> > > information or document retention policy or terms of use or other
> policy
> > > docs along those lines) the cookie statement has been owned by Legal
> for
> > as
> > > long as it's existed (I can attest to that fact since the CA team was
> > asked
> > > to help put it up for them).
> > >
> > > It's certainly possible that this is only 'obvious' to me because of my
> > > knowledge of outside organizations or law but it doesn't surprise me.
> > > Cookie statements are part of the law in some countries (not
> necessarily
> > > ones we have to follow given our position in the US but Europe has laws
> > > about it for example) and so would usually be within the legal
> department
> > > for many organizations. Cookies are also closely tied with privacy and
> > the
> > > privacy policy and so compliance and ensuring that the org stays within
> > > their promises would, also, often fall within the legal department
> > (though
> > > everyone should/does have a hand in ensuring they follow the promises
> the
> > > org as a whole made).
> > >
> > > James Alexander
> > > Manager
> > > Trust & Safety
> > > Wikimedia Foundation
> > > _______________________________________________
> > > Wikimedia-l mailing list, guidelines at:
> > > https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
> > > New messages to: [hidden email] <javascript:;>
> > > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> > > <mailto:[hidden email] <javascript:;>
> > ?subject=unsubscribe>
> >
> > _______________________________________________
> > Wikimedia-l mailing list, guidelines at:
> > https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
> > New messages to: [hidden email] <javascript:;>
> > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> > <mailto:[hidden email] <javascript:;>
> > ?subject=unsubscribe>
> _______________________________________________
> Wikimedia-l mailing list, guidelines at:
> https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
> New messages to: [hidden email]
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> <mailto:[hidden email]?subject=unsubscribe>
>

> Hi Trillium,
>
> These are great questions to ask, thank you for keeping the privacy
> conversation on track!
>
> As a technical employee of the Wikimedia Foundation who would have been
> involved if we were planning significant changes to expand or limit
> tracking, I can confirm that nothing rotten is in the wings.  In fact, the
> situation is better now than ever before (in my 4 years here).  There are
> internal accountability reforms under way to help us make strong guarantees
> about our users' privacy.  A brief investigation into assigning readers
> long-term unique identifiers--in lay person terms the gateway to dystopian
> tracking--opened and was immediately shut again.[1]  Data retention (what
> user data we collect and for how long) policy work is being tightened up,
> and done in public.[2] In Fundraising, we've found a way to measure
> aggregate data about our banner delivery without collecting information
> which lets us correlate anything else about readers.[3]
>
> While I feel good about what's happening now, it would be nice to have
> longer-term assurances that we won't go collectively nuts in the
> unforeseeable future.  I'm not sure what that assurance might look like,
> though...  Democratic stewardship of our shared resources?  Anyway, please
> do keep a critical eye on cookies and their brethren, and if you find
> anything out of joint I'm sure there will be plenty of allies left within
> the Foundation to help set it right.
>
> Regards,
> Adam Wight
> [[mw:User:Adamw]
>
>
> [1] Sorry, there was an all-staff internal discussion but I don't think
> this was published.  The idea at the time was to get our house in order and
> decide whether to start a public conversation about unique IDs.  There
> turned out to be many strong critics of the plan and no real supporters as
> far I could tell, and the initiative was abandoned, to my knowledge.  The
> motivation for the project was to get a better estimate of our unique
> visitor counts (a count of their devices, to be precise).  We've settled on
> the less accurate "last visited" measurement instead, which is described
> here: http://blog.wikimedia.org/2016/03/30/unique-devices-dataset/
> [2] https://meta.wikimedia.org/wiki/Data_retention_guidelines
> [3] https://commons.wikimedia.org/wiki/File:Lightening_banner_history.pdf
>
> On Sun, May 1, 2016 at 9:21 PM, Oliver Keyes <[hidden email]> wrote:
>
> > It seems like you can either deny James's knowledge of the
> technical/legal
> > overlap or ask him questions, but probably not both :p.
> >
> > One element I can answer: no, it does not contain flash objects, flash is
> > not a technology included in the Wikimedia stack on account of it barely
> > being classifiable as a technology.
> >
> > On Sunday, 1 May 2016, Toby Dollmann <[hidden email]> wrote:
> >
> > > > It's certainly possible that this is only 'obvious' to me because of
> my
> > > > knowledge of outside organizations or law but it doesn't surprise me.
> > >
> > > Your reply is not obvious to me. I understand that your employment is
> > > exclusively with WMF and you do not appear to be particularly
> > > qualified (or experienced) in law.
> > >
> > > Treating the cookie statement as an explanation / extension of WMF's
> > > privacy policy and noting the poster's concern that the WMF legal team
> > > have amended certain descriptors for locally stored objects (not
> > > cookies) of indeterminate (theoretically infinite) persistence, would
> > > you clarify the following technical /legal aspects relating to cookies
> > > and their usage on Wikimedia.
> > >
> > > 1. Whether, or not, editors of Wikimedia websites", say
> > > "en.wikipedia.org" or "commons.wikimedia.org", can edit if cookies
> > > (broadly construed) are disabled and not stored on client devices.
> > >
> > > 2. Whether, or not, the locally stored objects referenced in the
> > > cookie policy include
> > > (i)  Javascript code, or
> > > (ii)  Flash objects
> > >
> > > 3. Whether, or not, the locally stored objects inserted by the WMF, on
> > > client computers and stored there, have the capability of collecting
> > > extensive personal information of editors, the degree of which not
> > > being explicitly disclosed in advance to users.
> > >
> > > 4. Whether, or not, the WMF is aware that a certain "toxic and
> > > juvenile .. problem" [reff#1] WMF sysop (now banned) with extensive
> > > knowledge of WMF's checkuser process, the cookie policy and its
> > > internals has achieved remarkable technical capability to closely
> > > impersonate other editors and get them blocked by a network (aka "porn
> > > crew") of surviving cooperative "community appointed" sysops favorably
> > > still disposed to him/her. That this problem person (who has also
> > > threatened legal action against WMF) extensively uses mobile Wikipedia
> > > via "millions of IPs" [ref#2] in multiple languages, including several
> > > some fairly obscure ones, for abusive purposes which are 'obviously'
> > > related to WMF_legal's recent subject edit.
> > >
> > > Toby
> > >
> > > [ref#1] "I should be clear - the problem is not the abuse of me, but
> > > the toxic and juvenile environment at Commons. I have never failed in
> > > 30 seconds of looking to find a horrifying BLP violation at commons of
> > > a photo of an identifiable woman engaged in sexual activity with
> > > highly questionable provenance (for example a deleted flickr account).
> > > Every time (including tonight) that I go there hoping to see
> > > improvement, I am disappointed. And I think that as long as we
> > > tolerate it and don't bounce some very bad admins, we will not solve
> > > the problem.--Jimbo Wales (talk) 23:04, 14 October 2014 (UTC)"
> > >
> > > [ref#2]
> > >
> >
> https://commons.wikimedia.org/w/index.php?title=User_talk%3AOdder&action=historysubmit&type=revision&diff=194440022&oldid=194439438
> > >
> > > On 5/2/16, James Alexander <[hidden email] <javascript:;>>
> > > wrote:
> > > > On Sun, May 1, 2016 at 2:40 PM, Trillium Corsage <
> > > [hidden email] <javascript:;>>
> > > > wrote:
> > > >
> > > >> I noticed Michelle Paulson editing the "Cookie Statement" page, and
> it
> > > >> seemed kind of strange to me because I thought it more a technical
> and
> > > IT
> > > >> thing to edit. But Michelle is WMF Legal, right
> > > >>
> > > >
> > > > I won't/can't comment on the rest of your questions but I'm confused
> > > about
> > > > why you would be surprised here... the cookie statement is,
> > essentially,
> > > a
> > > > legal statement/privacy policy "type" document (obviously different
> but
> > > > similar) and just like the privacy policy (or access to non public
> > > > information or document retention policy or terms of use or other
> > policy
> > > > docs along those lines) the cookie statement has been owned by Legal
> > for
> > > as
> > > > long as it's existed (I can attest to that fact since the CA team was
> > > asked
> > > > to help put it up for them).
> > > >
> > > > It's certainly possible that this is only 'obvious' to me because of
> my
> > > > knowledge of outside organizations or law but it doesn't surprise me.
> > > > Cookie statements are part of the law in some countries (not
> > necessarily
> > > > ones we have to follow given our position in the US but Europe has
> laws
> > > > about it for example) and so would usually be within the legal
> > department
> > > > for many organizations. Cookies are also closely tied with privacy
> and
> > > the
> > > > privacy policy and so compliance and ensuring that the org stays
> within
> > > > their promises would, also, often fall within the legal department
> > > (though
> > > > everyone should/does have a hand in ensuring they follow the promises
> > the
> > > > org as a whole made).
> > > >
> > > > James Alexander
> > > > Manager
> > > > Trust & Safety
> > > > Wikimedia Foundation
> > > > _______________________________________________
> > > > Wikimedia-l mailing list, guidelines at:
> > > > https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
> > > > New messages to: [hidden email] <javascript:;>
> > > > Unsubscribe:
> https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> > > > <mailto:[hidden email] <javascript:;>
> > > ?subject=unsubscribe>
> > >
> > > _______________________________________________
> > > Wikimedia-l mailing list, guidelines at:
> > > https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
> > > New messages to: [hidden email] <javascript:;>
> > > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> > > <mailto:[hidden email] <javascript:;>
> > > ?subject=unsubscribe>
> > _______________________________________________
> > Wikimedia-l mailing list, guidelines at:
> > https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
> > New messages to: [hidden email]
> > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> > <mailto:[hidden email]?subject=unsubscribe>
> >
> _______________________________________________
> Wikimedia-l mailing list, guidelines at:
> https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
> New messages to: [hidden email]
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> <mailto:[hidden email]?subject=unsubscribe>
>

> On Sun, May 1, 2016 at 9:21 PM, Oliver Keyes <[hidden email]
> <javascript:;>> wrote:
>
> > One element I can answer: no, it does not contain flash objects, flash is
> > not a technology included in the Wikimedia stack on account of it barely
> > being classifiable as a technology.
> >
>
> There is one use of Flash in our tech stack: audio output for media
> playback on Internet Explorer when using our JavaScript Ogg playback
> compatibility library.

>
> This is a small shim which does not use cookies or any other type of local
> storage, which is why it is not listed on a page about cookies.
>
> Here's the source code of the Flash component; feel free to review it for
> security:
>
> https://github.com/brion/audio-feeder/blob/master/src/dynamicaudio.as
>
>
> On Sunday, 1 May 2016, Toby Dollmann <[hidden email]
> <javascript:;>> wrote:
> > > 1. Whether, or not, editors of Wikimedia websites", say
> > > "en.wikipedia.org" or "commons.wikimedia.org", can edit if cookies
> > > (broadly construed) are disabled and not stored on client devices.
> >
>
> Like every other site on the world wide web, MediaWiki uses cookies to
> maintain login state. If you disable cookies, login will not work and your
> edits will not be attributed to your account.
>
> Editing "anonymously" without cookies works, but reveals your IP address in
> a permanent public way.
>
>
> > > 2. Whether, or not, the locally stored objects referenced in the
> > > cookie policy include
> > > (i)  Javascript code, or
> >
>
> MediaWiki's ResourceLoader can and does cache JavaScript module code in
> localStorage. This code has no special privileges or abilities because of
> that; it just takes up a tiny bit of space on your disk.
>
>
> > > (ii)  Flash objects
> >
>
> No, no Flash code is stored in cookies or localStorage.
>
>
> > >
> > > 3. Whether, or not, the locally stored objects inserted by the WMF, on
> > > client computers and stored there, have the capability of collecting
> > > extensive personal information of editors, the degree of which not
> > > being explicitly disclosed in advance to users.
> >
>
> No, they are just data until they are executed, at which point they are
> just code, same as code loaded straight from the server. That code can do
> nothing special that it could not already do.
>
> -- brion
> _______________________________________________
> Wikimedia-l mailing list, guidelines at:
> https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
> New messages to: [hidden email] <javascript:;>
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> <mailto:[hidden email] <javascript:;>
> ?subject=unsubscribe>