[Wikimedia-l] Open and recorded WMF Board meetings

classic Classic list List threaded Threaded
99 messages Options
12345
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] Open and recorded WMF Board meetings

Pete Forsyth-2
On Fri, Apr 15, 2016 at 2:42 PM, Trillium Corsage <[hidden email]>
wrote:
>
> Jimbo responded to arbitrator GorillaWarfare on this list, basically,
> "yes, I supported with sadness the decision to dismiss Lila."


Wait -- seriously??

I missed this piece until today. But if this is true, it is huge.

Lila's departure was publicly communicated as a resignation -- not as a
"decision [by the board] to dismiss."

Jimmy Wales has been quite vocal about wanting to defer to the board on
what should and should not be communicated.

In this instance, did he seriously acknowledge a vote that was kept private?

So...Jimmy Wales can share confidential information when it seems
personally convenient to him, but can withhold it when it seems personally
convenient to him -- is that the standard?

-Pete
[[User:Peteforsyth]]
_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
New messages to: [hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] Open and recorded WMF Board meetings

Anthony Cole
In reply to this post by Anthony Cole
The Signpost has just published the October 2015 email exchange between
James and Jimmy - the exchange that Jimmy wouldn't release.

https://en.wikipedia.org/wiki/Wikipedia:Wikipedia_Signpost/2016-04-24/Op-ed

Thank you Signpost.



Anthony Cole


On Tue, Apr 26, 2016 at 8:19 AM, Anthony Cole <[hidden email]> wrote:

> This is getting ridiculous.
>
> Jimmy, you quoted from an email exchange with James. James claims this
> selective quoting distorted the nature of the exchange. You have been asked
> to publish the entire exchange. The only other party to that exchange
> (James) wants it published. As Fae and others have repeatedly pointed out,
> you may simply redact any confidential board information. Your explanations
> for not releasing the whole exchange are an insult to our intelligence and
> your refusal to do so is a display of contempt.
>
> James is a genuine leader and spokesperson, elected by the community.
>
> What are you?
>
> You happened to be there when your failed encyclopaedia, thanks to Larry's
> idea to use a wiki and thanks to the energy and determination of the
> community, exploded before your eyes into this amazing thing.
>
> Now, you pretend to be the genius behind Wikipedia. Now, you pose as the
> humanitarian who gave away the encyclopaedia because "it was the right
> thing to do" (when, in reality, you relinquished it because the community
> wouldn't allow you to monetise it). Now, you make a nice living off this
> charade.
>
> You can take that story with you and, I'm sure, for a while at least,
> you'll still be able to dine out on it. But you're in the way here. It's
> time to move on from the board and from your self-appointed role as
> "spokesperson for the community".
>
> We need honest, hard working people who genuinely represent us in a
> public-facing role, not a deceitful, self-aggrandising, opportunistic
> squatter.
>
>
> Anthony Cole
>
>
> On Sat, Apr 23, 2016 at 8:49 PM, Oliver Keyes <[hidden email]> wrote:
>
>> On Saturday, 23 April 2016, Gerard Meijssen <[hidden email]>
>> wrote:
>>
>> > Hoi,
>> > Governance worth a damn... <grin> Did you know that I introduced Jan
>> Bart
>> > to Jimmy </grin> the rest is also history.
>>
>>
>> Yes Gerard, you're very very important. Much more so than me. Well done.
>>
>> >
>> > But honestly. In the final analysis the more importance is given to the
>> > board, the more it shows a dysfunctional movement. When governance is so
>> > relevant, the first thing to do is not to micro-manage. That is what the
>> > board is not supposed to do and when something did not go right,
>> remember
>> > that they are people. Ask yourself how we as a movement suffer instead
>> or
>> > when you find that a certain behaviour did not win the beauty contest.
>> >
>> >
>> I know the board are people. I also know the people their actions affect
>> are people. I am agreed that the board is too prominent - see also the
>> spinoff thread - and given too much importance. But when the board sets
>> direction on almost everything that costs money, it's function or
>> dysfunction is absolutely an 'important thing'
>>
>> I'm going to drop this thread because it is relatively clear we are not
>> making any progress, in either direction, on convincing the other one
>> we're
>> right. But hey, at least neither of us demanded the other question their
>> own sanity :p
>>
>>
>> > This whole affair is backward. It does not help us forward, it does
>> hinder
>> > and it takes energy away from those things that really matter.
>> > Thanks,
>> >        GerardM
>> >
>> > On 17 April 2016 at 22:13, Oliver Keyes <[hidden email]
>> > <javascript:;>> wrote:
>> >
>> > > On Sun, Apr 17, 2016 at 3:55 PM, Gerard Meijssen
>> > > <[hidden email] <javascript:;>> wrote:
>> > > > Hoi,
>> > > > So when as a result of your yihad the worst of what you imagine
>> comes
>> > > out,
>> > > > the most you have achieved is that you can say "this is why I think
>> he
>> > is
>> > > > an asshole". Then what. It does not change a thing. We are still
>> intend
>> > > on
>> > > > sharing the sum of all knowledge. You still have to do a lot of
>> > > convincing
>> > > > before most other people would agree with you.
>> > > >
>> > > > The problem with your single issue approach is achieves more turmoil
>> > than
>> > > > anything else. I fail to understand people like you. It is no longer
>> > > about
>> > > > what we hope to achieve. I have tried to engage you in meaningful
>> talk
>> > > but
>> > > > for me it failed.
>> > >
>> > > From what I can see, "what we hope to achieve" is governance worth a
>> > > damn. It's people in key positions not using those positions as
>> > > weapons. It's people taking empathy and consideration and fiduciary
>> > > duties seriously. Now, if the absence of these doesn't affect you, I'm
>> > > profoundly jealous, but the fact that you do not understand why
>> > > Jimmy's behaviour makes it difficult to claim he's a suitable
>> > > participant in Wikimedia's governance does not change that a lot of
>> > > other people do have concerns - not just me, not just Andreas.
>> > >
>> > > >
>> > > > The one question that I have. In all your hiha I have not understood
>> > that
>> > > > you understand what it is what Jimmy uniquely brings to our
>> community.
>> > He
>> > > > is really effective as an ambassador for what we do. In this there
>> is
>> > > noone
>> > > > who can replace him. How do you want to replace him. Arguably the
>> > latest
>> > > > crop of board members have shown how hard it is in the first place
>> to
>> > > make
>> > > > a meaningful contribution.
>> > >
>> > > Who said anything about replacing him as an ambassador? When Jimmy is
>> > > mentioned in the media it's in the context of being Wikipedia's
>> > > founder, not one of a dozen-odd board members, and unless there's an
>> > > IEG for the invention of a TARDIS I don't think anyone is removing his
>> > > founder status. The question is simply whether he is a suitable person
>> > > to indefinitely sit on the Board of Trustees, making governance
>> > > decisions, given the behaviour he has shown.
>> > >
>> > > > Thanks,
>> > > >        GerardM
>> > > >
>> > > > On 17 April 2016 at 20:20, Andreas Kolbe <[hidden email]
>> > <javascript:;>> wrote:
>> > > >
>> > > >> On March 21, Jimmy posted excerpts from an email conversation he'd
>> had
>> > > with
>> > > >> James Heilman on his Wikipedia user talk page, making further
>> > > allegations
>> > > >> against James.[1]
>> > > >>
>> > > >> James replied twice:
>> > > >>
>> > > >> <quote>
>> > > >>
>> > > >> Jimmy Wales' summary above of our email correspondence is far from
>> > > >> complete, and is not an accurate representation of the overall
>> > > discussion.
>> > > >> Doc James (talk · contribs · email) 01:22, 24 March 2016 (UTC)
>> > > >>
>> > > >> Jimbo, you quoted some passages of our mails above. Would you have
>> any
>> > > >> objection to my posting the complete exchange, so that the parts
>> you
>> > > quoted
>> > > >> can be seen in context? Doc James (talk · contribs · email) 01:09,
>> 31
>> > > March
>> > > >> 2016 (UTC)
>> > > >>
>> > > >> <end of quote>
>> > > >>
>> > > >> Jimmy Wales ignored the latter question until the thread was
>> archived.
>> > > >>
>> > > >> So – will the community get to see the complete exchange or not, so
>> > that
>> > > >> everyone can judge for themselves how it was misrepresented by
>> Jimmy's
>> > > >> selective quoting?
>> > > >>
>> > > >>
>> > > >> [1]
>> > > >>
>> > > >>
>> > >
>> >
>> https://en.wikipedia.org/wiki/User_talk:Jimbo_Wales/Archive_206#What_James_said_publicly_.282.29
>> > > >>
>> > > >> On Mon, Apr 11, 2016 at 12:37 PM, Fæ <[hidden email]
>> <javascript:;>>
>> > wrote:
>> > > >>
>> > > >> > If we are going to have more elections, can we please hold Jimmy
>> to
>> > > >> > account this year rather than waiting for him to leave the board
>> > under
>> > > >> > his own steam?
>> > > >> >
>> > > >> > His use of "utter fucking bullshit", then using these distraction
>> > > >> > politics to avoid answering basic questions intended to deal with
>> > his
>> > > >> > repeated public allegations of lying against a respected
>> community
>> > > >> > member, is not what the Wikimedia movement needs or wants from a
>> > > >> > Trustee, or someone who represents the movement to the press.
>> > > >> >
>> > > >> > If Jimmy were a WMF employee, he'd be gone by now.
>> > > >> >
>> > > >> > P.S. We are still waiting for Jimmy to publish his interviews
>> with
>> > WMF
>> > > >> > employees resulting from his trip to SF, when he was claiming to
>> act
>> > > >> > for the WMF board, I can't be bothered to work out how many weeks
>> > ago
>> > > >> > that was. Is this sort of promise that Jimmy would call
>> "bullshit"
>> > if
>> > > >> > it was yet another person he had an ongoing feud with?
>> > > >> >
>> > > >> > Fae
>> > > >> >
>> > > >> > On 11 April 2016 at 12:24, Andy Mabbett <
>> [hidden email]
>> > <javascript:;>>
>> > > >> wrote:
>> > > >> > > On 23 March 2016 at 11:48, Andy Mabbett <
>> > [hidden email] <javascript:;>>
>> > > >> > wrote:
>> > > >> > >> On 23 March 2016 at 10:01, Jimmy Wales <
>> [hidden email]
>> > <javascript:;>>
>> > > >> > wrote:
>> > > >> > >>
>> > > >> > >>> But I did publish something on my user talk page that is
>> > relevant.
>> > > >> > >>
>> > > >> > >> Diff, please.
>> > > >> > >
>> > > >> > > Answer came there none...
>> > > >> >
>> > > >> > _______________________________________________
>> > > >> > Wikimedia-l mailing list, guidelines at:
>> > > >> > https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
>> > > >> > New messages to: [hidden email] <javascript:;>
>> > > >> > Unsubscribe:
>> > https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
>> > > ,
>> > > >> > <mailto:[hidden email] <javascript:;>
>> > ?subject=unsubscribe>
>> > > >> >
>> > > >> _______________________________________________
>> > > >> Wikimedia-l mailing list, guidelines at:
>> > > >> https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
>> > > >> New messages to: [hidden email] <javascript:;>
>> > > >> Unsubscribe:
>> https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
>> > ,
>> > > >> <mailto:[hidden email] <javascript:;>
>> > ?subject=unsubscribe>
>> > > >>
>> > > > _______________________________________________
>> > > > Wikimedia-l mailing list, guidelines at:
>> > > https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
>> > > > New messages to: [hidden email] <javascript:;>
>> > > > Unsubscribe:
>> https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
>> > > <mailto:[hidden email] <javascript:;>
>> > ?subject=unsubscribe>
>> > >
>> > > _______________________________________________
>> > > Wikimedia-l mailing list, guidelines at:
>> > > https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
>> > > New messages to: [hidden email] <javascript:;>
>> > > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
>> ,
>> > > <mailto:[hidden email] <javascript:;>
>> > ?subject=unsubscribe>
>> > >
>> > _______________________________________________
>> > Wikimedia-l mailing list, guidelines at:
>> > https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
>> > New messages to: [hidden email] <javascript:;>
>> > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
>> > <mailto:[hidden email] <javascript:;>
>> > ?subject=unsubscribe>
>> _______________________________________________
>> Wikimedia-l mailing list, guidelines at:
>> https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
>> New messages to: [hidden email]
>> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
>> <mailto:[hidden email]?subject=unsubscribe>
>>
>
>
_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
New messages to: [hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] Open and recorded WMF Board meetings

Craig Franklin
In reply to this post by Pete Forsyth-2
I imagine that this is the email that Trillium is referring to, for those
who are just joining us:

https://lists.wikimedia.org/pipermail/wikimedia-l/2016-February/082566.html

Whether he means that he supported her "dismissal" or supported her
"resignation" is left to the reader.

Cheers,
Craig



On 26 April 2016 at 10:49, Pete Forsyth <[hidden email]> wrote:

> On Fri, Apr 15, 2016 at 2:42 PM, Trillium Corsage <[hidden email]
> >
> wrote:
> >
> > Jimbo responded to arbitrator GorillaWarfare on this list, basically,
> > "yes, I supported with sadness the decision to dismiss Lila."
>
>
> Wait -- seriously??
>
> I missed this piece until today. But if this is true, it is huge.
>
> Lila's departure was publicly communicated as a resignation -- not as a
> "decision [by the board] to dismiss."
>
> Jimmy Wales has been quite vocal about wanting to defer to the board on
> what should and should not be communicated.
>
> In this instance, did he seriously acknowledge a vote that was kept
> private?
>
> So...Jimmy Wales can share confidential information when it seems
> personally convenient to him, but can withhold it when it seems personally
> convenient to him -- is that the standard?
>
> -Pete
> [[User:Peteforsyth]]
> _______________________________________________
> Wikimedia-l mailing list, guidelines at:
> https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
> New messages to: [hidden email]
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> <mailto:[hidden email]?subject=unsubscribe>
>
_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
New messages to: [hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] Open and recorded WMF Board meetings

John Mark Vandenberg
On 26 Apr 2016 09:25, "Craig Franklin" <[hidden email]> wrote:
>
> I imagine that this is the email that Trillium is referring to, for those
> who are just joining us:
>
>
https://lists.wikimedia.org/pipermail/wikimedia-l/2016-February/082566.html
>
> Whether he means that he supported her "dismissal" or supported her
> "resignation" is left to the reader.

My reading of that is Jimmy supported her "departure" with sadness.
i.e. he avoids indicating how the departure occurred; neither dismissal nor
resignation.

No doubt that type of phrasing is in the HR handbook for situations like
this, to avoid pain or legal disputes after the fact.

Thank you Craig for nipping this one in the bud.

--
John
_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
New messages to: [hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] Open and recorded WMF Board meetings

Trillium Corsage
26.04.2016, 03:25, "John Mark Vandenberg" <[hidden email]>:

> My reading of that is Jimmy supported her "departure" with sadness.
> i.e. he avoids indicating how the departure occurred; neither dismissal nor
> resignation.
>
> No doubt that type of phrasing is in the HR handbook for situations like
> this, to avoid pain or legal disputes after the fact.
>
> Thank you Craig for nipping this one in the bud.

Craig gave the right link. Here's the exact exchange.

Gorillawarfare: I would love to know whether you supported Lila Tretikov's departure. It is clear that she did not up and resign on her own, and I would like to know if you were one of the folks who thought her departure would be beneficial, or if you preferred she "weather the storm," so to speak.

Jimbo Wales: I supported it with sadness.  The whole thing is a sad train wreck.

Yeah, it's accurate no-one says the word "dismissal." That was my interpretation of it based on recollection, I wasn't trying to introduce a new concept to anything.

I don't understand why we're walking on eggshells really. Jimbo "supported her departure with sadness." It seems pretty clear he's not referring to getting misty-eyed over cake at Lila's farewell party. He did something. He's not quarreling with Gorillawarfare's take that "she did not up and resign on her own."

As just an observer from afar, I liked Lila and thought she was doing a good job. She hired a child-protection person for one thing. However I've heard about the employee poll that said she really was failing to get support from the ranks, and I'm in no position to second-guess that. And then a couple months ago, she's getting bashed right and left on this very list, with a person going so far as to say she should "choke on shame" and "just go away." With no objection from the list moderators.Jimbo is going bonkers on James Heilman regarding his characterization of "Knowledge Engine." And of course Lila was a proponent of that. All the same, her resignation came quickly and as a surprise to me.

If the board had no discussion on her future and did NOT ask for or otherwise overtly encourage her resignation, it would be easy enough for any one of them to say that. If they on the other hand actually did meet or tele-conference and vote on it, that's the meeting I wanted minutes for. And obviously (thank Risker!) this doesn't mean I want to gawk at gossipy details of trustees criticizing her, I just would like to know which trustees gave the thumbs down, which didn't, and which introduced the motion. Is this secret HR stuff that would embarrass Lila? It doesn't seem that way to me. There've been a dozen news stories on her leaving, and none have reported it was on wonderful terms all around. So what's the big deal?

Publish the minutes or say "there was no meeting, there are no minutes."

Trillium Corsage

_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
New messages to: [hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] Open and recorded WMF Board meetings

Nathan Awrich
In reply to this post by Pete Forsyth-2
On Mon, Apr 25, 2016 at 8:49 PM, Pete Forsyth <[hidden email]> wrote:

> On Fri, Apr 15, 2016 at 2:42 PM, Trillium Corsage <[hidden email]
> >
> wrote:
> >
> > Jimbo responded to arbitrator GorillaWarfare on this list, basically,
> > "yes, I supported with sadness the decision to dismiss Lila."
>
>
> Wait -- seriously??
>

No, it's a false quote. I don't know if Trillium falsified the quote or if
he/she picked it up from a different source. Asked if he supported her
departure, he wrote "I supported it with sadness. The whole thing is a sad
train wreck."

 https://lists.wikimedia.org/pipermail/wikimedia-l/2016-February/082566.html
_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
New messages to: [hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

[Wikimedia-l] Fwd: Open and recorded WMF Board meetings

Pete Forsyth-2
Trillium Corsage apparently tried to address this issue, but their message
has not gotten through email list moderation. I've included it below.

My reaction: I should paid more heed to Trillium's qualifier "basically."
Jimmy Wales didn't commit the egregious error I thought was being reported.
Still, I do feel that Wales' choices about what to say and what not to say
have been erratic (from the perspective of what's best for the movement and
the WMF) and self-serving. I can't think of other examples of an
organization's board members publicly commenting on whether or not they
supported an employee's departure. It seems to me there are very good
reasons not to get into that.

-Pete
[[User:Peteforsyth]]


---------- Forwarded message ----------
From: Trillium Corsage <[hidden email]>
Date: Tue, Apr 26, 2016 at 7:02 AM
Subject: Re: [Wikimedia-l] Open and recorded WMF Board meetings
To: [hidden email], [hidden email]




26.04.2016, 14:32, "Nathan" <[hidden email]>:
> On Mon, Apr 25, 2016 at 8:49 PM, Pete Forsyth <[hidden email]>
wrote:
>
>>  On Fri, Apr 15, 2016 at 2:42 PM, Trillium Corsage <
[hidden email]

>>  >
>>  wrote:
>>  >
>>  > Jimbo responded to arbitrator GorillaWarfare on this list, basically,
>>  > "yes, I supported with sadness the decision to dismiss Lila."
>>
>>  Wait -- seriously??
>
> No, it's a false quote. I don't know if Trillium falsified the quote or if
> he/she picked it up from a different source. Asked if he supported her
> departure, he wrote "I supported it with sadness. The whole thing is a sad
> train wreck."

Whoa whoa whoa. I answered this yesterday, but my emails have to be
approved by a moderator and none has done so. Here's the relevant part of
the email:

<begin excerpt>

Craig gave the right link. Here's the exact exchange.

Gorillawarfare: I would love to know whether you supported Lila Tretikov's
departure. It is clear that she did not up and resign on her own, and I
would like to know if you were one of the folks who thought her departure
would be beneficial, or if you preferred she "weather the storm," so to
speak.

Jimbo Wales: I supported it with sadness. The whole thing is a sad train
wreck.

Yeah, it's accurate no-one says the word "dismissal." That was my
interpretation of it based on recollection, I wasn't trying to introduce a
new concept to anything.

<end excerpt>

That was my good-faith memory-based paraphrase of it, not any "false
quote." I'd also argue that the contextual part where Gorilla says "she did
not up and resign on her own" --which is not disputed by Wales-- should
figure into any interpretation of the exchange.

I also said "basically," which clues the reader in that it was paraphrase,
not quote. I didn't do this for any polemic reason either, I just genuinely
didn't have the exchange in front of me.

Pete, I'd appreciate if you'd convey my position on this matter to the list
if my own email doesn't appear by a few hours.

Trillium Corsage
_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
New messages to: [hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

[Wikimedia-l] What New Thing is WMF Doing w. Cookies, & Why is Legal Involved?

Trillium Corsage
In reply to this post by Trillium Corsage
I noticed Michelle Paulson editing the "Cookie Statement" page, and it seemed kind of strange to me because I thought it more a technical and IT thing to edit. But Michelle is WMF Legal, right?

Is WMF doing something new (or newish, maybe I'm a little late in picking up on this) with cookies? Can someone describe to me what that is, in layman's terms?

Is it about third-party marketing and working up personal profiles of editors and readers? What sort of new information is the WMF gathering, if it is, on editors and readers?

Are there privacy concerns we should be worried about?

Will the information gathered by the cookies be made available to the anonymous administrative "volunteers" the WMF grants access to the non-public information of editors? The so-called "sockpuppet investigators" and so forth?

Here: https://wikimediafoundation.org/w/index.php?title=Cookie_statement&action=historysubmit&type=revision&diff=105722&oldid=104960.

Trillium Corsage

_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
New messages to: [hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] What New Thing is WMF Doing w. Cookies, & Why is Legal Involved?

James Alexander-4
On Sun, May 1, 2016 at 2:40 PM, Trillium Corsage <[hidden email]>
wrote:

> I noticed Michelle Paulson editing the "Cookie Statement" page, and it
> seemed kind of strange to me because I thought it more a technical and IT
> thing to edit. But Michelle is WMF Legal, right
>

I won't/can't comment on the rest of your questions but I'm confused about
why you would be surprised here... the cookie statement is, essentially, a
legal statement/privacy policy "type" document (obviously different but
similar) and just like the privacy policy (or access to non public
information or document retention policy or terms of use or other policy
docs along those lines) the cookie statement has been owned by Legal for as
long as it's existed (I can attest to that fact since the CA team was asked
to help put it up for them).

It's certainly possible that this is only 'obvious' to me because of my
knowledge of outside organizations or law but it doesn't surprise me.
Cookie statements are part of the law in some countries (not necessarily
ones we have to follow given our position in the US but Europe has laws
about it for example) and so would usually be within the legal department
for many organizations. Cookies are also closely tied with privacy and the
privacy policy and so compliance and ensuring that the org stays within
their promises would, also, often fall within the legal department (though
everyone should/does have a hand in ensuring they follow the promises the
org as a whole made).

James Alexander
Manager
Trust & Safety
Wikimedia Foundation
_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
New messages to: [hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] What New Thing is WMF Doing w. Cookies, & Why is Legal Involved?

Oliver Keyes-5
In reply to this post by Trillium Corsage
Honestly this is kind of a bewildering set of hypotheticals to me.

You worry wikimedia is gathering new data and maybe selling it to marketers
and maybe releasing it to the community, or not, or some of them, or all of
them, based on:

An edit titled 'fixed two errors in cookie names' which...well, fixed two
errors in cookie names.[0] that's all the revision appears to contain.

Legal editing the cookie statement seems pretty usual to me, and the edit
(self-evidently) had nothing to do with changes to what is gathered. It was
copyediting.

There are a lot of things the Foundation does it could communicate better,
but legal tends to do a pretty good job: this edit is really evidence of
that since it's senior counsel taking time to make very very sure they are
reporting to our users precisely what is going on. If the WMF were to start
selling a reading list to Facebook, I'm pretty sure there'd be an
announcement, and I'm absolutely certain the policy change would need to
consist of a bit more than two typo corrections.

[0]
https://wikimediafoundation.org/w/index.php?title=Cookie_statement&type=revision&diff=105722&oldid=104960

On Sunday, 1 May 2016, Trillium Corsage <[hidden email]> wrote:

> I noticed Michelle Paulson editing the "Cookie Statement" page, and it
> seemed kind of strange to me because I thought it more a technical and IT
> thing to edit. But Michelle is WMF Legal, right?
>
> Is WMF doing something new (or newish, maybe I'm a little late in picking
> up on this) with cookies? Can someone describe to me what that is, in
> layman's terms?
>
> Is it about third-party marketing and working up personal profiles of
> editors and readers? What sort of new information is the WMF gathering, if
> it is, on editors and readers?
>
> Are there privacy concerns we should be worried about?
>
> Will the information gathered by the cookies be made available to the
> anonymous administrative "volunteers" the WMF grants access to the
> non-public information of editors? The so-called "sockpuppet investigators"
> and so forth?
>
> Here:
> https://wikimediafoundation.org/w/index.php?title=Cookie_statement&action=historysubmit&type=revision&diff=105722&oldid=104960
> .
>
> Trillium Corsage
>
> _______________________________________________
> Wikimedia-l mailing list, guidelines at:
> https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
> New messages to: [hidden email] <javascript:;>
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> <mailto:[hidden email] <javascript:;>
> ?subject=unsubscribe>
_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
New messages to: [hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] What New Thing is WMF Doing w. Cookies, & Why is Legal Involved?

Vi to
In reply to this post by Trillium Corsage
Edits didn't affect the content of the policy actually. Also a cookie
policy is essentially a legal stuff, I'd be surprised to *don't *see the
legal team editing it.

As a "sockpuppet investigator" I never rely upon cookies, I prefer
fingerprints and social security numbers.

Vito

2016-05-01 23:40 GMT+02:00 Trillium Corsage <[hidden email]>:

> I noticed Michelle Paulson editing the "Cookie Statement" page, and it
> seemed kind of strange to me because I thought it more a technical and IT
> thing to edit. But Michelle is WMF Legal, right?
>
> Is WMF doing something new (or newish, maybe I'm a little late in picking
> up on this) with cookies? Can someone describe to me what that is, in
> layman's terms?
>
> Is it about third-party marketing and working up personal profiles of
> editors and readers? What sort of new information is the WMF gathering, if
> it is, on editors and readers?
>
> Are there privacy concerns we should be worried about?
>
> Will the information gathered by the cookies be made available to the
> anonymous administrative "volunteers" the WMF grants access to the
> non-public information of editors? The so-called "sockpuppet investigators"
> and so forth?
>
> Here:
> https://wikimediafoundation.org/w/index.php?title=Cookie_statement&action=historysubmit&type=revision&diff=105722&oldid=104960
> .
>
> Trillium Corsage
>
> _______________________________________________
> Wikimedia-l mailing list, guidelines at:
> https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
> New messages to: [hidden email]
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> <mailto:[hidden email]?subject=unsubscribe>
_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
New messages to: [hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] What New Thing is WMF Doing w. Cookies, & Why is Legal Involved?

Toby Dollmann
In reply to this post by James Alexander-4
> It's certainly possible that this is only 'obvious' to me because of my
> knowledge of outside organizations or law but it doesn't surprise me.

Your reply is not obvious to me. I understand that your employment is
exclusively with WMF and you do not appear to be particularly
qualified (or experienced) in law.

Treating the cookie statement as an explanation / extension of WMF's
privacy policy and noting the poster's concern that the WMF legal team
have amended certain descriptors for locally stored objects (not
cookies) of indeterminate (theoretically infinite) persistence, would
you clarify the following technical /legal aspects relating to cookies
and their usage on Wikimedia.

1. Whether, or not, editors of Wikimedia websites", say
"en.wikipedia.org" or "commons.wikimedia.org", can edit if cookies
(broadly construed) are disabled and not stored on client devices.

2. Whether, or not, the locally stored objects referenced in the
cookie policy include
(i)  Javascript code, or
(ii)  Flash objects

3. Whether, or not, the locally stored objects inserted by the WMF, on
client computers and stored there, have the capability of collecting
extensive personal information of editors, the degree of which not
being explicitly disclosed in advance to users.

4. Whether, or not, the WMF is aware that a certain "toxic and
juvenile .. problem" [reff#1] WMF sysop (now banned) with extensive
knowledge of WMF's checkuser process, the cookie policy and its
internals has achieved remarkable technical capability to closely
impersonate other editors and get them blocked by a network (aka "porn
crew") of surviving cooperative "community appointed" sysops favorably
still disposed to him/her. That this problem person (who has also
threatened legal action against WMF) extensively uses mobile Wikipedia
via "millions of IPs" [ref#2] in multiple languages, including several
some fairly obscure ones, for abusive purposes which are 'obviously'
related to WMF_legal's recent subject edit.

Toby

[ref#1] "I should be clear - the problem is not the abuse of me, but
the toxic and juvenile environment at Commons. I have never failed in
30 seconds of looking to find a horrifying BLP violation at commons of
a photo of an identifiable woman engaged in sexual activity with
highly questionable provenance (for example a deleted flickr account).
Every time (including tonight) that I go there hoping to see
improvement, I am disappointed. And I think that as long as we
tolerate it and don't bounce some very bad admins, we will not solve
the problem.--Jimbo Wales (talk) 23:04, 14 October 2014 (UTC)"

[ref#2] https://commons.wikimedia.org/w/index.php?title=User_talk%3AOdder&action=historysubmit&type=revision&diff=194440022&oldid=194439438

On 5/2/16, James Alexander <[hidden email]> wrote:

> On Sun, May 1, 2016 at 2:40 PM, Trillium Corsage <[hidden email]>
> wrote:
>
>> I noticed Michelle Paulson editing the "Cookie Statement" page, and it
>> seemed kind of strange to me because I thought it more a technical and IT
>> thing to edit. But Michelle is WMF Legal, right
>>
>
> I won't/can't comment on the rest of your questions but I'm confused about
> why you would be surprised here... the cookie statement is, essentially, a
> legal statement/privacy policy "type" document (obviously different but
> similar) and just like the privacy policy (or access to non public
> information or document retention policy or terms of use or other policy
> docs along those lines) the cookie statement has been owned by Legal for as
> long as it's existed (I can attest to that fact since the CA team was asked
> to help put it up for them).
>
> It's certainly possible that this is only 'obvious' to me because of my
> knowledge of outside organizations or law but it doesn't surprise me.
> Cookie statements are part of the law in some countries (not necessarily
> ones we have to follow given our position in the US but Europe has laws
> about it for example) and so would usually be within the legal department
> for many organizations. Cookies are also closely tied with privacy and the
> privacy policy and so compliance and ensuring that the org stays within
> their promises would, also, often fall within the legal department (though
> everyone should/does have a hand in ensuring they follow the promises the
> org as a whole made).
>
> James Alexander
> Manager
> Trust & Safety
> Wikimedia Foundation
> _______________________________________________
> Wikimedia-l mailing list, guidelines at:
> https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
> New messages to: [hidden email]
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> <mailto:[hidden email]?subject=unsubscribe>

_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
New messages to: [hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] What New Thing is WMF Doing w. Cookies, & Why is Legal Involved?

Oliver Keyes-5
It seems like you can either deny James's knowledge of the technical/legal
overlap or ask him questions, but probably not both :p.

One element I can answer: no, it does not contain flash objects, flash is
not a technology included in the Wikimedia stack on account of it barely
being classifiable as a technology.

On Sunday, 1 May 2016, Toby Dollmann <[hidden email]> wrote:

> > It's certainly possible that this is only 'obvious' to me because of my
> > knowledge of outside organizations or law but it doesn't surprise me.
>
> Your reply is not obvious to me. I understand that your employment is
> exclusively with WMF and you do not appear to be particularly
> qualified (or experienced) in law.
>
> Treating the cookie statement as an explanation / extension of WMF's
> privacy policy and noting the poster's concern that the WMF legal team
> have amended certain descriptors for locally stored objects (not
> cookies) of indeterminate (theoretically infinite) persistence, would
> you clarify the following technical /legal aspects relating to cookies
> and their usage on Wikimedia.
>
> 1. Whether, or not, editors of Wikimedia websites", say
> "en.wikipedia.org" or "commons.wikimedia.org", can edit if cookies
> (broadly construed) are disabled and not stored on client devices.
>
> 2. Whether, or not, the locally stored objects referenced in the
> cookie policy include
> (i)  Javascript code, or
> (ii)  Flash objects
>
> 3. Whether, or not, the locally stored objects inserted by the WMF, on
> client computers and stored there, have the capability of collecting
> extensive personal information of editors, the degree of which not
> being explicitly disclosed in advance to users.
>
> 4. Whether, or not, the WMF is aware that a certain "toxic and
> juvenile .. problem" [reff#1] WMF sysop (now banned) with extensive
> knowledge of WMF's checkuser process, the cookie policy and its
> internals has achieved remarkable technical capability to closely
> impersonate other editors and get them blocked by a network (aka "porn
> crew") of surviving cooperative "community appointed" sysops favorably
> still disposed to him/her. That this problem person (who has also
> threatened legal action against WMF) extensively uses mobile Wikipedia
> via "millions of IPs" [ref#2] in multiple languages, including several
> some fairly obscure ones, for abusive purposes which are 'obviously'
> related to WMF_legal's recent subject edit.
>
> Toby
>
> [ref#1] "I should be clear - the problem is not the abuse of me, but
> the toxic and juvenile environment at Commons. I have never failed in
> 30 seconds of looking to find a horrifying BLP violation at commons of
> a photo of an identifiable woman engaged in sexual activity with
> highly questionable provenance (for example a deleted flickr account).
> Every time (including tonight) that I go there hoping to see
> improvement, I am disappointed. And I think that as long as we
> tolerate it and don't bounce some very bad admins, we will not solve
> the problem.--Jimbo Wales (talk) 23:04, 14 October 2014 (UTC)"
>
> [ref#2]
> https://commons.wikimedia.org/w/index.php?title=User_talk%3AOdder&action=historysubmit&type=revision&diff=194440022&oldid=194439438
>
> On 5/2/16, James Alexander <[hidden email] <javascript:;>>
> wrote:
> > On Sun, May 1, 2016 at 2:40 PM, Trillium Corsage <
> [hidden email] <javascript:;>>
> > wrote:
> >
> >> I noticed Michelle Paulson editing the "Cookie Statement" page, and it
> >> seemed kind of strange to me because I thought it more a technical and
> IT
> >> thing to edit. But Michelle is WMF Legal, right
> >>
> >
> > I won't/can't comment on the rest of your questions but I'm confused
> about
> > why you would be surprised here... the cookie statement is, essentially,
> a
> > legal statement/privacy policy "type" document (obviously different but
> > similar) and just like the privacy policy (or access to non public
> > information or document retention policy or terms of use or other policy
> > docs along those lines) the cookie statement has been owned by Legal for
> as
> > long as it's existed (I can attest to that fact since the CA team was
> asked
> > to help put it up for them).
> >
> > It's certainly possible that this is only 'obvious' to me because of my
> > knowledge of outside organizations or law but it doesn't surprise me.
> > Cookie statements are part of the law in some countries (not necessarily
> > ones we have to follow given our position in the US but Europe has laws
> > about it for example) and so would usually be within the legal department
> > for many organizations. Cookies are also closely tied with privacy and
> the
> > privacy policy and so compliance and ensuring that the org stays within
> > their promises would, also, often fall within the legal department
> (though
> > everyone should/does have a hand in ensuring they follow the promises the
> > org as a whole made).
> >
> > James Alexander
> > Manager
> > Trust & Safety
> > Wikimedia Foundation
> > _______________________________________________
> > Wikimedia-l mailing list, guidelines at:
> > https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
> > New messages to: [hidden email] <javascript:;>
> > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> > <mailto:[hidden email] <javascript:;>
> ?subject=unsubscribe>
>
> _______________________________________________
> Wikimedia-l mailing list, guidelines at:
> https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
> New messages to: [hidden email] <javascript:;>
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> <mailto:[hidden email] <javascript:;>
> ?subject=unsubscribe>
_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
New messages to: [hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] What New Thing is WMF Doing w. Cookies, & Why is Legal Involved?

Adam Wight-2
Hi Trillium,

These are great questions to ask, thank you for keeping the privacy
conversation on track!

As a technical employee of the Wikimedia Foundation who would have been
involved if we were planning significant changes to expand or limit
tracking, I can confirm that nothing rotten is in the wings.  In fact, the
situation is better now than ever before (in my 4 years here).  There are
internal accountability reforms under way to help us make strong guarantees
about our users' privacy.  A brief investigation into assigning readers
long-term unique identifiers--in lay person terms the gateway to dystopian
tracking--opened and was immediately shut again.[1]  Data retention (what
user data we collect and for how long) policy work is being tightened up,
and done in public.[2] In Fundraising, we've found a way to measure
aggregate data about our banner delivery without collecting information
which lets us correlate anything else about readers.[3]

While I feel good about what's happening now, it would be nice to have
longer-term assurances that we won't go collectively nuts in the
unforeseeable future.  I'm not sure what that assurance might look like,
though...  Democratic stewardship of our shared resources?  Anyway, please
do keep a critical eye on cookies and their brethren, and if you find
anything out of joint I'm sure there will be plenty of allies left within
the Foundation to help set it right.

Regards,
Adam Wight
[[mw:User:Adamw]


[1] Sorry, there was an all-staff internal discussion but I don't think
this was published.  The idea at the time was to get our house in order and
decide whether to start a public conversation about unique IDs.  There
turned out to be many strong critics of the plan and no real supporters as
far I could tell, and the initiative was abandoned, to my knowledge.  The
motivation for the project was to get a better estimate of our unique
visitor counts (a count of their devices, to be precise).  We've settled on
the less accurate "last visited" measurement instead, which is described
here: http://blog.wikimedia.org/2016/03/30/unique-devices-dataset/
[2] https://meta.wikimedia.org/wiki/Data_retention_guidelines
[3] https://commons.wikimedia.org/wiki/File:Lightening_banner_history.pdf

On Sun, May 1, 2016 at 9:21 PM, Oliver Keyes <[hidden email]> wrote:

> It seems like you can either deny James's knowledge of the technical/legal
> overlap or ask him questions, but probably not both :p.
>
> One element I can answer: no, it does not contain flash objects, flash is
> not a technology included in the Wikimedia stack on account of it barely
> being classifiable as a technology.
>
> On Sunday, 1 May 2016, Toby Dollmann <[hidden email]> wrote:
>
> > > It's certainly possible that this is only 'obvious' to me because of my
> > > knowledge of outside organizations or law but it doesn't surprise me.
> >
> > Your reply is not obvious to me. I understand that your employment is
> > exclusively with WMF and you do not appear to be particularly
> > qualified (or experienced) in law.
> >
> > Treating the cookie statement as an explanation / extension of WMF's
> > privacy policy and noting the poster's concern that the WMF legal team
> > have amended certain descriptors for locally stored objects (not
> > cookies) of indeterminate (theoretically infinite) persistence, would
> > you clarify the following technical /legal aspects relating to cookies
> > and their usage on Wikimedia.
> >
> > 1. Whether, or not, editors of Wikimedia websites", say
> > "en.wikipedia.org" or "commons.wikimedia.org", can edit if cookies
> > (broadly construed) are disabled and not stored on client devices.
> >
> > 2. Whether, or not, the locally stored objects referenced in the
> > cookie policy include
> > (i)  Javascript code, or
> > (ii)  Flash objects
> >
> > 3. Whether, or not, the locally stored objects inserted by the WMF, on
> > client computers and stored there, have the capability of collecting
> > extensive personal information of editors, the degree of which not
> > being explicitly disclosed in advance to users.
> >
> > 4. Whether, or not, the WMF is aware that a certain "toxic and
> > juvenile .. problem" [reff#1] WMF sysop (now banned) with extensive
> > knowledge of WMF's checkuser process, the cookie policy and its
> > internals has achieved remarkable technical capability to closely
> > impersonate other editors and get them blocked by a network (aka "porn
> > crew") of surviving cooperative "community appointed" sysops favorably
> > still disposed to him/her. That this problem person (who has also
> > threatened legal action against WMF) extensively uses mobile Wikipedia
> > via "millions of IPs" [ref#2] in multiple languages, including several
> > some fairly obscure ones, for abusive purposes which are 'obviously'
> > related to WMF_legal's recent subject edit.
> >
> > Toby
> >
> > [ref#1] "I should be clear - the problem is not the abuse of me, but
> > the toxic and juvenile environment at Commons. I have never failed in
> > 30 seconds of looking to find a horrifying BLP violation at commons of
> > a photo of an identifiable woman engaged in sexual activity with
> > highly questionable provenance (for example a deleted flickr account).
> > Every time (including tonight) that I go there hoping to see
> > improvement, I am disappointed. And I think that as long as we
> > tolerate it and don't bounce some very bad admins, we will not solve
> > the problem.--Jimbo Wales (talk) 23:04, 14 October 2014 (UTC)"
> >
> > [ref#2]
> >
> https://commons.wikimedia.org/w/index.php?title=User_talk%3AOdder&action=historysubmit&type=revision&diff=194440022&oldid=194439438
> >
> > On 5/2/16, James Alexander <[hidden email] <javascript:;>>
> > wrote:
> > > On Sun, May 1, 2016 at 2:40 PM, Trillium Corsage <
> > [hidden email] <javascript:;>>
> > > wrote:
> > >
> > >> I noticed Michelle Paulson editing the "Cookie Statement" page, and it
> > >> seemed kind of strange to me because I thought it more a technical and
> > IT
> > >> thing to edit. But Michelle is WMF Legal, right
> > >>
> > >
> > > I won't/can't comment on the rest of your questions but I'm confused
> > about
> > > why you would be surprised here... the cookie statement is,
> essentially,
> > a
> > > legal statement/privacy policy "type" document (obviously different but
> > > similar) and just like the privacy policy (or access to non public
> > > information or document retention policy or terms of use or other
> policy
> > > docs along those lines) the cookie statement has been owned by Legal
> for
> > as
> > > long as it's existed (I can attest to that fact since the CA team was
> > asked
> > > to help put it up for them).
> > >
> > > It's certainly possible that this is only 'obvious' to me because of my
> > > knowledge of outside organizations or law but it doesn't surprise me.
> > > Cookie statements are part of the law in some countries (not
> necessarily
> > > ones we have to follow given our position in the US but Europe has laws
> > > about it for example) and so would usually be within the legal
> department
> > > for many organizations. Cookies are also closely tied with privacy and
> > the
> > > privacy policy and so compliance and ensuring that the org stays within
> > > their promises would, also, often fall within the legal department
> > (though
> > > everyone should/does have a hand in ensuring they follow the promises
> the
> > > org as a whole made).
> > >
> > > James Alexander
> > > Manager
> > > Trust & Safety
> > > Wikimedia Foundation
> > > _______________________________________________
> > > Wikimedia-l mailing list, guidelines at:
> > > https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
> > > New messages to: [hidden email] <javascript:;>
> > > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> > > <mailto:[hidden email] <javascript:;>
> > ?subject=unsubscribe>
> >
> > _______________________________________________
> > Wikimedia-l mailing list, guidelines at:
> > https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
> > New messages to: [hidden email] <javascript:;>
> > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> > <mailto:[hidden email] <javascript:;>
> > ?subject=unsubscribe>
> _______________________________________________
> Wikimedia-l mailing list, guidelines at:
> https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
> New messages to: [hidden email]
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> <mailto:[hidden email]?subject=unsubscribe>
>
_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
New messages to: [hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] What New Thing is WMF Doing w. Cookies, & Why is Legal Involved?

Pete Forsyth-2
Adam,

Thank you for providing an informative and accessible answer to Trillium's
relevant questions. It's truly heartening to see the organization improving
in its ability to communicate its intentions, etc. I hope that when broad
consensus among staff is reached (as you express in footnote [1]), it will
become an increasingly high priority to clearly communicate that in public
fora. It really helps when we can understand what others are trying to do,
and how it aligns with our own ambitions.

Good stuff. I think this discussion got off to a rough start, but you have
gotten it back on track, and maybe to resolution.

-Pete
[[User:Peteforsyth]]

On Mon, May 2, 2016 at 12:21 AM, Adam Wight <[hidden email]> wrote:

> Hi Trillium,
>
> These are great questions to ask, thank you for keeping the privacy
> conversation on track!
>
> As a technical employee of the Wikimedia Foundation who would have been
> involved if we were planning significant changes to expand or limit
> tracking, I can confirm that nothing rotten is in the wings.  In fact, the
> situation is better now than ever before (in my 4 years here).  There are
> internal accountability reforms under way to help us make strong guarantees
> about our users' privacy.  A brief investigation into assigning readers
> long-term unique identifiers--in lay person terms the gateway to dystopian
> tracking--opened and was immediately shut again.[1]  Data retention (what
> user data we collect and for how long) policy work is being tightened up,
> and done in public.[2] In Fundraising, we've found a way to measure
> aggregate data about our banner delivery without collecting information
> which lets us correlate anything else about readers.[3]
>
> While I feel good about what's happening now, it would be nice to have
> longer-term assurances that we won't go collectively nuts in the
> unforeseeable future.  I'm not sure what that assurance might look like,
> though...  Democratic stewardship of our shared resources?  Anyway, please
> do keep a critical eye on cookies and their brethren, and if you find
> anything out of joint I'm sure there will be plenty of allies left within
> the Foundation to help set it right.
>
> Regards,
> Adam Wight
> [[mw:User:Adamw]
>
>
> [1] Sorry, there was an all-staff internal discussion but I don't think
> this was published.  The idea at the time was to get our house in order and
> decide whether to start a public conversation about unique IDs.  There
> turned out to be many strong critics of the plan and no real supporters as
> far I could tell, and the initiative was abandoned, to my knowledge.  The
> motivation for the project was to get a better estimate of our unique
> visitor counts (a count of their devices, to be precise).  We've settled on
> the less accurate "last visited" measurement instead, which is described
> here: http://blog.wikimedia.org/2016/03/30/unique-devices-dataset/
> [2] https://meta.wikimedia.org/wiki/Data_retention_guidelines
> [3] https://commons.wikimedia.org/wiki/File:Lightening_banner_history.pdf
>
> On Sun, May 1, 2016 at 9:21 PM, Oliver Keyes <[hidden email]> wrote:
>
> > It seems like you can either deny James's knowledge of the
> technical/legal
> > overlap or ask him questions, but probably not both :p.
> >
> > One element I can answer: no, it does not contain flash objects, flash is
> > not a technology included in the Wikimedia stack on account of it barely
> > being classifiable as a technology.
> >
> > On Sunday, 1 May 2016, Toby Dollmann <[hidden email]> wrote:
> >
> > > > It's certainly possible that this is only 'obvious' to me because of
> my
> > > > knowledge of outside organizations or law but it doesn't surprise me.
> > >
> > > Your reply is not obvious to me. I understand that your employment is
> > > exclusively with WMF and you do not appear to be particularly
> > > qualified (or experienced) in law.
> > >
> > > Treating the cookie statement as an explanation / extension of WMF's
> > > privacy policy and noting the poster's concern that the WMF legal team
> > > have amended certain descriptors for locally stored objects (not
> > > cookies) of indeterminate (theoretically infinite) persistence, would
> > > you clarify the following technical /legal aspects relating to cookies
> > > and their usage on Wikimedia.
> > >
> > > 1. Whether, or not, editors of Wikimedia websites", say
> > > "en.wikipedia.org" or "commons.wikimedia.org", can edit if cookies
> > > (broadly construed) are disabled and not stored on client devices.
> > >
> > > 2. Whether, or not, the locally stored objects referenced in the
> > > cookie policy include
> > > (i)  Javascript code, or
> > > (ii)  Flash objects
> > >
> > > 3. Whether, or not, the locally stored objects inserted by the WMF, on
> > > client computers and stored there, have the capability of collecting
> > > extensive personal information of editors, the degree of which not
> > > being explicitly disclosed in advance to users.
> > >
> > > 4. Whether, or not, the WMF is aware that a certain "toxic and
> > > juvenile .. problem" [reff#1] WMF sysop (now banned) with extensive
> > > knowledge of WMF's checkuser process, the cookie policy and its
> > > internals has achieved remarkable technical capability to closely
> > > impersonate other editors and get them blocked by a network (aka "porn
> > > crew") of surviving cooperative "community appointed" sysops favorably
> > > still disposed to him/her. That this problem person (who has also
> > > threatened legal action against WMF) extensively uses mobile Wikipedia
> > > via "millions of IPs" [ref#2] in multiple languages, including several
> > > some fairly obscure ones, for abusive purposes which are 'obviously'
> > > related to WMF_legal's recent subject edit.
> > >
> > > Toby
> > >
> > > [ref#1] "I should be clear - the problem is not the abuse of me, but
> > > the toxic and juvenile environment at Commons. I have never failed in
> > > 30 seconds of looking to find a horrifying BLP violation at commons of
> > > a photo of an identifiable woman engaged in sexual activity with
> > > highly questionable provenance (for example a deleted flickr account).
> > > Every time (including tonight) that I go there hoping to see
> > > improvement, I am disappointed. And I think that as long as we
> > > tolerate it and don't bounce some very bad admins, we will not solve
> > > the problem.--Jimbo Wales (talk) 23:04, 14 October 2014 (UTC)"
> > >
> > > [ref#2]
> > >
> >
> https://commons.wikimedia.org/w/index.php?title=User_talk%3AOdder&action=historysubmit&type=revision&diff=194440022&oldid=194439438
> > >
> > > On 5/2/16, James Alexander <[hidden email] <javascript:;>>
> > > wrote:
> > > > On Sun, May 1, 2016 at 2:40 PM, Trillium Corsage <
> > > [hidden email] <javascript:;>>
> > > > wrote:
> > > >
> > > >> I noticed Michelle Paulson editing the "Cookie Statement" page, and
> it
> > > >> seemed kind of strange to me because I thought it more a technical
> and
> > > IT
> > > >> thing to edit. But Michelle is WMF Legal, right
> > > >>
> > > >
> > > > I won't/can't comment on the rest of your questions but I'm confused
> > > about
> > > > why you would be surprised here... the cookie statement is,
> > essentially,
> > > a
> > > > legal statement/privacy policy "type" document (obviously different
> but
> > > > similar) and just like the privacy policy (or access to non public
> > > > information or document retention policy or terms of use or other
> > policy
> > > > docs along those lines) the cookie statement has been owned by Legal
> > for
> > > as
> > > > long as it's existed (I can attest to that fact since the CA team was
> > > asked
> > > > to help put it up for them).
> > > >
> > > > It's certainly possible that this is only 'obvious' to me because of
> my
> > > > knowledge of outside organizations or law but it doesn't surprise me.
> > > > Cookie statements are part of the law in some countries (not
> > necessarily
> > > > ones we have to follow given our position in the US but Europe has
> laws
> > > > about it for example) and so would usually be within the legal
> > department
> > > > for many organizations. Cookies are also closely tied with privacy
> and
> > > the
> > > > privacy policy and so compliance and ensuring that the org stays
> within
> > > > their promises would, also, often fall within the legal department
> > > (though
> > > > everyone should/does have a hand in ensuring they follow the promises
> > the
> > > > org as a whole made).
> > > >
> > > > James Alexander
> > > > Manager
> > > > Trust & Safety
> > > > Wikimedia Foundation
> > > > _______________________________________________
> > > > Wikimedia-l mailing list, guidelines at:
> > > > https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
> > > > New messages to: [hidden email] <javascript:;>
> > > > Unsubscribe:
> https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> > > > <mailto:[hidden email] <javascript:;>
> > > ?subject=unsubscribe>
> > >
> > > _______________________________________________
> > > Wikimedia-l mailing list, guidelines at:
> > > https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
> > > New messages to: [hidden email] <javascript:;>
> > > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> > > <mailto:[hidden email] <javascript:;>
> > > ?subject=unsubscribe>
> > _______________________________________________
> > Wikimedia-l mailing list, guidelines at:
> > https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
> > New messages to: [hidden email]
> > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> > <mailto:[hidden email]?subject=unsubscribe>
> >
> _______________________________________________
> Wikimedia-l mailing list, guidelines at:
> https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
> New messages to: [hidden email]
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> <mailto:[hidden email]?subject=unsubscribe>
>
_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
New messages to: [hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] What New Thing is WMF Doing w. Cookies, & Why is Legal Involved?

Brion Vibber-4
In reply to this post by Oliver Keyes-5
On Sun, May 1, 2016 at 9:21 PM, Oliver Keyes <[hidden email]> wrote:

> One element I can answer: no, it does not contain flash objects, flash is
> not a technology included in the Wikimedia stack on account of it barely
> being classifiable as a technology.
>

There is one use of Flash in our tech stack: audio output for media
playback on Internet Explorer when using our JavaScript Ogg playback
compatibility library.

This is a small shim which does not use cookies or any other type of local
storage, which is why it is not listed on a page about cookies.

Here's the source code of the Flash component; feel free to review it for
security:

https://github.com/brion/audio-feeder/blob/master/src/dynamicaudio.as


On Sunday, 1 May 2016, Toby Dollmann <[hidden email]> wrote:
> > 1. Whether, or not, editors of Wikimedia websites", say
> > "en.wikipedia.org" or "commons.wikimedia.org", can edit if cookies
> > (broadly construed) are disabled and not stored on client devices.
>

Like every other site on the world wide web, MediaWiki uses cookies to
maintain login state. If you disable cookies, login will not work and your
edits will not be attributed to your account.

Editing "anonymously" without cookies works, but reveals your IP address in
a permanent public way.


> > 2. Whether, or not, the locally stored objects referenced in the
> > cookie policy include
> > (i)  Javascript code, or
>

MediaWiki's ResourceLoader can and does cache JavaScript module code in
localStorage. This code has no special privileges or abilities because of
that; it just takes up a tiny bit of space on your disk.


> > (ii)  Flash objects
>

No, no Flash code is stored in cookies or localStorage.


> >
> > 3. Whether, or not, the locally stored objects inserted by the WMF, on
> > client computers and stored there, have the capability of collecting
> > extensive personal information of editors, the degree of which not
> > being explicitly disclosed in advance to users.
>

No, they are just data until they are executed, at which point they are
just code, same as code loaded straight from the server. That code can do
nothing special that it could not already do.

-- brion
_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
New messages to: [hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] What New Thing is WMF Doing w. Cookies, & Why is Legal Involved?

Oliver Keyes-5
On Monday, 2 May 2016, Brion Vibber <[hidden email]> wrote:

> On Sun, May 1, 2016 at 9:21 PM, Oliver Keyes <[hidden email]
> <javascript:;>> wrote:
>
> > One element I can answer: no, it does not contain flash objects, flash is
> > not a technology included in the Wikimedia stack on account of it barely
> > being classifiable as a technology.
> >
>
> There is one use of Flash in our tech stack: audio output for media
> playback on Internet Explorer when using our JavaScript Ogg playback
> compatibility library.


I'm so sorry :(. 'Ogg' is onomatopoeic then ;)


>
> This is a small shim which does not use cookies or any other type of local
> storage, which is why it is not listed on a page about cookies.
>
> Here's the source code of the Flash component; feel free to review it for
> security:
>
> https://github.com/brion/audio-feeder/blob/master/src/dynamicaudio.as
>
>
> On Sunday, 1 May 2016, Toby Dollmann <[hidden email]
> <javascript:;>> wrote:
> > > 1. Whether, or not, editors of Wikimedia websites", say
> > > "en.wikipedia.org" or "commons.wikimedia.org", can edit if cookies
> > > (broadly construed) are disabled and not stored on client devices.
> >
>
> Like every other site on the world wide web, MediaWiki uses cookies to
> maintain login state. If you disable cookies, login will not work and your
> edits will not be attributed to your account.
>
> Editing "anonymously" without cookies works, but reveals your IP address in
> a permanent public way.
>
>
> > > 2. Whether, or not, the locally stored objects referenced in the
> > > cookie policy include
> > > (i)  Javascript code, or
> >
>
> MediaWiki's ResourceLoader can and does cache JavaScript module code in
> localStorage. This code has no special privileges or abilities because of
> that; it just takes up a tiny bit of space on your disk.
>
>
> > > (ii)  Flash objects
> >
>
> No, no Flash code is stored in cookies or localStorage.
>
>
> > >
> > > 3. Whether, or not, the locally stored objects inserted by the WMF, on
> > > client computers and stored there, have the capability of collecting
> > > extensive personal information of editors, the degree of which not
> > > being explicitly disclosed in advance to users.
> >
>
> No, they are just data until they are executed, at which point they are
> just code, same as code loaded straight from the server. That code can do
> nothing special that it could not already do.
>
> -- brion
> _______________________________________________
> Wikimedia-l mailing list, guidelines at:
> https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
> New messages to: [hidden email] <javascript:;>
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> <mailto:[hidden email] <javascript:;>
> ?subject=unsubscribe>
_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
New messages to: [hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] What New Thing is WMF Doing w. Cookies, & Why is Legal Involved?

Johan Jönsson-2
In reply to this post by Pete Forsyth-2
On Mon, May 2, 2016 at 4:09 PM, Pete Forsyth <[hidden email]> wrote:
> Adam,
>
> Thank you for providing an informative and accessible answer to Trillium's
> relevant questions. It's truly heartening to see the organization
improving
> in its ability to communicate its intentions, etc. I hope that when broad
> consensus among staff is reached (as you express in footnote [1]), it will
> become an increasingly high priority to clearly communicate that in public
> fora. It really helps when we can understand what others are trying to do,
> and how it aligns with our own ambitions.
>
> Good stuff. I think this discussion got off to a rough start, but you have
> gotten it back on track, and maybe to resolution.

One of the problems here is that much of the information about how the
Wikimedia sites collect information is so spread out, because different
parts of the WMF have different solutions for different problems (e.g.
Analytics or Fundraising). The mentioned
https://wikimediafoundation.org/wiki/Cookie_statement is a good way to
collect all information about cookies, but I've found myself looking for
good ways to make small updates (e.g. "we were thinking about doing this
thing and were going to ask the communities before we started working on
it, but then we started working on something else instead, but here's the
thing that didn't happen"), so there's less risk things don't get
communicated just because there's no big announcement of new changes to
make. I hope <https://phabricator.wikimedia.org/T132405> to find a better
solution whenever I get a couple of days when I have nothing that needs my
immediate attention, so that there's a good, natural way to make them.

For anyone who wants to keep track of what's happening with how the WMF
looks at traffic over the last few months, a few links:
https://meta.wikimedia.org/wiki/ComScore/Announcement
https://meta.wikimedia.org/wiki/Talk:ComScore/Announcement
https://lists.wikimedia.org/pipermail/wiki-research-l/2016-March/005094.html
http://blog.wikimedia.org/2016/03/30/unique-devices-dataset/

(I also try to include changes in how we measure traffic in Tech News
<https://meta.wikimedia.org/wiki/Tech/News>, from which most of the stuff
above have been linked.)

//Johan Jönsson
--
_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
New messages to: [hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] What New Thing is WMF Doing w. Cookies, & Why is Legal Involved?

Gergo Tisza
On Mon, May 2, 2016 at 6:43 PM, Johan Jönsson <[hidden email]>
wrote:

> One of the problems here is that much of the information about how the
> Wikimedia sites collect information is so spread out, because different
> parts of the WMF have different solutions for different problems (e.g.
> Analytics or Fundraising). The mentioned
> https://wikimediafoundation.org/wiki/Cookie_statement is a good way to
> collect all information about cookies


It really isn't. A policy document with very limited edit rights would be a
maintenance nightmare and never up to date. Indeed that document omits most
of the cookies used on the sites. And it never claims to list them all -
while that could be made more clear, the table is actually presented as a
list of examples .
_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
New messages to: [hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
12345