[Wikitech-l] Statistics script on Swedish Wiktionary

classic Classic list List threaded Threaded
18 messages Options
Reply | Threaded
Open this post in threaded view
|

[Wikitech-l] Statistics script on Swedish Wiktionary

StefanB
On Swedish Wiktionarys common.js,
http://sv.wiktionary.org/wiki/MediaWiki:Common.js , is a script that
takes the visitors IP-addresses and transforms it into a non-revertable
number, and then sends it to an external private server that belongs to
one if the administrators on Wiktionary. The script is used for
statistics on visited articles.

To me it seems like this kind of script is a violation of the privacy
policy, since it is possible to get the IP-numbers of all visitors, even
though it is not done in this case. I should also mention that a
discussion was held before this script was activated and that no one
objected to it.

Are these kind of scripts allowed?
--
http://sv.wikipedia.org/wiki/User:StefanB


_______________________________________________
Wikitech-l mailing list
[hidden email]
http://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: [Wikitech-l] Statistics script on Swedish Wiktionary

Brion Vibber
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

StefanB wrote:

> On Swedish Wiktionarys common.js,
> http://sv.wiktionary.org/wiki/MediaWiki:Common.js , is a script that
> takes the visitors IP-addresses and transforms it into a non-revertable
> number, and then sends it to an external private server that belongs to
> one if the administrators on Wiktionary. The script is used for
> statistics on visited articles.
>
> To me it seems like this kind of script is a violation of the privacy
> policy, since it is possible to get the IP-numbers of all visitors, even
> though it is not done in this case. I should also mention that a
> discussion was held before this script was activated and that no one
> objected to it.
>
> Are these kind of scripts allowed?

I would prefer we keep that sort of thing on the toolserver (thus to
some degree 'in the family') until everyone's happy with the stats we
can get out of the new logging framework Tim's put together (at which
point they should be removed entirely).

Admin's own server is better than sending off to a third party, but
still kinda uggy to my perspective.

- -- brion vibber (brion @ pobox.com / brion @ wikimedia.org)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFxhDHwRnhpk1wk44RAtytAJ9D4ozKF3eIKnQ67pZxFqIUi971YwCfYPJr
u0EOJnwtxwRsTtjQyCJsvA4=
=kmBD
-----END PGP SIGNATURE-----

_______________________________________________
Wikitech-l mailing list
[hidden email]
http://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: [Wikitech-l] Statistics script on Swedish Wiktionary

Rob Church
In reply to this post by StefanB
On 04/02/07, StefanB <[hidden email]> wrote:

> On Swedish Wiktionarys common.js,
> http://sv.wiktionary.org/wiki/MediaWiki:Common.js , is a script that
> takes the visitors IP-addresses and transforms it into a non-revertable
> number, and then sends it to an external private server that belongs to
> one if the administrators on Wiktionary. The script is used for
> statistics on visited articles.
>
> To me it seems like this kind of script is a violation of the privacy
> policy, since it is possible to get the IP-numbers of all visitors, even
> though it is not done in this case. I should also mention that a
> discussion was held before this script was activated and that no one
> objected to it.
>
> Are these kind of scripts allowed?

Probably a grey area, since if it really is an irreversible hash (at
least, as far as we know the hash function to be so, and we all know
how crap some hashes have proven to be), then it's not supposedly
possible to arbitrarily obtain IP addresses.

On the other hand, I would agree with Brion about keeping it "within
the family", or under Wikimedia-affiliated control. Your community
should probably jump on it quickly, since it sets a wobbly precedent.


Rob Church

_______________________________________________
Wikitech-l mailing list
[hidden email]
http://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: [Wikitech-l] Statistics script on Swedish Wiktionary

Simetrical
On 2/4/07, Rob Church <[hidden email]> wrote:
> Probably a grey area, since if it really is an irreversible hash (at
> least, as far as we know the hash function to be so, and we all know
> how crap some hashes have proven to be), then it's not supposedly
> possible to arbitrarily obtain IP addresses.

Not really.  If it's just a single MD5 application, say, then four
billion applications to get a complete rainbow table would be simple.
If it's something such that a single application is slow enough to
take a couple of seconds on an average computer, you'd need to put a
bit more effort into cracking it (distributed computing via a large
botnet, say), but it would still be at least theoretically possible,
and slow enough to be distinctly annoying for the end user to boot.

_______________________________________________
Wikitech-l mailing list
[hidden email]
http://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: [Wikitech-l] Statistics script on Swedish Wiktionary

Matthew Britton-2
In reply to this post by StefanB
StefanB wrote:

> On Swedish Wiktionarys common.js,
> http://sv.wiktionary.org/wiki/MediaWiki:Common.js , is a script that
> takes the visitors IP-addresses and transforms it into a non-revertable
> number, and then sends it to an external private server that belongs to
> one if the administrators on Wiktionary. The script is used for
> statistics on visited articles.
>
> To me it seems like this kind of script is a violation of the privacy
> policy, since it is possible to get the IP-numbers of all visitors, even
> though it is not done in this case. I should also mention that a
> discussion was held before this script was activated and that no one
> objected to it.
>
> Are these kind of scripts allowed?

Oh, great. I'm disabling Javascript for all Wikimedia sites. Are any of
the other wikis using this?

-Gurch

_______________________________________________
Wikitech-l mailing list
[hidden email]
http://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: [Wikitech-l] Statistics script on Swedish Wiktionary

Rob Church
On 04/02/07, Gurch <[hidden email]> wrote:
> Oh, great. I'm disabling Javascript for all Wikimedia sites. Are any of
> the other wikis using this?

Some, including, I believe, the English Wikipedia, are using a similar
script, but the statistics get pushed to the toolserver.


Rob Church

_______________________________________________
Wikitech-l mailing list
[hidden email]
http://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: [Wikitech-l] Statistics script on Swedish Wiktionary

Simetrical
On 2/4/07, Rob Church <[hidden email]> wrote:
> On 04/02/07, Gurch <[hidden email]> wrote:
> > Oh, great. I'm disabling Javascript for all Wikimedia sites. Are any of
> > the other wikis using this?
>
> Some, including, I believe, the English Wikipedia, are using a similar
> script, but the statistics get pushed to the toolserver.

I don't think that the enwiki script sends IPs, though.

_______________________________________________
Wikitech-l mailing list
[hidden email]
http://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: [Wikitech-l] Statistics script on Swedish Wiktionary

Jim Hu
In reply to this post by Matthew Britton-2
On Feb 4, 2007, at 1:40 PM, Gurch wrote:

> StefanB wrote:
<snip/>
> Oh, great. I'm disabling Javascript for all Wikimedia sites. Are  
> any of
> the other wikis using this?
>
> -Gurch
<snip/>
maybe I'm insufficiently paranoid, and I know I'm technically naive,  
but what's the big deal?  What's the vuln from the user pov?

Jim Hu

_______________________________________________
Wikitech-l mailing list
[hidden email]
http://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: [Wikitech-l] Statistics script on Swedish Wiktionary

Rob Church
On 04/02/07, Jim Hu <[hidden email]> wrote:
> maybe I'm insufficiently paranoid, and I know I'm technically naive,
> but what's the big deal?  What's the vuln from the user pov?

Ohnoes, JavaScript and IP addresses and statistics and recording and
the sky is blue and fish in the sea and...<bang>

Probably none, but we're just a bit leery of it being out of our
domain of control.


Rob Church

_______________________________________________
Wikitech-l mailing list
[hidden email]
http://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: [Wikitech-l] Statistics script on Swedish Wiktionary

Gerard Meijssen-3
Rob Church schreef:

> On 04/02/07, Jim Hu <[hidden email]> wrote:
>  
>> maybe I'm insufficiently paranoid, and I know I'm technically naive,
>> but what's the big deal?  What's the vuln from the user pov?
>>    
>
> Ohnoes, JavaScript and IP addresses and statistics and recording and
> the sky is blue and fish in the sea and...<bang>
>
> Probably none, but we're just a bit leery of it being out of our
> domain of control.
>
>
> Rob Church
Hoi,
God helps those that help themselves :)
Thanks,
    GerardM

_______________________________________________
Wikitech-l mailing list
[hidden email]
http://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: [Wikitech-l] Statistics script on Swedish Wiktionary

Platonides
In reply to this post by Rob Church
Rob Church wrote:

> On 04/02/07, StefanB <[hidden email]> wrote:
>> On Swedish Wiktionarys common.js,
>> http://sv.wiktionary.org/wiki/MediaWiki:Common.js , is a script that
>> takes the visitors IP-addresses and transforms it into a non-revertable
>> number, and then sends it to an external private server that belongs to
>> one if the administrators on Wiktionary. The script is used for
>> statistics on visited articles.
>>
>> To me it seems like this kind of script is a violation of the privacy
>> policy, since it is possible to get the IP-numbers of all visitors, even
>> though it is not done in this case.
'Is a violation since is possible but is not done' ??
I don't see where the violation is. Wikimedia servers *do* log the ip
addresses of editors, and when we arrage how, will treat visitors data too.

>> I should also mention that a discussion was held before this script was
>> activated and that no one objected to it.
If there were no objections, i don't have any objection either. You may
want to comment on
http://sv.wiktionary.org/wiki/Wiktionary:Integritetspolicy that visitors
ips are logged.


>> Are these kind of scripts allowed?
As far as the community is happy with it...


> On the other hand, I would agree with Brion about keeping it "within
> the family", or under Wikimedia-affiliated control. Your community
> should probably jump on it quickly, since it sets a wobbly precedent.

This is a matter of faith. If this admin is trustable, he won't do any
harm with that 'power' the data could give him. If not, he could misuse
it even if he were using the toolserver.
Using a WMF [Germany] Server shows it nicer, just as signed ActiveX. But
the risk is the same.[1]



 > Probably a grey area, since if it really is an irreversible hash (at
 > least, as far as we know the hash function to be so, and we all know
 > how crap some hashes have proven to be), then it's not supposedly
 > possible to arbitrarily obtain IP addresses.

Reversing the hash for a IP number would be quite easy. But it is not
neccesary to get the IP.
Why transform it into a 'non-revertable number'? This only make a false
sense of security.[2]
The user is sending the hash to the external server. Thus, the external
server is connecting with the visitor, and *can get their IP*.

I suggest moving
http://internetvision.se/dan/projekt/wikt/stats/sv-wikt.js to a wiki
page. It is simple javascript and doesn't need to be on the external
server. Having it on the wiki will have to changes: internetvision.se
will receive less queries (only for the real counts), and visitors won't
ask it unless it is visiting a countable page (almost all anyway).




1-Note that if it weren 't a private server of the admin, other people
could get this data apart of him.
2-As an example, everybody on this thread were taking the
'non-revertable IP' as granted.


_______________________________________________
Wikitech-l mailing list
[hidden email]
http://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: [Wikitech-l] Statistics script on Swedish Wiktionary

Simetrical
On 2/4/07, Platonides <[hidden email]> wrote:
> 2-As an example, everybody on this thread were taking the
> 'non-revertable IP' as granted.

I wasn't, but I didn't think of the "you're connecting anyway" angle,
which makes the point even better.

_______________________________________________
Wikitech-l mailing list
[hidden email]
http://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: [Wikitech-l] Statistics script on Swedish Wiktionary

Matthew Britton-2
In reply to this post by Platonides
> The user is sending the hash to the external server. Thus, the external
> server is connecting with the visitor, and *can get their IP*.

Yes, it's this I'm objecting to, the notion that by visiting a
Wikimedia-run website I am unknowingly sending requests to some guy's
PC. I have no problem with toolserver-based setups, such as that used on
the English Wikipedia.

-Gurch

_______________________________________________
Wikitech-l mailing list
[hidden email]
http://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: [Wikitech-l] Statistics script on Swedish Wiktionary

Tim Starling-2
In reply to this post by Simetrical
Simetrical wrote:
> On 2/4/07, Rob Church <[hidden email]> wrote:
>> On 04/02/07, Gurch <[hidden email]> wrote:
>>> Oh, great. I'm disabling Javascript for all Wikimedia sites. Are any of
>>> the other wikis using this?
>> Some, including, I believe, the English Wikipedia, are using a similar
>> script, but the statistics get pushed to the toolserver.
>
> I don't think that the enwiki script sends IPs, though.

Presumably the IP address is right there in the source address field of
the IP packet. Kind of necessary if a script running on the client is
going to send a message to a server. Adding the IP address to the message,
hashed or unhashed, would be rather redundant.

-- Tim Starling


_______________________________________________
Wikitech-l mailing list
[hidden email]
http://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: [Wikitech-l] Statistics script on Swedish Wiktionary

Plyd-2
In reply to this post by Platonides
On 2/4/07, Platonides <[hidden email]> wrote:
> Rob Church wrote:
>
> > On the other hand, I would agree with Brion about keeping it "within
> > the family", or under Wikimedia-affiliated control. Your community
> > should probably jump on it quickly, since it sets a wobbly precedent.
>
> This is a matter of faith. If this admin is trustable,

and if this admin runs a reliable secured computed. Which seems to me
a much bigger issue than the 'not trustable' one. Remember AOL.


anyway, hashes are very easy to retrieve... Just have to run 256^4
times the script... matter of minutes.


Plyd

_______________________________________________
Wikitech-l mailing list
[hidden email]
http://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: [Wikitech-l] Statistics script on Swedish Wiktionary

DaB.-2
In reply to this post by Simetrical
Hello,
Am Sonntag, den 04.02.2007, 15:12 -0500 schrieb Simetrical:

>
> I don't think that the enwiki script sends IPs, though.

The scripts sends the IP of corse, but the IP is not logged at the
toolserver in any way (not clear and not hashed).

A logline looks like:

[05/Feb/2007:17:17:57 +0000]
"GET /index.png?ns=0&title=Lima&factor=6000&wiki=enwiki HTTP/1.1"

Sincerly,
DaB.

_______________________________________________
Wikitech-l mailing list
[hidden email]
http://lists.wikimedia.org/mailman/listinfo/wikitech-l

signature.asc (196 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [Wikitech-l] Statistics script on Swedish Wiktionary

Alphax (Wikipedia email)
In reply to this post by StefanB
StefanB wrote:
> On Swedish Wiktionarys common.js,
> http://sv.wiktionary.org/wiki/MediaWiki:Common.js , is a script that
> takes the visitors IP-addresses and transforms it into a non-revertable
> number, and then sends it to an external private server that belongs to
> one if the administrators on Wiktionary. The script is used for
> statistics on visited articles.
>

I wasn't aware that the client IP address was visible in Javascript, and
I saw no such code in that file. It's not much different from having an
external link in an article.

--
Alphax - http://en.wikipedia.org/wiki/User:Alphax
Contributor to Wikipedia, the Free Encyclopedia
"We make the internet not suck" - Jimbo Wales
Public key: http://en.wikipedia.org/wiki/User:Alphax/OpenPGP


_______________________________________________
Wikitech-l mailing list
[hidden email]
http://lists.wikimedia.org/mailman/listinfo/wikitech-l

signature.asc (554 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [Wikitech-l] Statistics script on Swedish Wiktionary

Simetrical
On 2/5/07, Alphax (Wikipedia email) <[hidden email]> wrote:
> I wasn't aware that the client IP address was visible in Javascript, and
> I saw no such code in that file. It's not much different from having an
> external link in an article.

Except it's one that all contributors follow every time they go to the
page.  It's not much different from, say, the ads you see on most
pages on the Internet, though.  Or, for that matter, visiting an
external site that you haven't already vetted, which I suppose is what
you were getting at.  This is the Internet, people, everyone knows
your IP address.

_______________________________________________
Wikitech-l mailing list
[hidden email]
http://lists.wikimedia.org/mailman/listinfo/wikitech-l