Page MenuHomePhabricator

RFC: Central registry for all keys in Cookies / Local Storage on Wikimedia sites
Closed, DeclinedPublic

Description

Legal is interested in better understanding the use of cookies and local storage on the Wikimedia sites. We currently have a Cookie statement that describes how certain cookies are used on the Wikimedia sites but we understand that this list may not be inclusive of all cookies and local storage, such as those created by the community.

We would like to develop tools to help us inventory all cookies and local storage usage so that we can better understand their usage and document them.

Full details: https://www.mediawiki.org/wiki/Requests_for_comment/Survey_Cookies/Local_Storage_on_Wikimedia

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptSep 12 2016, 10:27 PM
RobLa-WMF added a subscriber: RobLa-WMF.

Thanks for filing this, @ZhouZ. This week's Tech and Product onsite means I won't be able to attend then next ArchCom meeting, but I'm going to volunteer to shepherd this through the process. (Other folks in ArchCom: please leave this in the inbox until our 21 September meeting E272)

I'm trying to decide if this makes sense as an TechCom-RFC , and I'm not sure (it could go either way). It certainly deserves consideration by TechCom, and making it an TechCom-RFC is a pretty good way of getting the attention of the group.

Zhou, is the question you're getting at "what is a sustainable and practical way to track the cookies/LocalStorage that developers add to Wikimedia software?"

Thanks @RobLa-WMF for volunteering to shepherd this.

Zhou, is the question you're getting at "what is a sustainable and practical way to track the cookies/LocalStorage that developers add to Wikimedia software?"

Yes, this is the question - for tracking both existing and future usage.

Thanks @ZhouZ. It seems a good place to start is on mediawiki.org, so I was looking and found this:
https://www.mediawiki.org/wiki/Cookie_tracking

...which is a soft redirect to this:
https://meta.wikimedia.org/wiki/Privacy_policy/FAQ#Can_you_give_me_some_examples_of_types_of_cookies_and_how_you_use_local_storage.3F

...and presumably the information you're looking to keep up to date. Is that the right set of links?

I think the next step is to reshuffle some of your prose for the "Background", "Problem", and "Proposal" sections that come up when one fills in the empty fields using the "Create an RFC" wiki form here:
https://www.mediawiki.org/wiki/Requests_for_comment#Some_RFCs_on_wiki

@RobLa-WMF, yes - actually both https://meta.wikimedia.org/wiki/Privacy_policy/FAQ#Can_you_give_me_some_examples_of_types_of_cookies_and_how_you_use_local_storage.3F
and https://wikimediafoundation.org/wiki/Cookie_statement contain the relevant (and same) cookie tables. This is the type of information we want to keep up to date and will be helped by this project.

For the https://www.mediawiki.org/wiki/Requests_for_comment#Some_RFCs_on_wiki link, should I then start filling it out?

For the https://www.mediawiki.org/wiki/Requests_for_comment#Some_RFCs_on_wiki link, should I then start filling it out?

It's not required, but it's really helpful. So, by all means, please do! Since a lot of the work is around prose rather than code, mediawiki.org is a great place to collaborate on it. Once you've filled out the form, then it'll be possible to trim the description of this task, and make it a pointer to the longer wiki page.

RobLa-WMF triaged this task as Normal priority.Sep 28 2016, 7:39 PM

We have this tentatively planned as our IRC meeting topic for this Wednesday:

E323: ArchCom RFC Meeting W42: Surveying Cookie Use (2016-10-19 #wikimedia-office)

RobLa-WMF renamed this task from Surveying Cookie Use to Survey Cookies/Local Storage usage on Wikimedia sites.Oct 18 2016, 4:33 AM
RobLa-WMF updated the task description. (Show Details)

See P4268 for a (somewhat naive) grep for instances of setting cookies with user scripts/gadgets. (Was requested I pastebin this during meeting)

Great conversation yesterday about this topic. See E323 for the semi-automated summary of the discussion.

My understanding of the discussion: @ZhouZ wants to make sure that our stated privacy policy is as useful as possible, and to double check its accuracy. He is focused on our Privacy Policy answer to the question "What types of cookies does Wikimedia use?" There was a bit of conversation about what the developers would suggest as changes, but most of the conversation was about practical ways of evaluating changes to the javascript and css that gets published via global scripts and user scripts on the Wikimedia sites. @Krenair pointed out T71489, which is a longstanding request for wider availability of mwgrep, a tool that make global searching of our code easier. @Bawolff published the output of some recent runs of mwgrep he performed (P4268).

Where I think we ended up was a shared desired for better tools for flagging site scripts for review, based on periodic sweeps through the scripts. However, we don't yet have a plan for exactly what depth the reviews need to go, and how the review responsibilities should be divided.

daniel added a project: TechCom-RFC.
daniel moved this task from Under discussion to (unused) on the TechCom-RFC board.Nov 16 2016, 6:43 PM
Ltrlg added a subscriber: Ltrlg.Nov 26 2016, 12:50 AM
kchapman added a subscriber: kchapman.

Assistance was given to legal at the time. No action items at this time.

Declined, because no clear follow-up is needed right now.

Krinkle renamed this task from Survey Cookies/Local Storage usage on Wikimedia sites to RFC: Central registry for all keys in Cookies / Local Storage on Wikimedia sites.Jun 6 2018, 2:00 PM
Krinkle closed this task as Declined.
Krinkle edited projects, added TechCom; removed TechCom-RFC.
Krinkle edited projects, added TechCom-RFC; removed TechCom.