Page MenuHomePhabricator
Create Task
Maniphest T145472

RFC: Central registry for all keys in Cookies / Local Storage on Wikimedia sites
Closed, DeclinedPublic
Actions

Description

Legal is interested in better understanding the use of cookies and local storage on the Wikimedia sites. We currently have a Cookie statement that describes how certain cookies are used on the Wikimedia sites but we understand that this list may not be inclusive of all cookies and local storage, such as those created by the community.

We would like to develop tools to help us inventory all cookies and local storage usage so that we can better understand their usage and document them.

Full details: https://www.mediawiki.org/wiki/Requests_for_comment/Survey_Cookies/Local_Storage_on_Wikimedia

Related Objects

Event Timeline

ZhouZ created this task.Sep 12 2016, 10:27 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptSep 12 2016, 10:27 PM
ZhouZ added a subscriber: dpatrick.Sep 12 2016, 10:28 PM
RobLa-WMF added a project: TechCom-Has-shepherd.Sep 12 2016, 11:12 PM
RobLa-WMF added a subscriber: RobLa-WMF.

Thanks for filing this, @ZhouZ. This week's Tech and Product onsite means I won't be able to attend then next ArchCom meeting, but I'm going to volunteer to shepherd this through the process. (Other folks in ArchCom: please leave this in the inbox until our 21 September meeting E272)

I'm trying to decide if this makes sense as an TechCom-RFC , and I'm not sure (it could go either way). It certainly deserves consideration by TechCom, and making it an TechCom-RFC is a pretty good way of getting the attention of the group.

Zhou, is the question you're getting at "what is a sustainable and practical way to track the cookies/LocalStorage that developers add to Wikimedia software?"

ZhouZ added a comment.Sep 12 2016, 11:14 PM

Thanks @RobLa-WMF for volunteering to shepherd this.

Zhou, is the question you're getting at "what is a sustainable and practical way to track the cookies/LocalStorage that developers add to Wikimedia software?"

Yes, this is the question - for tracking both existing and future usage.

Krenair added a subscriber: Krenair.Sep 12 2016, 11:17 PM
RobLa-WMF moved this task from Backlog to RobLa-WMF on the TechCom-Has-shepherd board.Sep 13 2016, 3:35 AM

Thanks @ZhouZ. It seems a good place to start is on mediawiki.org, so I was looking and found this:
https://www.mediawiki.org/wiki/Cookie_tracking

...which is a soft redirect to this:
https://meta.wikimedia.org/wiki/Privacy_policy/FAQ#Can_you_give_me_some_examples_of_types_of_cookies_and_how_you_use_local_storage.3F

...and presumably the information you're looking to keep up to date. Is that the right set of links?

I think the next step is to reshuffle some of your prose for the "Background", "Problem", and "Proposal" sections that come up when one fills in the empty fields using the "Create an RFC" wiki form here:
https://www.mediawiki.org/wiki/Requests_for_comment#Some_RFCs_on_wiki

MZMcBride added a subscriber: MZMcBride.Sep 13 2016, 3:45 AM
ZhouZ added a comment.Sep 13 2016, 6:26 PM

@RobLa-WMF, yes - actually both https://meta.wikimedia.org/wiki/Privacy_policy/FAQ#Can_you_give_me_some_examples_of_types_of_cookies_and_how_you_use_local_storage.3F
and https://wikimediafoundation.org/wiki/Cookie_statement contain the relevant (and same) cookie tables. This is the type of information we want to keep up to date and will be helped by this project.

For the https://www.mediawiki.org/wiki/Requests_for_comment#Some_RFCs_on_wiki link, should I then start filling it out?

RobLa-WMF added a comment.Sep 13 2016, 10:50 PM
In T145472#2634030, @ZhouZ wrote:

For the https://www.mediawiki.org/wiki/Requests_for_comment#Some_RFCs_on_wiki link, should I then start filling it out?

It's not required, but it's really helpful. So, by all means, please do! Since a lot of the work is around prose rather than code, mediawiki.org is a great place to collaborate on it. Once you've filled out the form, then it'll be possible to trim the description of this task, and make it a pointer to the longer wiki page.

ZhouZ added a comment.Sep 14 2016, 6:13 PM

@RobLa-WMF this is done - see https://www.mediawiki.org/wiki/Requests_for_comment/Survey_Cookies/Local_Storage_on_Wikimedia#Proposal.

RobLa-WMF moved this task from P1: Define to Under discussion on the TechCom-RFC board.Sep 28 2016, 7:26 PM
RobLa-WMF triaged this task as Medium priority.Sep 28 2016, 7:39 PM
zhuyifei1999 added a subscriber: zhuyifei1999.Oct 6 2016, 9:58 AM
RobLa-WMF mentioned this in E323: ArchCom RFC Meeting W42: Surveying Cookie Use (2016-10-19 #wikimedia-office).Oct 18 2016, 4:27 AM
RobLa-WMF added a comment.Oct 18 2016, 4:29 AM

We have this tentatively planned as our IRC meeting topic for this Wednesday:

E323: ArchCom RFC Meeting W42: Surveying Cookie Use (2016-10-19 #wikimedia-office)

RobLa-WMF renamed this task from Surveying Cookie Use to Survey Cookies/Local Storage usage on Wikimedia sites.Oct 18 2016, 4:33 AM
RobLa-WMF updated the task description. (Show Details)
Scott_WUaS added a subscriber: Scott_WUaS.Oct 18 2016, 9:14 PM
Nikerabbit added a subscriber: Nikerabbit.Oct 19 2016, 3:39 PM
Tbayer added a subscriber: Tbayer.Oct 19 2016, 6:15 PM
AndyRussG added a subscriber: AndyRussG.Oct 19 2016, 10:07 PM
Bawolff added a comment.Oct 19 2016, 10:55 PM

See P4268 for a (somewhat naive) grep for instances of setting cookies with user scripts/gadgets. (Was requested I pastebin this during meeting)

RobLa-WMF mentioned this in P4267 ArchCom-RFC-2016W42-irc-E323.txt.Oct 20 2016, 9:07 PM
RobLa-WMF added a comment.Oct 20 2016, 10:13 PM

Great conversation yesterday about this topic. See E323 for the semi-automated summary of the discussion.

My understanding of the discussion: @ZhouZ wants to make sure that our stated privacy policy is as useful as possible, and to double check its accuracy. He is focused on our Privacy Policy answer to the question "What types of cookies does Wikimedia use?" There was a bit of conversation about what the developers would suggest as changes, but most of the conversation was about practical ways of evaluating changes to the javascript and css that gets published via global scripts and user scripts on the Wikimedia sites. @Krenair pointed out T71489, which is a longstanding request for wider availability of mwgrep, a tool that make global searching of our code easier. @Bawolff published the output of some recent runs of mwgrep he performed (P4268).

Where I think we ended up was a shared desired for better tools for flagging site scripts for review, based on periodic sweeps through the scripts. However, we don't yet have a plan for exactly what depth the reviews need to go, and how the review responsibilities should be divided.

daniel removed a project: TechCom-RFC.Nov 16 2016, 6:39 PM
daniel added a project: TechCom-RFC.
daniel moved this task from Under discussion to (unused) on the TechCom-RFC board.Nov 16 2016, 6:43 PM
daniel removed a project: TechCom-Has-shepherd.Nov 16 2016, 6:46 PM
Ltrlg added a subscriber: Ltrlg.Nov 26 2016, 12:50 AM
Krinkle moved this task from (unused) to Under discussion on the TechCom-RFC board.Dec 22 2017, 12:46 AM
kchapman moved this task from Under discussion to Declined on the TechCom-RFC board.Mar 9 2018, 8:48 PM
kchapman added a subscriber: kchapman.

Assistance was given to legal at the time. No action items at this time.

Declined, because no clear follow-up is needed right now.

Krinkle renamed this task from Survey Cookies/Local Storage usage on Wikimedia sites to RFC: Central registry for all keys in Cookies / Local Storage on Wikimedia sites.Jun 6 2018, 2:00 PM
Krinkle closed this task as Declined.
Krinkle edited projects, added TechCom; removed TechCom-RFC.
Krinkle edited projects, added TechCom-RFC; removed TechCom.
Content licensed under Creative Commons Attribution-ShareAlike 3.0 (CC-BY-SA) unless otherwise noted; code licensed under GNU General Public License (GPL) or other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL