Page MenuHomePhabricator

Hunt for Toolforge tools that load resources from third party sites
Open, MediumPublic

Description

Enumerating the list of tools at https://tools.wmflabs.org/admin/tools, and using use slimerjs to visit each tool to see where they load resources from, we can get a list of tools that are definitely loading third-party resources without consent.

Quick and dirty source code: P5822 P5823
Initial python output: P5824
More filtered output: P5825 (exclude lines with //wikidata.org/, //www.wikidata.org/, //mediawiki.org/, //www.mediawiki.org/, //phab.wmfusercontent.org/, : ERROR:, : TRACE:, : -> , Unable to load the address)
List of tools: P5826

This task shall track the tasks that ask each tool to load resources from wmf-internal locations (eg. cdnjs, fontcdn, maps.wikimedia.org, etc.), instead of external third-party sites (eg. google, bootstrapcdn, github, cloudflare, openstreetmap, etc.)

Related Objects

StatusSubtypeAssignedTask
OpenNone
OpenNone
OpenNone
ResolvedKenrick95
ResolvedDanmichaelo
OpenNone
ResolvedAsh_Crow
ResolvedKrinkle
OpenNone
ResolvedJarry1250
ResolvedAddshore
ResolvedSurlycyborg
OpenNone
ResolvedYarl
ResolvedBeta16
Resolvedferveo
ResolvedSamtar
ResolvedEmijrp
ResolvedMyst
ResolvedEarwig
OpenTpt
ResolvedFnielsen
OpenNone
ResolvedNone
ResolvedRicordisamoa
OpenNone
ResolvedRanjithsiji
OpenNone
ResolvedEpantaleo
OpenNone
ResolvedFastily
InvalidNone
OpenNone
OpenNone
Resolvedvalhallasw
ResolvedFramawiki
Declinedbd808
ResolvedCyberpower678
ResolvedSymac
ResolvedNone
ResolvedD3r1ck01
ResolvedSamtar
ResolvedAhecht
ResolvedJackPotte
ResolvedAviator
OpenNone
OpenNone
OpenNone
OpenNone
ResolvedKrinkle
ResolvedTheDJ
Resolved yuvipanda
ResolvedMatthewrbowker
Resolvedjrbs
ResolvedSamwilson
OpenYarl
ResolvedMusikAnimal
ResolvedMooeypoo
ResolvedSamtar
OpenNone
ResolvedPintoch
ResolvedFramawiki
OpenMaxSem
OpenNone
ResolvedSlashme
ResolvedIncola
OpenNone
ResolvedKenrick95
ResolvedTgr
ResolvedBenjavalero
ResolvedRicordisamoa
ResolvedFramawiki
OpenNone
ResolvedMmarx
ResolvedPrtksxna
ResolvedArlolra
ResolvedFastily
ResolvedSuperHamster
ResolvedFramawiki
ResolvedIjon
ResolvedSmalyshev
ResolvedFnielsen
ResolvedFramawiki
OpenNone
OpenRicordisamoa
Resolvedcdrini
ResolvedTarrow
ResolvedDB111
ResolvedRicordisamoa
OpenNone
ResolvedD3r1ck01
OpenNone
OpenNone
OpenNone
ResolvedRLuts
ResolvedEmijrp
ResolvedSamwilson
Resolved jmatazzoni
ResolvedSamwalton9
Resolveddbarratt
ResolvedLegoktm
ResolvedHusky
ResolvedMagnus
ResolvedKolossos
ResolvedLokal_Profil
OpenNone
ResolvedFramawiki
Resolvedsamuelguebo
ResolvedRagesoss
OpenNone
ResolvedRammanojpotla
ResolvedRagesoss
OpenNone
Resolvedthcipriani
Resolvedsrishakatux

Event Timeline

There are a very large number of changes, so older changes are hidden. Show Older Changes
Peachey88 moved this task from Intake to Doing on the Privacy board.Aug 14 2017, 10:02 AM
tom29739 renamed this task from Hunt for Toolforge tools that loads resources from third party sites to Hunt for Toolforge tools that load resources from third party sites.Aug 26 2017, 12:50 AM

@zhuyifei1999

https://tools.wmflabs.org/intuition/: https://translatewiki.net/w/i.php?title=Special:TranslationStats&graphit=1&count=edits&scale=months&days=250&width=520&height=400&group=tsint-0-all

^ Dunno...

Why excluding? TWN is clearly having different Privacy Policy, Terms of Use and licenses than WMF, or are you willing to purchase that site to be under WMF umbrella? Or any reason that can't make a dynamic dump from it rather than directly querying?

@zhuyifei1999

https://tools.wmflabs.org/intuition/: https://translatewiki.net/w/i.php?title=Special:TranslationStats&graphit=1&count=edits&scale=months&days=250&width=520&height=400&group=tsint-0-all

^ Dunno...

Why excluding? TWN is clearly having different Privacy Policy, Terms of Use and licenses than WMF, or are you willing to purchase that site to be under WMF umbrella? Or any reason that can't make a dynamic dump from it rather than directly querying?

I'm still waiting for the proper answers, or I can feel free to create a subtask for this?

or I can feel free to create a subtask for this?

go ahead.

Huji added a subscriber: Huji.Mar 11 2018, 9:11 PM

Is the following considered external resources or are they valid?

tools.wmflabs.org/wikivoyage/w/poimap2.php

The tool doesn't by default lead any external resources, and users are warned about it if they choose external-hosted layers Content with [icon] is hosted externally, so enabling it shares your data with other sites. IMO if a production side links to a layer hosted externally then that would be a problem. See also T186247

http://maps.wikivoyage-ev.org

They should change that to the replica on toolforge, https://tools.wmflabs.org/wikivoyage/w/artmap.php