Page MenuHomePhabricator

Tool "styleguide" redirects to GitHub without consent
Closed, ResolvedPublic

Description

https://tools.wmflabs.org/styleguide/: https://wikimedia.github.io/WikimediaUI-Style-Guide/
$ curl -v https://tools.wmflabs.org/styleguide/ 2>&1 | grep Location
< Location: https://wikimedia.github.io/WikimediaUI-Style-Guide/

Please add a warning about potential change in Privacy Policy and ask for consent before redirecting to a third party site. See also: T129936#2121192

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptAug 8 2017, 10:04 PM
Prtksxna claimed this task.Aug 9 2017, 9:50 AM

This would be my fault from T154703: Remove old MediaWiki UI tool labs instance, http://tools.wmflabs.org/styleguide/, sorry! I have removed the redirect now and added a notice instead.

$ curl -I http://tools.wmflabs.org/styleguide/
HTTP/1.1 200 OK
Server: nginx/1.11.13
Date: Wed, 09 Aug 2017 09:41:14 GMT
Content-Type: text/html
Content-Length: 1188
Connection: keep-alive
Last-Modified: Thu, 09 Feb 2017 08:10:42 GMT

@zhuyifei1999 Do we need anything else to resolve this?

zhuyifei1999 closed this task as Resolved.Aug 9 2017, 9:53 AM

@zhuyifei1999 Do we need anything else to resolve this?

Nope. Thanks!

Volker_E added a subscriber: Volker_E.EditedAug 14 2017, 7:05 PM

@Prtksxna @zhuyifei1999 T129936 clearly explains the privacy concerns on server access.

@Prtksxna @zhuyifei1999 T129936 clearly explains the privacy concerns on server access.

What do you mean? Quote T129936#2120867:

My gut feeling says that when a user clicks on such a link,
he has an expectation of privacy according to the relevant
policy for Wikimedia Tools and the silent change in the URL
field does not put the onus to detect the connection to a
third-party site on him (especially since with most browsers
his data is passed onto the third-party site before he has a
chance to react), but that the tool author at Wikimedia
Tools has an obligation to make any such redirect obvious,
for example with an interstitial that requires active user
consent to proceed.