Page MenuHomePhabricator

CentralNotice: Truer random selection in JS
Open, Needs TriagePublic

Description

CentralNotice uses Math.random() to make a random selection quite a bit:

  1. Campaign selection, when the user is eligible for more than one campaign.
  2. Banner selection, when the user is eligible for more than one banner.
  3. Initial bucket selection on first pageview in a campaign.
  4. Re-randomized bucket selection following large banner display.
  5. Sampling pageviews for impression logging.
  6. Banner history log sampling.

Fundraising depends on all of these except (5) for tests, impression data, and even distribution of content among users. Non-FR campaigns also depend on (5) for impression data.

However, implementations of the Math.random() vary among platforms, and some are not so great. Most platforms also offer a better alternative, crypto.getRandomValues().

mw.user also provides transparent access to crypto.getRandomValues()or a shim on platforms where that's not available. This is leveraged by eventLogging for proper sampling.

We should replace Math.random() with functionality like this (and should do so in a way that re-uses the code in mw.user and eventLogging, instead of copy-pasta-ing).