CentralNotice uses Math.random() to make a random selection quite a bit:
- Campaign selection, when the user is eligible for more than one campaign.
- Banner selection, when the user is eligible for more than one banner.
- Initial bucket selection on first pageview in a campaign.
- Re-randomized bucket selection following large banner display.
- Sampling pageviews for impression logging.
- Banner history log sampling.
Fundraising depends on all of these except (5) for tests, impression data, and even distribution of content among users. Non-FR campaigns also depend on (5) for impression data.
mw.user also provides transparent access to crypto.getRandomValues()or a shim on platforms where that's not available. This is leveraged by eventLogging for proper sampling.
We should replace Math.random() with functionality like this (and should do so in a way that re-uses the code in mw.user and eventLogging, instead of copy-pasta-ing).