Wikimedia Foundation website includes Wordpress tracking pixel
Open, HighPublic

Description

Anyone who uses the new website as an entry point to our other projects is being tracked by this service. The request to pixel.wp.com is made even when the Do Not Track header is sent. This domain is in the default block list for popular ad blockers.

I am adding fundraising-backlog because this issue is of extra importance to people who might click the "donate" link on the new site.

Edited to be less speculative

See also T201022: Third party resources loaded by wikimediafoundation.org

cwdent created this task.Aug 7 2018, 3:12 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptAug 7 2018, 3:12 PM
cwdent updated the task description. (Show Details)Aug 7 2018, 5:32 PM
Reedy updated the task description. (Show Details)Aug 9 2018, 12:38 AM
Reedy updated the task description. (Show Details)
TheDJ added a subscriber: TheDJ.Aug 10 2018, 1:40 PM
Yair_rand added a subscriber: Yair_rand.

It looks like there is tracking of all navigation to external sites with this. For example, when I clicked on "Donate Now", the following request was sent:
https://pixel.wp.com/c.gif?s=2&u=https%3A%2F%2Fdonate.wikimedia.org%2F&r=&b=147851870&p=10&rand=0.17689332155574422

This happened despite Do Not Track being enabled (this confirms the behaviour described in the task description).

Addshore triaged this task as High priority.EditedAug 30 2018, 10:16 AM
Addshore added a subscriber: Addshore.
Tbayer added a subscriber: Tbayer.Aug 30 2018, 10:23 AM

Note that wp.com is not a third party here (except in a purely technical sense like commons.wikimedia.org is for en.wikipedia.org), it's hosted by the same entity as the main domain wikimediafoundation.org. See T201022#4544867

These scripts have been disabled while we investigate them further.