Page MenuHomePhabricator
Create Task
Maniphest T225599

Hidden Beacon pixel in Toolforge
Closed, InvalidPublic
Actions

Description

I have just detected in

https://tools.wmflabs.org/interaction-timeline

a 1×1 image

https://piwik.wikimedia.org/piwik.php?idsite=14

That is well known as beacon technique, and the sole purpose is to break privacy.

AFAIK for regular tools in tools.wmflabs.org browser profile, IP address and other details are hidden, and just some Content Negotiation information is disclosed.

  • Who is running sub-domain piwik.wikimedia.org?
  • mw:Extension:Matomo seems to use that piwik keyword.
  • Which persons get access to the collected results? I guess 14 does mean interaction-timeline.
  • Why are users not made aware of the fact that every tool access is recorded together with their full browser profile?

Related Objects

Event Timeline

PerfektesChaos created this task.Jun 12 2019, 9:45 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJun 12 2019, 9:45 AM
Aklapper added a project: InteractionTimeline.Jun 12 2019, 10:38 AM

@PerfektesChaos: I do not see any Security issue here, but rather a Privacy issue, so this task should be public?
T187374: Measure how many unique people visit the Timeline provides some background.

Why are users not made aware of the fact that every tool access is recorded together with their full browser profile?

Users are made aware. https://foundation.wikimedia.org/wiki/Privacy_policy covers this and is linked from the bottom of https://tools.wmflabs.org/interaction-timeline

PerfektesChaos added a comment.EditedJun 12 2019, 11:10 AM
In T225599#5252734, @Aklapper wrote:

Users are made aware. https://foundation.wikimedia.org/wiki/Privacy_policy covers this and is linked from the bottom of https://tools.wmflabs.org/interaction-timeline

While every other tools.wmflabs.org acess is hiding private browser fingerprint from tool developer, this one is using a hidden mechanism to record IP address and full browser profile by clandestine means.

  • Every tool developer may log all queries, recommended for tool improvement and error detection, but that will include just timestamp, all query parameters, and some general browser characteristics.
  • For identifying user groups, containing almost one person, the anonymous browser characteristics are sufficient and available to every tool developer.

The approach here gives the full IP data and complete browser and hardware and preferences and cookies and private information to unknown readers.

  • InteractionTimeline is used to spy on users suspicious to be sock puppets. Now everybody who is using that tool is subject for identification which physical user, identical with which Wiki account, is looking at such questions. It can be monitored which Wiki account is interested and expecting which other Wiki accounts are connected. I feel reminded to a Big Brother authority.
  • If such secret service means are built in it is necessary to make every user clearly aware that they are tracked and identified more than usual and expected. The general disclaimer on every WMF page does not tell that.
  • In T187374 task description I fail to see any explanation why it is necessary to identify every single individual rather than recording the browser access data, which is almost unlikely to be shared by two tool users.

I started as Security issue, since it might have been a non-public affair. If not, feel free to open it to public discussion, at Privacy and invite InteractionTimeline for the need of personal identification of every user of this particular tool.

dbarratt edited projects, added Analytics; removed acl*security.EditedJun 12 2019, 2:32 PM
dbarratt subscribed.

Matomo is an open source analytics platform. The foundation hosts a production instance of this software at piwik.wikimedia.org. Access to this instance is restricted. This software is used to collect analytics data on several small tools and projects to better inform our decision making. The data is collected, retained, and deleted in accordance with our Privacy Policy.

Restricted Application added a project: acl*security. · View Herald TranscriptJun 12 2019, 2:32 PM
dbarratt removed a project: acl*security.Jun 12 2019, 2:32 PM
dbarratt changed the visibility from "Custom Policy" to "Public (No Login Required)".
Nuria removed a project: Analytics.Jun 12 2019, 2:57 PM
dbarratt closed this task as Invalid.Jun 12 2019, 3:52 PM
Aklapper added a project: Privacy.Jun 12 2019, 4:08 PM
kaldari subscribed.Jun 12 2019, 5:14 PM
Niharika subscribed.Jun 12 2019, 6:56 PM
matmarex subscribed.Jun 12 2019, 7:07 PM
Marsupium subscribed.Jun 13 2019, 11:35 PM
sbassett triaged this task as Medium priority.Oct 16 2019, 4:36 PM
sbassett moved this task from Intake to Done on the Privacy board.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL