Sending "thanks" does not imply that this will publicly logged
Closed, ResolvedPublic

Description

How to reproduce?

  • Go to a wiki with Extension:Thanks installed. Open the revision history of a page. Press the "thanks" link and confirm.
  • The fact that a thank you message has been sent will be publicly logged including sender and receiver.

Expected behaviour:

  • The "thank you" will be displayed to a user but is not publicly logged.

A "thank you" is, despite it's just a button, always a personal message. It's totally unexpected to be publicly logged, if not even a privacy violation. There is no indication when sending "thanks" that this action will be logged publicly.

T90483 is a site request for turning the thanks log off.


For context on why the feature works like this, see T51087: Specify which edit was thanked in Special:Log/thanks, both for private and public records' sake, if configured to do so (we do not specify the edit, but we do specify the sender and recipient to prevent abuse, as explained there). There are also several bugs (duplicates of that) requesting we add more information to the public log.

A previous request to disable this logging was declined at T57428: Remove all logging for the Thanks extension.

Rillke created this task.Feb 23 2015, 9:02 PM
Rillke updated the task description. (Show Details)
Rillke raised the priority of this task from to High.
Rillke added a project: Thanks.
Rillke added a subscriber: Rillke.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptFeb 23 2015, 9:02 PM
Harej added a subscriber: Harej.Feb 23 2015, 9:05 PM

Isn't pretty much everything on MediaWiki publicly logged? What would lead someone to believe this wouldn't be?

The analogues to MediaWiki's thanks—the Facebook Like and the Twitter Favorite—are recorded in public.

tomasz added a subscriber: tomasz.Feb 23 2015, 9:10 PM

In order to allow us to focus on the technical side of this, let me mention that the fact that person A thanked person B for edit X is not considered non-public personal information under the Wikimedia privacy policy and therefore the public logging of a thank action cannot be considered a privacy violation.

Coming back to the issue at hand, the other option is to add a message informing the user that their action will be visible in a public log (or, as Rillke mentioned, disabling the logging at all, on a per-wiki basis if possible).

Rillke added a comment.EditedFeb 23 2015, 9:12 PM

Isn't pretty much everything on MediaWiki publicly logged? What would lead someone to believe this wouldn't be?

The analogues to MediaWiki's thanks—the Facebook Like and the Twitter Favorite—are recorded in public.

  1. We are not Facebook, nor do we like to become a replacement for Facebook one day. We want to work together collaboratively and not share our private lifes with the public. Please respect that.
  2. While a lot of things related to editing and that are relevant to the whole editing community are publicly logged, sending private e-Mail isn't. A "thanks" is not relevant to the public or whole community and secondly, it's a personal message.

I just stumbled across this quotation which nicely summarizes the issue:
"Danke ist wirklich ein schönes Feature, dessen Messbarkeit aber die Gefahr birgt seinen positiven Nutzen zu konterkarieren. Wenn dieses nette, informelle und gefühlt vertrauliche Danke zu etwas wird, das man gegeneinander aufrechnet und für Streit sorgt, erreicht es genau das Gegenteil von dem wofür es erschaffen wurde."

@Harej, we possibly have different ideas of how to edit Wikipedia or using MediaWiki; my idea is that personal messages stay private.

A "thank you" is, despite it's just a button, always a personal message.

Exactly. And almost every single personal message sent on the wiki (talk page messages, simply replying without mentioning someone, ping/mentioning someone in any context, any Flow post, etc.) is public. The only exception I know is Special:EmailUser.

The analogues to MediaWiki's thanks—the Facebook Like and the Twitter Favorite—are recorded in public.

Also true. True, we are not Facebook. However, given that the feature works similarly to Like, people familiar with Facebook or Twitter (not everyone, I know!) will expect it to be public (probably more public than it actually is, in fact).

The Privacy Policy also is clear, "Any content you add or any change that you make to a Wikimedia Site will be publicly and permanently available.
" and "Unless this Policy says otherwise, you should assume that information that you actively contribute to the Wikimedia Sites, including personal information, is publicly visible and can be found by search engines."

In order to allow us to focus on the technical side of this, let me mention that the fact that person A thanked person B for edit X is not considered non-public personal information under the Wikimedia privacy policy and therefore the public logging of a thank action cannot be considered a privacy violation.

Okay, let's start a new discussion about that policy on Meta. A private message should be considered private information.

Base added a subscriber: Base.Feb 23 2015, 9:16 PM

+1 to @Harej it's only normal that a thing in wiki is public. It's default state of things, so no further warning is needed. And that log isn't actually as public as for example I would want it to be — unlike notifications it does not say what exactly thank was for, just to whom it was.

In T90486#1060362, @Mattflaschen wrote:

The Privacy Policy also is clear, "Any content you add or any change that you make to a Wikimedia Site will be publicly and permanently available.
" and "Unless this Policy says otherwise, you should assume that information that you actively contribute to the Wikimedia Sites, including personal information, is publicly visible and can be found by search engines."

It is not content but a message. That message is not written to a public page but it looks like it's directly sent to a user. Apart from that, Wikimedia's policies are probably not binding for the discussion of this extension. How we are used to use MediaWiki possibly is.

+1 to @Harej it's only normal that a thing in wiki is public. It's default state of things, so no further warning is needed. And that log isn't actually as public as for example I would want it to be — unlike notifications it does not say what exactly thank was for, just to whom it was.

It's pretty much useless, indeed.

Mattflaschen-WMF set Security to None.
Mattflaschen-WMF updated the task description. (Show Details)

Anyone who mentions privacy nightmares like Facebook, Twitter, Google or such has obviously no idea of privacy at all. Facebook is the very opposite of good privacy, doing something "like Facebook" in regards of privacy is the same as doing something completely wrong.

Thanks should be something private, as expected, nobody should see this besides the two involved.

Rillke removed a subscriber: Rillke.Feb 23 2015, 9:30 PM
Aklapper lowered the priority of this task from High to Low.Feb 23 2015, 10:09 PM
Aklapper added a subscriber: Rillke.

Okay, let's start a new discussion about that policy on Meta. A private message should be considered private information.

That seems to be the way to go to get a broader picture. Until that happened, I don't consider this task a request that should be acted on.
Hence setting task status to "stalled" and lowering the priority temporarily until discussion has taken place (link welcome!).

Aklapper changed the task status from Open to Stalled.Feb 23 2015, 10:09 PM
Rillke removed a subscriber: Rillke.Feb 23 2015, 10:12 PM
Harej removed a subscriber: Harej.Feb 23 2015, 10:13 PM
Saenger added a subscriber: Rillke.EditedFeb 23 2015, 10:15 PM

Okay, let's start a new discussion about that policy on Meta. A private message should be considered private information.

That seems to be the way to go to get a broader picture. Until that happened, I don't consider this task a request that should be acted on.
Hence setting task status to "stalled" and lowering the priority temporarily until discussion has taken place (link welcome!).

Privacy is no issue for you? A completely wrong approach. Privacy trumps such useless stuff. In doubt privacy has to be implemented and everything else has to take the back seat.
So the logical reasoning should be: As long as no consensus about this is reached, no logging should take place.

Rillke removed a subscriber: Rillke.Feb 23 2015, 10:25 PM

Privacy is no issue for you?

Oh, I never said so. :) But the underlying topic of this task ("privacy vs. transparency" I guess) indeed seems to touch a bigger question that is very worth to be discussed first on a broader level before taking sudden actions (as the current situation has been like this since 2013 if I understand correctly; if not please correct me). I wasn't after stop energy here but rather after consistency.

Aklapper added a subscriber: Qgil.Feb 23 2015, 10:30 PM
Elitre added a subscriber: Elitre.Feb 24 2015, 7:00 PM

I tend to agree with @Harej and @Base here.

Fae added a subscriber: Fae.Mar 3 2015, 11:36 AM

I suggest this bug request is closed. If the proposal is to have a blanket switch-off of the thanks logs (which is a question of setting an optional flag in the MW software, according to the component documentation) then this must first have a community consensus, preferably on each project that uses the thanks notifications. No action should be taken without the support of a well-established consensus on-wiki, not a consensus evolved in a thread on phabricator, where most of our volunteers are neither interested in looking at the tech-chat, and do not have accounts.

It would be a serious debate, considering that if anyone wanted to privately thank a contributor, they have the email option available. If an account does not have email enabled, then it seems a fair assumption that the account owner *prefers* to have all communications about their public on-wiki activities held in public.

P.S. I introduced an opt-out for my thanks reports, extending basic courtesy this way is a separate issue from whether all users want to have notifications of certain types excluded from public logs.

Change 194436 had a related patch set uploaded (by Mattflaschen):
Notify the user that thanks are public

https://gerrit.wikimedia.org/r/194436

Change 194437 had a related patch set uploaded (by Mattflaschen):
Notify the user that their thanks are public

https://gerrit.wikimedia.org/r/194437

Change 194436 merged by jenkins-bot:
Notify the user that thanks are public

https://gerrit.wikimedia.org/r/194436

Steinsplitter closed this task as Resolved.Mar 6 2015, 10:19 AM

rEFLW05686e0b12ef is adding a notice that the thank is public. closing :-)

Harej removed a subscriber: Harej.Mar 9 2015, 11:57 PM

Change 194437 merged by jenkins-bot:
Notify the user that their thanks are public

https://gerrit.wikimedia.org/r/194437

Mattflaschen-WMF closed this task as Resolved.Mar 10 2015, 5:47 PM