Isn't pretty much everything on MediaWiki publicly logged? What would lead someone to believe this wouldn't be?

The analogues to MediaWiki's thanks—the Facebook Like and the Twitter Favorite—are recorded in public.

In order to allow us to focus on the technical side of this, let me mention that the fact that person A thanked person B for edit X is not considered non-public personal information under the Wikimedia privacy policy and therefore the public logging of a thank action cannot be considered a privacy violation.

Coming back to the issue at hand, the other option is to add a message informing the user that their action will be visible in a public log (or, as Rillke mentioned, disabling the logging at all, on a per-wiki basis if possible).

In T90486#1060332, @Harej wrote:

Isn't pretty much everything on MediaWiki publicly logged? What would lead someone to believe this wouldn't be?

The analogues to MediaWiki's thanks—the Facebook Like and the Twitter Favorite—are recorded in public.

1. We are not Facebook, nor do we like to become a replacement for Facebook one day. We want to work together collaboratively and not share our private lifes with the public. Please respect that.
2. While a lot of things related to editing and that are relevant to the whole editing community are publicly logged, sending private e-Mail isn't. A "thanks" is not relevant to the public or whole community and secondly, it's a personal message.

I just stumbled across this quotation which nicely summarizes the issue:
"Danke ist wirklich ein schönes Feature, dessen Messbarkeit aber die Gefahr birgt seinen positiven Nutzen zu konterkarieren. Wenn dieses nette, informelle und gefühlt vertrauliche Danke zu etwas wird, das man gegeneinander aufrechnet und für Streit sorgt, erreicht es genau das Gegenteil von dem wofür es erschaffen wurde."

@Harej, we possibly have different ideas of how to edit Wikipedia or using MediaWiki; my idea is that personal messages stay private.

A "thank you" is, despite it's just a button, always a personal message.

Exactly. And almost every single personal message sent on the wiki (talk page messages, simply replying without mentioning someone, ping/mentioning someone in any context, any Flow post, etc.) is public. The only exception I know is Special:EmailUser.

The analogues to MediaWiki's thanks—the Facebook Like and the Twitter Favorite—are recorded in public.

Also true. True, we are not Facebook. However, given that the feature works similarly to Like, people familiar with Facebook or Twitter (not everyone, I know!) will expect it to be public (probably more public than it actually is, in fact).

The Privacy Policy also is clear, "Any content you add or any change that you make to a Wikimedia Site will be publicly and permanently available.
" and "Unless this Policy says otherwise, you should assume that information that you actively contribute to the Wikimedia Sites, including personal information, is publicly visible and can be found by search engines."

In T90486#1060344, @tomasz wrote:

In order to allow us to focus on the technical side of this, let me mention that the fact that person A thanked person B for edit X is not considered non-public personal information under the Wikimedia privacy policy and therefore the public logging of a thank action cannot be considered a privacy violation.

Okay, let's start a new discussion about that policy on Meta. A private message should be considered private information.

+1 to @Harej it's only normal that a thing in wiki is public. It's default state of things, so no further warning is needed. And that log isn't actually as public as for example I would want it to be — unlike notifications it does not say what exactly thank was for, just to whom it was.

In T90486#1060362, @Mattflaschen wrote:

The Privacy Policy also is clear, "Any content you add or any change that you make to a Wikimedia Site will be publicly and permanently available.
" and "Unless this Policy says otherwise, you should assume that information that you actively contribute to the Wikimedia Sites, including personal information, is publicly visible and can be found by search engines."

It is not content but a message. That message is not written to a public page but it looks like it's directly sent to a user. Apart from that, Wikimedia's policies are probably not binding for the discussion of this extension. How we are used to use MediaWiki possibly is.

In T90486#1060369, @Base wrote:

+1 to @Harej it's only normal that a thing in wiki is public. It's default state of things, so no further warning is needed. And that log isn't actually as public as for example I would want it to be — unlike notifications it does not say what exactly thank was for, just to whom it was.

It's pretty much useless, indeed.

Anyone who mentions privacy nightmares like Facebook, Twitter, Google or such has obviously no idea of privacy at all. Facebook is the very opposite of good privacy, doing something "like Facebook" in regards of privacy is the same as doing something completely wrong.

Thanks should be something private, as expected, nobody should see this besides the two involved.

In T90486#1060639, @Aklapper wrote:

In T90486#1060366, @Rillke wrote:

Okay, let's start a new discussion about that policy on Meta. A private message should be considered private information.

That seems to be the way to go to get a broader picture. Until that happened, I don't consider this task a request that should be acted on.
Hence setting task status to "stalled" and lowering the priority temporarily until discussion has taken place (link welcome!).

Privacy is no issue for you? A completely wrong approach. Privacy trumps such useless stuff. In doubt privacy has to be implemented and everything else has to take the back seat.
So the logical reasoning should be: As long as no consensus about this is reached, no logging should take place.

In T90486#1060651, @Saenger wrote:

Privacy is no issue for you?

Oh, I never said so. :) But the underlying topic of this task ("privacy vs. transparency" I guess) indeed seems to touch a bigger question that is very worth to be discussed first on a broader level before taking sudden actions (as the current situation has been like this since 2013 if I understand correctly; if not please correct me). I wasn't after stop energy here but rather after consistency.

I tend to agree with @Harej and @Base here.

I suggest this bug request is closed. If the proposal is to have a blanket switch-off of the thanks logs (which is a question of setting an optional flag in the MW software, according to the component documentation) then this must first have a community consensus, preferably on each project that uses the thanks notifications. No action should be taken without the support of a well-established consensus on-wiki, not a consensus evolved in a thread on phabricator, where most of our volunteers are neither interested in looking at the tech-chat, and do not have accounts.

It would be a serious debate, considering that if anyone wanted to privately thank a contributor, they have the email option available. If an account does not have email enabled, then it seems a fair assumption that the account owner *prefers* to have all communications about their public on-wiki activities held in public.

P.S. I introduced an opt-out for my thanks reports, extending basic courtesy this way is a separate issue from whether all users want to have notifications of certain types excluded from public logs.

Change 194436 had a related patch set uploaded (by Mattflaschen):
Notify the user that thanks are public

https://gerrit.wikimedia.org/r/194436

Change 194437 had a related patch set uploaded (by Mattflaschen):
Notify the user that their thanks are public

https://gerrit.wikimedia.org/r/194437

Change 194436 merged by jenkins-bot:
Notify the user that thanks are public

https://gerrit.wikimedia.org/r/194436

Change 194437 merged by jenkins-bot:
Notify the user that their thanks are public

https://gerrit.wikimedia.org/r/194437