[This bug post is partially inspired by MZMcbride's post to wikitech-l - https://lists.wikimedia.org/pipermail/wikitech-l/2018-March/089640.html ]
https://status.wikimedia.org is a status monitor site hosted by CA App Synthetic Monitor (I think prviously they were called watchmouse).
The page does include things such as google analytics (See T115945). This is deemed ok because it is an "external" site.
However, since the site is under .wikimedia.org domain, I believe it should clearly state that it is not subject to our normal privacy policy. Our normal privacy policy has this to say:
> Wikimedia Sites with alternative policies
> Some Wikimedia Foundation websites have alternative privacy policies or provisions that differ from this Privacy Policy. These websites include:
>
> Wikimedia Shop (covered by the shop's policy); and
> donate.wikimedia.org, including the donation process, such as clicking on a donation banner (covered by the Donor Privacy Policy).
>
> These websites, and others like them, will provide a link to their privacy policy (if it stands alone) or to an explanation of any differing provisions (if the site's policy is based on this Privacy Policy).
And also of interest
> Third parties
> This Privacy Policy only covers the way the WMF collects and handles information. Third parties who might receive information when you use the Wikimedia Sites may include:
>
> Service providers whom we may use to help provide our services to you. For example, our actions regarding your information on our blog are covered by this Privacy Policy, but if our blog were hosted by WordPress, WordPress may also collect information sent automatically by your browser or through cookies that they set. If you are curious about any third-party provider's privacy practices, you should refer directly to their privacy policy.
My reading of all this [IANAL], is a site like status.wikimedia.org, which at first glance (due to domain) appears to be run by us, but isn't, and does things that would be unacceptable under normal privacy policy, should have an alternative privacy policy. Or at least clearly state its an external site.
I also have no idea what our relationship is with CA App Synthetic Monitor, but if we could convince them not to have google analytics on that page, that would be cool :)