On 22 July 2016 at 10:29, Ori Livneh <o...@wikimedia.org> wrote: > Starting with version 1.28, MediaWiki will provide operators with the > option of sharing anonymous data about the local MediaWiki instance and its > environment with MediaWiki's developer community via a pingback to a URL > endpoint on MediaWiki.org. > > The configuration variable that controls this behavior ($wgPingback) will > default to false (that is: don't share data). The web installer will > display a checkbox for toggling this feature on and off, and it will be > checked by default (that is: *do* share data). This ensures (I hope) that > no one feels surprised or violated.
If it's disabled by default, isn't our standard practice not to pre-tick the option? > The information that gets sent is described in < > https://meta.wikimedia.org/wiki/Schema:MediaWikiPingback>. Here is a > summary of what we send: > > - A randomly-generated unique ID for the wiki. How is it randomly-generated? Is a true-random or a hash based on provided info? Is there anything to prevent duplication? > … > - The chosen database backend (e.g., "mysql", "sqlite") > - The version of MediaWiki in use > - The version of PHP > - The name of the web server software in use (e.g. "Apache/1.3.14") > > Neither the wiki name nor its location is shared. If a organisation creates custom packages (with custom naming), this could conceivably reveal information if they accidentally trigger this option > The plan is to make this data freely available to all MediaWiki developers. > Before that can happen, I will need to solicit reviews from security folks > and from the WMF's legal team, but I don't expect any major issues. Has a draft of the Data Retention Guidelines and Data Access Guidelines that you are planning to send to Legal been created/shared yet? _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
