https://disconnect.me works well for this with both AdBlock (which can do the same thing by itself with its advanced options) and AdBlock Plus (which can't, and is a completely different product.)
On Sat, Mar 17, 2018 at 1:24 AM, Liam Wyatt <liamwy...@gmail.com> wrote: > How insidious! > “we encourage you to consider tools which block unwanted third-party > scripts like the one provided by Facebook.” > - where can I go to learn more about that specifically? > > Thank you Greg, for having the unenviable task of being the bearer of bad > news, and to all those involved in this; you had with the talent to > identify and remove this code, and the principles to tell us about it. > > > > On Sat, 17 Mar 2018 at 04:22, Michael Peel <em...@mikepeel.net> wrote: > >> Hi Gregory, >> >> Thank you and the WMF for sharing this information so quickly after the >> event. It’s regrettable that this happened, but openness is the best way >> forward here. The WMF is being exceptional both with spotting this kind of >> issue so quickly and being publicly open about the fact that it happened. >> >> Is there a phabricator ticket that is tracking this issue and/or a wiki >> page that documents the issue and the steps that will be taken to avoid it >> happening again in the future? >> >> Thanks, >> Mike >> >> > On 16 Mar 2018, at 22:57, Gregory Varnum <gvar...@wikimedia.org> wrote: >> > >> > On 14 March and 15 March 2018, a CentralNotice banner appeared to some >> logged-out users viewing English Wikipedia pages. The banner contained >> JavaScript hosted by Facebook, which allowed Facebook to collect traffic >> data from those who visited a page with a banner. The banner was prepared >> by the Wikimedia Foundation. The Foundation turned the banner off as soon >> as we learned how the script was running, and its potential scope. We have >> also removed all references to the code in question from CentralNotice on >> Meta-Wiki. >> > >> > The code utilized in this banner was based on an unused prototype >> created by an outside vendor. Because the prototype was never enabled, the >> vendor’s prototype code was not subjected to our standard quality assurance >> process. However, we made the mistake of reusing the code for a different >> purpose, and implementing it based on recommendations in documentation from >> Twitter and Facebook to improve the appearance of shared links. At the >> time, our understanding was that the platforms would only receive traffic >> data if the user clicked on the link. Although this was true for Twitter, >> the Facebook code operated differently. >> > >> > We discovered the problematic link configurations during our ongoing >> monitoring of live banners. The recommended code enhanced not only the >> appearance of links, it also enhanced Facebook's ability to collect >> information on people visiting non-Facebook sites. As soon as we realized >> these banners were sharing information without even having to click the >> link, we disabled them and began an investigation. Staff in multiple >> departments are collaboratively reviewing the incident as well as >> procedural and technical improvements to prevent future incidents. >> > >> > While this sort of tracking is commonplace today across most of the >> internet, it is not consistent with our policies. We are disappointed that >> this type of hidden data collection is routinely recommended by major >> platforms, without clearer disclosure. >> > >> > These practices are why we all must regularly take routine steps to >> maintain a secure computer and account. As the Wikimedia Foundation >> continues to explore ways we can do that within Wikimedia's platform, we >> encourage you to consider tools which block unwanted third-party scripts >> like the one provided by Facebook. >> > >> > We apologize for sending this late on a Friday (San Francisco time). >> However, we wanted to provide this information as quickly as possible. >> > _______________________________________________ >> > Wikimedia-l mailing list, guidelines at: >> https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and >> https://meta.wikimedia.org/wiki/Wikimedia-l >> > New messages to: Wikimedia-l@lists.wikimedia.org >> > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, >> <mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe> >> >> >> _______________________________________________ >> Wikimedia-l mailing list, guidelines at: >> https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and >> https://meta.wikimedia.org/wiki/Wikimedia-l >> New messages to: Wikimedia-l@lists.wikimedia.org >> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, >> <mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe> > _______________________________________________ > Wikimedia-l mailing list, guidelines at: > https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and > https://meta.wikimedia.org/wiki/Wikimedia-l > New messages to: Wikimedia-l@lists.wikimedia.org > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, > <mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe> _______________________________________________ Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/wiki/Wikimedia-l New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe>
