On Thu, Jun 4, 2009 at 11:01 AM, Mike.lifeguard <mikelifegu...@fastmail.fm> wrote: > On Thu, 2009-06-04 at 15:34 +0100, David Gerard wrote: > >> Then external site loading can be blocked. > > > Why do we need to block loading from all external sites? If there are > specific & problematic ones (like google analytics) then why not block > those?
Because: (1) External loading results in an uncontrolled leak of private reader and editor information to third parties, in contravention of the privacy policy as well as basic ethical operating principles. (1a) most external loading script usage will also defeat users choice of SSL and leak more information about their browsing to their local network. It may also bypass any wikipedia specific anonymization proxies they are using to keep their reading habits private. (2) External loading produces a runtime dependency on third party sites. Some other site goes down and our users experience some kind of loss of service. (3) The availability of external loading makes Wikimedia a potential source of very significant DDOS attacks, intentional or otherwise. Thats not to say that there aren't reasons to use remote loading, but the potential harms mean that it should probably be a default-deny permit-by-exception process rather than the other way around. _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
