Thanks, that clarifies matters for me. I wasn't aware of #1, though I guess upon reflection that makes sense.
-Mike On Thu, 2009-06-04 at 11:07 -0400, Gregory Maxwell wrote: > On Thu, Jun 4, 2009 at 11:01 AM, Mike.lifeguard > <mikelifegu...@fastmail.fm> wrote: > > On Thu, 2009-06-04 at 15:34 +0100, David Gerard wrote: > > > >> Then external site loading can be blocked. > > > > > > Why do we need to block loading from all external sites? If there are > > specific & problematic ones (like google analytics) then why not block > > those? > > Because: > > (1) External loading results in an uncontrolled leak of private reader > and editor information to third parties, in contravention of the > privacy policy as well as basic ethical operating principles. > > (1a) most external loading script usage will also defeat users choice > of SSL and leak more information about their browsing to their local > network. It may also bypass any wikipedia specific anonymization > proxies they are using to keep their reading habits private. > > (2) External loading produces a runtime dependency on third party > sites. Some other site goes down and our users experience some kind of > loss of service. > > (3) The availability of external loading makes Wikimedia a potential > source of very significant DDOS attacks, intentional or otherwise. > > Thats not to say that there aren't reasons to use remote loading, but > the potential harms mean that it should probably be a default-deny > permit-by-exception process rather than the other way around. > > _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l