On Tue, Dec 18, 2012 at 5:41 PM, Kevin Israel <pleasest...@live.com> wrote:

>
> Even if you do not check "Remember my login on this browser", the
> username is saved for 180 days (which, by the way, is four times the
> duration set out in the WMF privacy policy). As far as I can tell, this
> "feature" has existed at least since the phase3 reorg in 2003, if not
> before then.

Not really. The cookie expiration was bumped to 180 days back in
August of 2011.  Before that we had a shorter expiry. See
https://www.mediawiki.org/wiki/Special:Code/MediaWiki/94430 . Given
that the user has to agree to the remember me function, I do not feel
this is a privacy concern.

>Ideally, an anonymous user, whether or not they have ever been logged in as a 
>>registered user, will not transmit any personally identifying information in 
>their >requests.

I'm not sure, but I thought I heard somewhere that we give logged out
users cookies to ensure that some local caching is invalidated.

-bawolff

_______________________________________________
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l

Reply via email to