On 22 July 2016 at 10:29, Ori Livneh <ori(a)wikimedia.org> wrote:
Starting with version 1.28, MediaWiki will provide
operators with the
option of sharing anonymous data about the local MediaWiki instance and its
environment with MediaWiki's developer community via a pingback to a URL
endpoint on
MediaWiki.org.
The configuration variable that controls this behavior ($wgPingback) will
default to false (that is: don't share data). The web installer will
display a checkbox for toggling this feature on and off, and it will be
checked by default (that is: *do* share data). This ensures (I hope) that
no one feels surprised or violated.
If it's disabled by default, isn't our standard practice not to
pre-tick the option?
The information that gets sent is described in <
https://meta.wikimedia.org/wiki/Schema:MediaWikiPingback>gt;. Here is a
summary of what we send:
- A randomly-generated unique ID for the wiki.
How is it randomly-generated? Is a true-random or a hash based on
provided info? Is there anything to prevent duplication?
…
- The chosen database backend (e.g., "mysql", "sqlite")
- The version of MediaWiki in use
- The version of PHP
- The name of the web server software in use (e.g. "Apache/1.3.14")
Neither the wiki name nor its location is shared.
If a organisation creates custom packages (with custom naming), this
could conceivably reveal information if they accidentally trigger this
option
The plan is to make this data freely available to all
MediaWiki developers.
Before that can happen, I will need to solicit reviews from security folks
and from the WMF's legal team, but I don't expect any major issues.
Has a draft of the Data Retention Guidelines and Data Access
Guidelines that you are planning to send to Legal been created/shared
yet?