[00:41:03] @dmehus can you send me the update in my dms i will be out tommrow so can you dm me it now [00:43:28] ^^ [00:46:22] Does anyone know what’s so wrong about my bots username? https://meta.miraheze.org/wiki/User:WhatABigBlueWorld DarkMatterMan4500 DM’d me wondering about it [00:46:23] [url] User:WhatABigBlueWorld - Miraheze Meta | meta.miraheze.org [00:46:48] Or the account? [00:51:27] has anyone seen dmehus [00:56:40] I didn't want to out you for having a similar name to that of what the vandal had. [01:01:23] hi [01:05:32] Could a Meta admin or someone with privs at Meta edit [[Responding to threats]] and change "Contact the board" to "Contact Trust & Safety" (as T&S handles those emails)? I tried to and tripped the abuse filter [01:05:32] https://meta.miraheze.org/wiki/Responding_to_threats [01:05:33]

https://meta.miraheze.org/wiki/Responding_to_threats [01:05:34] [url] Responding to threats - Miraheze Meta | meta.miraheze.org [01:05:35] [url] Responding to threats - Miraheze Meta | meta.miraheze.org [01:06:34] dmehus: Thanks! [01:08:47] @dmehus are you ignoring me sorry but anyways whats my results since i cannot be on tommrow its a holiday? [07:49:12] MrC: I know other A records don't work. Didn't know it impacted all records. What records do you have at the root? [15:14:30] is there a way to make .js pages larger? [15:14:51] I have one script here, but it's too large to be placed on-wiki [15:15:37] and I can't use it via JSDelivr because it has some specific paths that don't work on wiki (so I had to modify) [15:29:08] Too large to be placed on wiki? [15:29:11] How big is it? [15:32:50] oh, nvm, it's working now... I tried to do this some months ago and for some reason it did not work saying it was too large [16:13:57] RhinosF1 actually, it's happening now. The updated script is slightly lighter but it doesn't work on MW because it requires some WASM files that I can't upload. This older version is a bit longer than the limit [16:13:57] https://cdn.discordapp.com/attachments/435711390544560128/861278667589550100/unknown.png [16:14:36] Ack [16:14:40] I'll talk to people [16:23:34] That's the max article size limit, I'm not sure we can, or should expand that [16:24:40] How many thousand words could you fit on the artcile limet? [16:28:12] @Lake: can you minify it? [16:28:25] @Void: we technically can. Like the config is there. [16:28:33] Whether we should is whole other planet [16:33:58] But my honest answer is maybe that should be an extension [16:34:01] Or split up [16:36:20] It's about 2 million charecters [16:36:25] Oh hi Voidwalker [16:36:30] hi [16:39:29] Voidwalker: re Lake, I think an extension needs to be recommended [16:39:40] And did you review my varnish patch [16:40:10] Don't think so [16:40:37] To which point [16:40:47] Varnish is the puppet pr [16:52:56] Rhinosf1: well, I could host this file somewhere, but I don't know where [16:53:24] JSDelivr works, but I can't modify the path [16:53:36] Discord has a CORS block to prevent this [16:54:03] You could try static.mh.o [16:54:30] Upload it as a file [17:01:23] Hello PatrikRoy! If you have any questions, feel free to ask and someone should answer soon. [17:52:04] Hello bleb! If you have any questions, feel free to ask and someone should answer soon. [17:52:58] hey yall. i was just curious why there is now a cookie consent banner on all wikis. other mediawiki sites don't have one and i don't know why you would need to store cookies for users who don't have an account. [17:53:11] anyone know? [17:55:45] Might just be because the cookie warning is served to all users. Not 100% sure, but it's better to have one than not [17:55:47] It's been on there since forever [17:56:00] At least since gdpr [17:56:16] bleb: For further information, please see the Privacy Policy, https://meta.miraheze.org/wiki/Privacy_Policy#:~:text=Cookies%20are%20small%20files%20that,time%20you%20use%20the%20Services. [17:56:17] [url] Privacy Policy - Miraheze Meta | meta.miraheze.org [17:56:28] huh I could've sworn it wasn't there when I started using miraheze a year ago [17:56:30] They store user info if you're signed in [17:56:35] Voidwalker: why is it better to have one than not? [17:56:53] for me it always shows if I clear my cookies [17:56:57] even if I'm logged in [17:57:00] bleb: it will have been [17:57:17] And because if we don't and they are certain cookies then big fines can be given [17:57:35] It's also possible it changed to display for all users. I think we once had it targeted to only EU countries, but I'm not certain [17:58:42] so if it is practically compulsory why doesn't wikipedia have a banner like that? [17:59:17] Because they have better legal teams that will know the rules so they don't have to [17:59:47] Some sites will ban all European users [18:00:17] Could be because they inserted a cookie statement in the footer, not sure [18:00:39] i honestly don't think it's a matter that requires a big legal team to avoid displaying the banner [18:00:56] if you don't use cookies for users who are not logged in, there can't possible be a problem [18:01:13] for users who are logged in, the cookie consent would happen when they make their account [18:01:50] https://foundation.wikimedia.org/wiki/Cookie_statement#What_types_of_cookies_does_Wikimedia_use_and_for_what_purposes? [18:01:50] [url] Cookie statement - Wikimedia Foundation Governance Wiki | foundation.wikimedia.org [18:01:56] I'll put it this way, we [18:02:08] i would expect mediawiki to make it easy to stop using cookies for users who aren't logged in [18:02:16] but the banner is not a problem, it literally only shows if you clear your cookies or visit a new wiki [18:02:49] why should i give consenst to a site to collect personal data about me, when it doesn't require that data to function? [18:02:50] blob: if I'm not mistaken, matomo collects some basic data for logged out users [18:02:55] are doing more than we likely need to, because it's safer that way, and we don't have the resources to do it do different [18:02:56] It does [18:02:58] that is the good side of gdpr [18:03:09] We have very few resources [18:03:22] if every user has to give consent in order to use every site, you are neutralizing the benefits of gdpr [18:03:32] Unless a directive comes from board/T&S, it's unlikely to change [18:03:52] T&S? [18:04:00] Trust & Safety [18:04:18] I'd rather we go beyond the law though than not enough [18:06:02] except you are actually undermining the law, by requiring users to give up their rights in order to use the site [18:07:17] if you didn't collect cookies about users who are not logged in, do you honestly think there would be a legal problem with not having a cookie consent banner? [18:07:26] As far as I know, the only cookies used are for session management and matomo [18:07:42] Matomo might set some for logged out [18:07:48] for what purpose [18:07:52] as Agent said, it does [18:07:54] Analytics [18:07:59] yeah, fuck gthat [18:08:07] that's exactly what gdpr is supposed to combat [18:08:19] region, which operating system, device [18:08:26] "Gathering Usage Information for statistical purposes. This may be disabled by setting your browser to send a Do Not Track header. " [18:08:49] "Miraheze may use, transfer, and share aggregated, anonymous data derived from User Information with wiki administrators, researchers, journalists, funders and other third parties that Miraheze may choose to work with. This data will not include any personally identifiable information." [18:09:20] As taken from the policy linked on the notice [18:09:40] yeah [18:09:54] that honestly doesn't seem appropriate for a community oriented site that runs on donations [18:10:10] also, I'm not a legal expert, but knowing that Miraheze is not in the EU anymore, I don't think it even has to follow any of GDPR rules (only UK data protection laws) [18:10:27] People keep asking for more data to be made available [18:10:33] who is "people"? [18:10:47] @Lake: will still apply to EU users [18:11:07] The users who have submitted requests for Special:Analytics to be expanded [18:11:50] RhinosF1: yeh, this part I don't understand much, because the service is technically not in the EU, so what they could do in this case? [18:12:06] well then the analytics and cookie banner should be opt-in for each wiki [18:12:13] @Lake: they could still hand out fines. [18:12:30] i don't want to make the users of my wiki give up their privacy rights in order to use the site [18:12:31] bleb: the cookie banner is per wiki afaik [18:13:02] RhinosF1: then i guess it must be opt-out instead of opt-in? [18:13:21] You can also give the noanalytics right to the * group [18:13:21] i think it should be opt-in but if there's a way i can turn it off it is at least tolerable [18:13:59] All wikis have the extension on [18:14:05] Users: it's up to them [18:14:22] But you can easily make the extension mute [18:14:27] that's great to know. still should be opt in though. [18:15:28] wiki admins who acutally want to subject their users to tracking can opt in, doesn't seem right to enable it without notice though [18:15:53] i had no idea I was subjecting my EU users to this the whole time, and now that it has been enabled for non-EU users I am subjecting other users to it also [18:16:04] and I don't know for how long it's been enabled [18:16:20] I only noticed it because I happened to visit the wiki today [18:16:40] I don't really mind, tbh [18:16:41] Matomo has been there for years [18:16:42] it's been the case for a very long time afaik [18:16:52] what has been the case [18:17:05] They know I use Google Crome on Ubuntu Linux, Meh [18:17:07] the cookie consent banner [18:17:22] not for U.S. users, I would've noticed it [18:17:36] it may be more noticeable if you frequently visits other wikis [18:17:45] (or if you clear your cookies constantly) [18:17:47] Aug 2018 [18:18:05] We added Special:Analytics [18:18:47] For sysadmins, probably ever [18:19:03] matomo doesn't seem to set cookies [18:19:25] so i'm supposed to be able to disable it somewhere? [18:19:37] we could consider disabling the cookie notice for anon users, but this would require an upstream change [18:19:39] i don't see anything about analytics under Special:ManageWiki/extensions [18:19:57] Voidwalker: upstream meaning the mediawiki project? [18:20:14] meaning the extension that provides the cookie warning [18:20:27] I have lots of Crome users on my wiki [18:20:31] the extension CookieWarning (i think that's the name) [18:20:32] bleb: matomo is a global extension [18:20:33] Voidwalker: and for logged in users, the cookie consent can be given when they make their account, so there wouldn't be a need for an annoying banner obscuring the page [18:20:57] RhinosF1: what does that mean in terms of how do i disable it [18:20:57] that would need a separate extension [18:21:04] (that currently does not exist) [18:21:16] users don't check a privacy agreement box when they make an account? [18:21:19] Give the noanalytics right to all users [18:21:23] And Firefox and Mircosoft Edge take 2nd place and 3rd place [18:22:03] Any change to the cookie notices would require either T&S or board approval [18:22:05] bleb: they don't need to check, it's on the bottom of the sign in form [18:22:28] Lake: even easier then [18:22:48] so i'm not sure what you meant by a separate extension that doesn't exist [18:23:24] to have a checkbox like you mentioned [18:23:55] i said, "the cookie consent can be given when they make their account" [18:24:07] but in any case, I don't think these things will be changed, at least for now [18:24:16] is there no privacy agreement when users make an account? [18:24:40] there is, and RhinosF1 sent already [18:24:58] [[meta:Privacy Policy]] [18:24:58] https://meta.wikimedia.org/wiki/Privacy_Policy [18:24:59]

https://meta.miraheze.org/wiki/Meta:Privacy_Policy?action=edit&redlink=1 [18:25:00] [url] Privacy policy - Meta | meta.wikimedia.org [18:25:00] [url] Meta:Privacy Policy - Miraheze Meta | meta.miraheze.org [18:25:01] yes... so i don't think there is any need for tools or extensions that don't exist yet [18:26:16] if it won't change, we should at least acknowledge it is because of the will of the organization/board, not because of any technical limitation [18:26:28] I'd be interested to know if the simple text "Also, by using a wiki hosted by Miraheze, you agree to the Terms of Use and accept the Privacy Policy. [18:26:28] " counts to this purpose [18:27:05] anyway, how would give the noanalytics to all users? [18:27:17] there is a dialog to "create a new user group" under Special:ManageWiki/permissions [18:27:27] Edit the * group [18:28:28] ah i see [18:28:29] thanks [18:28:43] after making that change i still see the cookie banner though [18:28:56] is it supposed to go away now? [18:29:12] yeah, cookie banner is separate from analytics [18:29:15] Voidwalker: hmm if Matomo doesn't set cookies when logged out, how does it seem to collect some specific data? I don't think my wiki was popular enough to get multiple access from various countries :P [18:29:30] ah ok [18:29:40] so is there any way to disable the cookie banner? [18:29:48] various logged in users from various countries* (correction) [18:29:54] there's no way to turn that off, but I'll raise the issue with the board about some sort of change [18:29:56] i was under the impression that it was opt-out, meaning that it is possible for a wiki to opt out [18:30:56] fwiw plenty of other mediawiki sites that don't have a huge legal board still don't have these hostile banners [18:30:59] e.g. https://wiki.archlinux.org/ [18:31:00] [url] ArchWiki | wiki.archlinux.org [18:31:26] Lake, probably due to the fact that it doesn't need cookies to gather basic statistics, though I do wonder about consent requirements for collecting this data [18:32:09] it was our determination that this was the easiest way to meet and/or exceed the requirements [18:32:35] until it is possible to turn it off, can it be turned back off for non-eu users? aiui the cookie banner going back to 2018 was only for eu users, and it only recently started showing up for eu users [18:32:43] bleb: You can opt out by enabling "Do Not Track Me" in your browser [18:32:59] that's for matomo not cookie warning [18:33:26] MH-Discord: ironically that makes you more vulnerable to browser fingerprinting [18:33:32] not sure, I'll have to check what the geolocation stuff is [18:33:55] just to be clear, afaik, cookieWarning is just literally a warning. Other wikis do collect these data, but are not explicit [18:34:17] fwiw i enabled Do Not Track and did a full refresh of the page; i still see the cookie consent banner [18:34:20] hmm there is a geo lookup configured, but I'm not sure why it isn't working [18:34:47] yeah, do not track is Matomo, not cookie warning [18:35:24] Lake: I think that's an assumption and not all wikis collect data that requires legal consent [18:35:33] Other than the cookie warning just existing, I don't really understand the issue here, Miraheze doesn't track you or share your data with anyone [18:36:23] Agent: the issue is that you are giving miraheze consent to track and share data, even if they promise that they won't [18:36:25] bleb: but Wikimedia does collect a large amount of data for analytical purposes, the only difference is that the warning is at the footer [18:37:14] Miraheze uses the cookiewarning, which is just a warning and nothing else, so if you had a wiki and did not collect anything and had this extension enabled, it would still show up [18:39:07] the other issue is that the banner takes up valuable vertical screen space, and requires interaction to get rid of it [18:39:32] bleb: if you're so concerned even after reassurances, then the only other alternative is to not use the service. Maybe a configuration change is possible to allow you to opt-out but until then, there's not much that can be done [18:40:10] and when a user clicks the "OK" button I am pretty sure they have fewer legal protections than if they simply browse wikipedia and ignore the footer [18:40:51] well, this seems like a problem if you literally use only InPrivate mode [18:42:26] if a user has fewer legal protections when they click OK, then it's not fair to assume that every user clicks OK and won't be constantly bothered by the banner [18:42:42] that's the whole point, to make the site less usable until they give up some rights [18:43:01] thats why i say it's user-hostile [18:43:44] but where is this less-usable? It's just literally a button that goes away and does not show up anymore unless you browse through another browser/clear all your browser data [18:43:57] what do you mean it goes away? [18:44:19] i've been refreshing the page for 30 minutes while trying different settings and it still hasn't gone away [18:44:26] it does not show anymore after clicking OK (at least it's not supposed to) [18:44:30] exactly [18:44:47] so either you suffer with less vertical screen space, or you give up some rights [18:44:50] user-hostile [18:44:54] I'll be raising the issue about analytics gathering, as well as changing the display of a cookie notice to only apply to actions that generate cookies (creating an account, logging in, others?) [18:45:02] right now, visiting my wiki InPrivate mode, if I click OK only once and then refresh [18:45:05] it does not show anymore [18:45:20] yes I'm sure thats true [18:46:36] (and if it's showing for you, it might be a problem on your end or your wiki in specific) [18:46:55] Voidwalker: thanks, i would also ask that the analytics gathering be opt-in, since people who want it will be putting in some effort to use it anyway [18:47:38] yeah, that's part of it [18:47:46] whereas people who don't want it shouldn't have to look through settings in order to reach the baseline level of user respect that you get with a simple html page [18:48:05] i'd argue the opposite, because most people don't care about this [18:49:03] people who don't care wouldn't push for the opposite would they [18:49:13] if they don't care they are neutral [18:49:54] question is among the people who do care, what are you requiring each group to do [18:50:37] people who use analytics are already investing time/effort into using the tool, so it is a very small additional effort to enable an extension [18:51:02] by the way, these extensions are not made by Miraheze [18:51:14] if the devs don't want to, we can't do anything [18:51:27] if the devs dont want to do what [18:51:46] (and Miraheze doesn't have any legal obligation to make this possible, afaik) [18:52:29] bleb: if the devs don't want to modify the extension the way you want to [18:53:36] if it can be made opt out, it should be just as easy to make it opt in [18:54:00] like if the opt out action is unchecking a box in the settings that is checked by default, it could just as well not be checked by default [18:54:07] that shouldn't require any additional development [18:54:28] if the ability to opt out per wiki is not developed yet, that's another issue [18:55:29] but it sounds like there is at least an understanding that it should be possible to opt out [18:55:33] it's per wiki (each wiki is a separate MW installation) [18:55:47] for a wiki to opt out i mean, not each individual user [18:55:55] but yeh, for now, if you are using Miraheze, by default, this will be checked [18:56:13] what exactly are we talking about [18:56:17] Voidwalker, I like that idea re: "changing the display of a cookie notice to only apply to actions that generate cookies (creating an account, logging in, others?)" a lot. Makes a lot of sense. Will want to engage the Trust and Safety team as far as determining potential "other" actions [18:56:19] if you don't like this way, well, uh, sorry? [18:56:23] is there something that is enabled per wiki right now? [18:56:49] bleb: if you use Miraheze itself, then you've already complied to the terms so leaving the banner there without interaction is useless, you might as well accept it to have more space if that's what concerns you [18:57:03] the ability to opt out of data collection [18:57:20] did you say it exists already? [18:57:24] Probably using Special:EmailUser and editing one's social profile might be cookie notice-worthy actions [18:57:24] to be clear, getting rid of the cookie warning entirely from a wiki is not going to be possible, ever. Limiting analytics is something I think we should do look into, specifically to make it an opt in per user basis [18:57:42] oh [18:57:43] ok [18:57:48] dmehus, don't those things require logins though? [18:58:17] Voidwalker: i wouldn't have expected that [18:58:24] Voidwalker, True, but might be good to display a reminder when storing fields capturing DOB, real name, e-mail address, etc. [18:58:28] can you say a bit more why it could not be gotten rid of? [18:58:44] and Special:EmailUser can be done by anonymous users, afaik, though not sure 100 [18:59:10] based on our discussion i would think cookie consent can be given in the normal dialog when a user makes an account [18:59:35] and if cookies are not used for users without accounts, why pester them with the cookie banner? [18:59:41] yes, though I am uncertain whether or now our current setup qualifies as explicit consent [18:59:44] dmehus: oh just to check. Does the relay now support Shift + Enter (line break)? I don't like sending a lot of messages :P [19:00:11] @Lake, I'm not sure actually. Maybe put in a pastebin? [19:00:14] so why are you so sure that "getting rid of the cookie warning entirely from a wiki is not going to be possible, ever"? [19:00:29] https://paste.debian.net/ is @revi approved [19:00:31] [url] Debian Pastezone | paste.debian.net [19:00:35] since that was my minimal goal coming here [19:00:49] line1 test line2 test line3 test [19:00:51] because it would change form from being a banner at the bottom of every page to being present at specific interactions that set cookies [19:01:26] Our old cookie configuration allowed for the cookie acknowledgement to be done only once [19:01:31] (or just Paste within Miraheze phab) [19:01:37] It'd be nice if we could restore that functionality in some way [19:01:39] revi, true [19:01:40] I may have worded that improperly [19:01:59] the cookie warning may change form, but we are not doing away with it entirely [19:02:03] or just display cookie shit for EU users only [19:02:09] Voidwalker, ah [19:02:27] yeah, it displaying for non-eu users appears to be some sort of bug, I'm not certain what's up with that [19:02:31] > or just display cookie shit for EU users only [19:02:31] :thistbh: yeah [19:03:00] Our Privacy Act just requires cookie notice in Privacy Policy [19:03:05] no banner shit required [19:03:09] yeah I mean for someone using an EU proxy, it makes sense for the cookie notice to be displayed, but in other countries, may not be required [19:03:20] I'll try and debug later, but first I've got to send an email to the board, and then raise these points [19:03:29] yeah [19:03:42] thanks, i appreciate it [19:07:34] https://phabricator.wikimedia.org/T278219 there is a task for a opt out directly from the banner by the way (but idk how this will work or if it could interact with Matomo/other things) [19:07:36] [url] ⚓ T278219 Explicit cookie consent in banner | phabricator.wikimedia.org [19:09:06] Ooh, that looks shiny, we should evaluate that [19:10:04] I see in Extension: CookieWarning that enabling $wgCookieWarningGeoIPLookup makes cookiewarning lookup IP address and only display them for users within a certain area (e.g. EU) but relies on a second service which might be an issue [19:10:18] s/address/addresses/ [19:10:29] Our configuration for that is it performs the lookup against a local database [19:10:38] dmehus can I say my wiki is looking for vonunteers on my userpage? [19:10:42] oh, good [19:13:22] but in the end, we have to remember that Miraheze does not have any obligation to modify its current methods of basic data collection [19:14:12] that is true, this is a free service after all, but I'm glad that these petitions are taken into consideration, reflects good about the service and it's administration [19:15:52] im sure nobody implied that miraheze had any legal obligation [19:17:00] the nice thing about community sites that run on donations is that they tend to exceed the minimum legal obligations in terms of respecting users [19:17:44] i hope no one thinks advocacy for that implies that miraheze has some legal obligation [19:19:34] dmehus: you need an account for email user [19:28:11] bleb: I mean obligation in any sense. The opt in/out things will need a vote from the community, but if for whatever reason the majority wants things to stay the current way, nothing will be changed [19:28:57] I've raised some points with the board, no guarantees on a swift response [19:29:57] Am I allowed to say my wiki is looking for volunteers with a basic lore blub on my login userpage? [19:30:03] yes [19:30:11] 🙂 ty [19:30:33] What do you define as "advertising that is not allowed?" [19:30:56] in Miraheze context? [19:31:01] Lol [19:31:08] Yes Lake [19:31:44] in this sense, would be something like links for websites/services with commercial purposes [19:31:48] like stores [19:32:06] Pondering if there is anyway to make the Gazzter of wikis more noticable (maybe abox on the main page) [19:32:11] especially promoting your own creation(s) for commercial benefit [19:32:35]