Page MenuHomeMiraheze

Remove AddThis and replace with Agent Isai's extension
Closed, ResolvedPublic

Description

addthis.com


CSP REVIEW

  • Is the site equipped with a privacy policy? Yes
  • Does the site attempt to comply with the GDPR? Can European Union inhabitants invoke their individual rights? No, claims that " AddThis Data is not collected from individuals located in the EU/EEA, Switzerland or the UK"
  • Does the site provide a list of personal data being collected by using the service? Yes, potentially problematic "We may associate personal information about you with interest segments or profiles as part of the provision of AddThis services to our customers and partners"
  • Is the website owner known to have a bad reputation regarding privacy? No, however it is potentially problematic
  • Can wikis use the external service, even if the visitor wants to deny any cookies or other form of tracking? Unclear
  • Will wikis stay usable, even if the visitor blocks the external resource by using an ad blocker? Yes
  • Is there a Data Protection Officer and/or Privacy Team that can be contacted by Miraheze? Yes
  • Is the site equipped with a security policy? Yes, see PP
  • Does the site clarify their security measures to protect collected user data? Can the site assure measures are being taken to protect code injection into the loaded external resources? No details; general standard statement
  • Is the website owner known to have a bad reputation regarding information security? No
  • Is there a Chief Information Security Officer and/or Security Team that can be contacted by Miraheze? Someone can probably be contacted via general support.

Event Timeline

John triaged this task as Normal priority.Aug 28 2021, 19:18
John created this task.

I'm unsure what to make of this due to the data collected (at least for non-EU users), because of this a second opinion would be great.

I'm unsure what to make of this due to the data collected (at least for non-EU users), because of this a second opinion would be great.

I think declining this might need to be considered, but if we do we will also need to uninstall the AddThis extension, which is dependent on this.

Noting that 229 wikis use AddThis.

@Agent_Isai Your opinion regarding a potential removal / community engagement would be helpful.

@Agent_Isai Your opinion regarding a potential removal / community engagement would be helpful.

If this has to be removed due to legal concerns of data collection then I would advise giving users at the very least a 2 week notice (perhaps via a sitenotice) informing them of the change so as to not cause confusion. I can see what alternatives would be available for this (AddThis seems to just add a "Share to Facebook, Twitter, etc." button to pages) and perhaps post a more detailed post on the CN with alternatives.

@Agent_Isai Your opinion regarding a potential removal / community engagement would be helpful.

If this has to be removed due to legal concerns of data collection then I would advise giving users at the very least a 2 week notice (perhaps via a sitenotice) informing them of the change so as to not cause confusion. I can see what alternatives would be available for this (AddThis seems to just add a "Share to Facebook, Twitter, etc." button to pages) and perhaps post a more detailed post on the CN with alternatives.

That's a good idea, I think we should look into alternative extensions that just add those buttons. Potentially we could even make one ourselves if necessary.

Reception123 renamed this task from Review AddThis CSP Entry to Review AddThis CSP Entry / Considering removing AddThis and replacing.Feb 4 2022, 09:40
Reception123 added a project: Notice.

Per discussion, @Agent_Isai has designed an extension to replace AddThis. Assigning both for that but also because Community input is needed for the change.

From Trust and Safety's perspective, we were satisfied with the AddThis extension once we removed the one ad tracking cookie from the CSP

Do we have an update on this task?

A community notice will be posted today regarding the removal of AddThis.

Community notified with *lots* of anticipation for removal. I will repost this announcement and will enable a sitenotice once the upgrade draws near (say, 2-3 weeks from the upgrade?).

Community notified with *lots* of anticipation for removal. I will repost this announcement and will enable a sitenotice once the upgrade draws near (say, 2-3 weeks from the upgrade?).

@Agent_Isai Why is this extension being removed? Did you see my comment here? Based on my conversations with @Reception123 on IRC, there was certainly no urgency for it to be removed.

Community notified with *lots* of anticipation for removal. I will repost this announcement and will enable a sitenotice once the upgrade draws near (say, 2-3 weeks from the upgrade?).

@Agent_Isai Why is this extension being removed? Did you see my comment here? Based on my conversations with @Reception123 on IRC, there was certainly no urgency for it to be removed.

I did not, no. I'll have to discuss this over with Reception123 as he know the extension better than I do and what the original concerns were about. Even so, there is certainly no urgency for it to be removed. Note that I put the word "lots" within two asterisks to indicate that this is a really advanced notice. As per the notice, it is slated to be removed once we upgrade to MediaWiki 1.38... in 10+ weeks.

Community notified with *lots* of anticipation for removal. I will repost this announcement and will enable a sitenotice once the upgrade draws near (say, 2-3 weeks from the upgrade?).

@Agent_Isai Why is this extension being removed? Did you see my comment here? Based on my conversations with @Reception123 on IRC, there was certainly no urgency for it to be removed.

I did not, no. I'll have to discuss this over with Reception123 as he know the extension better than I do and what the original concerns were about. Even so, there is certainly no urgency for it to be removed. Note that I put the word "lots" within two asterisks to indicate that this is a really advanced notice. As per the notice, it is slated to be removed once we upgrade to MediaWiki 1.38... in 10+ weeks.

Okay, well, that's fair re: putting "lots" in quotation marks. I will speak with Reception123 also, but my strong recommendation would be to leave the extension in place and installed until the closely comparable extension deployment has been finalized, tested, and deployed. Once that happens, then the usual shorter notice of removal of the AddThis extension could be posted. As well, if the replacement extension isn't tested and deployed before MediaWiki 1.38 goes live, then AddThis should remain, per the above rationale. That would be my strong recommendation anyway.

Remvoing CSP Review for now because the current plan of this task is to no longer use AddThis and therefore no current CSP review.

The original goal of this task was a CSP Review and that has been done. Once a replacement comes along, we can handle that on a new, dedicated task.

Until it is removed from the CSP, the review is technically still open as it isn’t complete. Unless there already exists a task to track this?

As discussed with Reception123, development for a replacement was restarted and a new prototype is basically done. I hope to have the extension reviewed by someone else before finally publishing it.

My replacement extension has been published and I have requested that @Universal_Omega review it.

Universal_Omega lowered the priority of this task from Normal to Low.May 5 2022, 00:10
Universal_Omega raised the priority of this task from Low to Normal.Jun 5 2022, 20:17
Reception123 renamed this task from Review AddThis CSP Entry / Considering removing AddThis and replacing to Remove AddThis and replace with Agent Isai's extension.Jun 6 2022, 12:01

Claiming this task to handle removal on June 12th, and to finish my review of Agents extension as well.