Page MenuHomeMiraheze
Create Task
Maniphest T7876

Remove AddThis and replace with Agent Isai's extension
Closed, ResolvedPublic
Actions

Description

addthis.com

CSP REVIEW

  • Is the site equipped with a privacy policy? Yes
  • Does the site attempt to comply with the GDPR? Can European Union inhabitants invoke their individual rights? No, claims that " AddThis Data is not collected from individuals located in the EU/EEA, Switzerland or the UK"
  • Does the site provide a list of personal data being collected by using the service? Yes, potentially problematic "We may associate personal information about you with interest segments or profiles as part of the provision of AddThis services to our customers and partners"
  • Is the website owner known to have a bad reputation regarding privacy? No, however it is potentially problematic
  • Can wikis use the external service, even if the visitor wants to deny any cookies or other form of tracking? Unclear
  • Will wikis stay usable, even if the visitor blocks the external resource by using an ad blocker? Yes
  • Is there a Data Protection Officer and/or Privacy Team that can be contacted by Miraheze? Yes
  • Is the site equipped with a security policy? Yes, see PP
  • Does the site clarify their security measures to protect collected user data? Can the site assure measures are being taken to protect code injection into the loaded external resources? No details; general standard statement
  • Is the website owner known to have a bad reputation regarding information security? No
  • Is there a Chief Information Security Officer and/or Security Team that can be contacted by Miraheze? Someone can probably be contacted via general support.

Related Objects
Search...

StatusAssignedTask
 ResolvedUnknown Object (User)T9446 Upgrade to MediaWiki 1.39.1
 ResolvedUnknown Object (User)T8982 Migrate revision_actor_temp usage back to the revision table
 ResolvedUnknown Object (User)T8743 Upgrade to MediaWiki 1.38.1
 ResolvedUnknown Object (User)T7876 Remove AddThis and replace with Agent Isai's extension

Event Timeline

John triaged this task as Normal priority.Aug 28 2021, 19:18
John created this task.
Herald added a subscriber: RhinosF1. · View Herald TranscriptAug 28 2021, 19:18
Reception123 updated the task description. (Show Details)Sep 6 2021, 14:05
Herald added a subscriber: Unknown Object (User). · View Herald TranscriptSep 6 2021, 14:05
Reception123 subscribed.Sep 6 2021, 14:05

I'm unsure what to make of this due to the data collected (at least for non-EU users), because of this a second opinion would be great.

RhinosF1 moved this task from Backlog to Short Term on the MediaWiki (SRE) board.Oct 26 2021, 22:19
Unknown Object (User) added a comment.Nov 10 2021, 00:04
In T7876#161100, @Reception123 wrote:

I'm unsure what to make of this due to the data collected (at least for non-EU users), because of this a second opinion would be great.

I think declining this might need to be considered, but if we do we will also need to uninstall the AddThis extension, which is dependent on this.

Unknown Object (User) merged a task: T8330: Problem with extensions activation.Nov 23 2021, 20:47
Unknown Object (User) added subscribers: Adri_Ikharai, Agent_Isai.
Reception123 added a comment.Jan 20 2022, 09:13

Noting that 229 wikis use AddThis.

Reception123 added a comment.Jan 21 2022, 09:32

@Agent_Isai Your opinion regarding a potential removal / community engagement would be helpful.

Agent_Isai added a comment.Jan 23 2022, 03:08
In T7876#175069, @Reception123 wrote:

@Agent_Isai Your opinion regarding a potential removal / community engagement would be helpful.

If this has to be removed due to legal concerns of data collection then I would advise giving users at the very least a 2 week notice (perhaps via a sitenotice) informing them of the change so as to not cause confusion. I can see what alternatives would be available for this (AddThis seems to just add a "Share to Facebook, Twitter, etc." button to pages) and perhaps post a more detailed post on the CN with alternatives.

Reception123 added a comment.Jan 23 2022, 11:48
In T7876#175302, @Agent_Isai wrote:
In T7876#175069, @Reception123 wrote:

@Agent_Isai Your opinion regarding a potential removal / community engagement would be helpful.

If this has to be removed due to legal concerns of data collection then I would advise giving users at the very least a 2 week notice (perhaps via a sitenotice) informing them of the change so as to not cause confusion. I can see what alternatives would be available for this (AddThis seems to just add a "Share to Facebook, Twitter, etc." button to pages) and perhaps post a more detailed post on the CN with alternatives.

That's a good idea, I think we should look into alternative extensions that just add those buttons. Potentially we could even make one ourselves if necessary.

Reception123 renamed this task from Review AddThis CSP Entry to Review AddThis CSP Entry / Considering removing AddThis and replacing.Feb 4 2022, 09:40
Reception123 assigned this task to Agent_Isai.Feb 7 2022, 19:11
Reception123 added a project: Notice.

Per discussion, @Agent_Isai has designed an extension to replace AddThis. Assigning both for that but also because Community input is needed for the change.

Unknown Object (User) unsubscribed.Feb 7 2022, 20:02
Dmehus subscribed.Feb 13 2022, 07:12

From Trust and Safety's perspective, we were satisfied with the AddThis extension once we removed the one ad tracking cookie from the CSP

John added a comment.Mar 2 2022, 19:07

Do we have an update on this task?

Agent_Isai added a comment.Mar 5 2022, 06:17

A community notice will be posted today regarding the removal of AddThis.

Agent_Isai moved this task from Notification Pending to Early Notification Issued on the Notice board.Mar 7 2022, 07:40

Community notified with *lots* of anticipation for removal. I will repost this announcement and will enable a sitenotice once the upgrade draws near (say, 2-3 weeks from the upgrade?).

Dmehus added a comment.Mar 8 2022, 01:24
In T7876#180014, @Agent_Isai wrote:

Community notified with *lots* of anticipation for removal. I will repost this announcement and will enable a sitenotice once the upgrade draws near (say, 2-3 weeks from the upgrade?).

@Agent_Isai Why is this extension being removed? Did you see my comment here? Based on my conversations with @Reception123 on IRC, there was certainly no urgency for it to be removed.

Agent_Isai added a comment.EditedMar 8 2022, 01:29
In T7876#180095, @Dmehus wrote:
In T7876#180014, @Agent_Isai wrote:

Community notified with *lots* of anticipation for removal. I will repost this announcement and will enable a sitenotice once the upgrade draws near (say, 2-3 weeks from the upgrade?).

@Agent_Isai Why is this extension being removed? Did you see my comment here? Based on my conversations with @Reception123 on IRC, there was certainly no urgency for it to be removed.

I did not, no. I'll have to discuss this over with Reception123 as he know the extension better than I do and what the original concerns were about. Even so, there is certainly no urgency for it to be removed. Note that I put the word "lots" within two asterisks to indicate that this is a really advanced notice. As per the notice, it is slated to be removed once we upgrade to MediaWiki 1.38... in 10+ weeks.

Dmehus added a comment.Mar 8 2022, 05:21
In T7876#180096, @Agent_Isai wrote:
In T7876#180095, @Dmehus wrote:
In T7876#180014, @Agent_Isai wrote:

Community notified with *lots* of anticipation for removal. I will repost this announcement and will enable a sitenotice once the upgrade draws near (say, 2-3 weeks from the upgrade?).

@Agent_Isai Why is this extension being removed? Did you see my comment here? Based on my conversations with @Reception123 on IRC, there was certainly no urgency for it to be removed.

I did not, no. I'll have to discuss this over with Reception123 as he know the extension better than I do and what the original concerns were about. Even so, there is certainly no urgency for it to be removed. Note that I put the word "lots" within two asterisks to indicate that this is a really advanced notice. As per the notice, it is slated to be removed once we upgrade to MediaWiki 1.38... in 10+ weeks.

Okay, well, that's fair re: putting "lots" in quotation marks. I will speak with Reception123 also, but my strong recommendation would be to leave the extension in place and installed until the closely comparable extension deployment has been finalized, tested, and deployed. Once that happens, then the usual shorter notice of removal of the AddThis extension could be posted. As well, if the replacement extension isn't tested and deployed before MediaWiki 1.38 goes live, then AddThis should remain, per the above rationale. That would be my strong recommendation anyway.

Reception123 added a comment.Apr 17 2022, 12:59

@Agent_Isai Any news?

Reception123 removed a project: CSP Review.Apr 17 2022, 12:59

Remvoing CSP Review for now because the current plan of this task is to no longer use AddThis and therefore no current CSP review.

Agent_Isai closed this task as Resolved.Apr 24 2022, 03:32

The original goal of this task was a CSP Review and that has been done. Once a replacement comes along, we can handle that on a new, dedicated task.

John reopened this task as Open.Apr 24 2022, 09:23

Until it is removed from the CSP, the review is technically still open as it isn’t complete. Unless there already exists a task to track this?

Restricted Repository Identity mentioned this in rPUPCc5283d248df1: remove addthis.com from the CSP (per replacement, see T7876).Apr 29 2022, 16:53
Unknown Object (User) mentioned this in T9163: Test all extensions for 1.38.Apr 30 2022, 03:30
Unknown Object (User) added a parent task: T9163: Test all extensions for 1.38.Apr 30 2022, 03:34
Agent_Isai added a comment.May 3 2022, 02:49

As discussed with Reception123, development for a replacement was restarted and a new prototype is basically done. I hope to have the extension reviewed by someone else before finally publishing it.

Agent_Isai added a subscriber: Unknown Object (User).May 3 2022, 23:20

My replacement extension has been published and I have requested that @Universal_Omega review it.

Unknown Object (User) lowered the priority of this task from Normal to Low.May 5 2022, 00:10
Restricted Repository Identity mentioned this in rPUPC5fc09dd83150: add varnish/nginx to puppet111 (adding SSL) (#2592).May 27 2022, 18:46
Unknown Object (User) raised the priority of this task from Low to Normal.Jun 5 2022, 20:17
Reception123 renamed this task from Review AddThis CSP Entry / Considering removing AddThis and replacing to Remove AddThis and replace with Agent Isai's extension.Jun 6 2022, 12:01
Unknown Object (User) claimed this task.Jun 6 2022, 15:30

Claiming this task to handle removal on June 12th, and to finish my review of Agents extension as well.

Unknown Object (User) removed a parent task: T9163: Test all extensions for 1.38.Jun 8 2022, 16:18
Restricted Repository Identity mentioned this in rPUPC07f52a84af74: T7876: remove `s7.addthis.com` from CSP (#2666).Jun 12 2022, 19:46
Unknown Object (User) added a parent task: T8743: Upgrade to MediaWiki 1.38.1.Jun 12 2022, 22:31
Unknown Object (User) closed this task as Resolved.Jun 12 2022, 22:35