Last modified: 2012-03-21 19:45:16 UTC
Should the wgTrackingToken be disabled when a "do not track" header is sent?
Re-titled bug to put it in the form of a feature request. Also, could find no instance of wgTrackingToken in the headers or source, so changed it to what I *could* find.
It's on wikipedia. Go to http://en.wikipedia.org/wiki/Main_Page, and view source. It's part of the head of the document. <script type="text/javascript">if ( window.mediaWiki ) { mw.config.set({"wgCanonicalNamespace": "", "wgCanonicalSpecialPageName": false, "wgNamespaceNumber": 0, "wgPageName": "Main_Page", "wgTitle": "Main Page", "wgCurRevisionId": 447996010, "wgArticleId": 15580374, "wgIsArticle": true, "wgAction": "view", "wgUserName": null, "wgUserGroups": ["*"], "wgCategories": ["Article Feedback Blacklist"], "wgBreakFrames": false, "wgRestrictionEdit": ["sysop"], "wgRestrictionMove": ["sysop"], "wgSearchNamespaces": [0], "wgIsMainPage": true, "wgFlaggedRevsParams": {"tags": {"status": {"levels": 1, "quality": 2, "pristine": 3}}}, "wgStableRevisionId": null, "wgVectorEnabledModules": {"collapsiblenav": true, "collapsibletabs": true, "editwarning": true, "expandablesearch": false, "footercleanup": false, "sectioneditlinks": false, "simplesearch": true, "experiments": true}, "wgWikiEditorEnabledModules": {"toolbar": true, "dialogs": true, "hidesig": true, "templateEditor": false, "templates": false, "preview": false, "previewDialog": false, "publish": false, "toc": false}, "wgTrackingToken": "0fdf06248a6f27af79ff04be82c8f221", "wikilove-recipient": "", "wikilove-edittoken": "+\\", "wikilove-anon": 0, "mbEditToken": "+\\", "Geo": {"city": "", "country": ""}, "wgNoticeProject": "wikipedia"}); }</script><script type="text/javascript">if ( window.mediaWiki ) { mw.loader.load(["mediawiki.page.startup"]); }</script> Not sure where it's in the source code (php) though. There's also the clicktracking-session cookie.
This would be the ClickTracking extension, CC'ing Trevor and Nimish the authors
Based on a discussion that I had with Dario (and I am quoting Dario verbatim here): We should not use Do Not Track and apply it to a use case different from the one it was originally designed for. A DNT compliant service will honor requests that clients send with a DNT header by disabling all *third-party tracking components*. This is not a narrow interpretation, it's a plain description of what DNT does. The implementation and the guidelines from Mozilla for example [1] are very cleat that the scope is limited to third-party tracking. Since we don't do any kind of third-party behavioral tracking, if we were to honor DNT headers in Wikipedia, we would need to decide for every single feature what "tracking" actually means. Here's an example: if we store and read a bucket ID in a session cookie or we pass a URL parameter with a bucket ID and we store transaction data for users in this bucket in the database, does this count as "tracking"? Most of the problems we had with the current privacy policy come from the fact that we refer to "tracking legitimate users" without explaining what that actually means. DNT has the advantage of being widely supported and intuitive on the client side, but I don't see the benefits of twisting its definition to try and apply it on our side outside of its original use case. There is also a risk of causing a lot of confusion if we say that "Wikipedia supports DNT", which most users would probably read as "we support third-party tracking but we allow you to disable it". [1] http://dnt.mozilla.org/ I am deciding to close this as WONTFIX. If you have alternative suggestions please let me know.
