Jump to content

Policy talk:Cookie statement

From Wikimedia Foundation Governance Wiki
Latest comment: 5 days ago by PeterEasthope in topic Justification
Latest comment: 2 years ago2 comments2 people in discussion

wmf:Privacy policy has a header with links to translations. I think it (or at least a link to m:Cookie statement) would be beneficial at wmf:Cookie statement, too, so that readers can find the translation in their preferred language. Currently the only way to find the translation is going to the talk page and clicking the Meta link there, far from being intuitive. —Tacsipacsi (talk) 19:25, 11 September 2019 (UTC)Reply

@Tacsipacsi - we have centralized these onto this wiki. Hopefully that is more intuitive. Gregory Varnum (Wikimedia Foundation) [he/him] (talk) 04:05, 19 October 2022 (UTC)Reply
Latest comment: 3 years ago1 comment1 person in discussion

I think this may need to be discussed by WMF for changes to be approved, but I have a problem with this paragraph (emphasis mine):

Cookies are not required in order to read or edit the Wikimedia Sites. We use the information we receive from cookies and other locally-stored data technologies to make your experience with the Wikimedia Sites safer and better, to gain a greater understanding of user preferences and interactions with the Wikimedia Sites, and to generally improve our services. Cookies are required in order to login and for your edits to be associated to a user account; without cookies, your edits will be anonymous and unassociated with an account.

Since that non-registered edits are associated with the IP address, and certain IP address can be associated with a particular company or government (like this example), I think that it should be changed into something like this (edits are in boldtype):

Cookies are not required in order to read or edit the Wikimedia Sites. We use the information we receive from cookies and other locally-stored data technologies to make your experience with the Wikimedia Sites safer and better, to gain a greater understanding of user preferences and interactions with the Wikimedia Sites, and to generally improve our services. Cookies are required in order to login and for your edits to be associated to a user account; without cookies, your edits will be unassociated with an account. Instead, it will be associated with the IP address of your computer. In most cases this will only identify roughly the country or city where you made the edit, however in some cases (like inside a company) this may specifically identify the place where you made the edit.

Signed, 49.147.235.23 06:41, 17 June 2021 (UTC) (an unregistered user!)Reply

edit request

Latest comment: 1 year ago2 comments2 people in discussion
Dòng 86: Dòng 86:
<!--T:32--> <!--T:32-->
These cookies store your preferences, so that they can be remembered the next time you use the Wikimedia Sites, for a more customized experience.  These cookies are useful for recognizing and maintaining your language preference, remembering changes you have made to text size, fonts and other display preferences, so we can provide you with the look and feel that you want, and more.   These cookies store your preferences, so that they can be remembered the next time you use the Wikimedia Sites, for a more customized experience. These cookies are useful for recognizing and maintaining your language preference, remembering changes you have made to text size, fonts and other display preferences, so we can provide you with the look and feel that you want, and more.  
<!--T:33--> <!--T:33-->

There is a redundant space. Tryvix1509 (talk) 13:48, 13 January 2023 (UTC)Reply

@Tryvix1509: I have gone ahead and removed that redundant space. Thank you for your note! Gregory Varnum (Wikimedia Foundation) [he/him] (talk) 00:17, 15 March 2023 (UTC)Reply

Justification

Latest comment: 5 days ago5 comments2 people in discussion

Hi,
I see no attempt to justify present cookie usage.

Here is an example. The first table notes {$wgCookiePrefix}* and states "Provides 'Keep me logged in' functionality." Understood but an alternative is for the server to keep the login information. Keep a database of user accounts. With a userid, associate idle time, idle time limit and additional information. Check the status of a logged in account periodically. When idle time exceeds the limit, log the account out. Straightforward.

Similar reasoning applies to other cookies and I suspect all cookies can be eliminated.

Please state your justification for the extant implementation.

Thanks, ... PeterEasthope (talk) 17:13, 13 December 2024 (UTC)Reply

Sorry, but your proposal just doesn’t make any sense. The point of the cookie statement is to describe how and why Wikimedia sites track you – it doesn’t matter if it’s a cookie in the browser or a database on the server. Furthermore, because of how the client/server model works, the server cannot initiate any connection. The client can initiate a persistent connection, through which the server can reach the client as long as the browser tab is open, but that’s not enough: the point of this cookie is that it survives closing and re-opening the browser; that persistent connection doesn’t preserve even closing and opening a tab – the next time you open a tab, your browser has no idea who you are and consequently cannot tell your identity to the server upon creating that persistent connection. (Okay, as long as the browser hasn’t been closed in the meantime, it can use {$wgCookiePrefix}Session, but the point is still preserving data across browser restarts, which isn’t solved.)
So the explanation for the cookie-based solution is that it’s the only technically really feasible solution. —Tacsipacsi (talk) 23:12, 13 December 2024 (UTC)Reply
Two functionalities are mentioned. (1) Authentication timeout and (2) authentication survival across a browser restart. A cookie isn't necessary for timeout. A cookie is necessary for authentication survival.
Here, authentication persists when firefox is idle. A settable authentication time has value. Also here, cookies are discarded when firefox exits. I authenticate at each browser restart.
Yes, if authentication is to survive a restart, a cookie or similar mechanism is needed.
I'm not convinced the capability is appropriate. My preference: when a browser is opened, authenticate.
Thx,       ... PeterEasthope (talk) 03:41, 14 December 2024 (UTC)Reply
The table says {$wgCookiePrefix}Session “Provides 'Keep me logged in' functionality”: this (for me at least, quite clearly) means that if you choose not to use that functionality, it’s not set – and indeed, I’ve just logged in in a private window with the ‘Keep me logged in’ checkbox not checked, and the cookie wasn’t there. So you as a user can freely decide: either you have to log in after each restart, or you have one cookie more; it won’t happen that you have to log in after each restart and you still have the extra cookie. —Tacsipacsi (talk) 18:40, 15 December 2024 (UTC)Reply
OK, thanks, ... PeterEasthope (talk) 19:02, 15 December 2024 (UTC)Reply
Retrieved from "https://foundation.wikimedia.org/w/index.php?title=Policy_talk:Cookie_statement&oldid=484705"