User:TheDJ/referer policy

As we are approaching the closing of this RFC, I've read through most of it and tried to interpret it from my perspective. I've chosen not to participate in voting of this RfC myself.

The numbers

 * page-level referrers : 5
 * domain-level referrers: (8+5)=13 and 1 oppose
 * partial domain referrers: 1,5 and 1,5 oppose. these votes I consider as blanco (technically not feasible, too hard to interpret which way the voters would swing)
 * silent : 46 support, 4 oppose

13 in support of status quo, 46 in support of silent referrers, so roughly 22% vs 73% plus some 'its complicated'. The quorum seems significant to me for English Wikipedia standards

My take aways

 * We highly value privacy
 * We value privacy for everyone equally, so we should not rely on users using dedicated tools for this
 * We value privacy more than supporting people outside of English Wikipedia that desire referrer information for metrics
 * We don't mind assisting committed partners with referrer information when it doesn't compromise privacy
 * But we don't know how to achieve that
 * We will sacrifice our access to sources and our cooperation with partners before compromising on privacy

Overall, a very principled stand, which I can mostly agree with, but unfortunately it misses some key points.
 * We need to take better care of our partners, they are our allies in the fight against 'big corporate'.
 * This privacy information is already leaking through several other levels of Internet infrastructure for those who actual care about compromising your privacy.

I would still argue that this will affect good actors (both partners and ourselves) more than it will bad actors. The people who our users are most 'afraid' of will hardly be impacted by this. The increasing global usage of https is already pushing those actors towards more advanced methods. SNI, DNS lookups, request size analysis, traffic pattern analysis and targeted hacking are common now. It's security theatre and i'd much rather have the foundation work on onion routing/TOR, then on putting any sort of effort into dealing with this situation.

Suspect foundation will throw this back to community with: —Th e DJ (talk • contribs) 10:48, 18 July 2017 (UTC)
 * 1) We are not going to change this only for en.wp, as it would fuck with everyone's numbers and expectations. It's all communities or none of them.
 * 2) Lets discuss on meta

—Th e DJ (talk • contribs) 20:41, 18 July 2017 (UTC)
 * Being a 'full silent' referrer is actually more strict than the https default. The dark traffic was always the https -> http traffic as far as I remember. So we will darken even more of the traffic of our partners. Will have very unpredictable impact.
 * Not sure what the consensus would be when this is taken to meta. Hard to predict at this moment. Suspect de.wp to vote with en.wp being as privacy conscious as de.wp usually is. Additionally complicated by the language barrier, hard enough to explain in English.
 * I don't see any valid routes for suggested alternatives at this time. Most alternatives would put a lot more information into the hands of the foundation, to a level that they would not be comfortable with.
 * Suspect the foundation will try to find some middle ground in interests of community and external partners, which will eventually turn into a one-sided shouting match. The foundation will eventually cave to community consensus.
 * A white list approach is possible, but would require significant infrastructure changes (suspect multiple years to realize this). It would also put us in a position of arbitrators, never nice (lots of work, discussion, fights etc). —Th e DJ (talk • contribs) 21:14, 19 July 2017 (UTC)