Mailing List Archive

With respect, Fae, if you're going to propose banning an existing solution,
it is on you to propose a suitable alternative or at least a process to
find it before the ban takes effect.

I write this as a signatory of Free Software Foundation Europe's Public
Money? Public Code open letter <https://publiccode.eu/openletter/>. I am
wholeheartedly a proponent of open source software.

At the same time, I am a firm believer in using the best available tool for
the job.

Our mission is too important to hold ourselves back at every step due to a
noble but often unrealistic wish to use open source solutions for
everything we do.

Last year, because of my drive to use proper open source solutions, WMPL
wasted hours and hours of staff time (mostly mine) and a not insignificant
amount of members' time because:

- Zeus, a widely used, cryptographically secure voting system is
impossible to setup and maintain and has very sparse documentation,
- CiviCRM, the premier open source CRM solution for NGOs, refuses to
work correctly after the Wordpress installation is moved to a new URL, and
documentation isn't helpful.

To my knowledge there are no suitable open source options that would be
easy-to-use and robust enough to support our needs in both cases and be
comparable to commercial counterparts.

I have wasted a ton of time (and therefore WMPL money), before I decided to
use state-of-the-art commercial solutions for the needs described above.
Don't be like me. Don't make other people think & act like I did. Be
smarter.

Should we use an *equivalent* open source solution when one is available?
Yes.
Should we have a public list of open source tools needed? Yes.
Should we use programmes such as Google Summer of Code to build those
tools? Yes.

Should we waste time using sub-par solutions or doing work manually? Hell
no.

*So here's a constructive alternative idea:*

- Let's gather the needs and use cases for tools used by WMF and
affiliates,
- Let's build a list of potential open source replacements and map what
features are missing,
- Let's put the word out that we're looking for open source replacements
where there are none available,
- Let's embed Wikimedia liaisons in key open source projects to ensure
our needs and use cases are addressed promptly,
- Let's use initiatives such as Summer of Code to kickstart building
some of these tools.

I acknowledge the above is much harder to do than instituting a ban via
community consensus. It is, however, a much more productive approach and
will get us to your desired state eventually, and without sabotaging the
work that needs to happen in the meantime.

Oh, and in case anybody's wondering why we can't build these tools in-house:

We could but really, really shouldn't. MediaWiki and the wider Wikimedia
tech infrastructure is still in need of huge improvements. It would be
really unwise to distract WMF's development and product teams from these
goals by requesting they build standard communication or reporting tools.

On Sat, Feb 13, 2021 at 4:42 PM Fæ <faewik@gmail.com> wrote:

> As a consequence of the promotion of a Google forms based survey this
> week by a WMF representative, a proposal on Wikimedia Commons has been
> started to ban the promotion of surveys which rely on third party
> sites like Google Forms.[1]
>
> Launched today, but already it appears likely that this proposal will
> have a consensus to support. Considering that Commons is one of our
> largest Wikimedia projects, there are potential repercussions of
> banning the on-wiki promotion of surveys which use Google products or
> other closed source third party products like SurveyMonkey.
>
> Feedback is most welcome on the proposal discussion, or on this list
> for handling impact, solutions, recommended alternatives that already
> exist, or the future role of the WMF to support research and surveys
> for the WMF and affiliates by using forking open source software and
> self-hosting and self-managing data "locally".
>
> Links
> 1.
> https://commons.wikimedia.org/wiki/Commons:Village_pump/Proposals#Use_of_off-wiki_surveys_using_third-party_tools
>
> Thanks
> Fae
> --
> faewik@gmail.com https://commons.wikimedia.org/wiki/User:Fae
> #WearAMask
>
> _______________________________________________
> Wikimedia-l mailing list, guidelines at:
> https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and
> https://meta.wikimedia.org/wiki/Wikimedia-l
> New messages to: Wikimedia-l@lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> <mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe>
>


--

Z powa?aniem · Kind regards

?ukasz Garczewski

Dyrektor ds. operacyjnych · Chief Operating Officer

Wikimedia Polska


tel: +48 601 827 937

e-mail: lukasz.garczewski@wikimedia.pl

<http://wikimedia.pl>

Wesprzyj woln? wiedz?!
Przeka? 1% podatku lub wp?a? darowizn? na rzecz Wikipedii
<https://wikimedia.pl/>

ul. Tuwima 95, pok. 15 ?ód?, Polska

KRS 0000244732

NIP 728-25-97-388

wikimedia.pl

Informacje na temat przetwarzania znajduj? si? w Polityce Prywatno?ci
<https://pl.wikimedia.org/wiki/Polityka_prywatno%C5%9Bci>. Kontakt:
rodo@wikimedia.pl

I agree with Fae's proposal if we are using tools that exclude community
members out of safety and privacy concerns then we arent fulfilling the
equity goals. I also recognise that alternatives need to be available but
with no incentive for them to be used then there is no development of such
tools, or improvements to their functionality. Faes proposal is putting the
WMF on notice that there are steps we need to take to ensure equity,
safety, and privacy in participation.

On Mon, 15 Feb 2021 at 09:08, ?ukasz Garczewski <
lukasz.garczewski@wikimedia.pl> wrote:

> With respect, Fae, if you're going to propose banning an existing
> solution, it is on you to propose a suitable alternative or at least a
> process to find it before the ban takes effect.
>
> I write this as a signatory of Free Software Foundation Europe's Public
> Money? Public Code open letter <https://publiccode.eu/openletter/>. I am
> wholeheartedly a proponent of open source software.
>
> At the same time, I am a firm believer in using the best available tool
> for the job.
>
> Our mission is too important to hold ourselves back at every step due to a
> noble but often unrealistic wish to use open source solutions for
> everything we do.
>
> Last year, because of my drive to use proper open source solutions, WMPL
> wasted hours and hours of staff time (mostly mine) and a not insignificant
> amount of members' time because:
>
> - Zeus, a widely used, cryptographically secure voting system is
> impossible to setup and maintain and has very sparse documentation,
> - CiviCRM, the premier open source CRM solution for NGOs, refuses to
> work correctly after the Wordpress installation is moved to a new URL, and
> documentation isn't helpful.
>
> To my knowledge there are no suitable open source options that would be
> easy-to-use and robust enough to support our needs in both cases and be
> comparable to commercial counterparts.
>
> I have wasted a ton of time (and therefore WMPL money), before I decided
> to use state-of-the-art commercial solutions for the needs described above.
> Don't be like me. Don't make other people think & act like I did. Be
> smarter.
>
> Should we use an *equivalent* open source solution when one is available?
> Yes.
> Should we have a public list of open source tools needed? Yes.
> Should we use programmes such as Google Summer of Code to build those
> tools? Yes.
>
> Should we waste time using sub-par solutions or doing work manually? Hell
> no.
>
> *So here's a constructive alternative idea:*
>
> - Let's gather the needs and use cases for tools used by WMF and
> affiliates,
> - Let's build a list of potential open source replacements and map
> what features are missing,
> - Let's put the word out that we're looking for open source
> replacements where there are none available,
> - Let's embed Wikimedia liaisons in key open source projects to ensure
> our needs and use cases are addressed promptly,
> - Let's use initiatives such as Summer of Code to kickstart building
> some of these tools.
>
> I acknowledge the above is much harder to do than instituting a ban via
> community consensus. It is, however, a much more productive approach and
> will get us to your desired state eventually, and without sabotaging the
> work that needs to happen in the meantime.
>
> Oh, and in case anybody's wondering why we can't build these tools
> in-house:
>
> We could but really, really shouldn't. MediaWiki and the wider Wikimedia
> tech infrastructure is still in need of huge improvements. It would be
> really unwise to distract WMF's development and product teams from these
> goals by requesting they build standard communication or reporting tools.
>
> On Sat, Feb 13, 2021 at 4:42 PM Fæ <faewik@gmail.com> wrote:
>
>> As a consequence of the promotion of a Google forms based survey this
>> week by a WMF representative, a proposal on Wikimedia Commons has been
>> started to ban the promotion of surveys which rely on third party
>> sites like Google Forms.[1]
>>
>> Launched today, but already it appears likely that this proposal will
>> have a consensus to support. Considering that Commons is one of our
>> largest Wikimedia projects, there are potential repercussions of
>> banning the on-wiki promotion of surveys which use Google products or
>> other closed source third party products like SurveyMonkey.
>>
>> Feedback is most welcome on the proposal discussion, or on this list
>> for handling impact, solutions, recommended alternatives that already
>> exist, or the future role of the WMF to support research and surveys
>> for the WMF and affiliates by using forking open source software and
>> self-hosting and self-managing data "locally".
>>
>> Links
>> 1.
>> https://commons.wikimedia.org/wiki/Commons:Village_pump/Proposals#Use_of_off-wiki_surveys_using_third-party_tools
>>
>> Thanks
>> Fae
>> --
>> faewik@gmail.com https://commons.wikimedia.org/wiki/User:Fae
>> #WearAMask
>>
>> _______________________________________________
>> Wikimedia-l mailing list, guidelines at:
>> https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and
>> https://meta.wikimedia.org/wiki/Wikimedia-l
>> New messages to: Wikimedia-l@lists.wikimedia.org
>> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
>> <mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe>
>>
>
>
> --
>
> Z powa?aniem · Kind regards
>
> ?ukasz Garczewski
>
> Dyrektor ds. operacyjnych · Chief Operating Officer
>
> Wikimedia Polska
>
>
> tel: +48 601 827 937
>
> e-mail: lukasz.garczewski@wikimedia.pl
>
> <http://wikimedia.pl>
>
> Wesprzyj woln? wiedz?!
> Przeka? 1% podatku lub wp?a? darowizn? na rzecz Wikipedii
> <https://wikimedia.pl/>
>
> ul. Tuwima 95, pok. 15 ?ód?, Polska
>
> KRS 0000244732
>
> NIP 728-25-97-388
>
> wikimedia.pl
>
> Informacje na temat przetwarzania znajduj? si? w Polityce Prywatno?ci
> <https://pl.wikimedia.org/wiki/Polityka_prywatno%C5%9Bci>. Kontakt:
> rodo@wikimedia.pl
> _______________________________________________
> Wikimedia-l mailing list, guidelines at:
> https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and
> https://meta.wikimedia.org/wiki/Wikimedia-l
> New messages to: Wikimedia-l@lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> <mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe>
>


--
GN.

*Power of Diverse Collaboration*
*Sharing knowledge brings people together*
Wikimania Bangkok 2022
August
hosted by ESEAP

Wikimania: https://wikimania.wikimedia.org/wiki/User:Gnangarra
Noongarpedia: https://incubator.wikimedia.org/wiki/Wp/nys/Main_Page
My print shop: https://www.redbubble.com/people/Gnangarra/shop?asc=u

To clarify to anyone who doesn't want to read the actual proposal, which
Fae did not repeat here:

*Proposal*

It is proposed that on Wikimedia Commons that there must be no promotion of
surveys or questionnaires which rely on third party sites and closed source
tools, such as Google Forms. This should be interpreted as a ban against
engaging volunteers by mass messaging, use of banners or posts on
noticeboards.
*Recommended consequential action*

Banners and posts which go against this proposal may be removed by anyone.

Posting account(s) may be blocked or have group rights removed at the
discretion of administrators, such as all rights that enable mass
messaging. In a persistent case, blocks and rights removal may apply to all
accounts of the person responsible. A rationale of doing their job as part
of being a WMF employee is not considered an exemption.


Now....this applies to everyone who posts about a survey at Wikimedia
Commons, as this proposal is strictly related to Commons. It is not a
global proposal. However, it would apply to researchers, to WMF staff, to
anyone who uses closed-sourced tools. There is no suggestion at all about
suitable alternative tools. In fact, there is a severe dearth of quality
open source tools. Researchers may be bound by their facilities to use
certain types of tools.

Surveys and questionnaires are always voluntary. There's some
responsibility on the part of the user to read the privacy statements and
use of information statements that are normally mandatory for any
legitimate surveys. More than once I've started to participate in a survey
and decided it was asking questions I didn't want to answer, and just never
saved them.


I think it would also be helpful if someone from WMF Technical could take
the time to discuss with the broader community what arrangements have been
made in their contract with Google to ensure that the information on those
documents (of whatever nature) are not in fact accessible to Google for
their data gathering or any other purposes. There is, of course, a certain
irony that three of the four people who have commented on this thread so
far all have Gmail email addresses.


Risker/Anne

On Mon, 15 Feb 2021 at 00:24, Gnangarra <gnangarra@gmail.com> wrote:

> I agree with Fae's proposal if we are using tools that exclude community
> members out of safety and privacy concerns then we arent fulfilling the
> equity goals. I also recognise that alternatives need to be available but
> with no incentive for them to be used then there is no development of such
> tools, or improvements to their functionality. Faes proposal is putting the
> WMF on notice that there are steps we need to take to ensure equity,
> safety, and privacy in participation.
>
> On Mon, 15 Feb 2021 at 09:08, ?ukasz Garczewski <
> lukasz.garczewski@wikimedia.pl> wrote:
>
>> With respect, Fae, if you're going to propose banning an existing
>> solution, it is on you to propose a suitable alternative or at least a
>> process to find it before the ban takes effect.
>>
>> I write this as a signatory of Free Software Foundation Europe's Public
>> Money? Public Code open letter <https://publiccode.eu/openletter/>. I am
>> wholeheartedly a proponent of open source software.
>>
>> At the same time, I am a firm believer in using the best available tool
>> for the job.
>>
>> Our mission is too important to hold ourselves back at every step due to
>> a noble but often unrealistic wish to use open source solutions for
>> everything we do.
>>
>> Last year, because of my drive to use proper open source solutions, WMPL
>> wasted hours and hours of staff time (mostly mine) and a not insignificant
>> amount of members' time because:
>>
>> - Zeus, a widely used, cryptographically secure voting system is
>> impossible to setup and maintain and has very sparse documentation,
>> - CiviCRM, the premier open source CRM solution for NGOs, refuses to
>> work correctly after the Wordpress installation is moved to a new URL, and
>> documentation isn't helpful.
>>
>> To my knowledge there are no suitable open source options that would be
>> easy-to-use and robust enough to support our needs in both cases and be
>> comparable to commercial counterparts.
>>
>> I have wasted a ton of time (and therefore WMPL money), before I decided
>> to use state-of-the-art commercial solutions for the needs described above.
>> Don't be like me. Don't make other people think & act like I did. Be
>> smarter.
>>
>> Should we use an *equivalent* open source solution when one is
>> available? Yes.
>> Should we have a public list of open source tools needed? Yes.
>> Should we use programmes such as Google Summer of Code to build those
>> tools? Yes.
>>
>> Should we waste time using sub-par solutions or doing work manually? Hell
>> no.
>>
>> *So here's a constructive alternative idea:*
>>
>> - Let's gather the needs and use cases for tools used by WMF and
>> affiliates,
>> - Let's build a list of potential open source replacements and map
>> what features are missing,
>> - Let's put the word out that we're looking for open source
>> replacements where there are none available,
>> - Let's embed Wikimedia liaisons in key open source projects to
>> ensure our needs and use cases are addressed promptly,
>> - Let's use initiatives such as Summer of Code to kickstart building
>> some of these tools.
>>
>> I acknowledge the above is much harder to do than instituting a ban via
>> community consensus. It is, however, a much more productive approach and
>> will get us to your desired state eventually, and without sabotaging the
>> work that needs to happen in the meantime.
>>
>> Oh, and in case anybody's wondering why we can't build these tools
>> in-house:
>>
>> We could but really, really shouldn't. MediaWiki and the wider Wikimedia
>> tech infrastructure is still in need of huge improvements. It would be
>> really unwise to distract WMF's development and product teams from these
>> goals by requesting they build standard communication or reporting tools.
>>
>> On Sat, Feb 13, 2021 at 4:42 PM Fæ <faewik@gmail.com> wrote:
>>
>>> As a consequence of the promotion of a Google forms based survey this
>>> week by a WMF representative, a proposal on Wikimedia Commons has been
>>> started to ban the promotion of surveys which rely on third party
>>> sites like Google Forms.[1]
>>>
>>> Launched today, but already it appears likely that this proposal will
>>> have a consensus to support. Considering that Commons is one of our
>>> largest Wikimedia projects, there are potential repercussions of
>>> banning the on-wiki promotion of surveys which use Google products or
>>> other closed source third party products like SurveyMonkey.
>>>
>>> Feedback is most welcome on the proposal discussion, or on this list
>>> for handling impact, solutions, recommended alternatives that already
>>> exist, or the future role of the WMF to support research and surveys
>>> for the WMF and affiliates by using forking open source software and
>>> self-hosting and self-managing data "locally".
>>>
>>> Links
>>> 1.
>>> https://commons.wikimedia.org/wiki/Commons:Village_pump/Proposals#Use_of_off-wiki_surveys_using_third-party_tools
>>>
>>> Thanks
>>> Fae
>>> --
>>> faewik@gmail.com https://commons.wikimedia.org/wiki/User:Fae
>>> #WearAMask
>>>
>>> _______________________________________________
>>> Wikimedia-l mailing list, guidelines at:
>>> https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and
>>> https://meta.wikimedia.org/wiki/Wikimedia-l
>>> New messages to: Wikimedia-l@lists.wikimedia.org
>>> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
>>> <mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe>
>>>
>>
>>
>> --
>>
>> Z powa?aniem · Kind regards
>>
>> ?ukasz Garczewski
>>
>> Dyrektor ds. operacyjnych · Chief Operating Officer
>>
>> Wikimedia Polska
>>
>>
>> tel: +48 601 827 937
>>
>> e-mail: lukasz.garczewski@wikimedia.pl
>>
>> <http://wikimedia.pl>
>>
>> Wesprzyj woln? wiedz?!
>> Przeka? 1% podatku lub wp?a? darowizn? na rzecz Wikipedii
>> <https://wikimedia.pl/>
>>
>> ul. Tuwima 95, pok. 15 ?ód?, Polska
>>
>> KRS 0000244732
>>
>> NIP 728-25-97-388
>>
>> wikimedia.pl
>>
>> Informacje na temat przetwarzania znajduj? si? w Polityce Prywatno?ci
>> <https://pl.wikimedia.org/wiki/Polityka_prywatno%C5%9Bci>. Kontakt:
>> rodo@wikimedia.pl
>> _______________________________________________
>> Wikimedia-l mailing list, guidelines at:
>> https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and
>> https://meta.wikimedia.org/wiki/Wikimedia-l
>> New messages to: Wikimedia-l@lists.wikimedia.org
>> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
>> <mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe>
>>
>
>
> --
> GN.
>
> *Power of Diverse Collaboration*
> *Sharing knowledge brings people together*
> Wikimania Bangkok 2022
> August
> hosted by ESEAP
>
> Wikimania: https://wikimania.wikimedia.org/wiki/User:Gnangarra
> Noongarpedia: https://incubator.wikimedia.org/wiki/Wp/nys/Main_Page
> My print shop: https://www.redbubble.com/people/Gnangarra/shop?asc=u
>
>
> _______________________________________________
> Wikimedia-l mailing list, guidelines at:
> https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and
> https://meta.wikimedia.org/wiki/Wikimedia-l
> New messages to: Wikimedia-l@lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> <mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe>
>

I would also like to add a bit of historical context. Many years ago, when
I worked at the WMF, we were using a FLOSS survey tool (I don't recall
which). We were fairly dependent on it, when one day someone discovered
that it was vulnerable to sql injection attacks and Tim Starling (I
believe) rightly killed it on our servers. Shortly after that, we moved
toward using a non-free tool that was safer and more robust. I dont recall
that the two events were connected, but I would be surprised if they
weren't.

Tim did the right thing then, even though it meant that we were moved off a
FLOSS solution. Sometimes "Free" just isn't equal, or better. Sometimes
it's an actual honest-to-god security risk and there are reasons why
WMF's staff aren't using a free alternative to a proprietary tool. Did
anyone ask?

Philippe

On Mon, Feb 15, 2021 at 12:13 AM Risker <risker.wp@gmail.com> wrote:

> To clarify to anyone who doesn't want to read the actual proposal, which
> Fae did not repeat here:
>
> *Proposal*
>
> It is proposed that on Wikimedia Commons that there must be no promotion
> of surveys or questionnaires which rely on third party sites and closed
> source tools, such as Google Forms. This should be interpreted as a ban
> against engaging volunteers by mass messaging, use of banners or posts on
> noticeboards.
> *Recommended consequential action*
>
> Banners and posts which go against this proposal may be removed by anyone.
>
> Posting account(s) may be blocked or have group rights removed at the
> discretion of administrators, such as all rights that enable mass
> messaging. In a persistent case, blocks and rights removal may apply to all
> accounts of the person responsible. A rationale of doing their job as
> part of being a WMF employee is not considered an exemption.
>
>
> Now....this applies to everyone who posts about a survey at Wikimedia
> Commons, as this proposal is strictly related to Commons. It is not a
> global proposal. However, it would apply to researchers, to WMF staff, to
> anyone who uses closed-sourced tools. There is no suggestion at all about
> suitable alternative tools. In fact, there is a severe dearth of quality
> open source tools. Researchers may be bound by their facilities to use
> certain types of tools.
>
> Surveys and questionnaires are always voluntary. There's some
> responsibility on the part of the user to read the privacy statements and
> use of information statements that are normally mandatory for any
> legitimate surveys. More than once I've started to participate in a survey
> and decided it was asking questions I didn't want to answer, and just never
> saved them.
>
>
> I think it would also be helpful if someone from WMF Technical could take
> the time to discuss with the broader community what arrangements have been
> made in their contract with Google to ensure that the information on those
> documents (of whatever nature) are not in fact accessible to Google for
> their data gathering or any other purposes. There is, of course, a certain
> irony that three of the four people who have commented on this thread so
> far all have Gmail email addresses.
>
>
> Risker/Anne
>
> On Mon, 15 Feb 2021 at 00:24, Gnangarra <gnangarra@gmail.com> wrote:
>
>> I agree with Fae's proposal if we are using tools that exclude community
>> members out of safety and privacy concerns then we arent fulfilling the
>> equity goals. I also recognise that alternatives need to be available but
>> with no incentive for them to be used then there is no development of such
>> tools, or improvements to their functionality. Faes proposal is putting the
>> WMF on notice that there are steps we need to take to ensure equity,
>> safety, and privacy in participation.
>>
>> On Mon, 15 Feb 2021 at 09:08, ?ukasz Garczewski <
>> lukasz.garczewski@wikimedia.pl> wrote:
>>
>>> With respect, Fae, if you're going to propose banning an existing
>>> solution, it is on you to propose a suitable alternative or at least a
>>> process to find it before the ban takes effect.
>>>
>>> I write this as a signatory of Free Software Foundation Europe's Public
>>> Money? Public Code open letter <https://publiccode.eu/openletter/>. I
>>> am wholeheartedly a proponent of open source software.
>>>
>>> At the same time, I am a firm believer in using the best available tool
>>> for the job.
>>>
>>> Our mission is too important to hold ourselves back at every step due to
>>> a noble but often unrealistic wish to use open source solutions for
>>> everything we do.
>>>
>>> Last year, because of my drive to use proper open source solutions, WMPL
>>> wasted hours and hours of staff time (mostly mine) and a not insignificant
>>> amount of members' time because:
>>>
>>> - Zeus, a widely used, cryptographically secure voting system is
>>> impossible to setup and maintain and has very sparse documentation,
>>> - CiviCRM, the premier open source CRM solution for NGOs, refuses to
>>> work correctly after the Wordpress installation is moved to a new URL, and
>>> documentation isn't helpful.
>>>
>>> To my knowledge there are no suitable open source options that would be
>>> easy-to-use and robust enough to support our needs in both cases and be
>>> comparable to commercial counterparts.
>>>
>>> I have wasted a ton of time (and therefore WMPL money), before I decided
>>> to use state-of-the-art commercial solutions for the needs described above.
>>> Don't be like me. Don't make other people think & act like I did. Be
>>> smarter.
>>>
>>> Should we use an *equivalent* open source solution when one is
>>> available? Yes.
>>> Should we have a public list of open source tools needed? Yes.
>>> Should we use programmes such as Google Summer of Code to build those
>>> tools? Yes.
>>>
>>> Should we waste time using sub-par solutions or doing work manually?
>>> Hell no.
>>>
>>> *So here's a constructive alternative idea:*
>>>
>>> - Let's gather the needs and use cases for tools used by WMF and
>>> affiliates,
>>> - Let's build a list of potential open source replacements and map
>>> what features are missing,
>>> - Let's put the word out that we're looking for open source
>>> replacements where there are none available,
>>> - Let's embed Wikimedia liaisons in key open source projects to
>>> ensure our needs and use cases are addressed promptly,
>>> - Let's use initiatives such as Summer of Code to kickstart building
>>> some of these tools.
>>>
>>> I acknowledge the above is much harder to do than instituting a ban via
>>> community consensus. It is, however, a much more productive approach and
>>> will get us to your desired state eventually, and without sabotaging the
>>> work that needs to happen in the meantime.
>>>
>>> Oh, and in case anybody's wondering why we can't build these tools
>>> in-house:
>>>
>>> We could but really, really shouldn't. MediaWiki and the wider Wikimedia
>>> tech infrastructure is still in need of huge improvements. It would be
>>> really unwise to distract WMF's development and product teams from these
>>> goals by requesting they build standard communication or reporting tools.
>>>
>>> On Sat, Feb 13, 2021 at 4:42 PM Fæ <faewik@gmail.com> wrote:
>>>
>>>> As a consequence of the promotion of a Google forms based survey this
>>>> week by a WMF representative, a proposal on Wikimedia Commons has been
>>>> started to ban the promotion of surveys which rely on third party
>>>> sites like Google Forms.[1]
>>>>
>>>> Launched today, but already it appears likely that this proposal will
>>>> have a consensus to support. Considering that Commons is one of our
>>>> largest Wikimedia projects, there are potential repercussions of
>>>> banning the on-wiki promotion of surveys which use Google products or
>>>> other closed source third party products like SurveyMonkey.
>>>>
>>>> Feedback is most welcome on the proposal discussion, or on this list
>>>> for handling impact, solutions, recommended alternatives that already
>>>> exist, or the future role of the WMF to support research and surveys
>>>> for the WMF and affiliates by using forking open source software and
>>>> self-hosting and self-managing data "locally".
>>>>
>>>> Links
>>>> 1.
>>>> https://commons.wikimedia.org/wiki/Commons:Village_pump/Proposals#Use_of_off-wiki_surveys_using_third-party_tools
>>>>
>>>> Thanks
>>>> Fae
>>>> --
>>>> faewik@gmail.com https://commons.wikimedia.org/wiki/User:Fae
>>>> #WearAMask
>>>>
>>>> _______________________________________________
>>>> Wikimedia-l mailing list, guidelines at:
>>>> https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and
>>>> https://meta.wikimedia.org/wiki/Wikimedia-l
>>>> New messages to: Wikimedia-l@lists.wikimedia.org
>>>> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
>>>> <mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe>
>>>>
>>>
>>>
>>> --
>>>
>>> Z powa?aniem · Kind regards
>>>
>>> ?ukasz Garczewski
>>>
>>> Dyrektor ds. operacyjnych · Chief Operating Officer
>>>
>>> Wikimedia Polska
>>>
>>>
>>> tel: +48 601 827 937
>>>
>>> e-mail: lukasz.garczewski@wikimedia.pl
>>>
>>> <http://wikimedia.pl>
>>>
>>> Wesprzyj woln? wiedz?!
>>> Przeka? 1% podatku lub wp?a? darowizn? na rzecz Wikipedii
>>> <https://wikimedia.pl/>
>>>
>>> ul. Tuwima 95, pok. 15 ?ód?, Polska
>>>
>>> KRS 0000244732
>>>
>>> NIP 728-25-97-388
>>>
>>> wikimedia.pl
>>>
>>> Informacje na temat przetwarzania znajduj? si? w Polityce Prywatno?ci
>>> <https://pl.wikimedia.org/wiki/Polityka_prywatno%C5%9Bci>. Kontakt:
>>> rodo@wikimedia.pl
>>> _______________________________________________
>>> Wikimedia-l mailing list, guidelines at:
>>> https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and
>>> https://meta.wikimedia.org/wiki/Wikimedia-l
>>> New messages to: Wikimedia-l@lists.wikimedia.org
>>> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
>>> <mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe>
>>>
>>
>>
>> --
>> GN.
>>
>> *Power of Diverse Collaboration*
>> *Sharing knowledge brings people together*
>> Wikimania Bangkok 2022
>> August
>> hosted by ESEAP
>>
>> Wikimania: https://wikimania.wikimedia.org/wiki/User:Gnangarra
>> Noongarpedia: https://incubator.wikimedia.org/wiki/Wp/nys/Main_Page
>> My print shop: https://www.redbubble.com/people/Gnangarra/shop?asc=u
>>
>>
>> _______________________________________________
>> Wikimedia-l mailing list, guidelines at:
>> https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and
>> https://meta.wikimedia.org/wiki/Wikimedia-l
>> New messages to: Wikimedia-l@lists.wikimedia.org
>> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
>> <mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe>
>>
> _______________________________________________
> Wikimedia-l mailing list, guidelines at:
> https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and
> https://meta.wikimedia.org/wiki/Wikimedia-l
> New messages to: Wikimedia-l@lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> <mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe>
>

I don't live in a country where I need to be worried about the
anonymity and privacy, but that doesn't prevent me from appreciating that
there are people in countries like Myanmar, Iran, Syria, and many others
who need the assurity of privacy to contribute to the movement.

On Mon, 15 Feb 2021 at 14:12, Risker <risker.wp@gmail.com> wrote:

> To clarify to anyone who doesn't want to read the actual proposal, which
> Fae did not repeat here:
>
> *Proposal*
>
> It is proposed that on Wikimedia Commons that there must be no promotion
> of surveys or questionnaires which rely on third party sites and closed
> source tools, such as Google Forms. This should be interpreted as a ban
> against engaging volunteers by mass messaging, use of banners or posts on
> noticeboards.
> *Recommended consequential action*
>
> Banners and posts which go against this proposal may be removed by anyone.
>
> Posting account(s) may be blocked or have group rights removed at the
> discretion of administrators, such as all rights that enable mass
> messaging. In a persistent case, blocks and rights removal may apply to all
> accounts of the person responsible. A rationale of doing their job as
> part of being a WMF employee is not considered an exemption.
>
>
> Now....this applies to everyone who posts about a survey at Wikimedia
> Commons, as this proposal is strictly related to Commons. It is not a
> global proposal. However, it would apply to researchers, to WMF staff, to
> anyone who uses closed-sourced tools. There is no suggestion at all about
> suitable alternative tools. In fact, there is a severe dearth of quality
> open source tools. Researchers may be bound by their facilities to use
> certain types of tools.
>
> Surveys and questionnaires are always voluntary. There's some
> responsibility on the part of the user to read the privacy statements and
> use of information statements that are normally mandatory for any
> legitimate surveys. More than once I've started to participate in a survey
> and decided it was asking questions I didn't want to answer, and just never
> saved them.
>
>
> I think it would also be helpful if someone from WMF Technical could take
> the time to discuss with the broader community what arrangements have been
> made in their contract with Google to ensure that the information on those
> documents (of whatever nature) are not in fact accessible to Google for
> their data gathering or any other purposes. There is, of course, a certain
> irony that three of the four people who have commented on this thread so
> far all have Gmail email addresses.
>
>
> Risker/Anne
>
> On Mon, 15 Feb 2021 at 00:24, Gnangarra <gnangarra@gmail.com> wrote:
>
>> I agree with Fae's proposal if we are using tools that exclude community
>> members out of safety and privacy concerns then we arent fulfilling the
>> equity goals. I also recognise that alternatives need to be available but
>> with no incentive for them to be used then there is no development of such
>> tools, or improvements to their functionality. Faes proposal is putting the
>> WMF on notice that there are steps we need to take to ensure equity,
>> safety, and privacy in participation.
>>
>> On Mon, 15 Feb 2021 at 09:08, ?ukasz Garczewski <
>> lukasz.garczewski@wikimedia.pl> wrote:
>>
>>> With respect, Fae, if you're going to propose banning an existing
>>> solution, it is on you to propose a suitable alternative or at least a
>>> process to find it before the ban takes effect.
>>>
>>> I write this as a signatory of Free Software Foundation Europe's Public
>>> Money? Public Code open letter <https://publiccode.eu/openletter/>. I
>>> am wholeheartedly a proponent of open source software.
>>>
>>> At the same time, I am a firm believer in using the best available tool
>>> for the job.
>>>
>>> Our mission is too important to hold ourselves back at every step due to
>>> a noble but often unrealistic wish to use open source solutions for
>>> everything we do.
>>>
>>> Last year, because of my drive to use proper open source solutions, WMPL
>>> wasted hours and hours of staff time (mostly mine) and a not insignificant
>>> amount of members' time because:
>>>
>>> - Zeus, a widely used, cryptographically secure voting system is
>>> impossible to setup and maintain and has very sparse documentation,
>>> - CiviCRM, the premier open source CRM solution for NGOs, refuses to
>>> work correctly after the Wordpress installation is moved to a new URL, and
>>> documentation isn't helpful.
>>>
>>> To my knowledge there are no suitable open source options that would be
>>> easy-to-use and robust enough to support our needs in both cases and be
>>> comparable to commercial counterparts.
>>>
>>> I have wasted a ton of time (and therefore WMPL money), before I decided
>>> to use state-of-the-art commercial solutions for the needs described above.
>>> Don't be like me. Don't make other people think & act like I did. Be
>>> smarter.
>>>
>>> Should we use an *equivalent* open source solution when one is
>>> available? Yes.
>>> Should we have a public list of open source tools needed? Yes.
>>> Should we use programmes such as Google Summer of Code to build those
>>> tools? Yes.
>>>
>>> Should we waste time using sub-par solutions or doing work manually?
>>> Hell no.
>>>
>>> *So here's a constructive alternative idea:*
>>>
>>> - Let's gather the needs and use cases for tools used by WMF and
>>> affiliates,
>>> - Let's build a list of potential open source replacements and map
>>> what features are missing,
>>> - Let's put the word out that we're looking for open source
>>> replacements where there are none available,
>>> - Let's embed Wikimedia liaisons in key open source projects to
>>> ensure our needs and use cases are addressed promptly,
>>> - Let's use initiatives such as Summer of Code to kickstart building
>>> some of these tools.
>>>
>>> I acknowledge the above is much harder to do than instituting a ban via
>>> community consensus. It is, however, a much more productive approach and
>>> will get us to your desired state eventually, and without sabotaging the
>>> work that needs to happen in the meantime.
>>>
>>> Oh, and in case anybody's wondering why we can't build these tools
>>> in-house:
>>>
>>> We could but really, really shouldn't. MediaWiki and the wider Wikimedia
>>> tech infrastructure is still in need of huge improvements. It would be
>>> really unwise to distract WMF's development and product teams from these
>>> goals by requesting they build standard communication or reporting tools.
>>>
>>> On Sat, Feb 13, 2021 at 4:42 PM Fæ <faewik@gmail.com> wrote:
>>>
>>>> As a consequence of the promotion of a Google forms based survey this
>>>> week by a WMF representative, a proposal on Wikimedia Commons has been
>>>> started to ban the promotion of surveys which rely on third party
>>>> sites like Google Forms.[1]
>>>>
>>>> Launched today, but already it appears likely that this proposal will
>>>> have a consensus to support. Considering that Commons is one of our
>>>> largest Wikimedia projects, there are potential repercussions of
>>>> banning the on-wiki promotion of surveys which use Google products or
>>>> other closed source third party products like SurveyMonkey.
>>>>
>>>> Feedback is most welcome on the proposal discussion, or on this list
>>>> for handling impact, solutions, recommended alternatives that already
>>>> exist, or the future role of the WMF to support research and surveys
>>>> for the WMF and affiliates by using forking open source software and
>>>> self-hosting and self-managing data "locally".
>>>>
>>>> Links
>>>> 1.
>>>> https://commons.wikimedia.org/wiki/Commons:Village_pump/Proposals#Use_of_off-wiki_surveys_using_third-party_tools
>>>>
>>>> Thanks
>>>> Fae
>>>> --
>>>> faewik@gmail.com https://commons.wikimedia.org/wiki/User:Fae
>>>> #WearAMask
>>>>
>>>> _______________________________________________
>>>> Wikimedia-l mailing list, guidelines at:
>>>> https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and
>>>> https://meta.wikimedia.org/wiki/Wikimedia-l
>>>> New messages to: Wikimedia-l@lists.wikimedia.org
>>>> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
>>>> <mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe>
>>>>
>>>
>>>
>>> --
>>>
>>> Z powa?aniem · Kind regards
>>>
>>> ?ukasz Garczewski
>>>
>>> Dyrektor ds. operacyjnych · Chief Operating Officer
>>>
>>> Wikimedia Polska
>>>
>>>
>>> tel: +48 601 827 937
>>>
>>> e-mail: lukasz.garczewski@wikimedia.pl
>>>
>>> <http://wikimedia.pl>
>>>
>>> Wesprzyj woln? wiedz?!
>>> Przeka? 1% podatku lub wp?a? darowizn? na rzecz Wikipedii
>>> <https://wikimedia.pl/>
>>>
>>> ul. Tuwima 95, pok. 15 ?ód?, Polska
>>>
>>> KRS 0000244732
>>>
>>> NIP 728-25-97-388
>>>
>>> wikimedia.pl
>>>
>>> Informacje na temat przetwarzania znajduj? si? w Polityce Prywatno?ci
>>> <https://pl.wikimedia.org/wiki/Polityka_prywatno%C5%9Bci>. Kontakt:
>>> rodo@wikimedia.pl
>>> _______________________________________________
>>> Wikimedia-l mailing list, guidelines at:
>>> https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and
>>> https://meta.wikimedia.org/wiki/Wikimedia-l
>>> New messages to: Wikimedia-l@lists.wikimedia.org
>>> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
>>> <mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe>
>>>
>>
>>
>> --
>> GN.
>>
>> *Power of Diverse Collaboration*
>> *Sharing knowledge brings people together*
>> Wikimania Bangkok 2022
>> August
>> hosted by ESEAP
>>
>> Wikimania: https://wikimania.wikimedia.org/wiki/User:Gnangarra
>> Noongarpedia: https://incubator.wikimedia.org/wiki/Wp/nys/Main_Page
>> My print shop: https://www.redbubble.com/people/Gnangarra/shop?asc=u
>>
>>
>> _______________________________________________
>> Wikimedia-l mailing list, guidelines at:
>> https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and
>> https://meta.wikimedia.org/wiki/Wikimedia-l
>> New messages to: Wikimedia-l@lists.wikimedia.org
>> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
>> <mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe>
>>
> _______________________________________________
> Wikimedia-l mailing list, guidelines at:
> https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and
> https://meta.wikimedia.org/wiki/Wikimedia-l
> New messages to: Wikimedia-l@lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> <mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe>
>


--
GN.

*Power of Diverse Collaboration*
*Sharing knowledge brings people together*
Wikimania Bangkok 2022
August
hosted by ESEAP

Wikimania: https://wikimania.wikimedia.org/wiki/User:Gnangarra
Noongarpedia: https://incubator.wikimedia.org/wiki/Wp/nys/Main_Page
My print shop: https://www.redbubble.com/people/Gnangarra/shop?asc=u

That tool was Limesurvey.

A.

On Mon, 15 Feb 2021, 08:59 Philippe Beaudette <philippe@beaudette.me> wrote:

> I would also like to add a bit of historical context. Many years ago,
> when I worked at the WMF, we were using a FLOSS survey tool (I don't recall
> which). We were fairly dependent on it, when one day someone discovered
> that it was vulnerable to sql injection attacks and Tim Starling (I
> believe) rightly killed it on our servers. Shortly after that, we moved
> toward using a non-free tool that was safer and more robust. I dont recall
> that the two events were connected, but I would be surprised if they
> weren't.
>
> Tim did the right thing then, even though it meant that we were moved off
> a FLOSS solution. Sometimes "Free" just isn't equal, or better. Sometimes
> it's an actual honest-to-god security risk and there are reasons why
> WMF's staff aren't using a free alternative to a proprietary tool. Did
> anyone ask?
>
> Philippe
>
> On Mon, Feb 15, 2021 at 12:13 AM Risker <risker.wp@gmail.com> wrote:
>
>> To clarify to anyone who doesn't want to read the actual proposal, which
>> Fae did not repeat here:
>>
>> *Proposal*
>>
>> It is proposed that on Wikimedia Commons that there must be no promotion
>> of surveys or questionnaires which rely on third party sites and closed
>> source tools, such as Google Forms. This should be interpreted as a ban
>> against engaging volunteers by mass messaging, use of banners or posts on
>> noticeboards.
>> *Recommended consequential action*
>>
>> Banners and posts which go against this proposal may be removed by
>> anyone.
>>
>> Posting account(s) may be blocked or have group rights removed at the
>> discretion of administrators, such as all rights that enable mass
>> messaging. In a persistent case, blocks and rights removal may apply to all
>> accounts of the person responsible. A rationale of doing their job as
>> part of being a WMF employee is not considered an exemption.
>>
>>
>> Now....this applies to everyone who posts about a survey at Wikimedia
>> Commons, as this proposal is strictly related to Commons. It is not a
>> global proposal. However, it would apply to researchers, to WMF staff, to
>> anyone who uses closed-sourced tools. There is no suggestion at all about
>> suitable alternative tools. In fact, there is a severe dearth of quality
>> open source tools. Researchers may be bound by their facilities to use
>> certain types of tools.
>>
>> Surveys and questionnaires are always voluntary. There's some
>> responsibility on the part of the user to read the privacy statements and
>> use of information statements that are normally mandatory for any
>> legitimate surveys. More than once I've started to participate in a survey
>> and decided it was asking questions I didn't want to answer, and just never
>> saved them.
>>
>>
>> I think it would also be helpful if someone from WMF Technical could take
>> the time to discuss with the broader community what arrangements have been
>> made in their contract with Google to ensure that the information on those
>> documents (of whatever nature) are not in fact accessible to Google for
>> their data gathering or any other purposes. There is, of course, a certain
>> irony that three of the four people who have commented on this thread so
>> far all have Gmail email addresses.
>>
>>
>> Risker/Anne
>>
>> On Mon, 15 Feb 2021 at 00:24, Gnangarra <gnangarra@gmail.com> wrote:
>>
>>> I agree with Fae's proposal if we are using tools that exclude community
>>> members out of safety and privacy concerns then we arent fulfilling the
>>> equity goals. I also recognise that alternatives need to be available but
>>> with no incentive for them to be used then there is no development of such
>>> tools, or improvements to their functionality. Faes proposal is putting the
>>> WMF on notice that there are steps we need to take to ensure equity,
>>> safety, and privacy in participation.
>>>
>>> On Mon, 15 Feb 2021 at 09:08, ?ukasz Garczewski <
>>> lukasz.garczewski@wikimedia.pl> wrote:
>>>
>>>> With respect, Fae, if you're going to propose banning an existing
>>>> solution, it is on you to propose a suitable alternative or at least a
>>>> process to find it before the ban takes effect.
>>>>
>>>> I write this as a signatory of Free Software Foundation Europe's Public
>>>> Money? Public Code open letter <https://publiccode.eu/openletter/>. I
>>>> am wholeheartedly a proponent of open source software.
>>>>
>>>> At the same time, I am a firm believer in using the best available tool
>>>> for the job.
>>>>
>>>> Our mission is too important to hold ourselves back at every step due
>>>> to a noble but often unrealistic wish to use open source solutions for
>>>> everything we do.
>>>>
>>>> Last year, because of my drive to use proper open source solutions,
>>>> WMPL wasted hours and hours of staff time (mostly mine) and a not
>>>> insignificant amount of members' time because:
>>>>
>>>> - Zeus, a widely used, cryptographically secure voting system is
>>>> impossible to setup and maintain and has very sparse documentation,
>>>> - CiviCRM, the premier open source CRM solution for NGOs, refuses
>>>> to work correctly after the Wordpress installation is moved to a new URL,
>>>> and documentation isn't helpful.
>>>>
>>>> To my knowledge there are no suitable open source options that would be
>>>> easy-to-use and robust enough to support our needs in both cases and be
>>>> comparable to commercial counterparts.
>>>>
>>>> I have wasted a ton of time (and therefore WMPL money), before I
>>>> decided to use state-of-the-art commercial solutions for the needs
>>>> described above. Don't be like me. Don't make other people think & act like
>>>> I did. Be smarter.
>>>>
>>>> Should we use an *equivalent* open source solution when one is
>>>> available? Yes.
>>>> Should we have a public list of open source tools needed? Yes.
>>>> Should we use programmes such as Google Summer of Code to build those
>>>> tools? Yes.
>>>>
>>>> Should we waste time using sub-par solutions or doing work manually?
>>>> Hell no.
>>>>
>>>> *So here's a constructive alternative idea:*
>>>>
>>>> - Let's gather the needs and use cases for tools used by WMF and
>>>> affiliates,
>>>> - Let's build a list of potential open source replacements and map
>>>> what features are missing,
>>>> - Let's put the word out that we're looking for open source
>>>> replacements where there are none available,
>>>> - Let's embed Wikimedia liaisons in key open source projects to
>>>> ensure our needs and use cases are addressed promptly,
>>>> - Let's use initiatives such as Summer of Code to kickstart
>>>> building some of these tools.
>>>>
>>>> I acknowledge the above is much harder to do than instituting a ban via
>>>> community consensus. It is, however, a much more productive approach and
>>>> will get us to your desired state eventually, and without sabotaging the
>>>> work that needs to happen in the meantime.
>>>>
>>>> Oh, and in case anybody's wondering why we can't build these tools
>>>> in-house:
>>>>
>>>> We could but really, really shouldn't. MediaWiki and the wider
>>>> Wikimedia tech infrastructure is still in need of huge improvements. It
>>>> would be really unwise to distract WMF's development and product teams from
>>>> these goals by requesting they build standard communication or reporting
>>>> tools.
>>>>
>>>> On Sat, Feb 13, 2021 at 4:42 PM Fæ <faewik@gmail.com> wrote:
>>>>
>>>>> As a consequence of the promotion of a Google forms based survey this
>>>>> week by a WMF representative, a proposal on Wikimedia Commons has been
>>>>> started to ban the promotion of surveys which rely on third party
>>>>> sites like Google Forms.[1]
>>>>>
>>>>> Launched today, but already it appears likely that this proposal will
>>>>> have a consensus to support. Considering that Commons is one of our
>>>>> largest Wikimedia projects, there are potential repercussions of
>>>>> banning the on-wiki promotion of surveys which use Google products or
>>>>> other closed source third party products like SurveyMonkey.
>>>>>
>>>>> Feedback is most welcome on the proposal discussion, or on this list
>>>>> for handling impact, solutions, recommended alternatives that already
>>>>> exist, or the future role of the WMF to support research and surveys
>>>>> for the WMF and affiliates by using forking open source software and
>>>>> self-hosting and self-managing data "locally".
>>>>>
>>>>> Links
>>>>> 1.
>>>>> https://commons.wikimedia.org/wiki/Commons:Village_pump/Proposals#Use_of_off-wiki_surveys_using_third-party_tools
>>>>>
>>>>> Thanks
>>>>> Fae
>>>>> --
>>>>> faewik@gmail.com https://commons.wikimedia.org/wiki/User:Fae
>>>>> #WearAMask
>>>>>
>>>>> _______________________________________________
>>>>> Wikimedia-l mailing list, guidelines at:
>>>>> https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and
>>>>> https://meta.wikimedia.org/wiki/Wikimedia-l
>>>>> New messages to: Wikimedia-l@lists.wikimedia.org
>>>>> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
>>>>> <mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe>
>>>>>
>>>>
>>>>
>>>> --
>>>>
>>>> Z powa?aniem · Kind regards
>>>>
>>>> ?ukasz Garczewski
>>>>
>>>> Dyrektor ds. operacyjnych · Chief Operating Officer
>>>>
>>>> Wikimedia Polska
>>>>
>>>>
>>>> tel: +48 601 827 937
>>>>
>>>> e-mail: lukasz.garczewski@wikimedia.pl
>>>>
>>>> <http://wikimedia.pl>
>>>>
>>>> Wesprzyj woln? wiedz?!
>>>> Przeka? 1% podatku lub wp?a? darowizn? na rzecz Wikipedii
>>>> <https://wikimedia.pl/>
>>>>
>>>> ul. Tuwima 95, pok. 15 ?ód?, Polska
>>>>
>>>> KRS 0000244732
>>>>
>>>> NIP 728-25-97-388
>>>>
>>>> wikimedia.pl
>>>>
>>>> Informacje na temat przetwarzania znajduj? si? w Polityce Prywatno?ci
>>>> <https://pl.wikimedia.org/wiki/Polityka_prywatno%C5%9Bci>. Kontakt:
>>>> rodo@wikimedia.pl
>>>> _______________________________________________
>>>> Wikimedia-l mailing list, guidelines at:
>>>> https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and
>>>> https://meta.wikimedia.org/wiki/Wikimedia-l
>>>> New messages to: Wikimedia-l@lists.wikimedia.org
>>>> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
>>>> <mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe>
>>>>
>>>
>>>
>>> --
>>> GN.
>>>
>>> *Power of Diverse Collaboration*
>>> *Sharing knowledge brings people together*
>>> Wikimania Bangkok 2022
>>> August
>>> hosted by ESEAP
>>>
>>> Wikimania: https://wikimania.wikimedia.org/wiki/User:Gnangarra
>>> Noongarpedia: https://incubator.wikimedia.org/wiki/Wp/nys/Main_Page
>>> My print shop: https://www.redbubble.com/people/Gnangarra/shop?asc=u
>>>
>>>
>>> _______________________________________________
>>> Wikimedia-l mailing list, guidelines at:
>>> https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and
>>> https://meta.wikimedia.org/wiki/Wikimedia-l
>>> New messages to: Wikimedia-l@lists.wikimedia.org
>>> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
>>> <mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe>
>>>
>> _______________________________________________
>> Wikimedia-l mailing list, guidelines at:
>> https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and
>> https://meta.wikimedia.org/wiki/Wikimedia-l
>> New messages to: Wikimedia-l@lists.wikimedia.org
>> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
>> <mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe>
>>
> _______________________________________________
> Wikimedia-l mailing list, guidelines at:
> https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and
> https://meta.wikimedia.org/wiki/Wikimedia-l
> New messages to: Wikimedia-l@lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> <mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe>
>

Has Limesurvey been patched since?
(asking as I see it widely used among
some very ethical and tech literate projects)

On Mon, Feb 15, 2021 at 8:52 AM Asaf Bartov <abartov@wikimedia.org> wrote:

> That tool was Limesurvey.
>
> A.
>
> On Mon, 15 Feb 2021, 08:59 Philippe Beaudette <philippe@beaudette.me>
> wrote:
>
>> I would also like to add a bit of historical context. Many years ago,
>> when I worked at the WMF, we were using a FLOSS survey tool (I don't recall
>> which). We were fairly dependent on it, when one day someone discovered
>> that it was vulnerable to sql injection attacks and Tim Starling (I
>> believe) rightly killed it on our servers. Shortly after that, we moved
>> toward using a non-free tool that was safer and more robust. I dont recall
>> that the two events were connected, but I would be surprised if they
>> weren't.
>>
>> Tim did the right thing then, even though it meant that we were moved off
>> a FLOSS solution. Sometimes "Free" just isn't equal, or better. Sometimes
>> it's an actual honest-to-god security risk and there are reasons why
>> WMF's staff aren't using a free alternative to a proprietary tool. Did
>> anyone ask?
>>
>> Philippe
>>
>> On Mon, Feb 15, 2021 at 12:13 AM Risker <risker.wp@gmail.com> wrote:
>>
>>> To clarify to anyone who doesn't want to read the actual proposal, which
>>> Fae did not repeat here:
>>>
>>> *Proposal*
>>>
>>> It is proposed that on Wikimedia Commons that there must be no promotion
>>> of surveys or questionnaires which rely on third party sites and closed
>>> source tools, such as Google Forms. This should be interpreted as a ban
>>> against engaging volunteers by mass messaging, use of banners or posts on
>>> noticeboards.
>>> *Recommended consequential action*
>>>
>>> Banners and posts which go against this proposal may be removed by
>>> anyone.
>>>
>>> Posting account(s) may be blocked or have group rights removed at the
>>> discretion of administrators, such as all rights that enable mass
>>> messaging. In a persistent case, blocks and rights removal may apply to all
>>> accounts of the person responsible. A rationale of doing their job as
>>> part of being a WMF employee is not considered an exemption.
>>>
>>>
>>> Now....this applies to everyone who posts about a survey at Wikimedia
>>> Commons, as this proposal is strictly related to Commons. It is not a
>>> global proposal. However, it would apply to researchers, to WMF staff, to
>>> anyone who uses closed-sourced tools. There is no suggestion at all about
>>> suitable alternative tools. In fact, there is a severe dearth of quality
>>> open source tools. Researchers may be bound by their facilities to use
>>> certain types of tools.
>>>
>>> Surveys and questionnaires are always voluntary. There's some
>>> responsibility on the part of the user to read the privacy statements and
>>> use of information statements that are normally mandatory for any
>>> legitimate surveys. More than once I've started to participate in a survey
>>> and decided it was asking questions I didn't want to answer, and just never
>>> saved them.
>>>
>>>
>>> I think it would also be helpful if someone from WMF Technical could
>>> take the time to discuss with the broader community what arrangements have
>>> been made in their contract with Google to ensure that the information on
>>> those documents (of whatever nature) are not in fact accessible to Google
>>> for their data gathering or any other purposes. There is, of course, a
>>> certain irony that three of the four people who have commented on this
>>> thread so far all have Gmail email addresses.
>>>
>>>
>>> Risker/Anne
>>>
>>> On Mon, 15 Feb 2021 at 00:24, Gnangarra <gnangarra@gmail.com> wrote:
>>>
>>>> I agree with Fae's proposal if we are using tools that
>>>> exclude community members out of safety and privacy concerns then we arent
>>>> fulfilling the equity goals. I also recognise that alternatives need to be
>>>> available but with no incentive for them to be used then there is no
>>>> development of such tools, or improvements to their functionality. Faes
>>>> proposal is putting the WMF on notice that there are steps we need to take
>>>> to ensure equity, safety, and privacy in participation.
>>>>
>>>> On Mon, 15 Feb 2021 at 09:08, ?ukasz Garczewski <
>>>> lukasz.garczewski@wikimedia.pl> wrote:
>>>>
>>>>> With respect, Fae, if you're going to propose banning an existing
>>>>> solution, it is on you to propose a suitable alternative or at least a
>>>>> process to find it before the ban takes effect.
>>>>>
>>>>> I write this as a signatory of Free Software Foundation Europe's Public
>>>>> Money? Public Code open letter <https://publiccode.eu/openletter/>. I
>>>>> am wholeheartedly a proponent of open source software.
>>>>>
>>>>> At the same time, I am a firm believer in using the best available
>>>>> tool for the job.
>>>>>
>>>>> Our mission is too important to hold ourselves back at every step due
>>>>> to a noble but often unrealistic wish to use open source solutions for
>>>>> everything we do.
>>>>>
>>>>> Last year, because of my drive to use proper open source solutions,
>>>>> WMPL wasted hours and hours of staff time (mostly mine) and a not
>>>>> insignificant amount of members' time because:
>>>>>
>>>>> - Zeus, a widely used, cryptographically secure voting system is
>>>>> impossible to setup and maintain and has very sparse documentation,
>>>>> - CiviCRM, the premier open source CRM solution for NGOs, refuses
>>>>> to work correctly after the Wordpress installation is moved to a new URL,
>>>>> and documentation isn't helpful.
>>>>>
>>>>> To my knowledge there are no suitable open source options that would
>>>>> be easy-to-use and robust enough to support our needs in both cases and be
>>>>> comparable to commercial counterparts.
>>>>>
>>>>> I have wasted a ton of time (and therefore WMPL money), before I
>>>>> decided to use state-of-the-art commercial solutions for the needs
>>>>> described above. Don't be like me. Don't make other people think & act like
>>>>> I did. Be smarter.
>>>>>
>>>>> Should we use an *equivalent* open source solution when one is
>>>>> available? Yes.
>>>>> Should we have a public list of open source tools needed? Yes.
>>>>> Should we use programmes such as Google Summer of Code to build those
>>>>> tools? Yes.
>>>>>
>>>>> Should we waste time using sub-par solutions or doing work manually?
>>>>> Hell no.
>>>>>
>>>>> *So here's a constructive alternative idea:*
>>>>>
>>>>> - Let's gather the needs and use cases for tools used by WMF and
>>>>> affiliates,
>>>>> - Let's build a list of potential open source replacements and map
>>>>> what features are missing,
>>>>> - Let's put the word out that we're looking for open source
>>>>> replacements where there are none available,
>>>>> - Let's embed Wikimedia liaisons in key open source projects to
>>>>> ensure our needs and use cases are addressed promptly,
>>>>> - Let's use initiatives such as Summer of Code to kickstart
>>>>> building some of these tools.
>>>>>
>>>>> I acknowledge the above is much harder to do than instituting a ban
>>>>> via community consensus. It is, however, a much more productive approach
>>>>> and will get us to your desired state eventually, and without sabotaging
>>>>> the work that needs to happen in the meantime.
>>>>>
>>>>> Oh, and in case anybody's wondering why we can't build these tools
>>>>> in-house:
>>>>>
>>>>> We could but really, really shouldn't. MediaWiki and the wider
>>>>> Wikimedia tech infrastructure is still in need of huge improvements. It
>>>>> would be really unwise to distract WMF's development and product teams from
>>>>> these goals by requesting they build standard communication or reporting
>>>>> tools.
>>>>>
>>>>> On Sat, Feb 13, 2021 at 4:42 PM Fæ <faewik@gmail.com> wrote:
>>>>>
>>>>>> As a consequence of the promotion of a Google forms based survey this
>>>>>> week by a WMF representative, a proposal on Wikimedia Commons has been
>>>>>> started to ban the promotion of surveys which rely on third party
>>>>>> sites like Google Forms.[1]
>>>>>>
>>>>>> Launched today, but already it appears likely that this proposal will
>>>>>> have a consensus to support. Considering that Commons is one of our
>>>>>> largest Wikimedia projects, there are potential repercussions of
>>>>>> banning the on-wiki promotion of surveys which use Google products or
>>>>>> other closed source third party products like SurveyMonkey.
>>>>>>
>>>>>> Feedback is most welcome on the proposal discussion, or on this list
>>>>>> for handling impact, solutions, recommended alternatives that already
>>>>>> exist, or the future role of the WMF to support research and surveys
>>>>>> for the WMF and affiliates by using forking open source software and
>>>>>> self-hosting and self-managing data "locally".
>>>>>>
>>>>>> Links
>>>>>> 1.
>>>>>> https://commons.wikimedia.org/wiki/Commons:Village_pump/Proposals#Use_of_off-wiki_surveys_using_third-party_tools
>>>>>>
>>>>>> Thanks
>>>>>> Fae
>>>>>> --
>>>>>> faewik@gmail.com https://commons.wikimedia.org/wiki/User:Fae
>>>>>> #WearAMask
>>>>>>
>>>>>> _______________________________________________
>>>>>> Wikimedia-l mailing list, guidelines at:
>>>>>> https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and
>>>>>> https://meta.wikimedia.org/wiki/Wikimedia-l
>>>>>> New messages to: Wikimedia-l@lists.wikimedia.org
>>>>>> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
>>>>>> <mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>>
>>>>> Z powa?aniem · Kind regards
>>>>>
>>>>> ?ukasz Garczewski
>>>>>
>>>>> Dyrektor ds. operacyjnych · Chief Operating Officer
>>>>>
>>>>> Wikimedia Polska
>>>>>
>>>>>
>>>>> tel: +48 601 827 937
>>>>>
>>>>> e-mail: lukasz.garczewski@wikimedia.pl
>>>>>
>>>>> <http://wikimedia.pl>
>>>>>
>>>>> Wesprzyj woln? wiedz?!
>>>>> Przeka? 1% podatku lub wp?a? darowizn? na rzecz Wikipedii
>>>>> <https://wikimedia.pl/>
>>>>>
>>>>> ul. Tuwima 95, pok. 15 ?ód?, Polska
>>>>>
>>>>> KRS 0000244732
>>>>>
>>>>> NIP 728-25-97-388
>>>>>
>>>>> wikimedia.pl
>>>>>
>>>>> Informacje na temat przetwarzania znajduj? si? w Polityce Prywatno?ci
>>>>> <https://pl.wikimedia.org/wiki/Polityka_prywatno%C5%9Bci>. Kontakt:
>>>>> rodo@wikimedia.pl
>>>>> _______________________________________________
>>>>> Wikimedia-l mailing list, guidelines at:
>>>>> https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and
>>>>> https://meta.wikimedia.org/wiki/Wikimedia-l
>>>>> New messages to: Wikimedia-l@lists.wikimedia.org
>>>>> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
>>>>> <mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe>
>>>>>
>>>>
>>>>
>>>> --
>>>> GN.
>>>>
>>>> *Power of Diverse Collaboration*
>>>> *Sharing knowledge brings people together*
>>>> Wikimania Bangkok 2022
>>>> August
>>>> hosted by ESEAP
>>>>
>>>> Wikimania: https://wikimania.wikimedia.org/wiki/User:Gnangarra
>>>> Noongarpedia: https://incubator.wikimedia.org/wiki/Wp/nys/Main_Page
>>>> My print shop: https://www.redbubble.com/people/Gnangarra/shop?asc=u
>>>>
>>>>
>>>> _______________________________________________
>>>> Wikimedia-l mailing list, guidelines at:
>>>> https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and
>>>> https://meta.wikimedia.org/wiki/Wikimedia-l
>>>> New messages to: Wikimedia-l@lists.wikimedia.org
>>>> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
>>>> <mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe>
>>>>
>>> _______________________________________________
>>> Wikimedia-l mailing list, guidelines at:
>>> https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and
>>> https://meta.wikimedia.org/wiki/Wikimedia-l
>>> New messages to: Wikimedia-l@lists.wikimedia.org
>>> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
>>> <mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe>
>>>
>> _______________________________________________
>> Wikimedia-l mailing list, guidelines at:
>> https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and
>> https://meta.wikimedia.org/wiki/Wikimedia-l
>> New messages to: Wikimedia-l@lists.wikimedia.org
>> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
>> <mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe>
>>
> _______________________________________________
> Wikimedia-l mailing list, guidelines at:
> https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and
> https://meta.wikimedia.org/wiki/Wikimedia-l
> New messages to: Wikimedia-l@lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> <mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe>
>

Limesurvey [1] is a very active project and I would be surprised if a
security error wouldn't have been fixed in many years. Especially if it was
reported as a security incident back to the community. Which should be the
procedure when such things are discovered, is not only good practice in
open source, it's being a good netizen in general.

My point here isn't to put blame for things in the past, but to make sure
that we as a community make sure that the ecosystem of open source tools we
need in all the affiliates is healthy. This is an investment of time for
sure, but instead we don't have to pay by giving up privacy (sometimes we
might also save money in license fees, but this we shouldn't count on).

Doing this investment would Increase the Sustainability of Our Movement
and Provide for Safety and Inclusion, very much inline with our new
strategy recommendations.

[1] https://www.limesurvey.org/

Med vänliga hälsningar
Jan Ainali


Den mån 15 feb. 2021 kl 08:52 skrev Asaf Bartov <abartov@wikimedia.org>:

> That tool was Limesurvey.
>
> A.
>
> On Mon, 15 Feb 2021, 08:59 Philippe Beaudette <philippe@beaudette.me>
> wrote:
>
>> I would also like to add a bit of historical context. Many years ago,
>> when I worked at the WMF, we were using a FLOSS survey tool (I don't recall
>> which). We were fairly dependent on it, when one day someone discovered
>> that it was vulnerable to sql injection attacks and Tim Starling (I
>> believe) rightly killed it on our servers. Shortly after that, we moved
>> toward using a non-free tool that was safer and more robust. I dont recall
>> that the two events were connected, but I would be surprised if they
>> weren't.
>>
>> Tim did the right thing then, even though it meant that we were moved off
>> a FLOSS solution. Sometimes "Free" just isn't equal, or better. Sometimes
>> it's an actual honest-to-god security risk and there are reasons why
>> WMF's staff aren't using a free alternative to a proprietary tool. Did
>> anyone ask?
>>
>> Philippe
>>
>> On Mon, Feb 15, 2021 at 12:13 AM Risker <risker.wp@gmail.com> wrote:
>>
>>> To clarify to anyone who doesn't want to read the actual proposal, which
>>> Fae did not repeat here:
>>>
>>> *Proposal*
>>>
>>> It is proposed that on Wikimedia Commons that there must be no promotion
>>> of surveys or questionnaires which rely on third party sites and closed
>>> source tools, such as Google Forms. This should be interpreted as a ban
>>> against engaging volunteers by mass messaging, use of banners or posts on
>>> noticeboards.
>>> *Recommended consequential action*
>>>
>>> Banners and posts which go against this proposal may be removed by
>>> anyone.
>>>
>>> Posting account(s) may be blocked or have group rights removed at the
>>> discretion of administrators, such as all rights that enable mass
>>> messaging. In a persistent case, blocks and rights removal may apply to all
>>> accounts of the person responsible. A rationale of doing their job as
>>> part of being a WMF employee is not considered an exemption.
>>>
>>>
>>> Now....this applies to everyone who posts about a survey at Wikimedia
>>> Commons, as this proposal is strictly related to Commons. It is not a
>>> global proposal. However, it would apply to researchers, to WMF staff, to
>>> anyone who uses closed-sourced tools. There is no suggestion at all about
>>> suitable alternative tools. In fact, there is a severe dearth of quality
>>> open source tools. Researchers may be bound by their facilities to use
>>> certain types of tools.
>>>
>>> Surveys and questionnaires are always voluntary. There's some
>>> responsibility on the part of the user to read the privacy statements and
>>> use of information statements that are normally mandatory for any
>>> legitimate surveys. More than once I've started to participate in a survey
>>> and decided it was asking questions I didn't want to answer, and just never
>>> saved them.
>>>
>>>
>>> I think it would also be helpful if someone from WMF Technical could
>>> take the time to discuss with the broader community what arrangements have
>>> been made in their contract with Google to ensure that the information on
>>> those documents (of whatever nature) are not in fact accessible to Google
>>> for their data gathering or any other purposes. There is, of course, a
>>> certain irony that three of the four people who have commented on this
>>> thread so far all have Gmail email addresses.
>>>
>>>
>>> Risker/Anne
>>>
>>> On Mon, 15 Feb 2021 at 00:24, Gnangarra <gnangarra@gmail.com> wrote:
>>>
>>>> I agree with Fae's proposal if we are using tools that
>>>> exclude community members out of safety and privacy concerns then we arent
>>>> fulfilling the equity goals. I also recognise that alternatives need to be
>>>> available but with no incentive for them to be used then there is no
>>>> development of such tools, or improvements to their functionality. Faes
>>>> proposal is putting the WMF on notice that there are steps we need to take
>>>> to ensure equity, safety, and privacy in participation.
>>>>
>>>> On Mon, 15 Feb 2021 at 09:08, ?ukasz Garczewski <
>>>> lukasz.garczewski@wikimedia.pl> wrote:
>>>>
>>>>> With respect, Fae, if you're going to propose banning an existing
>>>>> solution, it is on you to propose a suitable alternative or at least a
>>>>> process to find it before the ban takes effect.
>>>>>
>>>>> I write this as a signatory of Free Software Foundation Europe's Public
>>>>> Money? Public Code open letter <https://publiccode.eu/openletter/>. I
>>>>> am wholeheartedly a proponent of open source software.
>>>>>
>>>>> At the same time, I am a firm believer in using the best available
>>>>> tool for the job.
>>>>>
>>>>> Our mission is too important to hold ourselves back at every step due
>>>>> to a noble but often unrealistic wish to use open source solutions for
>>>>> everything we do.
>>>>>
>>>>> Last year, because of my drive to use proper open source solutions,
>>>>> WMPL wasted hours and hours of staff time (mostly mine) and a not
>>>>> insignificant amount of members' time because:
>>>>>
>>>>> - Zeus, a widely used, cryptographically secure voting system is
>>>>> impossible to setup and maintain and has very sparse documentation,
>>>>> - CiviCRM, the premier open source CRM solution for NGOs, refuses
>>>>> to work correctly after the Wordpress installation is moved to a new URL,
>>>>> and documentation isn't helpful.
>>>>>
>>>>> To my knowledge there are no suitable open source options that would
>>>>> be easy-to-use and robust enough to support our needs in both cases and be
>>>>> comparable to commercial counterparts.
>>>>>
>>>>> I have wasted a ton of time (and therefore WMPL money), before I
>>>>> decided to use state-of-the-art commercial solutions for the needs
>>>>> described above. Don't be like me. Don't make other people think & act like
>>>>> I did. Be smarter.
>>>>>
>>>>> Should we use an *equivalent* open source solution when one is
>>>>> available? Yes.
>>>>> Should we have a public list of open source tools needed? Yes.
>>>>> Should we use programmes such as Google Summer of Code to build those
>>>>> tools? Yes.
>>>>>
>>>>> Should we waste time using sub-par solutions or doing work manually?
>>>>> Hell no.
>>>>>
>>>>> *So here's a constructive alternative idea:*
>>>>>
>>>>> - Let's gather the needs and use cases for tools used by WMF and
>>>>> affiliates,
>>>>> - Let's build a list of potential open source replacements and map
>>>>> what features are missing,
>>>>> - Let's put the word out that we're looking for open source
>>>>> replacements where there are none available,
>>>>> - Let's embed Wikimedia liaisons in key open source projects to
>>>>> ensure our needs and use cases are addressed promptly,
>>>>> - Let's use initiatives such as Summer of Code to kickstart
>>>>> building some of these tools.
>>>>>
>>>>> I acknowledge the above is much harder to do than instituting a ban
>>>>> via community consensus. It is, however, a much more productive approach
>>>>> and will get us to your desired state eventually, and without sabotaging
>>>>> the work that needs to happen in the meantime.
>>>>>
>>>>> Oh, and in case anybody's wondering why we can't build these tools
>>>>> in-house:
>>>>>
>>>>> We could but really, really shouldn't. MediaWiki and the wider
>>>>> Wikimedia tech infrastructure is still in need of huge improvements. It
>>>>> would be really unwise to distract WMF's development and product teams from
>>>>> these goals by requesting they build standard communication or reporting
>>>>> tools.
>>>>>
>>>>> On Sat, Feb 13, 2021 at 4:42 PM Fæ <faewik@gmail.com> wrote:
>>>>>
>>>>>> As a consequence of the promotion of a Google forms based survey this
>>>>>> week by a WMF representative, a proposal on Wikimedia Commons has been
>>>>>> started to ban the promotion of surveys which rely on third party
>>>>>> sites like Google Forms.[1]
>>>>>>
>>>>>> Launched today, but already it appears likely that this proposal will
>>>>>> have a consensus to support. Considering that Commons is one of our
>>>>>> largest Wikimedia projects, there are potential repercussions of
>>>>>> banning the on-wiki promotion of surveys which use Google products or
>>>>>> other closed source third party products like SurveyMonkey.
>>>>>>
>>>>>> Feedback is most welcome on the proposal discussion, or on this list
>>>>>> for handling impact, solutions, recommended alternatives that already
>>>>>> exist, or the future role of the WMF to support research and surveys
>>>>>> for the WMF and affiliates by using forking open source software and
>>>>>> self-hosting and self-managing data "locally".
>>>>>>
>>>>>> Links
>>>>>> 1.
>>>>>> https://commons.wikimedia.org/wiki/Commons:Village_pump/Proposals#Use_of_off-wiki_surveys_using_third-party_tools
>>>>>>
>>>>>> Thanks
>>>>>> Fae
>>>>>> --
>>>>>> faewik@gmail.com https://commons.wikimedia.org/wiki/User:Fae
>>>>>> #WearAMask
>>>>>>
>>>>>> _______________________________________________
>>>>>> Wikimedia-l mailing list, guidelines at:
>>>>>> https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and
>>>>>> https://meta.wikimedia.org/wiki/Wikimedia-l
>>>>>> New messages to: Wikimedia-l@lists.wikimedia.org
>>>>>> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
>>>>>> <mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>>
>>>>> Z powa?aniem · Kind regards
>>>>>
>>>>> ?ukasz Garczewski
>>>>>
>>>>> Dyrektor ds. operacyjnych · Chief Operating Officer
>>>>>
>>>>> Wikimedia Polska
>>>>>
>>>>>
>>>>> tel: +48 601 827 937
>>>>>
>>>>> e-mail: lukasz.garczewski@wikimedia.pl
>>>>>
>>>>> <http://wikimedia.pl>
>>>>>
>>>>> Wesprzyj woln? wiedz?!
>>>>> Przeka? 1% podatku lub wp?a? darowizn? na rzecz Wikipedii
>>>>> <https://wikimedia.pl/>
>>>>>
>>>>> ul. Tuwima 95, pok. 15 ?ód?, Polska
>>>>>
>>>>> KRS 0000244732
>>>>>
>>>>> NIP 728-25-97-388
>>>>>
>>>>> wikimedia.pl
>>>>>
>>>>> Informacje na temat przetwarzania znajduj? si? w Polityce Prywatno?ci
>>>>> <https://pl.wikimedia.org/wiki/Polityka_prywatno%C5%9Bci>. Kontakt:
>>>>> rodo@wikimedia.pl
>>>>> _______________________________________________
>>>>> Wikimedia-l mailing list, guidelines at:
>>>>> https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and
>>>>> https://meta.wikimedia.org/wiki/Wikimedia-l
>>>>> New messages to: Wikimedia-l@lists.wikimedia.org
>>>>> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
>>>>> <mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe>
>>>>>
>>>>
>>>>
>>>> --
>>>> GN.
>>>>
>>>> *Power of Diverse Collaboration*
>>>> *Sharing knowledge brings people together*
>>>> Wikimania Bangkok 2022
>>>> August
>>>> hosted by ESEAP
>>>>
>>>> Wikimania: https://wikimania.wikimedia.org/wiki/User:Gnangarra
>>>> Noongarpedia: https://incubator.wikimedia.org/wiki/Wp/nys/Main_Page
>>>> My print shop: https://www.redbubble.com/people/Gnangarra/shop?asc=u
>>>>
>>>>
>>>> _______________________________________________
>>>> Wikimedia-l mailing list, guidelines at:
>>>> https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and
>>>> https://meta.wikimedia.org/wiki/Wikimedia-l
>>>> New messages to: Wikimedia-l@lists.wikimedia.org
>>>> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
>>>> <mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe>
>>>>
>>> _______________________________________________
>>> Wikimedia-l mailing list, guidelines at:
>>> https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and
>>> https://meta.wikimedia.org/wiki/Wikimedia-l
>>> New messages to: Wikimedia-l@lists.wikimedia.org
>>> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
>>> <mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe>
>>>
>> _______________________________________________
>> Wikimedia-l mailing list, guidelines at:
>> https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and
>> https://meta.wikimedia.org/wiki/Wikimedia-l
>> New messages to: Wikimedia-l@lists.wikimedia.org
>> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
>> <mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe>
>>
> _______________________________________________
> Wikimedia-l mailing list, guidelines at:
> https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and
> https://meta.wikimedia.org/wiki/Wikimedia-l
> New messages to: Wikimedia-l@lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> <mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe>
>

Hi,

On 2/14/21 5:08 PM, ?ukasz Garczewski wrote:
> *So here's a constructive alternative idea:*
>
> * Let's gather the needs and use cases for tools used by WMF and
> affiliates,
> * Let's build a list of potential open source replacements and map
> what features are missing,
> * Let's put the word out that we're looking for open source
> replacements where there are none available,
> * Let's embed Wikimedia liaisons in key open source projects to ensure
> our needs and use cases are addressed promptly,
> * Let's use initiatives such as Summer of Code to kickstart building
> some of these tools.

Please see <https://meta.wikimedia.org/wiki/FLOSS-Exchange> which is the
starting point of what you're looking for.

> <snip>
> Oh, and in case anybody's wondering why we can't build these tools in-house:
>
> We could but really, really shouldn't. MediaWiki and the wider Wikimedia
> tech infrastructure is still in need of huge improvements. It would be
> really unwise to distract WMF's development and product teams from these
> goals by requesting they build standard communication or reporting tools.

I don't understand this. If a survey tool is important to the movement,
why isn't it worth being worked on?

-- Legoktm

_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/wiki/Wikimedia-l
New messages to: Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe>

Instead of insisting to use a tool or another, I think that the main
point should be the security.

What happens to all these data, who takes care of them, who will read
them, where they will be published.

Third party or not the recurrent topic of free software is always badly
managed because we consider that the open software is automatically secure.

Honestly I would suggest you to switch your mind and to stress the point
of the security instead.

In Europe there is a strong stress of this issues with the GDPR exactly
to vehiculate the message that what is free may not free at all.

Personally I would prefer someone saying to use another solution because
the personal date are safer and not to use another tool only because is
not of a third party.

Kind regards

On 13/02/2021 16:40, Fæ wrote:
> As a consequence of the promotion of a Google forms based survey this
> week by a WMF representative, a proposal on Wikimedia Commons has been
> started to ban the promotion of surveys which rely on third party
> sites like Google Forms.[1]
>
> Launched today, but already it appears likely that this proposal will
> have a consensus to support. Considering that Commons is one of our
> largest Wikimedia projects, there are potential repercussions of
> banning the on-wiki promotion of surveys which use Google products or
> other closed source third party products like SurveyMonkey.
>
> Feedback is most welcome on the proposal discussion, or on this list
> for handling impact, solutions, recommended alternatives that already
> exist, or the future role of the WMF to support research and surveys
> for the WMF and affiliates by using forking open source software and
> self-hosting and self-managing data "locally".
>
> Links
> 1. https://commons.wikimedia.org/wiki/Commons:Village_pump/Proposals#Use_of_off-wiki_surveys_using_third-party_tools
>
> Thanks
> Fae

--
Ilario Valdelli
Wikimedia CH
Verein zur Förderung Freien Wissens
Association pour l’avancement des connaissances libre
Associazione per il sostegno alla conoscenza libera
Switzerland - 8008 Zürich
Wikipedia: Ilario
Skype: valdelli
Tel: +41764821371
http://www.wikimedia.ch


_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/wiki/Wikimedia-l
New messages to: Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe>

On Mon, Feb 15, 2021 at 6:59 AM Philippe Beaudette <philippe@beaudette.me>
wrote:

> Did anyone ask?
>
>
No, no-one did ask. Which is one reason that it's regrettable this
conversation has kicked off with a confrontational on-wiki vote.

I would be interested to hear what the WMF's current position on this is.
Obviously there are questions to be asked about how the security and
privacy of Google Forms would compare with other possible solutions. And
there are tradeoffs to be made in terms of how much time, money and energy
should be spent on the wider FLOSS ecosystem. Currently none of us outside
the WMF really has anything to go on in terms of what the answers to those
questions are.

Since the subject of "why are you using closed-source solution X instead of
open-source Y?" is a recurring question in the movement, it would be great
if the WMF could provide some context to their decision-making here.

Chris

Picking up on the tips that finding an alternative may not be as easy
as the WMF hosting, and perhaps patching, a version of LimeSurvey.[1]

This would be choosing to ignore the fact that WMF funded surveys have
and do include questions that if leaked or otherwise linked to the
identity of the volunteer, may lead to people because of who they are,
they may end up being in prison, being reprogrammed in an internment
camp, or being "disappeared" and murdered by the state. Not every
Wikimedia volunteer on our projects has the luxury of living in a
country where their human rights are protected, and ethically any WMF
funded researcher or WMF contractor should be required to assess their
proposed projects for risks for the volunteers that engage with their
projects.

Being a well-known part of our WM LGBT+ community for many years, I
know folx that live in countries where they risk arrest if they are
too public about their identity and many active volunteers have
approached me in private chats who while not under a legal threat,
fear to contribute to our projects in a public way, because of
repercussions in their every day lives, such as being excluded by
their families or losing their jobs. These risks are far more than
hypothetical, particularly given that the projects which rely on
surveys apparently make no effort at all to advise volunteers to take
steps to protect themselves, such as by filling out the survey from a
ToR browser or warning volunteers living in certain countries (like
Turkey or China) to just please not fill out the survey. It's also
worth noting that our LGBT+ volunteers have been targeted for recent
surveys, with repeated requests on our LGBT+ community groups in
Telegram and by email to take part. At no point were there associated
warnings for the risks, only a link to the WMF privacy terms and a
subsequent link to the Google terms, making it the volunteer's
responsibility to decipher the legalese (in English) and bizarrely
there has never been any effort to restrict the WMF funded surveys to
adults, despite Google clearly warning that non-adults cannot give
consent to use the system.

In response to the claim that "the proposer" has not approached the
WMF in advance, this is at best a bad faith assumption. I have
personally been in meetings this year with T&S to discuss problems
with WMF funded surveys, raising these issues of protection of
volunteers and the risks of compromising privacy. Some things happen
behind the scenes for good reasons and to maintain our productive
relationships.

Sorry, I do not feel that the greater risk here is that funded
projects that might have some inconvenience to handle if one of our
many Wikimedia projects takes a stand and bans the use of third party
survey tools, in the context that the WMF makes no legal commitment to
be responsible for damages if it goes wrong and a volunteer were to
suffer real-life harm or the consequences lead them to lose their
life. At the end of the day, these surveys are nice and easy to set
up, but they do not save lives, they are not mission-critical, nobody
will lose an eye if we switch them off while we work out better
solutions.

Let's sort it out. The WMF and Affiliates have been addicted to quick
free solutions using Google for years, and in the vast majority of
cases of funded projects, it can be avoided by giving a few hours work
to a paid academic intern; and they need the work.

BTW, yes I use Google mail, that's not a contradiction, this email is
not a survey with personal opinions. I will not end up in prison if
you quote me on Twitter. Those using tangential "arguments" like this
need to take a cool look at why they feel they need to scrape the
barrel.

Links
1. https://www.limesurvey.org

Thanks for the feedback, keep going.
Fae

On Sat, 13 Feb 2021 at 15:40, Fæ <faewik@gmail.com> wrote:
>
> As a consequence of the promotion of a Google forms based survey this
> week by a WMF representative, a proposal on Wikimedia Commons has been
> started to ban the promotion of surveys which rely on third party
> sites like Google Forms.[1]
>
> Launched today, but already it appears likely that this proposal will
> have a consensus to support. Considering that Commons is one of our
> largest Wikimedia projects, there are potential repercussions of
> banning the on-wiki promotion of surveys which use Google products or
> other closed source third party products like SurveyMonkey.
>
> Feedback is most welcome on the proposal discussion, or on this list
> for handling impact, solutions, recommended alternatives that already
> exist, or the future role of the WMF to support research and surveys
> for the WMF and affiliates by using forking open source software and
> self-hosting and self-managing data "locally".
>
> Links
> 1. https://commons.wikimedia.org/wiki/Commons:Village_pump/Proposals#Use_of_off-wiki_surveys_using_third-party_tools
>
> Thanks
> Fae
> --
> faewik@gmail.com https://commons.wikimedia.org/wiki/User:Fae
> #WearAMask

_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/wiki/Wikimedia-l
New messages to: Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe>

Well, both ZEUS and CiviCRM works well in many NGO-ses. It is just a
subject of proper maintenance. Actually, a piece of free software called
MediaWiki is probably more complicated to maintain than CiviCRM or
Wordpress but WMF is able to maintain it pretty well :-) I believe that
organization able to successfully maintain the largest MediaWiki based
projects on Earth could also manage to organize free software based survey
system... This is a subject of priorities rather than resources...





pon., 15 lut 2021 o 02:08 ?ukasz Garczewski <lukasz.garczewski@wikimedia.pl>
napisa?(a):

> With respect, Fae, if you're going to propose banning an existing
> solution, it is on you to propose a suitable alternative or at least a
> process to find it before the ban takes effect.
>
> I write this as a signatory of Free Software Foundation Europe's Public
> Money? Public Code open letter <https://publiccode.eu/openletter/>. I am
> wholeheartedly a proponent of open source software.
>
> At the same time, I am a firm believer in using the best available tool
> for the job.
>
> Our mission is too important to hold ourselves back at every step due to a
> noble but often unrealistic wish to use open source solutions for
> everything we do.
>
> Last year, because of my drive to use proper open source solutions, WMPL
> wasted hours and hours of staff time (mostly mine) and a not insignificant
> amount of members' time because:
>
> - Zeus, a widely used, cryptographically secure voting system is
> impossible to setup and maintain and has very sparse documentation,
> - CiviCRM, the premier open source CRM solution for NGOs, refuses to
> work correctly after the Wordpress installation is moved to a new URL, and
> documentation isn't helpful.
>
> To my knowledge there are no suitable open source options that would be
> easy-to-use and robust enough to support our needs in both cases and be
> comparable to commercial counterparts.
>
> I have wasted a ton of time (and therefore WMPL money), before I decided
> to use state-of-the-art commercial solutions for the needs described above.
> Don't be like me. Don't make other people think & act like I did. Be
> smarter.
>
> Should we use an *equivalent* open source solution when one is available?
> Yes.
> Should we have a public list of open source tools needed? Yes.
> Should we use programmes such as Google Summer of Code to build those
> tools? Yes.
>
> Should we waste time using sub-par solutions or doing work manually? Hell
> no.
>
> *So here's a constructive alternative idea:*
>
> - Let's gather the needs and use cases for tools used by WMF and
> affiliates,
> - Let's build a list of potential open source replacements and map
> what features are missing,
> - Let's put the word out that we're looking for open source
> replacements where there are none available,
> - Let's embed Wikimedia liaisons in key open source projects to ensure
> our needs and use cases are addressed promptly,
> - Let's use initiatives such as Summer of Code to kickstart building
> some of these tools.
>
> I acknowledge the above is much harder to do than instituting a ban via
> community consensus. It is, however, a much more productive approach and
> will get us to your desired state eventually, and without sabotaging the
> work that needs to happen in the meantime.
>
> Oh, and in case anybody's wondering why we can't build these tools
> in-house:
>
> We could but really, really shouldn't. MediaWiki and the wider Wikimedia
> tech infrastructure is still in need of huge improvements. It would be
> really unwise to distract WMF's development and product teams from these
> goals by requesting they build standard communication or reporting tools.
>
> On Sat, Feb 13, 2021 at 4:42 PM Fæ <faewik@gmail.com> wrote:
>
>> As a consequence of the promotion of a Google forms based survey this
>> week by a WMF representative, a proposal on Wikimedia Commons has been
>> started to ban the promotion of surveys which rely on third party
>> sites like Google Forms.[1]
>>
>> Launched today, but already it appears likely that this proposal will
>> have a consensus to support. Considering that Commons is one of our
>> largest Wikimedia projects, there are potential repercussions of
>> banning the on-wiki promotion of surveys which use Google products or
>> other closed source third party products like SurveyMonkey.
>>
>> Feedback is most welcome on the proposal discussion, or on this list
>> for handling impact, solutions, recommended alternatives that already
>> exist, or the future role of the WMF to support research and surveys
>> for the WMF and affiliates by using forking open source software and
>> self-hosting and self-managing data "locally".
>>
>> Links
>> 1.
>> https://commons.wikimedia.org/wiki/Commons:Village_pump/Proposals#Use_of_off-wiki_surveys_using_third-party_tools
>>
>> Thanks
>> Fae
>> --
>> faewik@gmail.com https://commons.wikimedia.org/wiki/User:Fae
>> #WearAMask
>>
>> _______________________________________________
>> Wikimedia-l mailing list, guidelines at:
>> https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and
>> https://meta.wikimedia.org/wiki/Wikimedia-l
>> New messages to: Wikimedia-l@lists.wikimedia.org
>> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
>> <mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe>
>>
>
>
> --
>
> Z powa?aniem · Kind regards
>
> ?ukasz Garczewski
>
> Dyrektor ds. operacyjnych · Chief Operating Officer
>
> Wikimedia Polska
>
>
> tel: +48 601 827 937
>
> e-mail: lukasz.garczewski@wikimedia.pl
>
> <http://wikimedia.pl>
>
> Wesprzyj woln? wiedz?!
> Przeka? 1% podatku lub wp?a? darowizn? na rzecz Wikipedii
> <https://wikimedia.pl/>
>
> ul. Tuwima 95, pok. 15 ?ód?, Polska
>
> KRS 0000244732
>
> NIP 728-25-97-388
>
> wikimedia.pl
>
> Informacje na temat przetwarzania znajduj? si? w Polityce Prywatno?ci
> <https://pl.wikimedia.org/wiki/Polityka_prywatno%C5%9Bci>. Kontakt:
> rodo@wikimedia.pl
> _______________________________________________
> Wikimedia-l mailing list, guidelines at:
> https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and
> https://meta.wikimedia.org/wiki/Wikimedia-l
> New messages to: Wikimedia-l@lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> <mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe>
>


--
Tomek "Polimerek" Ganicz
http://pl.wikimedia.org/wiki/User:Polimerek
http://www.ganicz.pl/poli/

Kaya

Have we put the ostrich back, where does this go from here? Have we decided
to learn and make an effort or have we reached the inevitable impasse where
everyone hopes the issue has been forgotten about.

There was a reasonable (though I think unlikely) possibility that
contributors in Australia could lose Google as a platform,
https://www.abc.net.au/news/2021-02-16/google-search-departure-devastate-australian-small-business/13156958
<https://www.abc.net.au/news/2021-02-16/google-search-departure-devastate-australian-small-business/13156958>.
While that looks even less likely google is already offering pay for
services and limiting "free" services like gmail and google docs.

The only assurity the WMF can give about equity, privacy, and access is
through its own services, or services that it hosts. The movement needs
to be looking at its sustainability in the face of increased government
impact on the ultra large corporate services we are using to operate

On Mon, 15 Feb 2021 at 20:10, Tomasz Ganicz <polimerek@gmail.com> wrote:

> Well, both ZEUS and CiviCRM works well in many NGO-ses. It is just a
> subject of proper maintenance. Actually, a piece of free software called
> MediaWiki is probably more complicated to maintain than CiviCRM or
> Wordpress but WMF is able to maintain it pretty well :-) I believe that
> organization able to successfully maintain the largest MediaWiki based
> projects on Earth could also manage to organize free software based survey
> system... This is a subject of priorities rather than resources...
>
>
>
>
>
> pon., 15 lut 2021 o 02:08 ?ukasz Garczewski <
> lukasz.garczewski@wikimedia.pl> napisa?(a):
>
>> With respect, Fae, if you're going to propose banning an existing
>> solution, it is on you to propose a suitable alternative or at least a
>> process to find it before the ban takes effect.
>>
>> I write this as a signatory of Free Software Foundation Europe's Public
>> Money? Public Code open letter <https://publiccode.eu/openletter/>. I am
>> wholeheartedly a proponent of open source software.
>>
>> At the same time, I am a firm believer in using the best available tool
>> for the job.
>>
>> Our mission is too important to hold ourselves back at every step due to
>> a noble but often unrealistic wish to use open source solutions for
>> everything we do.
>>
>> Last year, because of my drive to use proper open source solutions, WMPL
>> wasted hours and hours of staff time (mostly mine) and a not insignificant
>> amount of members' time because:
>>
>> - Zeus, a widely used, cryptographically secure voting system is
>> impossible to setup and maintain and has very sparse documentation,
>> - CiviCRM, the premier open source CRM solution for NGOs, refuses to
>> work correctly after the Wordpress installation is moved to a new URL, and
>> documentation isn't helpful.
>>
>> To my knowledge there are no suitable open source options that would be
>> easy-to-use and robust enough to support our needs in both cases and be
>> comparable to commercial counterparts.
>>
>> I have wasted a ton of time (and therefore WMPL money), before I decided
>> to use state-of-the-art commercial solutions for the needs described above.
>> Don't be like me. Don't make other people think & act like I did. Be
>> smarter.
>>
>> Should we use an *equivalent* open source solution when one is
>> available? Yes.
>> Should we have a public list of open source tools needed? Yes.
>> Should we use programmes such as Google Summer of Code to build those
>> tools? Yes.
>>
>> Should we waste time using sub-par solutions or doing work manually? Hell
>> no.
>>
>> *So here's a constructive alternative idea:*
>>
>> - Let's gather the needs and use cases for tools used by WMF and
>> affiliates,
>> - Let's build a list of potential open source replacements and map
>> what features are missing,
>> - Let's put the word out that we're looking for open source
>> replacements where there are none available,
>> - Let's embed Wikimedia liaisons in key open source projects to
>> ensure our needs and use cases are addressed promptly,
>> - Let's use initiatives such as Summer of Code to kickstart building
>> some of these tools.
>>
>> I acknowledge the above is much harder to do than instituting a ban via
>> community consensus. It is, however, a much more productive approach and
>> will get us to your desired state eventually, and without sabotaging the
>> work that needs to happen in the meantime.
>>
>> Oh, and in case anybody's wondering why we can't build these tools
>> in-house:
>>
>> We could but really, really shouldn't. MediaWiki and the wider Wikimedia
>> tech infrastructure is still in need of huge improvements. It would be
>> really unwise to distract WMF's development and product teams from these
>> goals by requesting they build standard communication or reporting tools.
>>
>> On Sat, Feb 13, 2021 at 4:42 PM Fæ <faewik@gmail.com> wrote:
>>
>>> As a consequence of the promotion of a Google forms based survey this
>>> week by a WMF representative, a proposal on Wikimedia Commons has been
>>> started to ban the promotion of surveys which rely on third party
>>> sites like Google Forms.[1]
>>>
>>> Launched today, but already it appears likely that this proposal will
>>> have a consensus to support. Considering that Commons is one of our
>>> largest Wikimedia projects, there are potential repercussions of
>>> banning the on-wiki promotion of surveys which use Google products or
>>> other closed source third party products like SurveyMonkey.
>>>
>>> Feedback is most welcome on the proposal discussion, or on this list
>>> for handling impact, solutions, recommended alternatives that already
>>> exist, or the future role of the WMF to support research and surveys
>>> for the WMF and affiliates by using forking open source software and
>>> self-hosting and self-managing data "locally".
>>>
>>> Links
>>> 1.
>>> https://commons.wikimedia.org/wiki/Commons:Village_pump/Proposals#Use_of_off-wiki_surveys_using_third-party_tools
>>>
>>> Thanks
>>> Fae
>>> --
>>> faewik@gmail.com https://commons.wikimedia.org/wiki/User:Fae
>>> #WearAMask
>>>
>>> _______________________________________________
>>> Wikimedia-l mailing list, guidelines at:
>>> https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and
>>> https://meta.wikimedia.org/wiki/Wikimedia-l
>>> New messages to: Wikimedia-l@lists.wikimedia.org
>>> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
>>> <mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe>
>>>
>>
>>
>> --
>>
>> Z powa?aniem · Kind regards
>>
>> ?ukasz Garczewski
>>
>> Dyrektor ds. operacyjnych · Chief Operating Officer
>>
>> Wikimedia Polska
>>
>>
>> tel: +48 601 827 937
>>
>> e-mail: lukasz.garczewski@wikimedia.pl
>>
>> <http://wikimedia.pl>
>>
>> Wesprzyj woln? wiedz?!
>> Przeka? 1% podatku lub wp?a? darowizn? na rzecz Wikipedii
>> <https://wikimedia.pl/>
>>
>> ul. Tuwima 95, pok. 15 ?ód?, Polska
>>
>> KRS 0000244732
>>
>> NIP 728-25-97-388
>>
>> wikimedia.pl
>>
>> Informacje na temat przetwarzania znajduj? si? w Polityce Prywatno?ci
>> <https://pl.wikimedia.org/wiki/Polityka_prywatno%C5%9Bci>. Kontakt:
>> rodo@wikimedia.pl
>> _______________________________________________
>> Wikimedia-l mailing list, guidelines at:
>> https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and
>> https://meta.wikimedia.org/wiki/Wikimedia-l
>> New messages to: Wikimedia-l@lists.wikimedia.org
>> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
>> <mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe>
>>
>
>
> --
> Tomek "Polimerek" Ganicz
> http://pl.wikimedia.org/wiki/User:Polimerek
> http://www.ganicz.pl/poli/
>
> _______________________________________________
> Wikimedia-l mailing list, guidelines at:
> https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and
> https://meta.wikimedia.org/wiki/Wikimedia-l
> New messages to: Wikimedia-l@lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> <mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe>
>


--
GN.

*Power of Diverse Collaboration*
*Sharing knowledge brings people together*
Wikimania Bangkok 2022
August
hosted by ESEAP

Wikimania: https://wikimania.wikimedia.org/wiki/User:Gnangarra
Noongarpedia: https://incubator.wikimedia.org/wiki/Wp/nys/Main_Page
My print shop: https://www.redbubble.com/people/Gnangarra/shop?asc=u

Hello,

Thank you for discussing this matter. The Wikimedia Foundation takes the safety and privacy of volunteers very seriously. I recognize that among the concerns is that the identities of LGBTQ+ members of the movement could be revealed to anti-LGBTQ entities and governments. As someone who has previously worked in advocacy for victims of anti-LGBTQ+ related crimes and acts of discrimination, I am personally very invested in mitigating that risk. After speaking with my colleagues at the Foundation, I wanted to clear up a few topics which have been raised here.

== Commitment to Free & Open Source & Security ==

In all platforms and software used in community interactions, our Security and Legal teams are involved in reviewing possible solutions to ensure that we are minimizing risks to our communities’ safety and privacy as well as the security of our technical infrastructure. While we can never completely remove all risks, we are making an increasingly strong effort to balance our resources and technology values to find the best solution for our needs - as well as the needs of the volunteers and readers of the projects we support.

For the most part, this process allows us to honor our commitment to open-source software and utilize solutions already available - such as our recent adoption of Matrix in internal communications and our continued usage of Phabricator for technical bug tracking. In some cases, there are proprietary solutions that better fit our needs - such as our payroll systems and staff email solutions. Finally, there are also times when there are no solutions available and we need to develop our open-source solutions[1] - such as to address how languages appear on a webpage or to help reduce our site's bandwidth usage. We do not always have the resources to develop our own solutions to processes not core to the operations of the wikis or where a solution already exists that works as well or better than anything we could realistically develop.

== Survey tools ==

With regards to surveys, we have previously tested and attempted to use open source solutions such as LimeSurvey. We will continue to keep an eye on those options and consider them again in future reviews. We are extremely cognizant in exploring these options of potential threats both to the privacy of the data collected and the security of the servers operating the software.

Our strict privacy and security needs often require us entering into agreements with operators of proprietary software or services that we use. Sometimes the agreements are unique and confidential to avoid people who may intend harm from gleaning too many technical details. For example, our Enterprise agreement with Google prevents Google from accessing the data for their own uses and requires them to inform the Foundation of any requests for data that they receive prior to disclosure, allowing us an opportunity to file a legal objection. Additionally, our Legal department receives notice before changes to these kinds of arrangements are formally accepted, affording us an opportunity to make a change in platforms, if necessary, in order to maintain our security and privacy requirements. Similarly, we have agreements with other services like Qualtrics to provide controls over how our data is managed and secured.

Thanks in large part to the input and efforts of Wikimedia LGBTQ+, we have recently made some additional improvements to how we conduct surveys. While our surveys have gone through legal review for several years, we have begun referring teams to appropriate language about gender and sexual orientation questions. Additionally, we are purposefully not asking questions about sexual orientation or gender in any geographies where same-sex relations or identifying as transgender are criminalized.[2][3] We are continuing to investigate and collect ideas on additional measures we can take to protect the safety of our communities.

== Ensuring the security of data ==

While storing data ourselves is sometimes the desired outcome, it is not always the best solution. It is also worth noting that even when data is stored on our servers, we cannot fully guarantee its protection without recognizing the constantly evolving nature of digital threats means there will always be as yet unknown risks.

What we have done is continue to grow the capacity of our Security team[4] - allowing us to respond more rapidly to potential risks and over time expand our capacity to review options more rapidly. We have also established initiatives like the Defense of Contributors program[5] - which provides financial legal support to volunteers facing legal risks as a result of their participation in the Wikimedia movement (including taking surveys). We have added rigor to the process of assessing vendors from a security and privacy capabilities standpoint, so we are better informed on risks associated with vendors who will be processing and handling data on our behalf. All of this reduces the risk to everyone's privacy and security; and also provides the infrastructure for effective and ethical responses to a wide range of possible threats.

This work is critical and never-ending - and these discussions are important. We are working to make the above information easier to locate. I appreciate the thoughtful questions people have posed on this mailing list and elsewhere in regards to a realistic approach to managing risks.

Thank you again,
-greg

[1] https://doc.wikimedia.org
[2] https://ilga.org/maps-sexual-orientation-laws
[3] https://ilga.org/trans-legal-mapping-report
[4] https://www.mediawiki.org/wiki/Wikimedia_Security_Team
[5] https://meta.wikimedia.org/wiki/Legal/Legal_Policies#Defense_of_Contributors

-------
Gregory Varnum
Senior Strategist, Communications
Wikimedia Foundation
gvarnum@wikimedia.org
Pronouns: He/Him/His

> On Feb 17, 2021, at 7:36 AM, Gnangarra <gnangarra@gmail.com> wrote:
>
> Kaya
>
> Have we put the ostrich back, where does this go from here? Have we decided to learn and make an effort or have we reached the inevitable impasse where everyone hopes the issue has been forgotten about.
>
> There was a reasonable (though I think unlikely) possibility that contributors in Australia could lose Google as a platform, https://www.abc.net.au/news/2021-02-16/google-search-departure-devastate-australian-small-business/13156958 . While that looks even less likely google is already offering pay for services and limiting "free" services like gmail and google docs.
>
> The only assurity the WMF can give about equity, privacy, and access is through its own services, or services that it hosts. The movement needs to be looking at its sustainability in the face of increased government impact on the ultra large corporate services we are using to operate
>
> On Mon, 15 Feb 2021 at 20:10, Tomasz Ganicz <polimerek@gmail.com> wrote:
> Well, both ZEUS and CiviCRM works well in many NGO-ses. It is just a subject of proper maintenance. Actually, a piece of free software called MediaWiki is probably more complicated to maintain than CiviCRM or Wordpress but WMF is able to maintain it pretty well :-) I believe that organization able to successfully maintain the largest MediaWiki based projects on Earth could also manage to organize free software based survey system... This is a subject of priorities rather than resources...
>
>
>
>
>
> pon., 15 lut 2021 o 02:08 ?ukasz Garczewski <lukasz.garczewski@wikimedia.pl> napisa?(a):
> With respect, Fae, if you're going to propose banning an existing solution, it is on you to propose a suitable alternative or at least a process to find it before the ban takes effect.
>
> I write this as a signatory of Free Software Foundation Europe's Public Money? Public Code open letter. I am wholeheartedly a proponent of open source software.
>
> At the same time, I am a firm believer in using the best available tool for the job.
>
> Our mission is too important to hold ourselves back at every step due to a noble but often unrealistic wish to use open source solutions for everything we do.
>
> Last year, because of my drive to use proper open source solutions, WMPL wasted hours and hours of staff time (mostly mine) and a not insignificant amount of members' time because:
> • Zeus, a widely used, cryptographically secure voting system is impossible to setup and maintain and has very sparse documentation,
> • CiviCRM, the premier open source CRM solution for NGOs, refuses to work correctly after the Wordpress installation is moved to a new URL, and documentation isn't helpful.
> To my knowledge there are no suitable open source options that would be easy-to-use and robust enough to support our needs in both cases and be comparable to commercial counterparts.
>
> I have wasted a ton of time (and therefore WMPL money), before I decided to use state-of-the-art commercial solutions for the needs described above. Don't be like me. Don't make other people think & act like I did. Be smarter.
>
> Should we use an equivalent open source solution when one is available? Yes.
> Should we have a public list of open source tools needed? Yes.
> Should we use programmes such as Google Summer of Code to build those tools? Yes.
>
> Should we waste time using sub-par solutions or doing work manually? Hell no.
>
> So here's a constructive alternative idea:
> • Let's gather the needs and use cases for tools used by WMF and affiliates,
> • Let's build a list of potential open source replacements and map what features are missing,
> • Let's put the word out that we're looking for open source replacements where there are none available,
> • Let's embed Wikimedia liaisons in key open source projects to ensure our needs and use cases are addressed promptly,
> • Let's use initiatives such as Summer of Code to kickstart building some of these tools.
> I acknowledge the above is much harder to do than instituting a ban via community consensus. It is, however, a much more productive approach and will get us to your desired state eventually, and without sabotaging the work that needs to happen in the meantime.
>
> Oh, and in case anybody's wondering why we can't build these tools in-house:
>
> We could but really, really shouldn't. MediaWiki and the wider Wikimedia tech infrastructure is still in need of huge improvements. It would be really unwise to distract WMF's development and product teams from these goals by requesting they build standard communication or reporting tools.
>
> On Sat, Feb 13, 2021 at 4:42 PM Fæ <faewik@gmail.com> wrote:
> As a consequence of the promotion of a Google forms based survey this
> week by a WMF representative, a proposal on Wikimedia Commons has been
> started to ban the promotion of surveys which rely on third party
> sites like Google Forms.[1]
>
> Launched today, but already it appears likely that this proposal will
> have a consensus to support. Considering that Commons is one of our
> largest Wikimedia projects, there are potential repercussions of
> banning the on-wiki promotion of surveys which use Google products or
> other closed source third party products like SurveyMonkey.
>
> Feedback is most welcome on the proposal discussion, or on this list
> for handling impact, solutions, recommended alternatives that already
> exist, or the future role of the WMF to support research and surveys
> for the WMF and affiliates by using forking open source software and
> self-hosting and self-managing data "locally".
>
> Links
> 1. https://commons.wikimedia.org/wiki/Commons:Village_pump/Proposals#Use_of_off-wiki_surveys_using_third-party_tools
>
> Thanks
> Fae
> --
> faewik@gmail.com https://commons.wikimedia.org/wiki/User:Fae
> #WearAMask
>
> _______________________________________________
> Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/wiki/Wikimedia-l
> New messages to: Wikimedia-l@lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe>
>
>
> --
> Z powa?aniem · Kind regards
>
> ?ukasz Garczewski
>
> Dyrektor ds. operacyjnych · Chief Operating Officer
> Wikimedia Polska
>
> tel: +48 601 827 937
> e-mail: lukasz.garczewski@wikimedia.pl
>
>
> Wesprzyj woln? wiedz?!
> Przeka? 1% podatku lub wp?a? darowizn? na rzecz Wikipedii
>
> ul. Tuwima 95, pok. 15 ?ód?, Polska
> KRS 0000244732
> NIP 728-25-97-388
>
> wikimedia.pl
>
> Informacje na temat przetwarzania znajduj? si? w Polityce Prywatno?ci. Kontakt: rodo@wikimedia.pl
> _______________________________________________
> Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/wiki/Wikimedia-l
> New messages to: Wikimedia-l@lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe>
>
>
> --
> Tomek "Polimerek" Ganicz
> http://pl.wikimedia.org/wiki/User:Polimerek
> http://www.ganicz.pl/poli/
>
> _______________________________________________
> Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/wiki/Wikimedia-l
> New messages to: Wikimedia-l@lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe>
>
>
> --
> GN.
>
> Power of Diverse Collaboration
> Sharing knowledge brings people together
> Wikimania Bangkok 2022
> August
> hosted by ESEAP
>
> Wikimania: https://wikimania.wikimedia.org/wiki/User:Gnangarra
> Noongarpedia: https://incubator.wikimedia.org/wiki/Wp/nys/Main_Page
> My print shop: https://www.redbubble.com/people/Gnangarra/shop?asc=u
>
>
> _______________________________________________
> Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/wiki/Wikimedia-l
> New messages to: Wikimedia-l@lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe>


_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/wiki/Wikimedia-l
New messages to: Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe>

Hi folks,

Disclaimer: I'm not speaking on behalf of WMF. I'm sharing my personal
views based on what I've learned over the years working with different
survey tools.

* Freedom and Open Source is a guiding principle [1] for the Wikimedia
Foundation and something I personally deeply care about. The relevant
section of [1] reads "As an organization, we strive to use open source
tools over proprietary ones, although we use proprietary or closed
tools (such as software, operating systems, etc.) where there is
currently no open-source tool that will effectively meet our needs".
In the case of surveys, I've actively looked for open-source tools
multiple times (every couple of years) and I have not been able to
find one that satisfies our needs effectively. This doesn't mean the
search is over. One day we may find one.

* We need to be able to run surveys effectively and across
languages/projects if we are interested in learning from editors and
readers without relying on proxy measures that are inaccurate and
simply put, in many instances problematic (think about models that
attempt to predict the gender of the users on Twitter using the style
of tweeting or usernames or profile images :( ). Within my team,
Research, we have benefited from surveys to understand what are the
needs and motivations of readers across many languages [2] or better
understand the global gender differences in readership [3].

* I agree with Risker's point that the surveys are optional. Of
course, I also know that it's important to decrease the barriers for
everyone who wants to participate to be able to participate (because
we want to have more equity).

* Given that surveys have real use-cases for many across the movement,
I appreciate ?ukasz's point that if you are to ban an existing
solution, it would be essential that you also propose a viable path
forward.

* As others have mentioned, some of the sentiment on this thread is
not new. Back in 2015 a Phabricator ticket was opened to address it:
https://phabricator.wikimedia.org/T94807 . The ticket shifted to what
survey tool is compatible with WMF's Privacy Policy and there are
clear responses on the ticket. For those of you interested to explore
open source options, that ticket may have good pointers for further
exploration.

Best,
Leila


[1] https://meta.wikimedia.org/wiki/Wikimedia_Foundation_Guiding_Principles#Freedom_and_open_source
[2] https://arxiv.org/pdf/1812.00474.pdf
[3] https://arxiv.org/abs/2007.10403


--
Leila Zia
Head of Research
Wikimedia Foundation

On Wed, Feb 17, 2021 at 12:30 PM Gregory Varnum <gvarnum@wikimedia.org> wrote:
>
> Hello,
>
> Thank you for discussing this matter. The Wikimedia Foundation takes the safety and privacy of volunteers very seriously. I recognize that among the concerns is that the identities of LGBTQ+ members of the movement could be revealed to anti-LGBTQ entities and governments. As someone who has previously worked in advocacy for victims of anti-LGBTQ+ related crimes and acts of discrimination, I am personally very invested in mitigating that risk. After speaking with my colleagues at the Foundation, I wanted to clear up a few topics which have been raised here.
>
> == Commitment to Free & Open Source & Security ==
>
> In all platforms and software used in community interactions, our Security and Legal teams are involved in reviewing possible solutions to ensure that we are minimizing risks to our communities’ safety and privacy as well as the security of our technical infrastructure. While we can never completely remove all risks, we are making an increasingly strong effort to balance our resources and technology values to find the best solution for our needs - as well as the needs of the volunteers and readers of the projects we support.
>
> For the most part, this process allows us to honor our commitment to open-source software and utilize solutions already available - such as our recent adoption of Matrix in internal communications and our continued usage of Phabricator for technical bug tracking. In some cases, there are proprietary solutions that better fit our needs - such as our payroll systems and staff email solutions. Finally, there are also times when there are no solutions available and we need to develop our open-source solutions[1] - such as to address how languages appear on a webpage or to help reduce our site's bandwidth usage. We do not always have the resources to develop our own solutions to processes not core to the operations of the wikis or where a solution already exists that works as well or better than anything we could realistically develop.
>
> == Survey tools ==
>
> With regards to surveys, we have previously tested and attempted to use open source solutions such as LimeSurvey. We will continue to keep an eye on those options and consider them again in future reviews. We are extremely cognizant in exploring these options of potential threats both to the privacy of the data collected and the security of the servers operating the software.
>
> Our strict privacy and security needs often require us entering into agreements with operators of proprietary software or services that we use. Sometimes the agreements are unique and confidential to avoid people who may intend harm from gleaning too many technical details. For example, our Enterprise agreement with Google prevents Google from accessing the data for their own uses and requires them to inform the Foundation of any requests for data that they receive prior to disclosure, allowing us an opportunity to file a legal objection. Additionally, our Legal department receives notice before changes to these kinds of arrangements are formally accepted, affording us an opportunity to make a change in platforms, if necessary, in order to maintain our security and privacy requirements. Similarly, we have agreements with other services like Qualtrics to provide controls over how our data is managed and secured.
>
> Thanks in large part to the input and efforts of Wikimedia LGBTQ+, we have recently made some additional improvements to how we conduct surveys. While our surveys have gone through legal review for several years, we have begun referring teams to appropriate language about gender and sexual orientation questions. Additionally, we are purposefully not asking questions about sexual orientation or gender in any geographies where same-sex relations or identifying as transgender are criminalized.[2][3] We are continuing to investigate and collect ideas on additional measures we can take to protect the safety of our communities.
>
> == Ensuring the security of data ==
>
> While storing data ourselves is sometimes the desired outcome, it is not always the best solution. It is also worth noting that even when data is stored on our servers, we cannot fully guarantee its protection without recognizing the constantly evolving nature of digital threats means there will always be as yet unknown risks.
>
> What we have done is continue to grow the capacity of our Security team[4] - allowing us to respond more rapidly to potential risks and over time expand our capacity to review options more rapidly. We have also established initiatives like the Defense of Contributors program[5] - which provides financial legal support to volunteers facing legal risks as a result of their participation in the Wikimedia movement (including taking surveys). We have added rigor to the process of assessing vendors from a security and privacy capabilities standpoint, so we are better informed on risks associated with vendors who will be processing and handling data on our behalf. All of this reduces the risk to everyone's privacy and security; and also provides the infrastructure for effective and ethical responses to a wide range of possible threats.
>
> This work is critical and never-ending - and these discussions are important. We are working to make the above information easier to locate. I appreciate the thoughtful questions people have posed on this mailing list and elsewhere in regards to a realistic approach to managing risks.
>
> Thank you again,
> -greg
>
> [1] https://doc.wikimedia.org
> [2] https://ilga.org/maps-sexual-orientation-laws
> [3] https://ilga.org/trans-legal-mapping-report
> [4] https://www.mediawiki.org/wiki/Wikimedia_Security_Team
> [5] https://meta.wikimedia.org/wiki/Legal/Legal_Policies#Defense_of_Contributors
>
> -------
> Gregory Varnum
> Senior Strategist, Communications
> Wikimedia Foundation
> gvarnum@wikimedia.org
> Pronouns: He/Him/His
>
> > On Feb 17, 2021, at 7:36 AM, Gnangarra <gnangarra@gmail.com> wrote:
> >
> > Kaya
> >
> > Have we put the ostrich back, where does this go from here? Have we decided to learn and make an effort or have we reached the inevitable impasse where everyone hopes the issue has been forgotten about.
> >
> > There was a reasonable (though I think unlikely) possibility that contributors in Australia could lose Google as a platform, https://www.abc.net.au/news/2021-02-16/google-search-departure-devastate-australian-small-business/13156958 . While that looks even less likely google is already offering pay for services and limiting "free" services like gmail and google docs.
> >
> > The only assurity the WMF can give about equity, privacy, and access is through its own services, or services that it hosts. The movement needs to be looking at its sustainability in the face of increased government impact on the ultra large corporate services we are using to operate
> >
> > On Mon, 15 Feb 2021 at 20:10, Tomasz Ganicz <polimerek@gmail.com> wrote:
> > Well, both ZEUS and CiviCRM works well in many NGO-ses. It is just a subject of proper maintenance. Actually, a piece of free software called MediaWiki is probably more complicated to maintain than CiviCRM or Wordpress but WMF is able to maintain it pretty well :-) I believe that organization able to successfully maintain the largest MediaWiki based projects on Earth could also manage to organize free software based survey system... This is a subject of priorities rather than resources...
> >
> >
> >
> >
> >
> > pon., 15 lut 2021 o 02:08 ?ukasz Garczewski <lukasz.garczewski@wikimedia.pl> napisa?(a):
> > With respect, Fae, if you're going to propose banning an existing solution, it is on you to propose a suitable alternative or at least a process to find it before the ban takes effect.
> >
> > I write this as a signatory of Free Software Foundation Europe's Public Money? Public Code open letter. I am wholeheartedly a proponent of open source software.
> >
> > At the same time, I am a firm believer in using the best available tool for the job.
> >
> > Our mission is too important to hold ourselves back at every step due to a noble but often unrealistic wish to use open source solutions for everything we do.
> >
> > Last year, because of my drive to use proper open source solutions, WMPL wasted hours and hours of staff time (mostly mine) and a not insignificant amount of members' time because:
> > • Zeus, a widely used, cryptographically secure voting system is impossible to setup and maintain and has very sparse documentation,
> > • CiviCRM, the premier open source CRM solution for NGOs, refuses to work correctly after the Wordpress installation is moved to a new URL, and documentation isn't helpful.
> > To my knowledge there are no suitable open source options that would be easy-to-use and robust enough to support our needs in both cases and be comparable to commercial counterparts.
> >
> > I have wasted a ton of time (and therefore WMPL money), before I decided to use state-of-the-art commercial solutions for the needs described above. Don't be like me. Don't make other people think & act like I did. Be smarter.
> >
> > Should we use an equivalent open source solution when one is available? Yes.
> > Should we have a public list of open source tools needed? Yes.
> > Should we use programmes such as Google Summer of Code to build those tools? Yes.
> >
> > Should we waste time using sub-par solutions or doing work manually? Hell no.
> >
> > So here's a constructive alternative idea:
> > • Let's gather the needs and use cases for tools used by WMF and affiliates,
> > • Let's build a list of potential open source replacements and map what features are missing,
> > • Let's put the word out that we're looking for open source replacements where there are none available,
> > • Let's embed Wikimedia liaisons in key open source projects to ensure our needs and use cases are addressed promptly,
> > • Let's use initiatives such as Summer of Code to kickstart building some of these tools.
> > I acknowledge the above is much harder to do than instituting a ban via community consensus. It is, however, a much more productive approach and will get us to your desired state eventually, and without sabotaging the work that needs to happen in the meantime.
> >
> > Oh, and in case anybody's wondering why we can't build these tools in-house:
> >
> > We could but really, really shouldn't. MediaWiki and the wider Wikimedia tech infrastructure is still in need of huge improvements. It would be really unwise to distract WMF's development and product teams from these goals by requesting they build standard communication or reporting tools.
> >
> > On Sat, Feb 13, 2021 at 4:42 PM Fæ <faewik@gmail.com> wrote:
> > As a consequence of the promotion of a Google forms based survey this
> > week by a WMF representative, a proposal on Wikimedia Commons has been
> > started to ban the promotion of surveys which rely on third party
> > sites like Google Forms.[1]
> >
> > Launched today, but already it appears likely that this proposal will
> > have a consensus to support. Considering that Commons is one of our
> > largest Wikimedia projects, there are potential repercussions of
> > banning the on-wiki promotion of surveys which use Google products or
> > other closed source third party products like SurveyMonkey.
> >
> > Feedback is most welcome on the proposal discussion, or on this list
> > for handling impact, solutions, recommended alternatives that already
> > exist, or the future role of the WMF to support research and surveys
> > for the WMF and affiliates by using forking open source software and
> > self-hosting and self-managing data "locally".
> >
> > Links
> > 1. https://commons.wikimedia.org/wiki/Commons:Village_pump/Proposals#Use_of_off-wiki_surveys_using_third-party_tools
> >
> > Thanks
> > Fae
> > --
> > faewik@gmail.com https://commons.wikimedia.org/wiki/User:Fae
> > #WearAMask
> >
> > _______________________________________________
> > Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/wiki/Wikimedia-l
> > New messages to: Wikimedia-l@lists.wikimedia.org
> > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe>
> >
> >
> > --
> > Z powa?aniem · Kind regards
> >
> > ?ukasz Garczewski
> >
> > Dyrektor ds. operacyjnych · Chief Operating Officer
> > Wikimedia Polska
> >
> > tel: +48 601 827 937
> > e-mail: lukasz.garczewski@wikimedia.pl
> >
> >
> > Wesprzyj woln? wiedz?!
> > Przeka? 1% podatku lub wp?a? darowizn? na rzecz Wikipedii
> >
> > ul. Tuwima 95, pok. 15 ?ód?, Polska
> > KRS 0000244732
> > NIP 728-25-97-388
> >
> > wikimedia.pl
> >
> > Informacje na temat przetwarzania znajduj? si? w Polityce Prywatno?ci. Kontakt: rodo@wikimedia.pl
> > _______________________________________________
> > Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/wiki/Wikimedia-l
> > New messages to: Wikimedia-l@lists.wikimedia.org
> > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe>
> >
> >
> > --
> > Tomek "Polimerek" Ganicz
> > http://pl.wikimedia.org/wiki/User:Polimerek
> > http://www.ganicz.pl/poli/
> >
> > _______________________________________________
> > Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/wiki/Wikimedia-l
> > New messages to: Wikimedia-l@lists.wikimedia.org
> > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe>
> >
> >
> > --
> > GN.
> >
> > Power of Diverse Collaboration
> > Sharing knowledge brings people together
> > Wikimania Bangkok 2022
> > August
> > hosted by ESEAP
> >
> > Wikimania: https://wikimania.wikimedia.org/wiki/User:Gnangarra
> > Noongarpedia: https://incubator.wikimedia.org/wiki/Wp/nys/Main_Page
> > My print shop: https://www.redbubble.com/people/Gnangarra/shop?asc=u
> >
> >
> > _______________________________________________
> > Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/wiki/Wikimedia-l
> > New messages to: Wikimedia-l@lists.wikimedia.org
> > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe>
>
>
> _______________________________________________
> Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/wiki/Wikimedia-l
> New messages to: Wikimedia-l@lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe>

_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/wiki/Wikimedia-l
New messages to: Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe>

Hello everyone,

Apologies for my TL;DR

Interesting topic. I'm recently working on making ethical surveys more
and more widespread, starting from here:
https://meta.wikimedia.org/wiki/Wikimedia_Italia/LimeSurvey


Every hand is welcome.


Warm wishes!


> As a consequence of the promotion of a Google forms based survey this
> week by a WMF representative, a proposal on Wikimedia Commons has
> been started to ban the promotion of surveys which rely on third
> party sites like Google Forms.
--
[[User:Valerio Bozzan]]
E-mail sent from Evolution from a random GNU/Linux distribution,
delivered from my Postfix mailserver.

Have fun with software freedom!

On Tue, 23 Feb 2021, 7:18 am Valerio Bozzolan via Wikimedia-l, <
wikimedia-l@lists.wikimedia.org> wrote:

> Hello everyone,
>
> Apologies for my TL;DR
>
> Interesting topic. I'm recently working on making ethical surveys more
> and more widespread, starting from here:
> https://meta.wikimedia.org/wiki/Wikimedia_Italia/LimeSurvey
>
> Every hand is welcome.
>
> Warm wishes!
>
> --
>
> [[User:Valerio Bozzan]]
>

Did WMIT do any sort of security review before deploying lime?

Security issues were found the previous two times wmf looked at from my
understanding and that was without doing a full security review process....

Have any sort of privacy impact assessment (PIA) since surveys could
potentially collect personally identifiable data (PIDs)

>

Agree about the privacy and security worries shared by some in the list.

From a software maintenance pov, developing a new tool is sometimes easier
but maintaining and keeping up with the ever-changing internet standards
(and new vulnerabilities and security changes) is hard. That said, a
movement that actively uses surveys and forms does need to make the
personal data transactions secure. To be able to do that, using both open
source tools and (preferably self-hosted) platforms that use e2ee (which
provides better security except in some extraordinary situations [1])
should be preferred. I'd argue a proprietary platform that protects user
data in surveys and collects little metadata is far better than an open
source one that collects and saves user data in plaintext in cloud. But
open source helps to some extent as proprietary platforms could claim many
things when there is no option for public audit of proprietary platforms.
But just open source does *not* help. An additional level of security is a
must and should be the foundational layer when it comes to a survey
platform.

As far as possible solutions go, it would be a good investment to support
developers from the open source community for a survey tool that protects
the privacy of survey participants by the use of e2ee and can be well
integrated into MediaWiki (bonus if not a primary goal). The Foundation and
the larger community (including Chapters and User Groups) would be greatly
benefitted from this. But until a good in-house solution is there, it might
be useful to reach out to other friendly faces in the development world --
Access Now, Article 19, Amnesty International, etc. -- to check what works
for them now.

If and when a platform develops, registered users can then use their
Mediawiki auth for creating privkeys to sign. This would add a
non-repudiable logging mechanism in the backend to add more transparency
and accountability.

1. https://en.wikipedia.org/wiki/Key_disclosure_law/

Subhashish


On Tue, Feb 23, 2021 at 8:21 AM K. Peachey <p858snake@gmail.com> wrote:

>
>
> On Tue, 23 Feb 2021, 7:18 am Valerio Bozzolan via Wikimedia-l, <
> wikimedia-l@lists.wikimedia.org> wrote:
>
>> Hello everyone,
>>
>> Apologies for my TL;DR
>>
>> Interesting topic. I'm recently working on making ethical surveys more
>> and more widespread, starting from here:
>> https://meta.wikimedia.org/wiki/Wikimedia_Italia/LimeSurvey
>>
>> Every hand is welcome.
>>
>> Warm wishes!
>>
>> --
>>
>> [[User:Valerio Bozzan]]
>>
>
> Did WMIT do any sort of security review before deploying lime?
>
> Security issues were found the previous two times wmf looked at from my
> understanding and that was without doing a full security review process....
>
> Have any sort of privacy impact assessment (PIA) since surveys could
> potentially collect personally identifiable data (PIDs)
>
>> _______________________________________________
> Wikimedia-l mailing list, guidelines at:
> https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and
> https://meta.wikimedia.org/wiki/Wikimedia-l
> New messages to: Wikimedia-l@lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> <mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe>
>

Could someone provide a link to the discussed security review of
LimeSurvey? I've been unable to find it.

Considering that the currently open UCoC survey using Google Forms has
quoted WMF terms and conditions, which imply a special agreement with
Google, was there a security review for this solution including the
asserted legal requirement on Google to ask permission from WMF Legal
before releasing data to authorities in the USA, such as the FBI or
NSA? It's not clear to me that Google would do this for anyone else.

It would be helpful for all organizations that plan to do surveys on
the Wikimedia community of volunteers, if the WMF could release a list
of security assessments done for all survey tools they have used in
the past, especially if this is now going to be asked of WMF
Affiliates who will no doubt wish to save donor's money by not
repeating the security assessments already published.

Thanks,
Fae

On Tue, 23 Feb 2021 at 02:51, K. Peachey <p858snake@gmail.com> wrote:
>
>
>
> On Tue, 23 Feb 2021, 7:18 am Valerio Bozzolan via Wikimedia-l, <wikimedia-l@lists.wikimedia.org> wrote:
>>
>> Hello everyone,
>>
>> Apologies for my TL;DR
>>
>> Interesting topic. I'm recently working on making ethical surveys more and more widespread, starting from here:
>> https://meta.wikimedia.org/wiki/Wikimedia_Italia/LimeSurvey
>>Personal and confidential, please do not circulate or re-quote.
>> Every hand is welcome.
>>
>> Warm wishes!
>>
>> --
>>
>> [[User:Valerio Bozzan]]
>
>
> Did WMIT do any sort of security review before deploying lime?
>
> Security issues were found the previous two times wmf looked at from my understanding and that was without doing a full security review process....
>
> Have any sort of privacy impact assessment (PIA) since surveys could potentially collect personally identifiable data (PIDs)
--
faewik@gmail.com https://commons.wikimedia.org/wiki/User:Fae

_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/wiki/Wikimedia-l
New messages to: Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe>

+1

And if anyone has this document in their hands, please notify us here:

https://phabricator.wikimedia.org/T275574

On Tue, 2021-02-23 at 08:36 +0000, Fæ wrote:
> Could someone provide a link to the discussed security review of
> LimeSurvey? I've been unable to find it.
> ...
> Thanks,
> Fae
--
Valerio Bozz.

E-mail sent from Evolution from a random GNU/Linux distribution,
delivered from my Postfix mailserver.

Have fun with software freedom!


_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/wiki/Wikimedia-l
New messages to: Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe>

First point for security.

What should be secure is the software AND the entity using it.

In case there is a third entity managing the data, there is an additional
level of insecurity to take care.

When people "donate" you your data, they don't take care what is the
software behind but who manages the data, where these data are stored,
until when these data are kept, with whom these data are shared.

As you can see who, when and what refer to people not to software.

If the processes and the people are secure, as it seems to be, the software
is a marginal risk.

Kind regards

On Tue, 23 Feb 2021, 09:53 Fæ, <faewik@gmail.com> wrote:

> Could someone provide a link to the discussed security review of
> LimeSurvey? I've been unable to find it.
>
> Considering that the currently open UCoC survey using Google Forms has
> quoted WMF terms and conditions, which imply a special agreement with
> Google, was there a security review for this solution including the
> asserted legal requirement on Google to ask permission from WMF Legal
> before releasing data to authorities in the USA, such as the FBI or
> NSA? It's not clear to me that Google would do this for anyone else.
>
> It would be helpful for all organizations that plan to do surveys on
> the Wikimedia community of volunteers, if the WMF could release a list
> of security assessments done for all survey tools they have used in
> the past, especially if this is now going to be asked of WMF
> Affiliates who will no doubt wish to save donor's money by not
> repeating the security assessments already published.
>
> Thanks,
> Fae
>
> On Tue, 23 Feb 2021 at 02:51, K. Peachey <p858snake@gmail.com> wrote:
> >
> >
> >
> > On Tue, 23 Feb 2021, 7:18 am Valerio Bozzolan via Wikimedia-l, <
> wikimedia-l@lists.wikimedia.org> wrote:
> >>
> >> Hello everyone,
> >>
> >> Apologies for my TL;DR
> >>
> >> Interesting topic. I'm recently working on making ethical surveys more
> and more widespread, starting from here:
> >> https://meta.wikimedia.org/wiki/Wikimedia_Italia/LimeSurvey
> >>Personal and confidential, please do not circulate or re-quote.
> >> Every hand is welcome.
> >>
> >> Warm wishes!
> >>
> >> --
> >>
> >> [[User:Valerio Bozzan]]
> >
> >
> > Did WMIT do any sort of security review before deploying lime?
> >
> > Security issues were found the previous two times wmf looked at from my
> understanding and that was without doing a full security review process....
> >
> > Have any sort of privacy impact assessment (PIA) since surveys could
> potentially collect personally identifiable data (PIDs)
> --
> faewik@gmail.com https://commons.wikimedia.org/wiki/User:Fae
>
> _______________________________________________
> Wikimedia-l mailing list, guidelines at:
> https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and
> https://meta.wikimedia.org/wiki/Wikimedia-l
> New messages to: Wikimedia-l@lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> <mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe>
>

Hello,

I agree that a blind "ban them all right now" is not the way to go.

Now, the WMF by its own word aims to "provide the essential
infrastructure for free knowledge". Should this statement be taken
seriously, the foundation can not be light on the tools it chooses to
communicate with the community, and what tools it provides to addresses
the community needs.

Libre softwares are not perfect, for sure, they come with their own
caveats. Maybe (re)reading When Free Software Isn't (Practically)
Superior
<https://www.gnu.org/philosophy/when-free-software-isnt-practically-superior.html>
might worth our time here.

The question is not "will we meet issues if we use libre softwares?" Of
course we will! And using non-libre softwares, we would too. The point
is, on the long run, are we serious about "providing the essential
infrastructure for free knowledge". If that the case, it won't happen by
dodging all the difficulties that must be overcome to build such an
infrastructure. This won't be achieved without sometime going through
long hours of tedious learning by experience. If we coordinate well
however, we can leverage on each other successes and failures, without
giving exclusive privileges of this commonality to some exogenous actor.

Yes, sometime it might be easier on the short-term to take an
out-of-the-box non-libre solution – although there is guarantee in that
either. Sometime you will be better served on the short term with a
libre software that you deploy alone in your corner of the cyberspace.
Sometimes you'll be better served with a libre software that will be
deployed, maintained and improved with the help some commercial support.
Sometimes it might worth to have your own inhouse team to do all that
work on some specific libre software stacks that match your needs.

Cheers

Le 15/02/2021 à 02:08, ?ukasz Garczewski a écrit :
> With respect, Fae, if you're going to propose banning an existing
> solution, it is on you to propose a suitable alternative or at least a
> process to find it before the ban takes effect.
>
> I write this as a signatory of Free Software Foundation Europe's
> Public Money? Public Code open letter
> <https://publiccode.eu/openletter/>. I am wholeheartedly a proponent
> of open source software.
>
> At the same time, I am a firm believer in using the best available
> tool for the job.
>
> Our mission is too important to hold ourselves back at every step due
> to a noble but often unrealistic wish to use open source solutions for
> everything we do.
>
> Last year, because of my drive to use proper open source solutions,
> WMPL wasted hours and hours of staff time (mostly mine) and a not
> insignificant amount of members' time because:
>
> * Zeus, a widely used, cryptographically secure voting system is
> impossible to setup and maintain and has very sparse documentation,
> * CiviCRM, the premier open source CRM solution for NGOs, refuses to
> work correctly after the Wordpress installation is moved to a new
> URL, and documentation isn't helpful.
>
> To my knowledge there are no suitable open source options that would
> be easy-to-use and robust enough to support our needs in both cases
> and be comparable to commercial counterparts.
>
> I have wasted a ton of time (and therefore WMPL money), before I
> decided to use state-of-the-art commercial solutions for the needs
> described above. Don't be like me. Don't make other people think & act
> like I did. Be smarter.
>
> Should we use an _equivalent_ open source solution when one is
> available? Yes.
> Should we have a public list of open source tools needed? Yes.
> Should we use programmes such as Google Summer of Code to build those
> tools? Yes.
>
> Should we waste time using sub-par solutions or doing work manually?
> Hell no.
>
> *So here's a constructive alternative idea:*
>
> * Let's gather the needs and use cases for tools used by WMF and
> affiliates,
> * Let's build a list of potential open source replacements and map
> what features are missing,
> * Let's put the word out that we're looking for open source
> replacements where there are none available,
> * Let's embed Wikimedia liaisons in key open source projects to
> ensure our needs and use cases are addressed promptly,
> * Let's use initiatives such as Summer of Code to kickstart building
> some of these tools.
>
> I acknowledge the above is much harder to do than instituting a ban
> via community consensus. It is, however, a much more productive
> approach and will get us to your desired state eventually, and without
> sabotaging the work that needs to happen in the meantime.
>
> Oh, and in case anybody's wondering why we can't build these tools
> in-house:
>
> We could but really, really shouldn't. MediaWiki and the wider
> Wikimedia tech infrastructure is still in need of huge improvements.
> It would be really unwise to distract WMF's development and product
> teams from these goals by requesting they build standard communication
> or reporting tools.
>
> On Sat, Feb 13, 2021 at 4:42 PM Fæ <faewik@gmail.com
> <mailto:faewik@gmail.com>> wrote:
>
> As a consequence of the promotion of a Google forms based survey this
> week by a WMF representative, a proposal on Wikimedia Commons has been
> started to ban the promotion of surveys which rely on third party
> sites like Google Forms.[1]
>
> Launched today, but already it appears likely that this proposal will
> have a consensus to support. Considering that Commons is one of our
> largest Wikimedia projects, there are potential repercussions of
> banning the on-wiki promotion of surveys which use Google products or
> other closed source third party products like SurveyMonkey.
>
> Feedback is most welcome on the proposal discussion, or on this list
> for handling impact, solutions, recommended alternatives that already
> exist, or the future role of the WMF to support research and surveys
> for the WMF and affiliates by using forking open source software and
> self-hosting and self-managing data "locally".
>
> Links
> 1.
> https://commons.wikimedia.org/wiki/Commons:Village_pump/Proposals#Use_of_off-wiki_surveys_using_third-party_tools
> <https://commons.wikimedia.org/wiki/Commons:Village_pump/Proposals#Use_of_off-wiki_surveys_using_third-party_tools>
>
> Thanks
> Fae
> --
> faewik@gmail.com <mailto:faewik@gmail.com>
> https://commons.wikimedia.org/wiki/User:Fae
> <https://commons.wikimedia.org/wiki/User:Fae>
> #WearAMask
>
> _______________________________________________
> Wikimedia-l mailing list, guidelines at:
> https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
> <https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines> and
> https://meta.wikimedia.org/wiki/Wikimedia-l
> <https://meta.wikimedia.org/wiki/Wikimedia-l>
> New messages to: Wikimedia-l@lists.wikimedia.org
> <mailto:Wikimedia-l@lists.wikimedia.org>
> Unsubscribe:
> https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
> <https://lists.wikimedia.org/mailman/listinfo/wikimedia-l>,
> <mailto:wikimedia-l-request@lists.wikimedia.org
> <mailto:wikimedia-l-request@lists.wikimedia.org>?subject=unsubscribe>
>
>
>
> --
>
> Z powa?aniem · Kind regards
>
>
> ?ukasz Garczewski
>
>
> Dyrektor ds. operacyjnych · Chief Operating Officer
>
> Wikimedia Polska
>
> tel: +48 601 827 937
>
> e-mail: lukasz.garczewski@wikimedia.pl
> <mailto:lukasz.garczewski@wikimedia.pl>
>
>
> <http://wikimedia.pl>
>
>
>
> Wesprzyj woln? wiedz?!Przeka? 1% podatku lub wp?a? darowizn? na rzecz
> Wikipedii <https://wikimedia.pl/>
>
>
> ul. Tuwima 95, pok. 15 ?ód?, Polska
>
> KRS 0000244732
>
> NIP 728-25-97-388
>
>
> wikimedia.pl <http://wikimedia.pl>
>
>
> Informacje na temat przetwarzania znajduj? si? w Polityce Prywatno?ci
> <https://pl.wikimedia.org/wiki/Polityka_prywatno%C5%9Bci>. Kontakt:
> rodo@wikimedia.pl <mailto:rodo@wikimedia.pl>
>
> _______________________________________________
> Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/wiki/Wikimedia-l
> New messages to: Wikimedia-l@lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe>

A deeper look into the official response by the WMF raises some
questions about what it means in practice and whether a plain English
reading of the words is sufficient.

Q1: WMF tested open source solutions
"[Surveys] [...] we have previously tested and attempted to use open
source solutions such as LimeSurvey"

Can someone please provide the list of the multiple open source
solutions that the WMF has tested and the reports of why they were
each abandoned? This would be incredibly helpful for WMF Affiliates
who are doing exactly the same thing.

Q2: Legal objections
"[...] our Enterprise agreement with Google prevents Google from
accessing the data for their own uses and requires them to inform the
Foundation of any requests for data that they receive prior to
disclosure, allowing us an opportunity to file a legal objection.
[...] we have agreements with other services like Qualtrics"
Re-reading this, it seems an astonishingly generous and legally
binding commitment from Google, Qualtrics, and presumably other
suppliers that have not been named. These suppliers will refuse to
cooperate with legal investigations, such as US Government agencies,
or their own internal security threats, before consulting with WMF
Legal, and will wait for WMF Legal to object.

The question is, can someone please provide a link to a WMF-funded or
approved survey where this agreement was in place, or is it a
statement of what might happen in the future?
Based on my understanding of existing surveys like the still running
UCoC survey, the WMF terms and conditions and the referenced Google
terms and conditions are in direct contradiction to this assertion by
the WMF, and WMF Legal.

Q3: Geographical restriction
"[...] we are purposefully not asking questions about sexual
orientation or gender in any geographies where same-sex relations or
identifying as transgender are criminalized."

Can someone please link to a WMF-funded or approved survey where this
happened, or is this an ambition for the future that has not happened
yet?
In the example of the running UCoC survey (Google docs) this is not in
place. There is a question about gender identity that has the
potential to out people as transgender, and there is no technical
mechanism to filter by geographical location, nor are volunteers asked
to limit themselves if they live in a list of "hostile" countries.

Thanks,
Fae
--
faewik@gmail.com https://commons.wikimedia.org/wiki/User:Fae

On Tue, 23 Feb 2021 at 22:45, Valerio Bozzolan via Wikimedia-l
<wikimedia-l@lists.wikimedia.org> wrote:
>
> +1
>
> And if anyone has this document in their hands, please notify us here:
>
> https://phabricator.wikimedia.org/T275574
>
> On Tue, 2021-02-23 at 08:36 +0000, Fæ wrote:
> > Could someone provide a link to the discussed security review of
> > LimeSurvey? I've been unable to find it.
> > ...
> > Thanks,
> > Fae
> --
> Valerio Bozz.
>
> E-mail sent from Evolution from a random GNU/Linux distribution,
> delivered from my Postfix mailserver.

_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/wiki/Wikimedia-l
New messages to: Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe>