You are browsing a read-only backup copy of Wikitech. The primary site can be found at wikitech.wikimedia.org

Labs TOU Consultation Round 1 (2016)

From Wikitech-static
Revision as of 20:51, 17 May 2016 by imported>ZZhou (WMF) (First Draft)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

DRAFT

Welcome to Round 1 of the community feedback for the Wikimedia Labs Terms of Use (“Terms”). The Wikimedia Legal team is interested in revising, updating, and clarifying the existing Terms governing developers and their projects on Wikimedia Labs.

In terms of process and timing, this round of request for feedback is meant to solicit ideas from you, as a member of the Labs community, on how to best revise the Terms. We will try to respond the best we can, but the main purpose of this round is to hear all your thoughts. After the feedback round, we will prepare a draft revision of the Terms based on that feedback and other minor revisions to clarify statements in existing the Terms. We will then engage in a community discussion about the revised Terms.

We have identified three major topic areas under which we want to hear your feedback. In addition, for other areas of discussion or input, please submit your thoughts in the “Open Discussion” area below.

We plan to leave this discussion open until June 7, 2016. Thank you for all your help and feedback.

Note: Due to the unique nature of Wikimedia Labs, developers who use Labs are generally not governed by policies governing our other sites, such as the Wikimedia Foundation Terms of Use. Developers who develop projects on Labs must instead adhere to the Wikimedia Labs Terms of Use. In addition, websites maintained by Wikimedia Foundation on Labs should adhere to the Wikimedia Foundation Privacy Policy.

Use of Third Party Resources

The current Terms do not indicate whether developers can use or integrate resources hosted on third-party servers (e.g. libraries, scripts, stylesheets, images, etc…). The use of such third-party resources might be considered problematic for the following reasons:

Some users may consider third-party tracking to be intrusive of their privacy. Some users may not be on notice and some projects may not have adequate notice of these practices. Users of projects involving third-party resources may be subject to a higher risk of security issues or intentional attacks.

These concerns are heightened in cases where Labs-hosted tools and extensions are installed or available for use in our other Projects.

To protect our users and networks, the Labs Terms of Use could be revised to explicitly disallow the use of third-party resources. Developers can still use external resources by first uploading them for hosting on their Labs project.

On the other hand, it sometimes might be easier for developers to link to third-party resources rather than uploading them first. Some external services also might be not easily uploadable to or hosted on Labs. Furthermore, it is likely there are already some projects on Labs which use third-party resources; this is particularly problematic when such usage is undisclosed to end-users. Any policy change will ideally provide a flexible way to address existing project usage and behavior as well as avoid unnecessarily hinder the development of new projects.

Finally, this discussion is not about disallowing linking to third party sites from a Labs page. Hyperlinks are fundamental building blocks of an open Web and we should avoid prohibiting this.

Please share your thoughts below about how we might (or might not) want to revise the Terms to address the use of third party tools:

Clearer privacy disclaimers and privacy statements to provide end-users with useful information

Privacy is important to end-users and developers alike, and we want to make sure that clear, useful information is provided regarding the treatment of information collected by projects on Labs.

Privacy Policy of Tool Labs

We are generally very concerned about privacy issues with projects hosted on Tool Labs since they may be used as tools and extensions on our main Projects and end-users have no easy way to ascertain the privacy policy of these tools and extensions before they are used. To protect our end-users, we can clarify the Terms to require developers of Tool Labs projects to always ensure their projects adhere to the Wikimedia Foundation Privacy Policy. Our understanding is that this requirement has already been generally enforced by Labs administrators. On the other hand, if the Wikimedia Foundation Privacy Policy is too restrictive for application to all projects on Tool Labs, perhaps a custom Privacy Policy applicable to all Tool Labs projects could be used instead.

Please share your thoughts below on requiring projects on Tool Labs to adhere to the Wikimedia Foundation Privacy Policy or a custom Privacy Policy. Additionally, please comment if there are better ways for developers of projects on Tool Labs to notify end-users of their privacy practices.

Privacy Disclaimers

We are interested in revising the end-user disclaimers to have all developers better notify end-users of the specific privacy practices applicable to projects on Labs. Currently, these disclaimers are only for projects that allow for account creation, collect private information, or contain beta or test wikis.

In addition to clarifying these existing disclaimers, it might be helpful for even Labs projects that do not collect private information to publish a disclaimer assuring end-users that private information is not being collected.

Please share your thoughts below on how we might want to change the current disclaimers or ask existing projects to revise their disclaimers.

Privacy Statements

The TOU currently contains a section entitled “What can and can’t be done with user information?” This section provides details regarding the types of data can be collected from end-users, and the ways in which it must be stored and handled. We would like to ensure that developers understand the requirements -- are these parameters clear, and helpful when planning a project?

If you are collecting private information, you are required to inform end-users of that fact, and to tell them how you will use it and how long you will retain it. Is it easy for developers to create notices for end-users detailing this information? Do you use the list in this section of the TOU as guidelines for this notice?

A notice that specifically details how data will be used or handled in regard to a certain project is called a privacy statement. We are considering setting baselines for the information that must be provided to end-users in these privacy statements — e.g., the type of information that the project collects, whether the information is expressly shared with third parties outside of the Wikimedia Foundation, how long you will retain the information, etc. Would guidelines of this sort be useful to you when you write privacy statements for your projects?

Please comment below on whether or not the “What can and can’t be done with user information?” section is helpful; if not, please suggest what sort of information would be useful for you. Additionally, please comment on the suggestion that all projects provide a privacy statement including certain baseline information about their data collection and handling practices.

Requiring publication of Labs projects’ source code

Although we ask developers in the Terms to “not use or install any software unless the software is licensed under an Open Source license,” many open source licenses do not require the publication of the source code where such software is used exclusively on the server side of a web service, as the case is for many projects hosted on Labs.

We are interested in whether we should have some sort of requirement (or encouragement) in the Terms for developers to publish their source code, except for perhaps security sensitive code. We are also interested in what type of processes we should set up to allow developers to easily do so. Requiring the publication of source code alleviates problems with abandoned projects, as tracked on Phabricator here. At the same time, we should think how we should handle enforcement on existing projects.

Please share you thoughts about whether we should require the publication of source code in our Terms and, if so, what are suggested processes to allow for easy compliance:

Open Discussion

Contribute a new idea, or talk about meta-level issues - go for it!

Some open questions are 1) the extent to which we want Labs to be an hosting service where the onus is on the developer to appropriately engage with their end-users and 2) the extent to which the Wikimedia Foundation should also develop guidelines, consistent with our main policies, to directly protect end-users of Labs projects.

Many thanks for your time, reflection, and wisdom.