In terms of process and timing, this round of request for feedback is meant to solicit ideas from you, as a member of the Labs community, on how to best revise the Terms. We will try to respond the best we can, but the main purpose of this round is to hear all your thoughts. After the feedback round, we will prepare a draft revision of the Terms based on that feedback and other minor revisions to clarify statements in existing the Terms. We will then engage in a community discussion about the revised Terms.
We have identified three major topic areas under which we want to hear your feedback. In addition, for other areas of discussion or input, please submit your thoughts in the “Open Discussion” area below.
We plan to leave this discussion open until June 7, 2016. Thank you for all your help and feedback.
Use of Third Party Resources
The current Terms do not indicate whether developers can use or integrate resources hosted on third-party servers (e.g. libraries, scripts, stylesheets, images, etc…). The use of such third-party resources might be considered problematic for the following reasons:
Some users may consider third-party tracking to be intrusive of their privacy.
Some users may not be on notice and some projects may not have adequate notice of these practices.
Users of projects involving third-party resources may be subject to a higher risk of security issues or intentional attacks.
These concerns are heightened in cases where Labs-hosted tools and extensions are installed or available for use in our other Projects.
On the other hand, it sometimes might be easier for developers to link to third-party resources rather than uploading them first. Some external services also might be not easily uploadable to or hosted on Labs. Furthermore, it is likely there are already some projects on Labs which use third-party resources; this is particularly problematic when such usage is undisclosed to end-users. Any policy change will ideally provide a flexible way to address existing project usage and behavior as well as avoid unnecessarily hinder the development of new projects.
Finally, this discussion is not about disallowing linking to third party sites from a Labs page. Hyperlinks are fundamental building blocks of an open Web and we should avoid prohibiting this.
Please share your thoughts below about how we might (or might not) want to revise the Terms to address the use of third party tools:
Clearer privacy disclaimers and privacy statements to provide end-users with useful information
Privacy is important to end-users and developers alike, and we want to make sure that clear, useful information is provided regarding the treatment of information collected by projects on Labs.
We are interested in revising the end-user disclaimers to have all developers better notify end-users of the specific privacy practices applicable to projects on Labs. Currently, these disclaimers are only for projects that allow for account creation, collect private information, or contain beta or test wikis.
In addition to clarifying these existing disclaimers, it might be helpful for even Labs projects that do not collect private information to publish a disclaimer assuring end-users that private information is not being collected.
Please share your thoughts below on how we might want to change the current disclaimers or ask existing projects to revise their disclaimers.
The TOU currently contains a section entitled “What can and can’t be done with user information?” This section provides details regarding the types of data can be collected from end-users, and the ways in which it must be stored and handled. We would like to ensure that developers understand the requirements -- are these parameters clear, and helpful when planning a project?
If you are collecting private information, you are required to inform end-users of that fact, and to tell them how you will use it and how long you will retain it. Is it easy for developers to create notices for end-users detailing this information? Do you use the list in this section of the TOU as guidelines for this notice?
A notice that specifically details how data will be used or handled in regard to a certain project is called a privacy statement. We are considering setting baselines for the information that must be provided to end-users in these privacy statements — e.g., the type of information that the project collects, whether the information is expressly shared with third parties outside of the Wikimedia Foundation, how long you will retain the information, etc. Would guidelines of this sort be useful to you when you write privacy statements for your projects?
Please comment below on whether or not the “What can and can’t be done with user information?” section is helpful; if not, please suggest what sort of information would be useful for you. Additionally, please comment on the suggestion that all projects provide a privacy statement including certain baseline information about their data collection and handling practices.
Requiring publication of Labs projects’ source code
Although we ask developers in the Terms to “not use or install any software unless the software is licensed under an Open Source license,” many open source licenses do not require the publication of the source code where such software is used exclusively on the server side of a web service, as the case is for many projects hosted on Labs.
We are interested in whether we should have some sort of requirement (or encouragement) in the Terms for developers to publish their source code, except for perhaps security sensitive code. We are also interested in what type of processes we should set up to allow developers to easily do so. Requiring the publication of source code alleviates problems with abandoned projects, as tracked on Phabricator here. At the same time, we should think how we should handle enforcement on existing projects.
Please share you thoughts about whether we should require the publication of source code in our Terms and, if so, what are suggested processes to allow for easy compliance:
Contribute a new idea, or talk about meta-level issues - go for it!
Some open questions are 1) the extent to which we want Labs to be an hosting service where the onus is on the developer to appropriately engage with their end-users and 2) the extent to which the Wikimedia Foundation should also develop guidelines, consistent with our main policies, to directly protect end-users of Labs projects.
Many thanks for your time, reflection, and wisdom.