Talk:OWID Gadget

This page is for discussions related to the OWID Gadget page. Please remember to: Sign posts using the four tildes (~~~~) Remain civil and polite during discussions. Place new text under old text (start a new post).

The WMF breaks things. The WMF doesn't unbreak those things. Volunteers ask for features. The WMF doesn't deliver any solution. Volunteers work on solutions. The WMF blocks those solutions. Volunteers solve the issue. The WMF tries to break those again. Disappointment is not the word for that. We are dying. This is why. -Theklan (talk) 19:55, 26 April 2024 (UTC)Reply

I don't feel like the issue has been solved. There is a major difference in sending users to a third Party and bringing a third party's tech into the movement. -- Sleyece (talk) 22:20, 26 April 2024 (UTC)Reply

For sure, but the WMF doesn't want to bring a third party tech into the movement, while breaking all other options to make interactive graphs. They don't even have a plan for working on interactive content in the next fiscal year. Theklan (talk) 12:10, 27 April 2024 (UTC)Reply

We can bring this tech into the movement, and that was the previous strategy. We might need to look at it again to go multilingual. Doc James (talk · contribs · email) 17:36, 27 April 2024 (UTC)Reply

This is not the first gadget to use a consent pop-up within our movement. This pathway was based off what has been done for years on WikiVoyage with respect to topographical overlays for maps. Doc James (talk · contribs · email) 20:12, 26 April 2024 (UTC)Reply

Hi @Doc James. Two notes here. First, a consent pop-up is an important part of privacy compliance, but it's not the whole thing. Kartographer, and Wikivoyage maps more generally, are part of a service that the Foundation hosts and that staff monitor and maintain. It has policies and security and legal review associated with it. It's not that Wikimedia projects can never send people to third parties, it's that not all third parties are the same. Some of them may collect more data than just IPs, or pose a greater privacy and security risk to users. In that context, a consent pop-up alone doesn't do the trick: we have to review the terms of how the third party uses data and either agree to them as an organization or execute a custom contract with them to handle data more carefully if their terms aren't good enough. The consent pop-up then becomes one piece of properly informing users of how their data is being used by a third party service provider in line with the Foundation's privacy policy. If you just do the pop-up without the review, it doesn't get there as far as privacy compliance is concerned. Second, I'm actually not sure about the quality of the particular gadget here. It looks like that got into place circa 2016, which was a wildly different privacy and security landscape than 2024. Expectations were much lower in terms of hosting a website around the world. If anything, pointing to this example is a second reason why we need a policy now to make sure we're not creating privacy and security risk going forward and are handling issues like this consistently. Jrogers (WMF) (talk) 21:57, 26 April 2024 (UTC)Reply

Then host the software. Theklan (talk) 22:01, 26 April 2024 (UTC)Reply

Their privacy policy is here. We have the software hosted on the wmcloud[1] but from what I understand it needs to be on production servers and it needs to have a technical team within the WMF dedicated to it before it becomes usable on WP. Doc James (talk · contribs · email) 22:08, 26 April 2024 (UTC)Reply

Hosting it would solve the graphs issue by large. But the WMF approach here is just let the projects die. Theklan (talk) 22:13, 26 April 2024 (UTC)Reply

I certainly hope not. After mobile functionality, "multimedia and rich content" was the second highest request from our readers in a 2015 strategic consultation done by the WMF. Doc James (talk · contribs · email) 01:58, 27 April 2024 (UTC)Reply

And still it is. It is part of our strategy, and what @MIskander-WMF and @SDeckelmann-WMF call "multi-generational pursuit". Still, even if this is strategic, there are exactly zero bytes dedicated to it in the Annual Plan. (Wikimedia_Foundation_Annual_Plan/2024-2025/Goals/Infrastructure, Wikimedia Foundation Annual Plan/2024-2025/Product & Technology OKRs, Talk page where @MMiller (WMF) says that they don't have plans for improving interactive content next year).

It would be great to have the foundation recognizing that we solved one of the problems they have forgotten for months. Instead of that, what we have is a call to stop and refrain from improving our infrastructure, our user's experience, and the re-use of free knowledge material. Theklan (talk) 08:28, 27 April 2024 (UTC)Reply

I agree. Users explicitly consent to doing so when utilising these features (many of which I find incredibly useful), which nullifies any privacy concern. --SHB2000 (talk | contribs) 02:08, 27 April 2024 (UTC)Reply

I don't think we would be having this conversation if all privacy concerns were nullified with a pop up. How do you know the user understands the consent popup? -- Sleyece (talk) 03:46, 27 April 2024 (UTC)Reply

Because they are reading an Encyclopedia. Theklan (talk) 05:23, 27 April 2024 (UTC)Reply

People routinely "consent" to absurd terms (check the fine print of Google's). There is no realistic chance for a user to make an informed decision to agree to the terms of most websites, other than just deciding to surrender their rights. I very much like WMF's stance, to defend their users, and that's a major reason for me to contribute to these projects. And, unlike ordinary users, WMF has the resources and the power to choose what terms to agree with. –LPfi (talk) 09:53, 27 April 2024 (UTC)Reply

The WMF is not "protecting their users", is forbidding their users to get knowledge in new and interactive ways. Theklan (talk) 11:32, 27 April 2024 (UTC)Reply

How is the risk any different than having a reference for a graph that includes a url linking to OWID? When one clicks on such a url it brings you to OWID and shares your IP address and machine details with them. We have millions of references that include urls without warnings. Doc James (talk · contribs · email) 20:12, 26 April 2024 (UTC)Reply

Clicking an external link is at your own risk. The gadget is a potential threat to the movement because OWID is in control of tech embedded on our turf. A simple consent form is extremely inadequate risk mitigation. -- Sleyece (talk) 22:23, 26 April 2024 (UTC)Reply

The whole point of this approach is that there is no content loaded from ourworldindata.org, only a static image loaded from commons. As Doc James says there is a reference link to the original source of that image and a warning about viewing it, which is actually more risk averse than the normal practice of allowing exit without warning to the reference url, which has no sandboxing. Tim-moody (talk) 21:29, 26 April 2024 (UTC)Reply

To be clear the Graph extension relied on third party libraries and was, I would guess, at least two orders of magnitude greater in scope and complexity than the OWID Gadget, which I expect is less than 100 lines of code. This code has already had three contributors who agree to collaborate on a central source. So reviewing this code should not prove difficult, and it speaks well to the subject of maintenance. Tim-moody (talk) 21:38, 26 April 2024 (UTC)Reply

I realize that this is frustrating for people here who have been working on OWID and are excited about it as a work around while graphs are disabled.

I want to clarify that this is not a work around while graphs are disabled. This is a solution. Not a workaround. The so-called solution for graphs is light years behind this. If it is solved in the future (it has been broken for a year, and will take at least one more year), it will be non interactive images, and only lines. If the WMF decides to go once more against our strategic goals and close the OWID solution, the interactivity it brings won't come with the proposal mentioned on the graphs discussion. It won't even be near that. Theklan (talk) 21:59, 26 April 2024 (UTC)Reply

I agree, this is a strategic discussion. We will achieve the sum of all human knowledge more rapidly by collaborating with like minded organizations than just going it alone. We need to balance our ideals with the reality of the world around us. Doc James (talk · contribs · email) 22:11, 26 April 2024 (UTC)Reply

Hi! As one of the developers of the OWID gadget, I must admit that after sleeping over the initial setback, I'm glad to see how the security team cares for our users, since I'm also one of them, and that means the care extends to me. Thanks! <3

I have three ideas that may help handle, if not the entire issue of gadgets loading external content, at least the concerns raised for this particular OWID gadget:

• Add an Attention or Warning title to the consent popup, to make it even more conspicuous.
• Modify the code to remove the cookie that stores consent, so that users have to give consent every time they open the gadget.
• Replace the play button overlayed on the image, with a standard Codex button in the image caption, with a label like "Open chart from Our World in Data" or similar, so that users may anticipate what will happen even before they see the consent popup.

I think it would be awesome to reach a consensus about this gadget (and the broader issue) that somehow allows it, since it could really help our shared vision to bring all knowledge to all people! Sophivorus (talk) 11:21, 27 April 2024 (UTC)Reply