OWID Gadget

From Meta, a Wikimedia project coordination wiki
Step 1 show a still image from Wikimedia Commons of the OWID graph with a play button in the right upper corner. Back in 2020 we at Wiki Project Med uploaded a few thousand of these.
Step 2, if the the play button is pressed a pop-up appears asking if you give consent to share your IP with OWID
Step 3, only if consent is given does it load OWID material within the window with a blue back button to return you to where you were in Wikipedia. The material loaded is interactive.

This page and the talkpage are to help provide an overview of the issues related to the OWID gadget, relevant updates, and an onwiki location to centralize and coordinate the ongoing discussion of the details and concerns.

Background[edit]

  • In 2022, the Wiki Project Med Foundation affiliate developed a MediaWiki-extension that enables embedding mirrored content from the website "Our World In Data" (OWID) into a wikipage. This content was hosted on the wmcloud.[1]
  • That extension embeds the content within an HTML iframe, and thus appears to readers to be part of the site itself.
  • That extension requested a security review in December 2022, and received a review 6 March 2023. A number of concerns were documented that would need to be addressed if it were to be considered for installation on Wikimedia-wikis.[2]
  • In 2023, the Wikimedia Foundation Security team requested feedback on a proposal for a policy regarding inclusion for third-party resources in Wikimedia projects.
  • Wiki Project Med Foundation shared plans to work on the extension again this year.[3]
  • In April 2024, volunteers converted that extension into a gadget (which allows viewing content directly from the external-website if a play button is clicked and consent is given by the reader) and corresponding template and installed it directly into Basque Wikipedia, Spanish Wikipedia and Mediawiki.org.[4]
  • On 26 April, Andy Cooper, WMF's Director of Security, shared an update (below) highlighting possible legal, privacy, security, and compliance risks that need further evaluation. This Meta-Wiki page was created to facilitate communication and discussion about the future of the gadget.

Official Foundation communication[edit]

Mid May Update[edit]

Hi everyone - as promised, here’s an update on the OWID gadget review. In the weeks since my last update, WMF teams working on security, product development, and legal support have continued meeting and exploring the possible avenues for continued and expanded use of the OWID gadget, while also weighing the broader implications of choices we make today on community created third party gadgets. Some of the risks we’ve focused on most are:

  • Disclosure of personally identifiable information to OWID such as articles a user is reading, their unique IP address, and location. We now have identified targeted code changes that would reduce some of the data sharing, but the remainder is not possible to fix without a more major change to the design of the gadget. If OWID misused this information, or if they were hacked, this would be very harmful to the users whose information was taken.
  • Phishing Wikimedia users for sensitive information like passwords via potential attacks on OWID that spoofs content within the embedded frame. We’ve done some live security testing that validates the reality and seriousness of these risks, which would increase alongside use of the OWID gadget.

Against these risks, we agree that it’s important to weigh the value of supporting technical innovation from volunteers and the educational benefits that brings to readers. As a next step, WMF staff have scheduled a meeting with OWID to discuss the opportunities and implications of reusing their content on the Wikimedia projects, which might help reduce security concerns. It may be possible to come up with a specific workaround for the OWID gadget as a special case exception while we work on a universal policy for third party content use, but we’re not sure yet. I’ll be back with an update within the next few weeks once we have more information to share about next steps.

Thanks,
Andy
(Sent 17 May, 2024)

Wikimedia-l update[edit]

Hello everyone,

I’m Andy Cooper, the Director of Security at the Wikimedia Foundation. Over the past week, teams within the Wikimedia Foundation have met to discuss the potential legal, security, and privacy risks from the OWID gadget introduced on this thread. We’re still looking into the risks that this particular gadget presents, but have identified that it raises larger and more definite concerns around gadgets that use third party websites more broadly, such as in a worst case scenario theft or misuse of user’s personal identity and edit history. This, in turn, raises further questions and how we should govern and manage this type of content as a movement.

As a result, we’re asking volunteers to hold off on enabling the OWID gadget on more wikis and to refrain from deploying more gadgets that use third party content and/or are automatically enabled for all users for certain pages until we have a better review process in place. I realize that this is frustrating for people here who have been working on OWID and are excited about it as a work around while graphs are disabled. The creativity and effort of volunteer developers has been and continues to be crucial for our movement’s success, and part of our team’s job is to make sure that happens in scalable and responsible ways. We wanted to let everyone here know about these concerns right away while we work to better understand the issue. If you’d like to be further involved in this topic, please visit the new Meta-Wiki page where we’ll share updates, questions, and discuss next steps.

Thanks,
Andy
(Sent 26 April, 2024)[5]


Overview of topics for discussion[edit]

There are two distinct areas to be considered here; the newly created gadget itself, and the broader precedent of embedding external and non-wiki content in our sites. Some aspects of these are covered below.

OWID Project Updates[edit]

Since the OWID gadget was introduced to Basque Wikipedia,[4] the Wikimedia Foundation has been thinking about if and how this community-driven initiative can continue in a way that preserves the reliability of the Wikimedia projects and the privacy of their users. Our early stage assessment is that embedding OWID within Wikipedia introduces potential legal liability, creates a heightened risk of the exposure of sensitive user information, including IP address and device details, and creates the possibility of future cyberattacks on the OWID service affecting our own users' privacy and safety. We recognize Our World in Data is a trusted and reputable project that shares goals with the Wikimedia movement, however as an external third-party service, inherent risks remain that we need to better understand before proceeding.

In general, we invite and encourage the creation of new community-driven tools. To support this, the Foundation has put in place processes and checks to ensure this can be done safely and sustainably in a way that benefits the community. As we saw with the Graph extension, it causes problems for our whole movement when a tool becomes widely or heavily used without sufficient attention to its maintenance and ownership. With this OWID gadget, we can work together to help this idea develop sustainably. Primarily, there is a need to ensure that any new feature respects user privacy, doesn't compromise site security, maintains site performance, and complies with legal standards. We see that efforts have been made to implement safeguards, such as iframe sandboxing and confirmation pop-ups before loading third-party content. These help mitigate risk, but do not cover everything that’s needed.

We need some time to continue this analysis, which will include a legal review, privacy review, code review, and performance impact review. We are aiming to have an initial security analysis completed in two weeks from now (roughly by mid May), and will share our results here as they become available. Doing so would help us find out if further types of review are needed and what outcomes are ahead of us. One possible outcome of this security review is that we may be required to disallow loading content from ourworldindata.org. We therefore encourage editors to consider this information before adopting en masse. While this work is underway we request the community to pause further rollout of the OWID gadget to other wikis, and to also wait on the site-wide global user enablement of future new gadgets that access 3rd party external content until we can determine if and how it is safe to do so. In the meantime, it would help us to hear feedback from volunteers on the open questions below to inform our assessments.

Third party website use[edit]

As indicated in Andy’s email (copied above), we’d like to work with volunteers on thinking through the broader governance and management questions for future gadgets that use third party website content. This topic deserves its own discussion and consideration separate from the future of the OWID gadget. We’ll be back soon with more complete thoughts on this topic and a home for the broader conversation. For now we welcome your ideas for what an effective process would look like on the talk page.

Open questions[edit]

Based on Andy's update, here are some of the questions we're actively working on inside the Foundation:

  • Legal and compliance: What is the full scope of potential legal and compliance issues with the gadget? What would it take to address these? Is doing so feasible and a good use of resources?
  • Security and Privacy: What is the full scope of potential security and privacy issues with the gadget? What would it take to address these? Is doing so feasible and a good use of resources?
  • Reader notice and consent: Would a privacy click-through be sufficient notice and/or consent for the OWID gadget under applicable laws and Wikimedia policies? Is user data sufficiently protected when users agree to the click-through?
  • Scalability and Precedent: How can we ensure that similar issues are addressed with future gadgets?

For volunteers, we'd like help thinking through all of the risks. Are there other concerns or risks not listed above? What else should we be thinking about? Please join the discussions on the talkpage.

References[edit]