Erik Moeller wrote: > The rationale for the iframe is to automate the job listings on the > WMF site and surface the various Jobvite features.
Right. But any feature comes with an associated cost. :-) > Yes, that means that the user's browser will contact hire.jobvite.com > when loading the page (although all its resources will be loaded in > the context of the iframe). AFAICT the main issue here is to clarify > in the footer that job applications and job descriptions are run > through an external service called Jobvite and subject to the Jobvite > privacy policy, to avoid any confusion. Well, it's a lot more than that, surely. It reads to me like you're kind of down-playing the implications when you say "yes, that means the user's browser will contact hire.jobvite.com." This particular data is treated as sacrosanct within the Wikimedia community (for better or worse). <iframe>s have serious privacy and security issues. If they didn't, they'd be an awfully convenient tool for implementing all kinds of neat ideas both between Wikimedia wikis and between Wikimedia wikis and the outside world. But they're banned in MediaWiki by default (with good reason). Through a loophole (allowing raw HTML on wikimediafoundation.org), they're allowed in this specific case, but it's a matter of figuring out whether Jobvite's privacy policy is compatible with Wikimedia Foundation's, I think. > Whether the iframe is a good idea still remains to be seen. Indeed. I've commented out the iframe for now while discussion continues. Once there's a clearer understanding of the implications of using this code and whether this particular third-party's policy is compatible with Wikimedia's. I say "compatible" as it's a passive read action of wikimediafoundation.org that will trigger data being sent to Jobvite. Adding a footer might be nice, but if the user doesn't consent to Jobvite's privacy policy, simply reading wikimediafoundation.org has already sent their data to the other server, correct? In my mind, that means a footer or additional warning text is insufficient. MZMcBride _______________________________________________ foundation-l mailing list foundation-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l
