Wikipedia:Peer review/Cross-site leaks/archive2

Cross-site leaks[edit]

Article (edit | visual edit | history) · Article talk (edit | history) · Watch • Watch peer review

Following the recently archived FA nomination, I'd like to continue the unfinished discussions about the quality of the article and get some feedback in a informal setting on the latest changes I made, so that I can make another nomination later this year (assuming Knittel et al. or Van Goethem et al. doesn't publish another paper on XSLeaks at the 2024 conferences that requires a rewrite). @JimKillock and TechnoSquirrel69: I've addressed some of the issues surrounding the lede. (hemingwayapp.com gives me a Grade 13. OK. for the lede) Let me know if I can make any further changes.

Thanks, Sohom (talk) 03:27, 28 March 2024 (UTC)[reply]

@JimKillock and TechnoSquirrel69: Fix ping Sohom (talk) 03:28, 28 March 2024 (UTC)[reply]

Thank you, I'll try to have a go at the copy in the lead as per the first para. I got this down to a grade 10 on Hemingway app. At the moment it dislikes the last paragraph the most.

What I would really like is for a short, simple overview to follow the lead as the next item, as per WP:ONEDOWN. From that point, if the article gets harder to read, I feel that's an acceptable cost as per WP:EXPLAINLEAD and WP:TECHNICAL. At the moment the simple explanation is about two sections down, which makes it hard for the casual reader to find or expect. Jim Killock (talk) 21:20, 30 March 2024 (UTC)[reply]

The article does requires a understanding of certain web security concepts, particularly the same-origin policy as a prequisite. I don't think diving straight into the attack mechanism without providing the user with a primer on the basics is a good idea. (Feel free to correct me if I am misunderstanding you) Currently the flow allows the reader to get upto speed with some of the core concepts before providing a overview of the mechanism which then translates into a technical example followed by a more technical treatment of the types of the attack (increasing in difficulty as we go downwards). I don't think making the article super opaque after the lede is a good compromise here. (No issues with you taking a stab at simplifying the lede's last paragraph). Sohom (talk) 06:45, 31 March 2024 (UTC)[reply]

TL;DR: You need a strategy to serve "average reader" with the core information to meet MOS requirements and pass FA standards. It's your choice what that is, but you need to decide how you want to meet these criteria.

I am confident that the "average user" audience can be served, as you / we have previously drafted language which did the job. In terms of method, you can certainly try do it the way you describe, but there may be easier ways. I would summarise the MOS advice as:

Make the article as comprehensible as possible
Make the lead especially comprehensible
Ensure that there is as early as possible a basic overview of the core concepts
Ensure that all audiences are served ("average user", "technical user", and potentially "expert")

Currently, the lead doesn't try to provide basic overview, which is fine, but "average user" therefore still needs a simple overview to satisfy the MOS advice. This could be 1-2 simple paras called "Overview" for example.

If you go with your strategy of explaining the basic concepts first in the hope that "average user" gets to the main explanation and can handle it, then you would need to make all of the text to this point quite simple and / or sufficiently explanatory of all the adjacent concepts, to ensure that "average user" is properly served. Currently the section "Background" is well beyond "average user" IMO.

Simplifying "Background" so they can get to and understand "Mechanism" to me seems harder than giving "average user" a digest version upfront, and then proceeding through the more technical version afterwards.

It's your choice which strategy you choose, but you need to be confident that the article won't lose "average user" as they read, until such a point as they have sufficient information to understand what the article is about.

Likewise if you have a different strategy to serve "average user" sufficiently feel free to explain how you would prefer to do it. Jim Killock (talk) 17:38, 1 April 2024 (UTC)[reply]

Comments from TechnoSquirrel69[edit]

As mentioned earlier, I intend to complete the review of the prose I started earlier this week. Expect some comments in the next few days! —TechnoSquirrel69 (sigh) 03:43, 28 March 2024 (UTC)[reply]

Sorry for the delay; I've been pulled in several different directions these last couple weeks. Alright, it's going to take a while to get through a full prose review, but let's take this section by section or I'm never going to start anything. On the chopping block today is § Defences.

Despite being known ... defences against cross-site leaks have → Despite cross-site leaks being known ... defences have
The first sentence says no defenses existed until 2017, but the sentence right after describes... defenses that existed before 2017. Something needs to be rephrased here.
"any non-trivial website" requires elaboration or rephrasing.
~~infeasible and~~ impractical
modern defences ~~against cross-site leaks~~
The graph caption borders on original research without a citation — I'm sure at least one of the sources you have supports this analysis.
"One of the earliest and best-known methods" I might be missing something, but neither of the citations appear to verify this.
I think I brought this up at the last PR, but what's "multi-keying"?
I'd like a small explanation or paraphrasing of the term "concatenating".
resources → resource's?

I'll be back for more. Feel free to respond to my comments in line. By the way, if you have some spare time, I'd appreciate any comments at this FAC or the other one. Let me know if you have any questions! —TechnoSquirrel69 (sigh) 06:34, 10 April 2024 (UTC)[reply]