Policy talk:Privacy policy

Talk:Privacy policy/header

Template:Archive box non-auto User:MiszaBot/config

When I uploaded some photos taken using my smartphone I didn’t realise that the wikiMedia website would display all the EXIF metadata from the camera. Please can you add a privacy feature to the user account to hide camera make and model information for my contributions Adrian816 (talk) 14:23, 27 February 2018 (UTC)Reply

I think that's a technical question about removal of the EXIF metadata from your existing uploads, and about removing EXIF during your future uploads. Perhaps ask Commons:Village pump? --Gryllida 22:30, 27 February 2018 (UTC)Reply

If your photo is displayed somewhere and you download it from there, the downloaded file has no EXIF metadata. The problem though is that without the metadata, there is no evidence that you're the photographer. Guido den Broeder (talk) 23:47, 1 March 2018 (UTC)Reply

But metadata may be edited by a some easy ways, and this is not a evidence in the general case. --Kaganer (talk) 14:49, 10 April 2018 (UTC)Reply

In my POV show the metadata of a file in Commons improves the transparency and openness of the project. But many persons as Adrian can't be aware of this. We can suggest a legend or banner in the Upload Form to prevent the people to be uninformed of this technical characteristic. ProtoplasmaKid (WM-MX) (talk) 20:17, 21 May 2018 (UTC)Reply

ProtoplasmaKid, Good idea. Rutheni (talk) 10:15, 24 May 2018 (UTC)Reply

I sugest the commons help me —The preceding unsigned comment was added by 168.194.161.181 (talk) 16:27, 7 August 2018 (UTC)Reply

The quite unreadable diff doesn't help the conversation. I recommend that you revert it and apply things like translation unit changes and uppercase changes in separate diffs. Also, some translation units don't follow best practices for translatability. --Nemo 17:28, 21 May 2018 (UTC)Reply

Is there a reason a link to the diff wasn't included in the blog post? Or some kind of summary of the changes? I read a few references to "minor edits" without a description of what was actually changing. I eventually found <https://meta.wikimedia.org/w/index.php?title=Privacy_policy&diff=18063543&oldid=17995859> myself, and I agree with Nemo that this diff is not enjoyable to read, even for long-time editors. It's not immediately clear which paragraphs were removed, which were added, which were reformatted, and why. --MZMcBride (talk) 23:40, 21 May 2018 (UTC)Reply

I tried to do my own quick diff, but it's still nasty. Attempt 1: <https://meta.wikimedia.org/w/index.php?title=Meta:Sandbox&diff=18069162&oldid=18069161>. Attempt 2: <https://meta.wikimedia.org/w/index.php?title=Meta:Sandbox&diff=18069182&oldid=18069171>. Woof. --MZMcBride (talk) 02:05, 23 May 2018 (UTC)Reply

• Agreed, it's pretty disappointing that there's no plain English summary of the changes that I can see, let alone no easy-to-access full diff. Come on WMF; y'all can do better than this. — OwenBlacker (Talk) 06:00, 22 May 2018 (UTC)Reply

• I subscribe to everything said above. I was wondering the same. --Waldir (talk) 09:34, 22 May 2018 (UTC)Reply

• I too came here looking for the actual changes being made. I saw the banner announcement, read the blogpost, read the message on the mailing list... but other than saying that there are some minor changes, nowhere does it actually tell you what these changes actually are. If they're that minor it should be easy to identify them. Since the timing is specifically the same as GDPR, and yet the comments here on this talkpage indicate that these changes do not actually address GDPR issues, is this just a conspicuous coincidence? Wittylama (talk) 12:41, 22 May 2018 (UTC)Reply

• +1 - Just had the privacy banner appear hence the lateness - Like everyone above I too came here to see what had actually changed ..... I didn't really expect diffs .... just a "this has been added" and "this has been removed" ..... Without sounding disrespectful I'm not going to spend all my life reading Privacy policy (FWIW I don't read any of that on other sites either), I guess I just liked to have known what those minor changes were –Davey2010^Talk 01:21, 24 May 2018 (UTC)Reply

As the person who did most of this wikification, I guess I’m the best person to answer this. The answer is, unfortunately, not terribly satisfying: a combination of limitations on the way the content was built up and updated and constraints on version control between different formats as the text wandered through various processes meant that we ended up having to choose between getting the content up in a timely manner or getting the diff viewability and translation markup perfect. The team estimated that the latter would be a considerable additional time investment and we chose the former in this instance and, well, here we are.

So, the bad news is that we don’t really have any feasible way to go back and re-do all the changes in a more diff-able manner, because the changes don’t exist, even on our end, in that format. The good news is that my team has been working with Legal this week this week on better way to address the version control issue going forward. Kbrown (WMF) (talk) 13:53, 23 May 2018 (UTC)Reply

@Kbrown (WMF): a mark-up page with striken and inserted text seems like it would be the simplest option for something like this, agree with everyone on this page that trying to determine what was changed is even challenging for us seasoned editors. — xaosflux ^Talk 01:49, 24 May 2018 (UTC)Reply

Kbrown, nobody has asked that you rewrite history. Just read your own diff, separate it in different parts, revert your edit and apply all the different edits separately. You can save the wikitext on local files and test how the diff looks like on a sandbox, don't worry. --Nemo 06:31, 24 May 2018 (UTC)Reply

@Nemo bis, MZMcBride, OwenBlacker, Waldir, Wittylama, Davey2010, and Xaosflux: I created a hopefully more easily-readable diff over at Privacy policy/2018 update. Hopefully that's more useful. :) I should probably also note that I made this myself and it's not totally impossible I missed some stuff where the changes involved section moves (which are more difficult to display in a format like this). Joe Sutherland (Wikimedia Foundation) (talk) 21:52, 29 May 2018 (UTC)Reply

@JSutherland (WMF): Thank you; good work! — OwenBlacker (Talk) 22:23, 29 May 2018 (UTC)Reply

Thanks so much JS :), –Davey2010^Talk 22:40, 30 May 2018 (UTC)Reply

What are the changes???

Even after spending 1/2 hr chasing down links, I have no friggin' idea what the changes are. Whatever you are doing is not, and I repeat not, transparent. G41rn8 (talk) 02:29, 23 May 2018 (UTC)Reply

Hi G41rn8. Yes, a few of us have been wondering the same in the #Diff quality section of this talk page. It's confusing why it's so difficult to discern what changed. --MZMcBride (talk) 01:41, 23 May 2018 (UTC)Reply

I strongly agree, MZMcBride! --G41rn8 (talk) 02:29, 23 May 2018 (UTC)Reply

Do we know what the changes are yet? Jason Quinn (talk) 14:57, 27 May 2018 (UTC)Reply

@Jason Quinn: I had a go at creating a more easily-readable diff at Privacy policy/2018 update. Perhaps that's useful. Joe Sutherland (Wikimedia Foundation) (talk) 21:48, 29 May 2018 (UTC)Reply

@JSutherland (WMF):. Brilliant. Belated big thanks for that. That's a great way to display the info and this should be done for all changes in the future. Jason Quinn (talk) 13:15, 10 June 2018 (UTC)Reply

I see that a sentence was removed: «If you choose to provide your email address, we will keep it confidential, except as provided in this Policy». Other sections kept similar sentences, for instance «We keep IP addresses confidential» and «We keep information obtained by these technologies confidential», in addition to «In the extremely unlikely event that ownership of all or substantially all of the Foundation changes, or we go through a reorganization (such as a merger, consolidation, or acquisition), we will continue to keep your personal information confidential».

What does this mean? Does it mean that other parts of the policy can allow such data to be shared even without saying it explicitly? --Nemo 17:56, 21 May 2018 (UTC)Reply

• It looks to me like the biggest change is to how email addreses will be handled. The changes around it imply that the foundation will now use email addresses to solicit funds. Also, WMF will possibly share email addresses with other entities that further its "charitable mission." Why was the language that protected email addresses removed? It looks a little like a sleight of hand maneuver to allow the giving of information (not "sell") to other organizations that may have donated or contributed to WMF "charitable mission" with no definition of what the mission is or who may use the information to further it. —Preceding unsigned comment added by 2600:8800:1300:16E:F15F:D980:8971:23A0 (talk • contribs)

  Really? I've read the changes in the exact opposite way, making the policy more permissive about emails (though arguably nothing extraordinary)=: see #Confidential data. --Nemo 20:43, 22 May 2018 (UTC)Reply

  I think you two have the same point. --Gnom (talk) Let's make Wikipedia green! 04:46, 23 May 2018 (UTC)Reply

• Hi Nemo_bis. We are not changing our email handling practices. We just removed this sentence for the sake of clarity and readability. As the policy provides elsewhere, we are committed to keeping Personal Information, including email addresses, confidential as described in the policy. When you use the "Email this user" feature, your email address may become visible, as disclosed in the interface. TSebro (WMF) (talk) 21:45, 23 May 2018 (UTC)Reply

  If you think that sentence was redundant, why did you keep it in two other paragraphs? I know how Special:EmailUser works, but your sentence here may be misunderstood: MediaWiki never makes the email address visible. The users' email clients do. --Nemo 06:43, 24 May 2018 (UTC)Reply

  TSebro (WMF), I wasn't specific enough. In the section regarding emails/data, a new phrase appears. It is "charitable mission." It appears in different ways We and our service providers use your information for the legitimate purpose of pursuing our charitable mission, including: is one such instance. This appears to broaden how WMF may use information. It isn't just relocation, it's a new phrase with "charitable mission" (or in another place in all instances, in keeping with our legitimate charitable purpose of pursuing our mission. This seems like an expansion of how the data will be used and who may use it. If it's not, why the new phrasing? 2600:8800:1300:16E:44A8:FE7:35B4:CB3D 09:28, 27 May 2018 (UTC)Reply

What motivations are behind this change? I assume there are financial benefits - perhaps to offset server costs?

I assume the implementation of EU´s en:General Data Protection Regulation on 25 May 2018. Alexpl (talk) 08:37, 24 May 2018 (UTC)Reply

As User:Gnom already pointed out, these changes do not make the Foundation GDPR compliant. They also don't mention anywhere that that is the intention behind these changes, as far as I can see. The timing looks like a strange coincidence. Jeroen N (talk) 09:21, 24 May 2018 (UTC)Reply

See also the forum about Data Protection Officer. Klaas `Z4␟` V:  20:53, 24 May 2018 (UTC)Reply

We made these minor changes to the text to improve readability and clarify what the policy means by the phrase "personal information." We are also collecting any additional comments on how our privacy practices can be improved. TSebro (WMF) (talk) 04:56, 5 June 2018 (UTC)Reply

So - can Google somehow get my IP adress from Wikimedia/Wikidata/Wikipedia despite me editing there under a username only - Yes or No ? Alexpl (talk) 08:40, 24 May 2018 (UTC)Reply

If you don't visit Google, only Wikimedia project, then the answer should be no. Stryn (talk) 14:03, 24 May 2018 (UTC)Reply

To confirm, Styrn is correct: no, Google does not get your IP address or any nonpublic personal information. TSebro (WMF) (talk) 04:58, 5 June 2018 (UTC)Reply

I thought they were somehow engaged with Wikidata... Alexpl (talk) 15:51, 24 May 2018 (UTC)Reply

They aren't. --Nemo 15:55, 24 May 2018 (UTC)Reply

Policy is always nice, but without enforcement it is meaningless. There have been multiple breaches of privacy of more than one individual, and by the very people who are supposed to be enforcing it. In some cases, volunteers entrusted with PII have even released this information intentionally. There is still no standard for vetting and training oversighters, or reporting mechanism for breaches. The NDAs signed by oversighters are meaningless, because they are volunteers, not employees or contractors. In spite of multiple failures of the system, there has been no public investigation or examination of the system itself, or even an acknowledgment of the problem. Perhaps it is time for an outside evaluation? —Neotarf (talk) 23:13, 24 May 2018 (UTC)Reply

Hi Neotarf. Concerns about users with Oversight or Checkuser Permissions should be raised with the local Arbitration Committee or with the Ombuds Committee, and the Foundation will work closely with them to resolve any issues. TSebro (WMF) (talk) 04:59, 5 June 2018 (UTC)Reply

So, TSebro (WMF), concerns about the arbitration committee or the ombuds committee should be taken to the arbitration committee or the ombuds committee, and everything will be just fine? The problem with that is that the WMF doesn't *know* whether everything will be just fine, because they aren't tracking it. It may be that instead of "working closely with the Foundation", the committee members will instead choose to block the user so they can't object, block their talk page so they cannot ping someone to unblock them, publish further dox about the individual, remove their email access so they cannot contact someone else to remove the dox, and send them bounce notifications if they try to email the committee directly. I would also note that any private information that someone sends the arbitration committee will then end up being stored in the personal email accounts of the individual arbitrators, even after they are no longer participating with Wikipedia. And the arbcom mailing list has historically been very leaky. Also, if the user is in an region with heavy internet censorship or surveillance, or a repressive government, expecting them to send more and more emails to try to get something removed may actually be dangerous advice and bring additional unwanted attention. It would be better just to have an arbitrators that didn't publish personal information in the first place. Neotarf (talk) 01:30, 15 June 2018 (UTC)Reply

Many people here bring up good ideas about hiding camera metadata, ip addresses and so forth. My thought is that a UI window could be added after the ‘describe the edit you made’ window that could give the user privacy options. The purpose of this would be 1.) to let new or uninformed users make their edits without too much effort up front thereby not ‘scaring them away’ and 2.) to have transparent options to publish or delete and explanation about what publishing metadata or IP info (or other similar info) can mean for the user. Victorgrigas (talk) 13:53, 28 May 2018 (UTC) Victorgrigas (talk) 13:53, 28 May 2018 (UTC)Reply

Hi Victorgrigas. Thanks for the suggestion; we've passed it along to our technical teams for consideration. So that I understand your suggestion correctly: are you suggesting the creation of an extra dialogue box that explains the privacy implications of their submission? Some Wikipedias already have a warning for people editing while not logged in, encouraging them to create an account to hide their IP address. We can investigate what kind of privacy information users want to see. TSebro (WMF) (talk) 05:03, 5 June 2018 (UTC)Reply

Yes that's more or less what I'm suggesting, basically add a way AFTER someone has pressed 'edit' and made changes but BEFORE they press save and publish to inform them about the privacy options and implications of saving and publishing. Victorgrigas (talk) 14:00, 5 June 2018 (UTC)Reply

• See also phab:T22326 — xaosflux ^Talk 22:31, 27 September 2018 (UTC)Reply

If you scroll down the page and to the collapse box containing items that the policy does not cover (titled "More on what this Privacy Policy doesn’t cover"), a </noinclude> closing wiki markup tag can be seen. It looks like it's coming from Template:Anchor. I would have just fixed it, but only accounts can edit on wikimediafoundation.org and I don't have one... Who has an account there that can fix this? ~Oshwah~^{(talk) (contribs)} 22:53, 6 July 2018 (UTC)Reply

Hey Oshwah - just fixed it, thanks. Joe Sutherland (Wikimedia Foundation) (talk) 22:07, 7 July 2018 (UTC)Reply

Hi all, wrong tagging detected in the original English page around tags T:109/T110 Text "More on Locally Stored Data" remains in english; why ???

Thank you

I feel Privacy Policy exist for our personal and business information privacy. The lack of concern and properly run area's which can have Privacy the way it's issued in our privacy policy's, we need to implement the known solutions so people and others can feel better no matter where they are or go.

Template:Edit fully-protected Two elements from this page are untranslatable:

• {{Hidden |header=Publicly Visible Information |content=<translate><!--T:94-->
• {{Hidden |header=More on Usernames |content=<translate><!--T:250-->

Please add translate markup on both:

• {{Hidden |header=<translate>Publicly Visible Information</translate> |content=<translate><!--T:94-->
• {{Hidden |header=<translate>More on Usernames</translate> |content=<translate><!--T:250-->

Trizek (WMF) (talk) 09:41, 16 November 2018 (UTC)Reply

 Done and pushed to translation. @Trizek (WMF): thanks for the corrections  — billinghurst sDrewth 09:54, 16 November 2018 (UTC)Reply

Thank you billinghurst! Trizek (WMF) (talk) 10:18, 16 November 2018 (UTC)Reply