Policy talk:Privacy policy: Difference between revisions
Content deleted Content added
Hashed passwords |
archive, add research section |
||
| Line 1: | Line 1: | ||
[[Talk:Privacy policy/archive]] |
:''Archives'': See [[Talk:Privacy policy/archive]] for all comments made before the policy was approved by the Board in April 2005. |
||
__TOC__ |
__TOC__ |
||
== Cookies == |
|||
Seems relevant here... |
|||
:''Cookies are required to log in. If you choose 'remember my password', a cookie will be stored with a hash of your password. This may be a bad idea if your computer isn't very much yours and you're paranoid.'' |
|||
:''The main functioning of the login system uses a session cookie which expires at the end of your browser session.'' |
|||
:''Also set on login are cookies storing your user id number and name, which are used to fill in the last-used name in the login box when you next visit. If you don't like this, clear your cookies after logging out. These cookies last 30 days IIRC.'' |
|||
---- |
|||
== Link it from the main page? == |
|||
This draft does not seem to be getting much more attention. Maybe the notes should be removed and the draft linked from the main page (better this version than none, plus it would get more attention from editors). Maybe I am the only one who feels that Wikipedia should have a privacy policy, so I'll shut up after this. [[User:Dori|Dori]] 00:35, 16 Nov 2003 (UTC) |
|||
---- |
|||
== Wikitravel privacy policy == |
|||
The [http://www.wikitravel.org/article/Wikitravel:Privacy_policy Wikitravel privacy policy] might be worth comparing and contrasting. --[[User:Evan|Evan]] 22:21, 17 Dec 2003 (UTC) |
|||
---- |
|||
==User, and user_talk pages== |
|||
This has been discussed elsewhere, but I think it deserves a mention in the privacy policy. |
|||
Personally I think a logged in user should have the right to control the content in their own page. I've seen instances of people reverting blanking of another user's (a "bad" user) talk page, and there are talks at [[w:Wikipedia_talk:Personal_subpages_to_be_deleted|personal subpages]] saying that they should not be deleted. |
|||
The user pages are not part of the encyclopedia, they should be deleted upon request. Keeping them viewable by everyone against the user's will is, in my opinion, a misuse of the GFDL. |
|||
[[w:User:Tristanb|tristanb (not logged in)]] [[User:203.96.104.226|203.96.104.226]] 00:27, 21 Dec 2003 (UTC) |
|||
:<s>I disagree. User talk pages are there to support the development of the encyclopedia, and as such include information that is relevant to particular articles. Perhaps that should have gone on the article talk page, but often it doesn't, and the talk pages provide a very useful history of how particular articles and issues were developed. The user talk page is not supposed to be something private. If you want a private discussion with someone, you can do that by e-mail, so I see no reason why these pages should be made part of the privacy policy. The same might not apply to user pages. [[User:Angela|Angela]] 01:28, 21 Dec 2003 (UTC)</s> (see below) |
|||
I strongly agree with tristanb, to the point that I'm considering using an off-Wikipedia wiki to post my replies to talk comments, then pointing people there, avoiding releasing simple discussions under the GFDL. If something contains text intended for the encyclopedia, of course, I would be deliberately place that in an article-related area, rather than a personal area. I'm here to make an encyclopedia, not to have simple workplace discussions recorded forever by my "employer" here. [[User:JamesDay|Jamesday]] 09:01, 21 Dec 2003 (UTC) |
|||
: Often the concerns relating to user pages et al are of people seeking to continue to contribute to Wikipedia, while trying to remove criticism from their user talk page (etc). Insofar as Wikipedia is in some sense a deliberative democracy, stifling criticism can have some side effects that make people rightly cautious. However, where people have decided to ''leave'' Wikipedia, I agree with JamesDay and Tristan that it makes sense to grant the [[Meatball:RightToVanish|right to vanish]], and such users should have pretty much free reign. The only exception is where someone has been banned, where we want to have a record of why we banned them, and how long the ban is for. |
|||
::<s>I don't think you would have to remove the comments completely though in order for someone to vanish. This could be done through a name change. Also, agreeing to delete a user talk page doesn't really solve anything if comments they would rather vanish from also appear on article talk pages, which is quite likely to be the case. Article talk pages are obviously not going to be deleted, so there needs to be a solution that can apply to both these and to user talk pages. I can't see any strong reason to treat these differently. I'm also not sure you can state different privacy rules for banned users. It's possible that they might be the ones most wanting to hide their past on Wikipedia after they are made to leave. [[User:Angela|Angela]] 23:07, 29 Dec 2003 (PST)</s> (see below) |
|||
My thoughts on this have changed now following an experience on another wiki where I did leave and requested my talk page be deleted. A talk page and user page is something more personal than what you write on article pages. User and article talk pages already follow different rules. For example, a user is, in nearly all cases, allowed to refactor and delete comments on their own user/talk page in a way that would not be regarded as acceptable on article talk pages. Therefore, it makes sense for those differences to apply to deletion of the pages as well. People are more attached to their pages than to their comments on article pages, and I think it is this level of attachment that would cause someone to feel uncomfortable about leaving an undeleted user page behind when they exercise their [[MeatBall:RightToLeave|right to leave]]. It doesn't solve the problem of not vanishing from article talk, but if the user feels separated from these in a way they don't from their own pages, then there is reason to treat the pages differently. Deletion of your user/talk page may also be a way of psychologically breaking away from a wiki, which has a stronger effect than just walking away. Perhaps when people leave they need this as some sort of final statement that they have left, and not only that, but a statement that they no longer wish to be associated with it at all. The history of user talk pages can be fascinating and offer huge insights into the working of the wiki, but this isn't what they are there for. The aim is to build an encyclopædia, not to provide insights into how the community works or to document how individuals played a part in that. So, I now feel that the privacy policy should state that a user/talk page will be deleted on request after someone leaves. [[User:Angela|Angela]] 14:50, 2 Jan 2004 (UTC) |
|||
Having seen how differently I write on IRC you might also consider whether the user talk pages should be crawlable by search engines. As you've seen, people can act very differently when everything they say is being recorded compared to how they are when that is not the case. [[User:JamesDay|Jamesday]] 20:11, 25 Jan 2004 (PST) |
|||
:Agreed: I think article talk, user pages and user talk should be excluded by robots.txt as well as database dumps (there is a license requirement as well tackled below, the point is not to facilitate automated processing). --[[User:Tobu|Tobu]] 20:11, 29 May 2005 (UTC) |
|||
== Database dumps == |
|||
I too am concerned with the retention of personal data. Wiki editing generates lots of personal information, including bickering, personal trivia and such. Keeping it forever in an indexed database means it can be searched, giving an in-depth knowledge of someone's interests and opinions (even from normal edits by well-behaved people). Having a serial identity, which is common when first signing up, makes this worse since google often connects this with a name. The solution of renaming a user can help, but it means leaving the wiki, isn't automated, and isn't used without a special reason. |
|||
The current data is accessible via a search engine, but it isn't too bad since these keep to the current text - a removed comment will be forgotten, and engines don't understand the history. |
|||
''Database dumps are worse, and I think they should be tackled by the privacy policy''. The options I see are removing talk pages; anonymizing user names from history data (sigs (non-template) can't be removed easily however); making dumps of only the current version (could be already the case). |
|||
--[[User:Tobu|Tobu]] 20:11, 29 May 2005 (UTC) |
|||
----- |
|||
== Personal pages == |
|||
''The purpose of the project is to produce an encyclopedia. To facilitate this, user and user talk pages are provided, in a different namespace from the encyclopedia. Since those pages are not part of the encyclopedia, the Wikipedia will use whatever technical means are reasonably convenient to inhibit to whatever degree reasonably convenient the wide disclosure and searchability of those pages. Except to the extent that they contain text clearly intended for a Wikipedia article, these personal pages are not released under the GFDL but are instead released solely for internal use within the project.'' |
|||
I've added a further section based on discussion here and over at Wikinfo, where one Wikinfo technical person indicated that it was not happy to have users prevent the display of their user pages there, even though that has been requested and so far has been accepted by them. Since it doesn't seem to inhibit our ability to build an encyclopedia I've eliminated the GFDL release of user and user (but not article!) talk pages to non-GFDL for use here only, making GFDL only items intended for the encyclopedia. This will let us better assist our countributors if there's a desire to remove their personal information from mirrors, which currently could claim a GFDL right to distribute information we're removed. I'm not envisioning any immediate or rapid technical change - I'm aware that databases are combined and a variety of other technical issues mean that it is currently convenient to distribute everything as a package, and that multiple licensing is currently most conveniently done via user pages. I'm also aware that we use Google as a fallback search engine, and that limiting it would be problematic and do not propose any immediate change to search engine crawling while we need this capability. This is mainly to eliminate the "you can't stop us" argument which seems to make some of our contributors unhappy. With regrets to other sites, I want happy Wikipedia contributors, not those who don't feel free to discuss freely because of fear that their discussion will be mirrored and searchable forever, everywhere. [[User:JamesDay|Jamesday]] 12:42, 16 Feb 2004 (UTC) |
|||
:I've moved the above text to the talk page since it's most certainly ''not'' the present policy (though whether it should be is open for discussion). --[[User:Brion VIBBER|Brion VIBBER]] 15:36, 16 Feb 2004 (UTC) |
|||
::Thanks - I'd forgotten that header saying current. [[User:JamesDay|Jamesday]] 14:14, 25 Feb 2004 (UTC) |
|||
:I would support not having User and User talk: pages not be under the GFDL, but I don't know what the ramifications would be. Would everyone have to write new pages (the old ones are already under the GFDL)? How would this affect being able to hold temporary articles on user pages while they're being worked on? What about copying and pasting comments between other namespaces with regard to comments? There are many issues that would need to be resolved first. [[User:Dori|Dori]] | [[User talk:Dori|Talk]] 15:53, 16 Feb 2004 (UTC) |
|||
::I guess that's a good point. For a different reason, there is a discussion at Japanese wikipedia regarding introducing a second license (called something like in-site public domain license). It permits copying, modification and translation of any posted contents within wikipedia (of any language) and other projects. That kind of solution may work to an extent, maybe? |
|||
::In addition, such a re-licensing would take agreements from the copyrightowners, I suppose. Still, the past versions are released GFDL already, and it cannot be revoked, I suppose. |
|||
::If the purpose is to prevent others from copying those pages based on GFDL terms, maybe it is easier to remove these pages from the database dump. [[User:Tomos|Tomos]] 23:35, 16 Feb 2004 (UTC) |
|||
:::One issue which caused me to make this change is wikinfo, which takes them from the site when the page is requested, rather than from a database dump. Web crawlers (except Google, which we use as a backup search engine) also really need to be blocked, just so things like the internet archive don't save them forever. I like the sound of that Japanese move. Please let me (or all here) know what happens with that idea - I like it very much. [[User:JamesDay|Jamesday]] 14:14, 25 Feb 2004 (UTC) |
|||
::Within the Wikipedia and except for text intended for articles seems to cover the moving things around needs, since it allows those things between namespaces. If you don't think it does, please suggest clarifications. I don't think that the old pages are under the GFDL - the edit page the last time I looked specified that items for the Wikipedia are under the Wikipedia license and the Wikipedia is clearly defined as the ''free encyclopedia'', which personal pages aren't part of. However, it's arguable enough (and was argued at wikinfo) that clearly saying they aren't is worth doing, which is why I added this paragraph to make it completely clear that they aren't under the GFDL, so we can speak more freely. |
|||
::One advantage for this split is that it makes it much easier to argue that source material we may discuss is not intended for republication. I'd like some way to do that for article talk as well, but I'm not sure that I want to go so far as suggesting that article talk pages should also be clearly not under the GFDL, hence not for publication. I don't actually think that article talk needs to be GFDL either but it's got a much better case than user or user talk pages. Views on whether article talk pages really do need to be GFDL or whether saying that text for the wikipedia can be placed in them on the way to going into an article is sufficient are welcome. |
|||
::Barring objections and in a week or two (on the usual slow is good schedule:)) I'll put this back into the proposal and indicate that the proposal isn't intended to be the current practice only but is intended to be future practice (and I'll also include a note requesting that possible changes be clearly indicated, so they can be discussed). [[User:JamesDay|Jamesday]] 14:14, 25 Feb 2004 (UTC) |
|||
:I'm not sure what I think about this. The logic of this idea seems reasonable, but I am uneasy with the idea of user and user_talk pages being different in terms of licensing. I have some vague sense that there would be some unintended consequences about this -- can I stop someone from releasing what they write on my talk page? Can they alter my comments on ''their page'' because they ''own'' it more that other pages? Etcetera, etcetera, etcetera... -- [[User:Bcorr|BCorr]]<font color=chartreuse>|</font>[[User talk:Bcorr|Брайен]] 01:28, 6 Apr 2004 (UTC) |
|||
==Filtering out web bugs and viruses in forwarded email== |
|||
Should we try to prevent people sending [[wikipedia:web bugs|web bugs]] in email that we forward? E.g. by requiring only plain text, or safe html or something, like some mailing lists do? Or is HTML email important for some correspondents? I'd prefer to only get plain-text mail without potentially dangerous or virus-infested attachments or web bug. But of course there is some development effort. The GPL'd Mailman software can do this. [[User:Nealmcb|Nealmcb]] 18:11, 14 May 2004 (UTC) |
|||
:Are you referring to the mailing lists (which run on GNU mailman), or to the 'Email this user' form in the wiki? In the case of the former, it ''should'' be set to strip HTML mail as it is. If you see a list misconfigured, please say which. For the latter, it should only be possible to send plaintext. If you can show otherwise, ''this is a bug which should be fixed immediately.'' Please let us know. --[[User:Brion VIBBER|Brion VIBBER]] 22:02, 14 May 2004 (UTC) |
|||
==Should we add a "Send a Private Message to this user" link in the interest of greater privacy?== |
|||
The idea came up on IRC last night that it might be a good thing to ask a developer people to set up a way for people to send private messages to each other directly through the wiki software as an alternative to communication through talk pages. The idea is that it is a way to increase communication, reduce the level of public conflict, keep conversations from polarizing quickly, and allowing more frank discussions, etc. One concern raised about this is that there is a certain "check" involved in discussions being searchable and archived, i.e. people should feel more accountable for what they say. |
|||
Opinions? Thoughts? Alternatives? -- [[User:Bcorr|BCorr]]<font color=chartreuse>|</font>[[User talk:Bcorr|Брайен]] 14:25, 29 May 2004 (UTC) |
|||
:Is this going to offer any advantage over email? I also wonder if it might encourage people to use our wikis as chat rooms if there is no check on whether what people are writing is wikimedia-relevant. [[User:Angela|Angela]] 21:10, 31 May 2004 (UTC) |
|||
:I don't see the point. Everything on the wiki itself should be open, you want to keep it private, take it outside (i.e. e-mail). [[User:Dori|Dori]] | [[User talk:Dori|Talk]] 04:07, 1 Jun 2004 (UTC) |
|||
::For an opposing viewpoint, see [[MeatBall:GetARoom]]. Wikis need not be entirely open, and private conversation has benefits to the community. [[User:UninvitedCompany|UninvitedCompany]] 21:32, 15 Jun 2004 (UTC) |
|||
::I generally dislike things going to email. I much prefer private messages on the site concerned when that feature is available, in part because it keeps all things related to the site netly in one place and in part because I try to keep mail only for personal and high priority (my priority) things. If someone started to routinely use the email link instead of my talk page and declined to stop on request, I might well add them to my spam filter to prevent it from continuing. [[User:JamesDay|Jamesday]] 08:28, 14 Jul 2004 (UTC) |
|||
==Multiple accounts and Password protection== |
|||
The discussion arose from a concern about a recent leak of shared passwords that is documented at [[Wikipedia:User talk:Tim Starling/Password matches]] and at [http://en.wikipedia.org/wiki/Wikipedia:Votes_for_deletion/User:Tim_Starling/Password_matches Wikipedia:Votes for deletion/User:Tim Starling/Password matches]. In that case, a well-intentioned admin created a list of probable sock puppets by searching for matching passwords. My concern (and that of more than a few other users) is that an innocent person who happened to choose the same (probably weak) password will get swept up in the accusation and that, further, ''by releasing the list'' their password will be exposed to the real vandal who will now be able to highjack the account. |
|||
Some consider this a remote possiblity, but I worry that it is a real threat. It might go something like this: |
|||
* User A is a vandal. User A creates sock puppet identities B through G, all using the same password so he can keep them straight. |
|||
* User H happens to choose the same password. |
|||
* Admin Z matches passwords and publishes a list of A-H as probable sock puppets. |
|||
* User A, being a vandal and probably knowing that he is being targeted, looks for and finds Admin Z's page. User A recognizes H as a new ID - not a sock puppet he created. |
|||
* User A knows that H's password must be the same as his. A can now sign in as H, commit vandalism that will be attributed to H and even change H's password thereby reserving a new account with a respected edit history to his own illicit use. |
|||
* User H can no longer even sign in to his own account to complain about the theft of his identity. |
|||
I support the hunt for vandal. I agree with the exposure of sock puppets for what they are. I can even support the use of password matching as one tactic to support the accusation of sock puppetry. However, I think that publication of the list ''with the statement that it was based on password matching'' creates an unacceptable risk that a valid user's password will be exposed. Passwords deserve extraordinary protection. |
|||
I added the section on Multiple Accounts (sock puppets) as a lead in to the section on password disclosures. If there is a better place for either of these clauses, please move them. [http://en.wikipedia.org/wiki/User:Rossami Rossami] 16:51, 13 Jul 2004 (UTC) |
|||
---- |
|||
I wholeheartedly agree with Rossami's concerns on this issue. Because of the potential security risk to innocent users, this blatant disregard for privacy is the sort of thing that will very quickly lose me (and many others, I would imagine) as contributers to the Wiki projects if it is not addressed in a timely fashion. |
|||
Though it has been stated that the "ends justify the means" in this instance, I do not believe that vandalism warrants this breach of privacy. Vandalism can already be quickly detected and easily fixed by any Wiki contributer so long as people remain diligent in patrolling the recent changes lists. |
|||
Sockpuppetry is, of course, also a concern in matters unrelated to vandalism, such as voting. In such cases, password matching is a powerful and useful tool available to the admins, but I feel it is unnecessary for the results of such matching to be made public. It is just as effective for admins to patrol the more crucial polls amongst the Wiki pages (polls concerning policy changes and requests for adminship particularly) and run password matching and/or check IP logs should they suspect that a user and his/her sockpuppets is slanting the poll. |
|||
In summary, revealing password matches is unnecessary for the management of vandals, for vandalism (whether by sockpuppets, single users, or anonymous users) can already be readily monitored by the recent changes pages. In addition, serial vandals can be monitored and their actions corrected by the vandalism in progress page. In cases of other sockpuppetry issues, I welcome admins to use password matching in conjunction with IP logs, observation of editing style, and other evidence to build up a case against sockpuppet accounts. However, such information need not and ''should not'' become public until such a time as admins have satisfactorially established that the accounts in question are vandalous or otherwise harmful sockpuppet accounts and have been banned by necessity. |
|||
Anyone wishing to discuss the points I have made here are welcome to do so either here or on my talk page. [http://en.wikipedia.org/wiki/User:Spectatrix Spectatrix] 21:59, 13 Jul 2004 (UTC) |
|||
Tim didn't list all of the examples. He hand selected those where a number of accounts with the same password appeared to have been problematic. 7044 passwords on en have more than one account using them (one is one of mine) and one password has 823 users on en. Admins cannot check password matches or IP addresses - only developers can do it. Identifying sock puppets and trolls quickly has been a major and growing concern because, unlike vandals, they can waste significant amounts of the time of productive contributors. It's likely that the community will accept more measures like this one to assist with the task. [[User:JamesDay|Jamesday]] 09:43, 14 Jul 2004 (UTC) |
|||
Vhile Jamesday has good points, I think that publically listing ''any'' password information is likely to cause more harm than good. Perhaps only admins should have any access to it, but then that creates a power differential and attendant issues. I still don't believe in trolls — what does "troll" even mean in a Wikipedia context anyway? [[User:Jeeves|Jeeves]] 01:43, 17 Jul 2004 (UTC) |
|||
== Wikimedia and child protection == |
|||
A few days ago I posted a query on the Village Pump of Wikipedia asking about the ages of Wikipedians, sparked off by reading about an 82 year old on a talk page. In the response there was discussion about a 7-year old who regularly takes part. Various Wikipedians had been on touch with him on his talk page putting him right where he went wrong - as we all do of course! Somebody asked about his parents involvement. There are evidently a number of young teenagers as well. This discussion has now been removed, by the way, as part of Angela's latest weeding. |
|||
In view of the events of the past few years with on-line chat rooms being abused by paedophiles, I pose the question about how Wikimedia and the Foundation stands on this. Does the way we have set things up, allowing people to list their ages on Wikipedia, and allowing a direct Email link between editors make us vulnerable. The Talk page link seems fine, since it can be read by anyone but the direct email link is private, and potentially open to abuse, and I am uneasy that we are not following best-practice here I would hate us to be hammered for being sloppy - the press could well have a field day. |
|||
If we get more school-age participants, and I hope we do, not only for research but also for helping, this is likely to be a growing problem - there was a link put up recently on the home page addressed to educationalists on how to make use of Wikipedia. Since Wikipedia will interest intellectually-inclined youngsters who we need to be fostering, I urge we address this with some urgency and see how we might be more secure. Any thought? [[User:Apwoolrich|Apwoolrich]] 18:52, 4 Sep 2004 (UTC) |
|||
:Do you have any recommendations? --[[User:Brion VIBBER|Brion VIBBER]] 21:50, 5 Sep 2004 (UTC)]] |
|||
:: Look at safe-surfing practice and see where we might be out of line; think about if we really need a page where Wikipedian ages can be posted; add something to the 'Welcome/beginners' pages aimed at youngsters and point out safe surfing practice. It might be superficially attractive to have a kind of well-monitored 'Junior Wikipedia', to where their activity might be restricted but feel this will be counter productive. So far as as I am aware we have not had complaint from the 'moral majority' out there about suitability for youngsters of the some of the content of Wikipedia on eg pornography, but perhaps that will come. |
|||
::My children are both adult and have families of their own, so I have never been faced with supervising web use by a youngster. I am aware of the danger of the possibility of hysteria in this: in the UK organisations like schools and churches have instituted child protection rules which have the effect of making the administration of organisations difficult - eg a parent not being allowed to dole out cups of orange squash at a school fete until they have been Police vetted; a proposal that all Anglican church bell ringers must be police vetted before they can ring. [[User:Apwoolrich|Apwoolrich]] 07:27, 6 Sep 2004 (UTC) |
|||
:::''a parent not being allowed to dole out cups of orange squash at a school fete until they have been Police vetted'' sounds a little extreme! But anyway, posting your age (I assume you are referring to [[Wikimedians by age]]) is voluntary, and most people wouldn't find that page anyway. Of course, that doesn't stop someone from revealing their age so nothing much can be done. Same with email, it is optional, but children could still fill it in (and nowadays they probably all have email addresses). Prehaps it would be neccessary to remove the email feature. As for other suggestions, prehaps it could be possible to include parental controls which could be activated for a particular account: these would allow for the blocking of the email address, control over any content-blocking features (as proposed elsewhere to allow users to block potentially offensive images, text, or articles), etc. A youngster's beginners page sounds like a good idea also. Are there any professional or government guidelines or resources available regarding online child protection? [[User:TPK|TPK]] 07:30, 8 Sep 2004 (UTC) |
|||
==Finalisation== |
|||
I'd like this draft to be finalised for translation fairly soon and have at least the English version ready to go live by the end of the year. Some thoughts on what needs to happen before then: |
|||
*Needs to be linked from every page |
|||
*Needs to be translated (translations could be "unofficial" in the same way as the GFDL) |
|||
*Should be protected? (have one official protected one on the Foundation site and others unprotected maybe?) |
|||
*"Right to Vanish" section - do we actually give this as a right? Since developers choose whether or not to respond to username changes, perhaps it needs to be clear that there is no guarantee this will be done. It's a nice option, but not something we should be offering on any official level. (Now moved to another page) |
|||
*E-mail: Is this really never going to be used for anything other than user-to-user communication? There has been talk of sending out emails to all users. Can we state this will never happen? (Now clarified) |
|||
*User contributions. Every one of these and the time it was made is stored. Should this be mentioned? Are the graphs of [http://kate.wikipedia.org/kates-tools/ edit counts over time] a problem/ever likely to be a problem? (Now added a "User data" section) |
|||
*I'm very unsure about "The Wikipedia will delete personal information about contributors (most likely on on user and user talk pages) at their request". I don't think this is official, and whether it happens is largely up to the admins of the wiki concerned. If we can't guarantee this will happen, it shouldn't be mentioned here. If it does stay in, it needs to mention that we have no control over the mirrors which might still contain that information. (Removed this section now) |
|||
*The "Multiple accounts" section seems misplaced. Does this need to be part of the privacy policy? It seems a separate issue to me. (Removed this section now) |
|||
*The following points still need to be added or clarified: |
|||
**Needs clarification on how often logs are deleted |
|||
**Search is not currently mentioned. Will the terms people search for ever be shared? Will that only be available as aggregated data? |
|||
*Two very clear policies are [[Wikitravel:Wikitravel:Privacy policy|Wikitravel]] and [http://www.google.com/privacy.html Google]. It might be worth comparing these to Wikimedia's policy and seeing if it can be made clearer. |
|||
[[User:Angela|Angela]] 08:02, 7 Nov 2004 (UTC)/ 02:51, 13 Nov 2004 (UTC) |
|||
:Well, I am for having unofficial translations. Every local project links the document in their own language if possible, and the translated document says it is unofficial and provides a link to the original (English?) policy. |
|||
:As for right to vanish, I am suspicious if it is good to have it as a right. Developers are volunteers so how can we say there is a right to demand them? If vanishing is a right, it would bring something mundatory into developers' task. Can we assure the users who want to use ''right to vanish'', their vanishment would be done by those voluntary developers? (Although I don't doubt they are willingly to help us) |
|||
:"The Wikipedia will delete personal information about contributors (most likely on on user and user talk pages) at their request". It sounds a gurantee, in my openion we could only say "most of Wikimedia projects will delete personal information about contributors following to their own criteria". I'm afraid a case a requesting person and a project have different opinion what personal information is, and a case such request taks a time to be done. In my view we could only say the most projects would consider such request respectively. Sorry for my random thought.--[[User:Aphaia|Aphaia]] 06:23, 13 Nov 2004 (UTC) |
|||
If this is going to be that much of an official policy document, it should refer to following points: |
|||
* The policy is possibly changed without prior notice by the discretion of the board. (Or something else that addresses how policy could be changed). |
|||
* Wikimedians and other site visitors are considered to have agreed with the policy after the change. (Or something else regarding the retroactive nature of the policy). |
|||
* If your personal information obtained through the WMF's servers is treated by others in violation of this policy, you can appeal the treatment to the board by sending email to ... (Or something else regarding the enforcement issue). |
|||
* WMF have no plan to start selling or sharing your information with the third party. Commercialism is not something unanimously supported by the WMF projects' members. If this happens, that is only after a community-wide discussion. |
|||
* If and to what extent the privacy information is "protected." If there is any possibility that information could be "stolen." |
|||
Also, I think consulting especially with some developers is a good idea since they are in the position to get some information from the server log. |
|||
If this is not a "contract-like promise of what we do" but more of an "explanation of what are the existing practices," then maybe we do not need some of the above stuff. [[User:Tomos|Tomos]] 20:40, 13 Nov 2004 (UTC) |
|||
==Release of data by developers== |
|||
The policy used to say that data will be released: |
|||
:''To all curious/interested parties, sometimes except the user concerned, when it is believed that an IP address may be associated with a banned or otherwise abusive contributor, as part of the process of trying to determine whether this is in fact the case. because this has been done in the past - not sure if it will be in the future...'' |
|||
I don't think we should release the IP address of a user on ''suspicion'' that it may be associated with a banned or otherwise abusive contributor. We should release the IP addresses associated with the vandalism or trolling itself. We should also be able to release any private data associated with a username which has been persistently used for vandalism or trolling. |
|||
Someone said: |
|||
:''The last motive for ip display certainly need more description. There is a recurrent issue that this is illegal and not acceptable. I would support that we have a clearer policy on this.'' |
|||
I'd like to know exactly what law it is breaking, if any. I'm not being sarcastic. As far as I'm concerned, if someone vandalises Wikipedia, I'll deal with them to the best of my ability, within the limits of applicable law. I'd also argue against any voluntary policy which prevents me from doing so. I'll respect the privacy of users who contribute in good faith, but I'm not going to spare any strategy when dealing with people who attempt to damage the site. So far the difference between good and bad users has been left to my discretion, and the discretion of any other developer who wishes to get involved in this stuff. I don't think a privacy policy should be the place to change that, it should be an internal matter. -- [[User:Tim Starling|Tim Starling]] 01:53, 17 Nov 2004 (UTC) |
|||
==Removals== |
|||
[Policy regarding log retention]: |
|||
:It is the policy of Wikimedia that server log information, including any backup copies, is destroyed within one year of its creation. ''Will this be retained longer for abuse/security issues or at the request of law enforcement?'' |
|||
::''more information needed here, in particular with regards to log publishing. Even though IRC is not officially part of Wikimedia, the question of the log is regularly mentionned, and ihmo should be included in that document, if only to inform people.'' |
|||
[comment under 'Deletion of content']: |
|||
:'' or, possibly, in cases of harassment, which may be by a sysop toward another sysop?'' |
|||
::this comment is unclear to me. What did you want to say exactly ? [[User:Anthere|Anthere]] |
|||
[Search]: |
|||
:''What happens to the data about what users are searching for?'' |
|||
I have removed the above unclear points and comments. [[User:Angela|Angela]] 23:27, 25 Jan 2005 (UTC) |
|||
== spelling/grammar corrections and suggested rewording == |
== spelling/grammar corrections and suggested rewording == |
||
| Line 276: | Line 60: | ||
This sentence seems a bit confusing to me. (Disconnect yourself? From where? Do you mean "log out"?) And, is it a good idea to add such general ''advice'' to a page stating ''policy'', anyway? --[[User:Mormegil|Mormegil]] 18:47, 16 Apr 2005 (UTC) |
This sentence seems a bit confusing to me. (Disconnect yourself? From where? Do you mean "log out"?) And, is it a good idea to add such general ''advice'' to a page stating ''policy'', anyway? --[[User:Mormegil|Mormegil]] 18:47, 16 Apr 2005 (UTC) |
||
''If you contribute to the Wikimedia projects, you are publishing every word you post publicly. If you write something, assume that it will be retained forever. This includes articles, user pages and talk pages. Some limited exceptions are described below.'' |
''If you contribute to the Wikimedia projects, you are publishing every word you post publicly. If you write something, assume that it will be retained forever. This includes articles, user pages and talk pages. Some limited exceptions are described below.'' |
||
| Line 286: | Line 68: | ||
¿Shouldn't be said ''to the President of WMF'' instead of ''To Jimbo Wales''? --[[User:Ascánder|Ascánder]] 17:14, 30 Apr 2005 (UTC) |
¿Shouldn't be said ''to the President of WMF'' instead of ''To Jimbo Wales''? --[[User:Ascánder|Ascánder]] 17:14, 30 Apr 2005 (UTC) |
||
:Wouldn't it make more sense for it to refer to the Board than either of those? [[User:Angela|Angela]] |
|||
== site statistics pages link is broken == |
== site statistics pages link is broken == |
||
| Line 310: | Line 94: | ||
As far as I know Mediawiki does not store users' password, it merely stores password ''hashes'', from which actual passwords can not be recovered. Privacy policy should state this so user can be concerned about more important matters. --[[User:195.113.65.10|195.113.65.10]] 14:55, 29 Jun 2005 (UTC) |
As far as I know Mediawiki does not store users' password, it merely stores password ''hashes'', from which actual passwords can not be recovered. Privacy policy should state this so user can be concerned about more important matters. --[[User:195.113.65.10|195.113.65.10]] 14:55, 29 Jun 2005 (UTC) |
||
==Research access to logs== |
|||
I think we should have a good community discussion to review our privacy policy with an eye towards revising it in order to allow some limited additional access to our access logs for credible academic researchers who are willing to sign a strong non disclosure agreement. |
|||
This sort of data is of intense interest to researchers -- I am getting more and more requests for it -- and I think that the results of the research would be incredibly helpful to our global mission. We make a lot of decisions based on our own theories of how the community really works, but I wonder what facts about ourselves we don't realize because they are lost in the data. |
|||
--Jimbo (on [http://mail.wikimedia.org/pipermail/foundation-l/2005-August/003861.html Foundation-l], 9 August 2005) |
|||
Revision as of 00:03, 11 August 2005
- Archives: See Talk:Privacy policy/archive for all comments made before the policy was approved by the Board in April 2005.
spelling/grammar corrections and suggested rewording
- "However, you may contact one of Wikimedia developer to enter a new mail address in your preferences."
- "one of Wikimedia developer" -> "a Wikimedia developer" or "one of the Wikimedia developers"
- It may be difficult or impossible for a developer to verify that the person making the request is the person who uses the account, so I suggest rewording to: "However, you may contact a Wikimedia developer and request that they enter an email address in your preferences." and some note to the effect that the request may be refused if there is suspicion.
- "By participating to an IRC channel" -> "By participating in an IRC channel"
- "publicaly" -> "publicly"
- "agregated" -> "aggregated"
- "Many aspects of the Wikimedia projects community interactions" -> "Many aspects of Wikimedia projects' community interactions"
- "or it required by law to release the infomation" -> "or it is required by law to release the infomation"
- "Only a developer can permanently delete information from the Wikimedia projects and there is no guarantee this will happen except in response to legal action."
- suggest changing "except in response to legal action" to "unless it is legally required", as anybody can perform legal action, whether or not their complaint is valid.
-- Jeronim 18:09, 10 Apr 2005 (UTC)
- You can make the minor changes at Privacy policy. These will be moved to the foundation wiki version once the page here stabilizes. The aim of making it "official" was to encourage people to actually look at it and comment on it since it's been basically ignored for months, not to prevent anyone making edits to the page. Angela 20:59, 10 Apr 2005 (UTC)
Technical problems
The description of what an IP is is both inappropriate here (overly-complicated - 'a number' will suffice, writing it as a dotted-quad is wholly optional) and IPv4-specific, whereas IPv6 support is likely to be forthcoming. Better to fix this now, i.e.:
- "[...] your network IP address. This is a series of four numbers which identifies the Internet address [...]"
- →
- "[...] your network IP address, a number which identifies the Internet address [...]"
Also, the statement about your IP being displayed to all users in IRC is misleading.
- "[...] By participating to an IRC channel, your IP address will be exposed to other participants. [...]"
- →
- "[...] By participating to an IRC channel, your IP address may be exposed to other participants. [...]"
James F. (talk) 20:58, 10 Apr 2005 (UTC)
Regarding accounts
- Once created, user accounts can not be removed.
Yes they can, you probably meant to say "won't". —User:Ævar Arnfjörð Bjarmason/Sig 00:53, 11 Apr 2005 (UTC)
- Indeed, though there are several places where it is said quite explicitly that there is no chance of this happening, so we might want to make it a little stronger than "won't". Perhaps "user accounts will never be removed"?
- James F. (talk) 00:55, 11 Apr 2005 (UTC)
I have a concern about committing to that clause in the very long term. I put it at Talk:Right to vanish but maybe should have posted it here. Any thoughts? Rossami 23:03, 12 Apr 2005 (UTC)
Sockpuppets
- "data collected in the server logs will not be released ... except as follows: ... Where the user has been vandalising articles or persistently behaving in a disruptive way, data may be released to assist in the targeting of IP blocks, or to assist in the formulation of a complaint to relevant Internet Service Providers"
Developers are often asked to check whether two users are the same person. Does the privacy policy allow this currently or should it be more explicit about this? Angela 14:13, 11 Apr 2005 (UTC)
- I think that that's sufficient; I looked over the text with CheckUser et al. in mind, and I think it's enough.
- James F. (talk) 17:49, 12 Apr 2005 (UTC)
"Remember to disconnect"
- However, remember to disconnect yourself after using a pseudonym to avoid allowing others to use your identity.
This sentence seems a bit confusing to me. (Disconnect yourself? From where? Do you mean "log out"?) And, is it a good idea to add such general advice to a page stating policy, anyway? --Mormegil 18:47, 16 Apr 2005 (UTC)
If you contribute to the Wikimedia projects, you are publishing every word you post publicly. If you write something, assume that it will be retained forever. This includes articles, user pages and talk pages. Some limited exceptions are described below.
Does this include images and audio? or am I being too pedantic.
To Jimbo Wales/To the President of WMF
¿Shouldn't be said to the President of WMF instead of To Jimbo Wales? --Ascánder 17:14, 30 Apr 2005 (UTC)
- Wouldn't it make more sense for it to refer to the Board than either of those? Angela
site statistics pages link is broken
I get a 404 when I click on the site statistics pages link in the Private logging section. Js-js2 01:55, 10 May 2005 (UTC)
Data on users
I am not sure I understand the meaning of this:
- Data on users, such as the times at which they edited and the number of edits they have made are publicly available via "user contributions" lists, and occasionally in aggregated forms published by other users.
Fault
I'm sorry but I have no login and I just saw a little mistake : In the party "Sharing information with third parties" the last "information" has no "r". Cheers :)
Update
Once I logged on otrs, on preferences I found some info-xx addresses which aren't described at this document. like info-fr Those addresses are also better to be listed here? Or they are in fact still dormant? --Aphaia | Translate Election | ++ 23:56, 25 Jun 2005 (UTC)
Hashed passwords
As far as I know Mediawiki does not store users' password, it merely stores password hashes, from which actual passwords can not be recovered. Privacy policy should state this so user can be concerned about more important matters. --195.113.65.10 14:55, 29 Jun 2005 (UTC)
Research access to logs
I think we should have a good community discussion to review our privacy policy with an eye towards revising it in order to allow some limited additional access to our access logs for credible academic researchers who are willing to sign a strong non disclosure agreement.
This sort of data is of intense interest to researchers -- I am getting more and more requests for it -- and I think that the results of the research would be incredibly helpful to our global mission. We make a lot of decisions based on our own theories of how the community really works, but I wonder what facts about ourselves we don't realize because they are lost in the data.
--Jimbo (on Foundation-l, 9 August 2005)