Policy talk:Privacy policy: Difference between revisions

The IP addresses of logged-in users may occasionally be reviewed from the server logs while investigating cases of vandalism.

Who will investigate these logs ? Maintenance people only, or any sysop who ask for them ?

�

So far, mainly me or Jimbo, though excerpts may sometimes get posted publicly. --Brion VIBBER 13:36 Feb 9, 2003 (UTC)

what defines when excerpts are posted publicly ? Who can ask for them and why ?

---

Would it be possible to make a link to the Draft privacy policy page on the page where you can log in of make a new user account. It took me a very long time to find any mention of any privacy information, and I found the draft privacy policy very usefull.

Thank you

Hey, someone else who finds privacy policies useful! This draft is looking pretty good to me so far. I don't know how the process works, but I imagine a link to a more polished version of this document will be appearing on all Wikipedia pages soon (?).

---

Does the term "aggregate statistics" refer to statistics in which all or most personally identifiable information has been stripped? Can someone define this term or elaborate on it?

---

What user information falls under the GFDL? If I get a SQL database dump, are there email addresses, IP addresses, etc. in the dump? -- EvanProdromou

I've noticed that MeatballWiki gives no IPs for anon users, but (what I presume to be) reverse DNS lookups. Has this been proposed/discussed/rejected here? Martin

The old usemod wikipedias also show the hostname. I would be nice to have option to select between IP adres and hostname. Giskart 18:39 Mar 15, 2003 (UTC)

Except in rare cases (dynamic IPs), IPs and hostnames are equivalent, but hostnames are sometimes considered more privacy-invasive, as they often explicitly specify a person's university, workplace, or local ISP by name in text for all to see, which information would require a separate lookup with an IP. That, and we'd have to do reverse lookups on every visitor in order to obtain the information -- that'll slow things down a little. --Brion

This would be useful information, though, in helping to judge such a user's contribution. For example, if the BBCi article was modified by someone with a bbc.co.uk hostname, one might expect it to be accurate, but potentially biased. If the Java programming language was modified by someone with a university hostname, one might expect a certain, more theoretical, slant. If someone with an French-based hostname posted to US plan to invade Iraq, one might want to check for an anti-US slant - and also copyedit the spelling+grammar of someone who may not be a fluent English speaker. Martin

A few points:

• Shouldn't IP adresses of viewers be deleted periodically, say once a month? That way it wouldn't matter if any authorities asked for them because they would not be available.
  • They already are.
    • OK. It should be noted along with the frequency. I am assuming that any backups done do not contain the purged information (i.e. purge, then backup). Dori
• Would it be possible to associate tempID's to IP addresses for edits when users are not logged in. This way the public and/or authorities could not exact revenge/hunt down/other evil things the editors, yet at the same time such IP's could be banned by administrators if need be. These matchings would also need to be flushed periodically.
  • If you don't wish to be identified by other visitors, log in and use a pseudonym instead of your real name or your real network address, and screen your language, writing style, and the domain of things you write about very carefully to avoid tipping people off. If you're writing things that are likely to get people to "exact revenge" upon you, you're either not following NPOV or you're in an unhealthy environment which is a bigger problem for you than anything Wikipedia does. --Brion VIBBER 23:39, 20 Oct 2003 (UTC)
    • I already use my login. It was intended for others (those who don't know any better, don't want to, don't care, etc). By protecting others for their own good we can make the environment safer, which in turn will convinve more people to contribute. You do not have to write in POV style to get someone to be angry at you. Sometimes, all it takes is a factual statement. I think we should foster an environment where people are not afraid to speak out as long as they are telling the truth. This may seem theoretical, but it could happen. Dori
• Shouldn't the IP's of editors that are logged in be deleted periodically? If you have the login name, you may not need the IP address. I could see where this would come in handy for long-term troublemakers, but we must weigh privacy issues more.
  • They aren't stored other than in the webserver log which is already cleared periodically, see above.
    • OK. Again, it should be noted. Perhaps it wasn't clear what exactly is meant by "logs" Dori 01:35, 21 Oct 2003 (UTC)

Most people might see this as having to do with the US government and terrorism, but that, while still a valid concern, may not be the worst case scenario. Say someone edits an article having to do with a dictator, mafia member, government official in a way that angers the latter entity. Since the IP's are public, the editor could be tracked down rather easily.

just a few things to consider, Dori 23:08, 20 Oct 2003 (UTC)

I think the draft in such a state where it could be presented to the public as is (well, almost, must answer and remove notes). I think it is better to have this unfinished draft, than none at all. Also, this policy would probably have to be presented to all the 'pedias. Dori 04:28, 21 Oct 2003 (UTC)

---

---

If anything substantive from here is missing from the new text, please reintegrate.

While serious contributors are encouraged to back their contributions with their real names, this is not required; a user account may be created using a pseudonym (but please see Wikipedia:No offensive usernames), or you may continue to edit anonymously (but see note about IP addresses below).

Many of the project's major contributors are pseudonymous, and some choose not to reveal their real name.

You may optionally provide your e-mail address when creating a user account, or update it in your preferences. This is not required, but if you do choose to submit your e-mail address:

• Other signed-in contributors may send you direct e-mail via your user page and vice-versa; your address will be revealed only to those to whom you send e-mail, and to those who send e-mail to you only if you respond
• If you lose your password, you can have it reassigned through the login page and a temporary password sent to you.

Users' e-mail addresses are stored only on the main Wikipedia server, accessible only to the site maintainers, and are not included in the publicly available article database dumps.

They will be passed on to the government... upon request under the relevant legislation?

Wikipedia has to comply with the laws of the United States and the state of California, where the server is located. (And possibly the state of Florida, where the Wikimedia Foundation is incorporated, but I'm not sure how that comes into things.) Hypothetically, if ordered by a court of law, records that exist may have to be turned over.

-My guess is Wikimedia foundation might provide information of users when asked by foreign law enforcement officers as well. Police of a country may request Wikimedia to submit some IP address information for reasons like defamation, obscenity, invasion of other's privacy, etc., and Wikipedia might cooperate, I guess. Tomos 03:53, 22 Oct 2003 (UTC)

They will be passed on to third parties... never? They are stored... indefinately?

They're stored indefinitely unless you log in and change the e-mail address listed in your account, at which point it's gone. The SMTP mail server logs may include references to any mail sent to or from you through Wikipedia, but without any connection to your account name, the subject or the content of the mail sent.

What about the mailing lists?

Like the wiki, the mailing lists are public. The archives are public. Anything you send to them is being published publically. Don't publish things you'll regret.

The subscriber list for the mailing lists is as far as I know limited to list admins only, though obviously if you send anything to a list the whole world now knows your email address. A number of different people admin the various lists. If you don't like it, subscribe with a throwaway hotmail account.

Can you subsequently remove your email address if you change your mind? If you do, is the old address stored anywhere?

You can change the email address in your wiki preferences at any time, and the old address is not stored in association with your account. I'm not sure how the mailing list stores its subscriber lists, so I don't know if an address would stick anywhere (besides the mail server logs) in connection with a mailing list after being unsubscribed. Check with the GNU Mailman people for info.

Depending on how you are connected to the Internet, your IP address may generally identify your Internet service provider, or uniquely identify the computer from which you are connecting.

The IP addresses of anonymous contributors are permanently recorded in the publicly viewable page histories. If you do not wish to publicly reveal your IP address, you should create a user account; your user name (which may be a pseudonym) will then be recorded in place of the IP address.

Internal server logs include the IP address of every viewer; this information is used for aggregate statistics.

The IP addresses of logged-in users may occasionally be reviewed from the server logs while investigating cases of vandalism. Excerpts may be published... when? where? by whom? What about other reasons to review logs - eg bug-tracking?

IP addresses will likely be seen by developers during bug hunting if this involves looking at the logs to get information on diagnosing the bug, but will not be published. Publishing of IP addresses may happen when tracking vandalism, as blocking a logged-in vandal requires also blocking the IP address to prevent the same person from simply creating another account immediately, and the IP block list is public for accountability reasons.

IP addresses may become more widely viewable in the future, pending discussions.

These logs are stored... indefinitely??

Logs are rotated daily; the archives are cleared out every couple weeks (deletion schedule not automated yet).

The logs will be passed on to the US government... upon request under the appropriate legislation? Which means what in practice?

In practice, this means never. Hypothetically law enforcement could serve a warrant asking for log data relating to some investigation, and we'd probably have to comply to the extent that the requested information exists (eg Patriot Act).

Server logs may include the operating system and browser version that viewers use; this information is used for aggregate statistics.

If you or someone else adds personal information to a wikipedia page, such as your user page, it will be stored indefinately, even if you subsequently edit it to remove it. Do not publish information that you don't want published! Wikipedia is not a private chat room.

... then we have no control over what they may choose to do with IP addresses and/or emails.

True enough of all websites.

But it never hurts to say it!

Seems relevant here...

Cookies are required to log in. If you choose 'remember my password', a cookie will be stored with a hash of your password. This may be a bad idea if your computer isn't very much yours and you're paranoid.

The main functioning of the login system uses a session cookie which expires at the end of your browser session.

Also set on login are cookies storing your user id number and name, which are used to fill in the last-used name in the login box when you next visit. If you don't like this, clear your cookies after logging out. These cookies last 30 days IIRC.

---

This draft does not seem to be getting much more attention. Maybe the notes should be removed and the draft linked from the main page (better this version than none, plus it would get more attention from editors). Maybe I am the only one who feels that Wikipedia should have a privacy policy, so I'll shut up after this. Dori 00:35, 16 Nov 2003 (UTC)

---

The Wikitravel privacy policy might be worth comparing and contrasting. --Evan 22:21, 17 Dec 2003 (UTC)

---

This has been discussed elsewhere, but I think it deserves a mention in the privacy policy.

Personally I think a logged in user should have the right to control the content in their own page. I've seen instances of people reverting blanking of another user's (a "bad" user) talk page, and there are talks at personal subpages saying that they should not be deleted.

The user pages are not part of the encyclopedia, they should be deleted upon request. Keeping them viewable by everyone against the user's will is, in my opinion, a misuse of the GFDL.

tristanb (not logged in) 203.96.104.226 00:27, 21 Dec 2003 (UTC)

I disagree. User talk pages are there to support the development of the encyclopedia, and as such include information that is relevant to particular articles. Perhaps that should have gone on the article talk page, but often it doesn't, and the talk pages provide a very useful history of how particular articles and issues were developed. The user talk page is not supposed to be something private. If you want a private discussion with someone, you can do that by e-mail, so I see no reason why these pages should be made part of the privacy policy. The same might not apply to user pages. Angela 01:28, 21 Dec 2003 (UTC)