Policy talk:Privacy policy

Archives: See Talk:Privacy policy/archive for all comments made before the policy was approved by the Board in April 2005.

Once created, user accounts can not be removed.

Yes they can, you probably meant to say "won't". —User:Ævar Arnfjörð Bjarmason/Sig 00:53, 11 Apr 2005 (UTC)

Indeed, though there are several places where it is said quite explicitly that there is no chance of this happening, so we might want to make it a little stronger than "won't". Perhaps "user accounts will never be removed"?

James F. (talk) 00:55, 11 Apr 2005 (UTC)

I have a concern about committing to that clause in the very long term. I put it at Talk:Right to vanish but maybe should have posted it here. Any thoughts? Rossami 23:03, 12 Apr 2005 (UTC)

However, remember to disconnect yourself after using a pseudonym to avoid allowing others to use your identity.

This sentence seems a bit confusing to me. (Disconnect yourself? From where? Do you mean "log out"?) And, is it a good idea to add such general advice to a page stating policy, anyway? --Mormegil 18:47, 16 Apr 2005 (UTC)

I rephrased it the way I understood it.--Patrick 15:45, 6 December 2005 (UTC)[reply]

If you contribute to the Wikimedia projects, you are publishing every word you post publicly. If you write something, assume that it will be retained forever. This includes articles, user pages and talk pages. Some limited exceptions are described below.

Does this include images and audio? or am I being too pedantic.

¿Shouldn't be said to the President of WMF instead of To Jimbo Wales? --Ascánder 17:14, 30 Apr 2005 (UTC)

Wouldn't it make more sense for it to refer to the Board than either of those? Angela

Agreed. And that was my question: why the other four at the Board isn't eligible to access this sort of infromation? --Aphaia++ 12:16, 5 November 2005 (UTC)[reply]

I get a 404 when I click on the site statistics pages link in the Private logging section. Js-js2 01:55, 10 May 2005 (UTC)[reply]

I am not sure I understand the meaning of this:

Data on users, such as the times at which they edited and the number of edits they have made are publicly available via "user contributions" lists, and occasionally in aggregated forms published by other users.

I'm sorry but I have no login and I just saw a little mistake : In the party "Sharing information with third parties" the last "information" has no "r". Cheers :)

Once I logged on otrs, on preferences I found some info-xx addresses which aren't described at this document. like info-fr Those addresses are also better to be listed here? Or they are in fact still dormant? --Aphaia | Translate Election | ++ 23:56, 25 Jun 2005 (UTC)

As far as I know Mediawiki does not store users' password, it merely stores password hashes, from which actual passwords can not be recovered. Privacy policy should state this so user can be concerned about more important matters. --195.113.65.10 14:55, 29 Jun 2005 (UTC)

I think we should have a good community discussion to review our privacy policy with an eye towards revising it in order to allow some limited additional access to our access logs for credible academic researchers who are willing to sign a strong non disclosure agreement.

This sort of data is of intense interest to researchers -- I am getting more and more requests for it -- and I think that the results of the research would be incredibly helpful to our global mission. We make a lot of decisions based on our own theories of how the community really works, but I wonder what facts about ourselves we don't realize because they are lost in the data.

--Jimbo (on Foundation-l, 9 August 2005)

According to the "account creation / log-in" form, Wikipedia will never release our email addresses to anyone. However, according to "Sharing information with third parties", Wikipedia will accede to a subpeona, warrant, or other legally required request.

Since all email addresses from before the privacy policy existed were gathered on the promise that they would "never" be released, wouldn't it be unethical (or perhaps a breach of contract, etc.) to release them simply because of a legal requirement? This privacy policy seems to retroactively redefine the terms under which Wikimedia is allowed to release my email address, which I am *very* uncomfortable with.

It comes down to common sense: Wikimedia does not have an army to stop the authorities from seizing a server and getting the email address themselves. Would you say that it's unethical to release an email address when all that refusing will achieve is legal escalation and having the server confiscated? -- Jeronim 21:55, 24 August 2005 (UTC)[reply]

Definately let authorities come and seize it .... at least wikimedia Foundation wouldn't have co-operated like google has done in China, and because of that someone who spoke their mind freely is in jail now for 10 years!

In a western country google would have refused and made a courtcase out of it. But 1 billion chinese consumers are to big of a lure. Google publically admitted they have provided the data. For me it is also a personal thing. Would you feel it is right if I would be arrested because I protested the dictatorship in Thailand on a talkpage? And Thailand is developing in a dictatorship unfotunately which is what is worrying me. And I am disappointed in google and yahoo and other big sites who co-operate much more with governments like the Chinese one than they have to. Just follow the news on this subject. Basically China has succeeded in censoring the internet for its citizens. Even wikipedia does selfcensorship to appease Beijing. And other Asian countries and governments are following the developments and want to implement it in their own countries. Like Thaksin here in Thailand, so I say resist. Waerth 17:06, 13 September 2005 (UTC)[reply]

I find it confusing that translations and other suggestions happen at the same time. Translations make comment from everybody easier, but surely we want to translate the finalised version? When will we know the official version? --Alias 08:20, 5 October 2005 (UTC)[reply]

This line in the Wikipedia privacy policy ..."# To Jimbo Wales, his legal counsel, or his designee, when necessary for investigation of abuse complaints." ... seems like a potentially large error to me? I think it should reference the Wikimedia Board or designee, not Jimbo. Jimbo Wales, Wikimedia Trustee, Chief of the Board, or similar title might be ok. It is my understanding that the laws in the U.S. which provide protection between corporate responsibility and personal responsiblity depend upon the Corporation or NGO being managed in accordance with Laws and the charter. Courts have found that individuals and officers managing or abusing organizations for their own purposes or as their own property can be held liable personally (personal assets are at risk) for mistakes that made in managing the organization. If Wikimedia has access to legal talent pro bono or has funds to pay for legal expertise then I think it would be a wise investment to consult a lawyer regarding this issue. user:lazyquasar

It seems unusual to explicitly name an individual in a document of this sort. More usual would be to name a role for which he was the current incumbent or owner

--BozMo 20:21, 1 November 2005 (UTC)[reply]

agreed Anthere 10:48, 4 January 2006 (UTC)[reply]

I think both the Wikipedia and the hopefully impending Wikiversity could benefit by meeting all requirements for self certification according to USA/EU "Safe Harbor" agreement regarding the handling of private information. Both projects are global in nature so the sooner we are in full compliance the less risk we are exposed to and the less likely we are to encounter impacts or cause others harm from unfortunate errors or misunderstanding.

• http://www.export.gov/safeharbor/
• http://www.export.gov/safeharbor/sh_overview.html
• http://www.export.gov/safeharbor/FAQ1sensitivedataFINAL.htm

w:user:lazyquasar

I read the german translation a few minutes ago. Statements like If you only read the Wikimedia project websites, no more information is collected than is typically collected in server logs by web sites in general. ist too general. The User should know which information about him are collected. That means: his user name, his IP-Number, time, and maybe more? Not everyone is an internet-specialist.

The Policy on release of data derived from page logs (esp. rules for giving away the IP-Username-log) is very general too. There isn't any guarantee that these files will not be publishished to all users (for example in case of "vandalism") Some people maybe have a profile with their clear name and one with an nickname. I dont think that most of them want to publish this connection, but the rules are not hard enough to guarantee this. That should be made clear for every user. Hadhuey 23:27, 29 November 2005 (UTC)[reply]

Hi. I wonder if someone (a Board member, perhaps?) can clarify one thing. The sixth item on "Policy on release of data derived from page logs" - is this talking about en:Necessity, a legal term? Or is it just a layman's term?

Tomos 02:44, 21 December 2005 (UTC)[reply]

Translation into catalan on catalan wikipedia

Pérez 05:34, 27 December 2005 (UTC)[reply]

Kate

Kate ( http://tools.wikimedia.de/~kate/cgi-bin/count_edits?user= ) might be considered a breach of policy §7 Privacy_policy#User_data which states : Data on users, such as the times at which they edited and the number of edits they have made are publicly available via "user contributions" lists, and occasionally in aggregated forms published by other users. Kate is not an other user but a tool displayed on a website owned by the Wikimedia Foundation. Kate is not an "occasional" publication, but a systematic tool available 24 hours a day, and providing informations on all users, not a smaller set of users selected on a particular occasion. The "disclaimer" section on Kate's main page seems to be the result of an inaccurate reading of the above mentioned §7. Kate is a controversial tool : see en:Wikipedia:Editcountitis for further reading.--Theo F 10:36, 4 January 2006 (UTC)[reply]

Can't see a problem here. Kate's & Interiot's tools don't publish anything that isn't in MediaWiki's user contribs. If there were external aggregation tools doing the same thing by connecting to Wikipedia & parsing it's HTML output - that wouldn't be a violation. So, why it's a violation when it's done by querying databse directly? And don't forget, these tools are extremely useful for teacking sockpuppets and evaluating user's contributions during RfA's. MaxSem 18:34, 4 March 2006 (UTC)[reply]

Special:unwatchedpages

According to Wikizine #6, Special:unwatchedpages gives a listing of the first 5000 pages that are not on someones watchlist. It is a static list updated regularly (hopefully). This is only for "users with protect permission". Sysops have access. Seems to be live on all wikis.source. That means that this tool is spying, on a regular basis, users' watchlists and transmitting data from the users' watchlists to the sysops. That means that the Wikimedia Foundation allows itself to spy on data supposed to be protected by a password. In order to build a trusting relationship with the Wikipedia users, the Foundation should clearly renounce such intrusive behaviour. A motto « Wikipedia is not GMail » is mostly welcome. See en:Gmail#Privacy for further reading.--Theo F 10:36, 4 January 2006 (UTC)[reply]

This is true: Wikipedia is in breach of privacy policy --anon 11:14, 5 January 2006 (UTC)

That's a bit inaccurate, at least in my opinion. In order for that page to be a breach of policy, it has to provide information that can track down a particular user; this tool provides an aggregate report, and does not contain any information that could be used to identify a particular user, so there is no breach of policy there. Titoxd 20:44, 3 March 2006 (UTC)[reply]

If all users but one share together which pages they watch, and use the aggregated data, they can make a substraction and find out which pages are watched by the remaining user. When a page never watched before suddenly becomes watched, you could have a look at the list of newly created accounts and make the hypothesis that the newly watched page is being watched by the user who just created a new account.

More generally, when a landlord rents a flat, he should not keep a key and enter the flat without the tenant's consent. By the same token, when you give somone an account with a password, you should not enter this password-kept area without the password holder's consent.

IMHO, this feature should be available on an "opt in" basis only. Theo F 10:32, 4 March 2006 (UTC)[reply]

That reasoning contains one major flaw: to be able to figure out the pages that a user watches, you first need to know the pages that every other user watches, which is not revealed anywhere. Besides, this is a server-side feature, data of who watches what page is never transmitted to a sysop, nor a sysop can in any practical scenario derive the information. Titoxd 22:19, 4 March 2006 (UTC)[reply]

If all the other users organize a tea party, and during this tea party decide to share their watchlists, they can perform the substraction and extract what the remaining watchlists contain. I think the trend of accessing data which are by nature private, without the account holder's knowledge, without the account holder's consent, is not a good trend. The owner of the account should be told how his data are going to be processed, and for which purpose, so that he can quit, or simply renounce to open an account, if he disagrees with the purposes of the data processing. If the landlord wants to keep a key and enter the flat every time he wants, that should be written on the rental agreement. Theo F 09:04, 7 March 2006 (UTC)[reply]

The thousands of them?! You must be kidding. This could be realistic only in small wikis where only tens of users actively participate and watch the pages. ACrush ^?!/_© 16:51, 18 April 2006 (UTC)[reply]

Interiot count edits [1]

This new tool raises the same questions as Kate (see above) Theo F 11:54, 3 March 2006 (UTC)[reply]

Does Wikipedia keep a log of ALL IP addresses ever used by a user for admins/sysops, developers or other officials?

I would hope only the most recent one gets "logged"/"tracked", otherwise this could potentially reveal a lot of personal information to the right kind of person.. (and let's not pretend that a sociopath can't become an admin, psychotics can pretend to be quite nice sometimes.) --72.36.221.10 11:14, 5 January 2006 (UTC)[reply]

These data are only stored for one week, so edits made prior to that will not be shown via CheckUser says CheckUser Policy. I don't know if that means that prior edits could be available through other means. --Theo F 14:28, 5 January 2006 (UTC)[reply]

Here is the Danish translation, could it be added to the list of languages?

http://da.wikipedia.org/wiki/Wikipedia:Privacy_policy

It should be named Beskyttelse af personlige oplysninger.

OK, done. McDutchie 03:26, 28 February 2006 (UTC)[reply]

• http://en.wikipedia.org/wiki/User:Aleksei
• http://en.wikipedia.org/wiki/User:Drahcir
• http://en.wikipedia.org/wiki/User:Princess_Homestar
• http://en.wikipedia.org/wiki/Wikipedia:New_user_log

My name is Daniel. I'm 10. I like reading and especially like Harry Potter books...

I am not a lawyer, but I think we may need to include COPPA checks and disclaimers. Wikimedia Foundation has "actual knowledge" that children under 13 are providing personal information (e.g., email addresses) when using the site or registering an user account. I am not sure how the non--profit status of WMF plays into this, but NASA and LiveJournal are doing the same.

Thanks, GChriss 19:15, 19 February 2006 (UTC)[reply]

This looks like a good suggestion. Not only the United States have laws about privacy. Most European Union countries, and Switzerland do. Wikipedia should provide ways to make Wikipedians comfortable with the privacy standards used in their home country. Theo F 12:18, 3 March 2006 (UTC)[reply]

There is a link in there (second paragraph) which links to http://meta.wikimedia.org/stats even though that is an invalid link. It's quite confusing when it happens on an 'official' page like it has. I'd fix it if I knew where it was supposed to link to...

Does anyone else think it would make sense to block search engine and archive bots from harvesting Talk: pages? This would prevent anonymous contributors from being "unmasked" by employers etc from IP address using a simple Google or Internet Archive search, but wouldn't stop abusive users being tracked by the Admins here (and since Wikipedia keeps its own archives anyway, nothing would be lost). I think you could block the talk pages easily enough with the line: Disallow: /Talk: ... in the "robots.txt" file.

The existing "robots.txt" seems to cover "edit" and "history" pages anyway: "# Friendly, low-speed bots are welcome viewing article pages, but not

1. dynamically-generated pages please."

... but if these get harvested too then I'd argue for them being blocked in the same way.

I know that hiding your IP address is one of the "perks" of registering, but I for one didn't even know what an IP address was twelve months ago - it doesn't seem fair to penalise the less technologically minded contributors. An increasing number of sites are considering IP addresses pseudo-personal information. I can't think of a single other site that publishes users' IP addresses the way Wikipedia does, and this seems crazy considering the site's excellent privacy policies on usage logs.

On a related note, can formerly-anonymous users "reclaim" anonymous posts when they've registered (so their IP address gets replaced by their username)?

Here [2]. "can not" should be "cannot"

The Privacy policy at Wikimedia:Privacy policy is now out of date, since it precedes the large scale use of "CheckUser" and claims only "developers" have access to the IPs of logged in users.

I am suggesting a revised version at User:Angela/Privacy policy (see [3] for a diff from the current version).

The main changes are to these two paragraphs:

"IP addresses of users, derived either from those logs or from records in the database are frequently used to correlate usernames and network addresses of edits in investigating abuse of the wiki, including the suspected use of malicious "sockpuppets" (duplicate accounts), vandalism, harassment of other users, or disruption of the wiki."

"It is the policy of Wikimedia that personally identifiable data collected in the server logs, or through records in the database via the CheckUser feature, may be released by the system administrators or users with CheckUser access, in the following situations:"

I intend to propose that the Board accept the new draft as official policy, but would appreciate feedback or further improvements before then. Please add comments below.

Thanks. Angela 13:18, 14 April 2006 (UTC)[reply]

I am happy with the changes. Others' thoughts?

James F. (talk) 13:35, 14 April 2006 (UTC)[reply]

Good idea Angela. Could we check with Brad what he thinks of the overall policy ? Anthere

As a frequent user of CheckUser, I think these changes are reasonable and properly reflect the way the tool is used today. Please note that on enwiki we tend to interpret "behaving in a disruptive way" to mean a significant and sustained violation of local wiki policy in such a manner as to make relevant the fact that two or more accounts are being used by the same individual ("sockpuppetry"). The information to be revealed is limited to an estimate of the likelihood that such a situation exists, based on the totality of the evidence, and a credible case for the allegation of sockpuppetry must exist before a check is performed. (In other words, no fishing expeditions.) Furthermore, on enwiki, we (those of us with CheckUser privileges) have agreed not to release anything other than conclusory statements about an investigation. Inadvertently discovered sockpuppets or other "interesting" facts about editors are not to be revealed except when relevant to the conclusion that an editor is being abusive or disruptive.

The other use made of CheckUser is to assist in the process of identifying and blocking open proxies. There is a particular editing quirk that we've learned is associated with certain types of open proxies; when we find that quirk it is normal to run a CheckUser to determine the origin of the quirky edit and block the originating IP (or IP range, in certain cases). I generally do not announce the identities of the accounts using such proxies unless there is evidence of disruption in addition to the quirky editing behavior. It is my opinion that this usage of CheckUser is consistent with the proposed policy; if it is not, I would strongly urge that the policy be amended to permit this sort of security management activity as it has done a great deal to cut back on open proxy abuse on enwiki. Kelly Martin 04:04, 15 April 2006 (UTC)[reply]