Policy talk:Privacy policy: Difference between revisions

How do I report someone adding something to my view ie. Chris Brown as if it's coming from me? —The preceding unsigned comment was added by 65.95.40.84 (talk • contribs) 05:32, 25 February 2009 (UTC).[reply]

The policy says that info on page visits are not exposed publically, but there is a bot which is publishing page after page of user's search terms along with their username and I think for non-users IP address: here are many such pages: [1] also failed search terms are logged: [2] (there are dozens of archives of the above page stretching back several months, with page names of the form ../archive26). Given the controversy over search engines retaining user data and in some cases publishing it, these pages seem a gross violation of user privacy. Do wikipedia visitors know that the search terms they use have become a matter of public record? I doubt it. Weeksinput 03:36, 27 February 2009 (UTC)[reply]

You're mistaken. The bot is posting its own search results. It searches new pages and posts a list of those it finds. The username you see next to each page is the page's creator. This is confirmed by looking at the history of the page. That bot is not publishing users' search results. -Kotra 17:14, 25 March 2009 (UTC)[reply]

Regarding Where the information pertains to page views generated by a spider or bot and its dissemination is necessary to illustrate or resolve technical issues in the section 'Access to and release of personally identifiable information'. I have looked at the definition of page view on Wikipedia. But I am still not sure that I understand what 'page views generated by a spider or bot' are. Can anyone explain this in layman's terms? Lloffiwr 11:16, 26 April 2009 (UTC)[reply]

Bots and spiders, in this context, are computer programs set up to automatically visit webpages, without anyone actually sitting behind the screen. For example, search engines like Google have spiders that run around the web, reading webpage after webpage, to create an index of the web that you can search. Email spammers use bots too, to search the web for email addresses.

"Page views generated by a spider or bot", then, would occur whenever a bot visited a webpage. Wikimedia's software would detect the bot's visit as a page view, just like the page views of actual humans.

One reason I can think of why they would have this line is so administrators, checkusers, and other volunteer editors can take action against bots that are set up to add commercial links (linkspam) into articles. There are probably other reasons as well, or they may just be putting that out for unforeseen contingencies.

If you're really curious, though, you might try to track down User:UninvitedCompany, who originally added the text back in 2003. -Kotra 03:04, 14 May 2009 (UTC)[reply]

Thank you for the clear and detailed explanation - I now have a much better idea of how to translate this sentence. Lloffiwr 12:49, 20 May 2009 (UTC)[reply]

Regarding Interactions with the Projects not covered by this Policy include, but are not limited to, aspects of browsing and editing pages in the section Activities on Foundation projects.

The paragraph is mostly dealing with some ways that the user can voluntarily disclose her own private data. When the user is sending email or creating OTRS ticket, it is obvious that by the very nature of those communications some private data will be disclosed. It is clear, that anonymous editing is one of the the aspects of editing pages, since the IP address becomes public by the very nature of that interaction and becomes publicly available data and therefore not covered by this policy, although they may be covered by some other policies (like that one of the OTRS).

However, I do not to understand the which aspects of browsing may constitute publicly available information not covered by this policy. The policy deals extensively with Web server access logs as well as with privacy implications of certain HTTP features like cookies.

So, the question is, which aspects of browsing the Wikimedia sites are not covered by this privacy policy? I understand that this is just list of examples ("...not limited to...") but my understanding to date that all aspects of passive browsing were covered under this policy.

 « Saper // @talk »  02:04, 20 May 2009 (UTC)[reply]

I've always thought that the disclosure of the realname of a person behind a user account by another user on talkpages or in edit-commentaries, as it happens sometimes in edit-conflicts between users, is a no-no in all Wikimedia projects. However, when looking for written policy, I couldn't find anything about that. Any hint? --Túrelio 08:26, 14 September 2009 (UTC)[reply]

I don't think that a global "anonymity policy" exists for that. The current privacy policy certainly doesn't cover it. However, such edits are allowed to be deleted by Oversight policy (#1) from which I would deduce that they are not allowed in any project. --Tinz 01:26, 16 December 2009 (UTC)[reply]

Thanks. Better late than never ;-). --Túrelio 19:22, 1 January 2010 (UTC)[reply]

What if that information is available in the history of the user's page? Isn't all the material on the user's page history covered by the same content rules that apply to all Wikimedia material?

Sincerely,

Virgilio A. P. Machado

Vapmachado 03:37, 10 July 2010 (UTC)[reply]

I'm not sure if I understand your question correctly. It should not matter whether personal information of a user is disclosed in an article or on a user page. You can ask any Oversight (or Steward, if your project has no oversights) to remove that information. Or do you mean cases in which the user himself has made his own information public at some earlier point? I don't think that a global policy exists for this, but in the projects I know, the wish to become anonymous is respected. The old versions are deleted and other users are asked to respect his wish to "become" anonymous. --Tinz 17:47, 22 July 2010 (UTC)[reply]

Thank you so much for addressing my question. I'll take you and all other readers, particularly my very good friend and member of our mutual admiration society Sir Lestaty de Lioncourt, through a step by step example, to make it easier on everybody, and present a clear case, hopefully without violating anybody's privacy. You are welcome to post your answers right after each question.

Consider Alexanderps.

I would like to know if it is disclosure of private data of another user account without that user permission, to post on one of your own subpages the following:

1) The name Alexanderps uses in his signature, like on this example [3] ?

(You are welcome to post your answers right after each question on the space below.)

2) Space for next question

Sincerely,

Virgilio A. P. Machado

Vapmachado 18:27, 22 July 2010 (UTC)[reply]

Sorry, I don't really like this interview style, it makes me feel like a student about to get outwitted by Socrates :-)

As a former ombudsman, I visit this page from time to time to help in case of problems with the understanding of the privacy policy.

If you think that the privacy policy was broken then you should contact the current Ombudsman commission.

However, your problem doesn't really seem to be related to any violations of the privacy policy (which deals mostly with private information that checkusers have). It sounds more like a problem that you have with other users of pt Wikipedia or maybe with the anonymity policies of ptwiki (which I don't know). In any case, this talk page is the wrong place to resolve these problems. A better way would be to seek conflict resolution on pt-wiki itself. Alternatively, you could probably start a RFC here. Regards, --Tinz 13:57, 26 July 2010 (UTC)[reply]

Thank you so much for your suggestion, according to which this request for comment has been started and announced. As a former ombudsman you must surely know something that might help answer my question. It would be an honor if you were the first to post your comment there. Thanks for your compliment, but it is highly exaggerated. There's no comparison between Socrates and me. I believe that the Socrates you're referring to is dead :-)

Sincerely,

Virgilio A. P. Machado

Vapmachado 23:11, 26 July 2010 (UTC)[reply]

The last edit to this page fixed a typo in the Cookies section (back in October), but this change was never implemented on the Foundation mirror of this site. Is there anyone with Foundation access that can fix this typo (visted -> visited). We received an OTRS e-mail about this (2010010210021971). Thanks. -Andrew c 15:38, 3 January 2010 (UTC)[reply]

 Fixed here. Thank you. - Rjd0060 16:22, 3 January 2010 (UTC)[reply]

This policy doesn't comply with the Children's Online Privacy Protection Act[4]. Shouldn't it say what the policy is towards children? --Aled D 15:26, 14 May 2010 (UTC)[reply]

Let me quote from the article you cite:

"The Act applies to websites and online services operated for commercial purposes that are either directed to children under 13 or have actual knowledge that children under 13 are providing information online. Most recognized non-profit organizations are exempt from most of the requirements of COPPA.[1] However, the Supreme Court ruled that non-profits operated for the benefit of their members' commercial activities are subject to FTC regulation and consequently also COPPA."

Wikimedia is not commercial and not operated for the benefit of their members' commercial activities. Therefore, it seems to me that COPPA does not apply to wikimedia's projects. --Tinz 12:23, 17 May 2010 (UTC)[reply]

I like your privacy policy, but I have two small issues:

"When a visitor requests or reads a page, or sends email to a Wikimedia server, no more information is collected than is typically collected by web sites."

That's not really informative, unfortunately. What is a typical website these days? And what do they (i.e. you) actually collect?

Also, I didn't see any mention of search history. What is your policy with that?

I would say that only technical staff of the wikimedia foundation can answer these questions and I am not sure whether they read this page. All I can say is that the community, including trusted users in special roles like checkusers or stewards, have no access to this kind of information. --Tinz 14:29, 27 September 2010 (UTC)[reply]

(This is just my personal opinion, and may not reflect reality). The average apache webserver log entry looks like:

127.0.0.1 - - [12/Nov/2010:02:25:24 -0400] "GET /w/phase3/index.php?title=Special%3ASearch&search=image%3AExample.jpg&go=Go HTTP/1.1" 200 146 "http://localhost/w/phase3/index.php/Main_Page" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.11) Gecko/2009061212 Iceweasel/3.0.6 (Debian-3.0.6-1)"

It contains the IP address, user name for HTTP authentication (mediawiki doesn't use HTTP authentication for accounts, so normally this is a - regardless of if you're logged in or not), date, the method (GET in 99% of the time), the url, HTTP protocol version (HTTP/1.1 99%) of the time, the HTTP status code (200 is the most common, meaning success. Other common codes are 404 for file not found, and 403 for forbidden), the number of bytes transferred (146 in my example), the referrer (the page where you came from to get to the page you are currently visiting), the user-agent (which web browser you're using. Usually also contains information on your operating system). This is just the "typical" example. Wikimedia servers could be configured differently (not to mention that a large portion of their logs would be squid logs not apache logs). Bawolff 22:18, 12 November 2010 (UTC)[reply]

What is the MediaWiki message which should be used?

The current text suggests MediaWiki:Privacy, which was deleted as "no long required". Besides, the pages in other languages (e.g. French, Portuguese,...) suggests MediaWiki:Copyright, which is also deleted in most projects (e.g. en.wiktionary) with the same reason. Helder 12:50, 21 November 2010 (UTC)