Policy talk:Privacy policy

Archives: See Talk:Privacy policy/archive for all comments made before the policy was approved by the Board in April 2005.

• "However, you may contact one of Wikimedia developer to enter a new mail address in your preferences."
  • "one of Wikimedia developer" -> "a Wikimedia developer" or "one of the Wikimedia developers"
  • It may be difficult or impossible for a developer to verify that the person making the request is the person who uses the account, so I suggest rewording to: "However, you may contact a Wikimedia developer and request that they enter an email address in your preferences." and some note to the effect that the request may be refused if there is suspicion.
• "By participating to an IRC channel" -> "By participating in an IRC channel"
• "publicaly" -> "publicly"
• "agregated" -> "aggregated"
• "Many aspects of the Wikimedia projects community interactions" -> "Many aspects of Wikimedia projects' community interactions"
• "or it required by law to release the infomation" -> "or it is required by law to release the infomation"
• "Only a developer can permanently delete information from the Wikimedia projects and there is no guarantee this will happen except in response to legal action."
  • suggest changing "except in response to legal action" to "unless it is legally required", as anybody can perform legal action, whether or not their complaint is valid.

-- Jeronim 18:09, 10 Apr 2005 (UTC)

You can make the minor changes at Privacy policy. These will be moved to the foundation wiki version once the page here stabilizes. The aim of making it "official" was to encourage people to actually look at it and comment on it since it's been basically ignored for months, not to prevent anyone making edits to the page. Angela 20:59, 10 Apr 2005 (UTC)

The description of what an IP is is both inappropriate here (overly-complicated - 'a number' will suffice, writing it as a dotted-quad is wholly optional) and IPv4-specific, whereas IPv6 support is likely to be forthcoming. Better to fix this now, i.e.:

"[...] your network IP address. This is a series of four numbers which identifies the Internet address [...]"

→

"[...] your network IP address, a number which identifies the Internet address [...]"

Also, the statement about your IP being displayed to all users in IRC is misleading.

"[...] By participating to an IRC channel, your IP address will be exposed to other participants. [...]"

→

"[...] By participating to an IRC channel, your IP address may be exposed to other participants. [...]"

James F. (talk) 20:58, 10 Apr 2005 (UTC)

Once created, user accounts can not be removed.

Yes they can, you probably meant to say "won't". —User:Ævar Arnfjörð Bjarmason/Sig 00:53, 11 Apr 2005 (UTC)

Indeed, though there are several places where it is said quite explicitly that there is no chance of this happening, so we might want to make it a little stronger than "won't". Perhaps "user accounts will never be removed"?

James F. (talk) 00:55, 11 Apr 2005 (UTC)

I have a concern about committing to that clause in the very long term. I put it at Talk:Right to vanish but maybe should have posted it here. Any thoughts? Rossami 23:03, 12 Apr 2005 (UTC)

"data collected in the server logs will not be released ... except as follows: ... Where the user has been vandalising articles or persistently behaving in a disruptive way, data may be released to assist in the targeting of IP blocks, or to assist in the formulation of a complaint to relevant Internet Service Providers"

Developers are often asked to check whether two users are the same person. Does the privacy policy allow this currently or should it be more explicit about this? Angela 14:13, 11 Apr 2005 (UTC)

I think that that's sufficient; I looked over the text with CheckUser et al. in mind, and I think it's enough.

James F. (talk) 17:49, 12 Apr 2005 (UTC)

However, remember to disconnect yourself after using a pseudonym to avoid allowing others to use your identity.

This sentence seems a bit confusing to me. (Disconnect yourself? From where? Do you mean "log out"?) And, is it a good idea to add such general advice to a page stating policy, anyway? --Mormegil 18:47, 16 Apr 2005 (UTC)

If you contribute to the Wikimedia projects, you are publishing every word you post publicly. If you write something, assume that it will be retained forever. This includes articles, user pages and talk pages. Some limited exceptions are described below.

Does this include images and audio? or am I being too pedantic.

¿Shouldn't be said to the President of WMF instead of To Jimbo Wales? --Ascánder 17:14, 30 Apr 2005 (UTC)

Wouldn't it make more sense for it to refer to the Board than either of those? Angela

Agreed. And that was my question: why the other four at the Board isn't eligible to access this sort of infromation? --Aphaia++ 12:16, 5 November 2005 (UTC)Reply

I get a 404 when I click on the site statistics pages link in the Private logging section. Js-js2 01:55, 10 May 2005 (UTC)Reply

I am not sure I understand the meaning of this:

Data on users, such as the times at which they edited and the number of edits they have made are publicly available via "user contributions" lists, and occasionally in aggregated forms published by other users.

I'm sorry but I have no login and I just saw a little mistake : In the party "Sharing information with third parties" the last "information" has no "r". Cheers :)

Once I logged on otrs, on preferences I found some info-xx addresses which aren't described at this document. like info-fr Those addresses are also better to be listed here? Or they are in fact still dormant? --Aphaia | Translate Election | ++ 23:56, 25 Jun 2005 (UTC)

As far as I know Mediawiki does not store users' password, it merely stores password hashes, from which actual passwords can not be recovered. Privacy policy should state this so user can be concerned about more important matters. --195.113.65.10 14:55, 29 Jun 2005 (UTC)

I think we should have a good community discussion to review our privacy policy with an eye towards revising it in order to allow some limited additional access to our access logs for credible academic researchers who are willing to sign a strong non disclosure agreement.

This sort of data is of intense interest to researchers -- I am getting more and more requests for it -- and I think that the results of the research would be incredibly helpful to our global mission. We make a lot of decisions based on our own theories of how the community really works, but I wonder what facts about ourselves we don't realize because they are lost in the data.

--Jimbo (on Foundation-l, 9 August 2005)

According to the "account creation / log-in" form, Wikipedia will never release our email addresses to anyone. However, according to "Sharing information with third parties", Wikipedia will accede to a subpeona, warrant, or other legally required request.

Since all email addresses from before the privacy policy existed were gathered on the promise that they would "never" be released, wouldn't it be unethical (or perhaps a breach of contract, etc.) to release them simply because of a legal requirement? This privacy policy seems to retroactively redefine the terms under which Wikimedia is allowed to release my email address, which I am *very* uncomfortable with.

It comes down to common sense: Wikimedia does not have an army to stop the authorities from seizing a server and getting the email address themselves. Would you say that it's unethical to release an email address when all that refusing will achieve is legal escalation and having the server confiscated? -- Jeronim 21:55, 24 August 2005 (UTC)Reply

Definately let authorities come and seize it .... at least wikimedia Foundation wouldn't have co-operated like google has done in China, and because of that someone who spoke their mind freely is in jail now for 10 years!

In a western country google would have refused and made a courtcase out of it. But 1 billion chinese consumers are to big of a lure. Google publically admitted they have provided the data. For me it is also a personal thing. Would you feel it is right if I would be arrested because I protested the dictatorship in Thailand on a talkpage? And Thailand is developing in a dictatorship unfotunately which is what is worrying me. And I am disappointed in google and yahoo and other big sites who co-operate much more with governments like the Chinese one than they have to. Just follow the news on this subject. Basically China has succeeded in censoring the internet for its citizens. Even wikipedia does selfcensorship to appease Beijing. And other Asian countries and governments are following the developments and want to implement it in their own countries. Like Thaksin here in Thailand, so I say resist. Waerth 17:06, 13 September 2005 (UTC)Reply

I find it confusing that translations and other suggestions happen at the same time. Translations make comment from everybody easier, but surely we want to translate the finalised version? When will we know the official version? --Alias 08:20, 5 October 2005 (UTC)Reply

This line in the Wikipedia privacy policy ..."# To Jimbo Wales, his legal counsel, or his designee, when necessary for investigation of abuse complaints." ... seems like a potentially large error to me? I think it should reference the Wikimedia Board or designee, not Jimbo. Jimbo Wales, Wikimedia Trustee, Chief of the Board, or similar title might be ok. It is my understanding that the laws in the U.S. which provide protection between corporate responsibility and personal responsiblity depend upon the Corporation or NGO being managed in accordance with Laws and the charter. Courts have found that individuals and officers managing or abusing organizations for their own purposes or as their own property can be held liable personally (personal assets are at risk) for mistakes that made in managing the organization. If Wikimedia has access to legal talent pro bono or has funds to pay for legal expertise then I think it would be a wise investment to consult a lawyer regarding this issue. user:lazyquasar

It seems unusual to explicitly name an individual in a document of this sort. More usual would be to name a role for which he was the current incumbent or owner

--BozMo 20:21, 1 November 2005 (UTC)Reply

I think both the Wikipedia and the hopefully impending Wikiversity could benefit by meeting all requirements for self certification according to USA/EU "Safe Harbor" agreement regarding the handling of private information. Both projects are global in nature so the sooner we are in full compliance the less risk we are exposed to and the less likely we are to encounter impacts or cause others harm from unfortunate errors or misunderstanding.

• http://www.export.gov/safeharbor/
• http://www.export.gov/safeharbor/sh_overview.html
• http://www.export.gov/safeharbor/FAQ1sensitivedataFINAL.htm

w:user:lazyquasar

While browsing a site using the Wikimedia software a few years back I encountered my wikipedia account name "mirwin". At the time I had already lost access to my password via crumbling of personal IT infrastructure just as I had requested a new password be sent to me. As a result I could not verify that the account was initiated by being embedded somehow in the initialization and source files in a sourceforge download rather than merely being a cooincidental duplicate. At the time the English Wikipedia had less than 40K articles so I hope my suspician that somehow account information was erroniusly propagated with the source software or a database dump. I acknowledge that it is very possible that it is merely another person using the account handle, mirwin. If a developer wishes to pursue this please let me know, I can probably find the site with a few hours of effort. I do not wish to bother if there is no concern that this is a potential problem or no developer currently wishes to pursue tracking down, correcting, or auditing our procedures to avoid this. w:user:lazyquasar

I remember an editor called mirwin on en, and in particular on meta. It was very likely not you. But it was an account with a valid editor anyway. Anthere