Draft Privacy Policy June 2008/Collaboration (annotated)

The purpose of this document is to outline the privacy policies of the Wikimedia Foundation (see also explanatory material).

Being Active in wikimedia projects – general privacy expectations edit

Several means exist to allow members of the public to interact with each other and with the various projects and the Wikimedia Foundation, on systems whose infrastructure is provided by the Foundation. These include (but are not limited to) browsing and editing Foundation-hosted wikis, use of the wiki "email user" function, subscribing and posting to Foundation hosted email lists, and corresponding with volunteers via the Foundation's ticketing system ("OTRS").


Users may also interact by other means which do not involve storage or holding of personally identifying information by the Foundation, including (but not limited to) privately sent emails, posts on other websites and social networking sites, voice communication and telephone, or in-person dialog, or instant messenger and text chat (including chatting via Internet Relay Chat, or "IRC"; Note that IRC channels are not officially part of Wikimedia proper and are not operated on the Wikimedia server. Although over time Wikimedia users have developed some guidelines regarding what is considered as good behavior on IRC, these are only for reference and cannot be considered as official WMF policies for each channel. By participating in an IRC channel, your IP address may be exposed to other participants. Your privacy on each channel can only be protected according to the policies of the respective channel, which may differ from one channel to another. Different channels have different policies on whether logs may be published. Users on the Channel shoul respect user-generated IRC related guidelines (e.g. IRC guidelines: http://meta.wikimedia.org/wiki/IRC_guidelines) to enhance the quality of the communication.

In general, this policy only applies to private information stored or held by the Foundation. Many of these may reveal your IP address (and possibly other personal information) indiscriminately, when you interact.[1] Users wishing to use private methods of communication should assess the information provided, their understanding of the risks, and their own need for privacy, before using these or other methods of communication.

Private information edit

This policy primarily covers certain personally identifying information collected or stored by the Foundation in relation to the wikis and communities hosted on Wikimedia servers, that is not public upon creation and not intended by the Foundation to be made public, or which (if posted publicly) has been removed to a point where ordinary users and administrators are unable to view it. Examples include IP and other technical information derived from server logs, most OTRS and certain other emails, password and email address settings for a user account on a hosted wiki, and oversighted (but not ordinarily deleted) content. (definition needed - stab taken) [2]

Consistent with the Data Retention Policy, the Wikimedia Foundation collects and retains the least amount of personally identifiable information needed to fulfill the operational needs and legal obligations of the Foundation and counter abuse.

Note that a large number of administrators have the ability to hide, restore and review hidden edits, using a tool known colloquially as "deletion". A public post does not become "private" merely through ordinary administrative deletion, and this policy does not apply to edits hidden by means of ordinary administrative deletion. (By contrast, this policy does apply to correctly[3] oversighted edits.)[4]


Wikimedia projects collected only limited personally identifiable data for a limited period of time. To be more specific, the kinds and ranges of your personally identifiable data may vary according to the different activities you participate in Wikimedia projects. With regard to browsing and editing WMF projects, for example, there are a number of factors that should inform your privacy expectations:

Details of retention of private information – Browsing in wikimedia projects edit

If you only read the Wikimedia project websites, no more information is collected than is typically collected in server logs by web sites in general. Aside from the above raw log data that are collected for general purposes, simply visiting the web site does not expose your identity publicly. The above sampled raw log data may happen to record the IP address of any user, but it is not reproduced publicly.

Details of retention of private information – Editing in wikimedia projects edit

When editing a page on Wikipedia projects, your edits will be identified with your username or your network IP address, and your editing history will be aggregated in a contribution list. You should consider that such information will be available permanently on Wikimedia projects. The kind of information that is available will normally depend on whether you are a logged-in registered user or an "anonymous" user (that is, either a registered user who hasn't logged in, or an unregistered user).
1. Logged in registered users:
When you log in with a pseudonym, your IP address will not be available to the public except in cases of abuse, including vandalism of a wiki page by you or by another user with the same IP address. In all cases, your IP address will be stored on the wiki servers for a period of time and during that time can be seen by Wikimedia's server administrators and by users who have been granted "CheckUser" access.
Your IP address, and its connection to any usernames that share it may be released under certain circumstances (see below). If you use a company mail server from home or telecommute and use a DSL or cable Internet connection, it is likely to be very easy for your employer to identify your IP address and find all of your IP-based Wikimedia project contributions. Using a user name is a better way of preserving your privacy in this situation. However, remember to log out or disconnect yourself after each session using a pseudonym on a shared computer, to avoid allowing others to use your identity.
2. Unlogged-in registered users and unregistered users (a.k.a. "anonymous" users):
If you have not logged in, you may be identified by your network IP address. Depending on your connection, the IP address may be traceable only to a large Internet service provider, or specifically to your school, place of business, or home. It may be possible that the origin of this IP address could be used in conjunction with any information you express implicitly or explicitly by editing articles in a way that allows you -- even as an "anonymous" user -- to be identified by a third party. It may be either difficult or easy for a motivated individual to connect your network IP address with your real-life identity.

Details of retention of private information -- Discussions on talk pages and outside wikimedia projects. edit

For many individuals, browsing WMF projects and editing their content is their primary experience with these projects. But WMF projects have also given rise to many discussion forums, including User pages, Talk pages, email (including mailing lists), and live interactive discussions (such as Internet Relay Chat, also known as IRC). Depending on which type of forum you use, your personally identifiable information may become known to other users in various ways, and the length of time such information may remain available to other users may vary.

Wiki Discussion Pages (Including Talk and User Pages)
Because wikis are themselves designed to promote collaboration, any generally editable wiki page can theoretically be the location of a discussion, but in general discussions on WMF projects occur primarily in the User pages (associated with particular users), in the Talk pages (associated with particular articles) or in pages specially designated to function as forums (e.g., the Village Pump). The primary thing to remember is that discussion pages are essentially wiki pages as well, which means that all the privacy expectations we noted earlier for editing will also apply here. Your participation in a discussion page will be shown and recorded in just the same way that edits relating to a wiki article page are shown or recorded.

Private email
You are not required to list any functioning email address when you register as a WMF project user. If, however, you provide your email address in your User preferences, you can enable other logged-in users to send email to you through the wiki. When you receive an email from other logged-in users, your email address will not be revealed to them unless you respond, or possibly if the email bounces. The email address you put into your User preferences may be used by the Wikimedia Foundation to communicate with you on the (rare) occasions when the Foundation emails users on a wider scale.

If you do not provide an email address, you will not be able to reset your password if you forget it. In such a situation, however, you may be able to contact one of the Wikimedia server administrators to enter a new mail address in your preferences. You can remove your email address from your preferences at any time to prevent it being used.

When corresponding with other users via private emails, your messages and email address may be saved by your correspondents and any email service they use and may remain available to them until such information is deleted.

Mailing lists

If you subscribe to one of the project mailing lists, the email address you use to subscribe to that list will be exposed to any other subscriber. The list archives of most of Wikimedia's mailing lists are public, so your email address may be searchable on the Web, and your address also may find itself quoted in messages. The list archives are also archived by Gmane and other services. You should consider that any email addresses you use, as well as any messages you send to a mailing list, will be archived and will remain available to the public permanently.

Information email addresses

Some email addresses (see below) may forward mail to a team of volunteers trusted by the Foundation to use a ticket system, such as OTRS, to view them and answer them. Mail sent to the system is not generally publicly visible, but is visible to a select group of Wikimedia volunteers. By sending a mail to one of these addresses, your address may become "public" within this group. The ticket system team may discuss the contents of your mail with other contributors in order to best answer your query.

Mail to private addresses of members of Board of Trustees and the staff of the Foundation may also be forwarded to the OTRS team.

Your messages and email address may be saved by members of the respective OTRS team and any email service they use and may remain available to them before they are deleted.

Collection of information edit

Private information may come to be stored on WMF servers or held by the Foundation and its staff and appointees in a variety of ways - as system logs created automatically upon use of the web server, by private account settings or voluntary communications, by public readable posts and activities, by unsolicited submissions, and by information or conclusions by other users that result in edits or actions on a WMF wiki.[5]


In general, this policy only applies to private information stored or held by the Foundation. Many of these may reveal your IP address (and possibly other personal information) indiscriminately, when you interact.[6] Users wishing to use private methods of communication should assess the information provided, their understanding of the risks, and their own need for privacy, before using these or other methods of communication.

public nature of wiki editing edit

[7]Anyone with internet access and who is not restricted from doing so, may edit the publicly editable pages of these sites, and these edits form part of the history of the project. By doing this, you are in effect creating a published document, and a public record of every word you add, subtract, or change. This is a public act, and (to the extent any identifying information exists) you are identified publicly with that edit as its author. All contributions made to a Foundation wiki and all publicly available information about those contributions, are irrevocably licensed and may be freely copied, freely quoted, and freely reused and freely adapted by third parties with few restrictions.

Users should assume that all edits, and most information about the creation of those edits, will be indefinitely accessible and may be read by anyone. Generally only the most recent version of a page to have been "indexed" will be returned when using a search engine. Historical revisions of pages are tagged by the Wikimedia web servers as "not to be indexed or followed" by popular search engines or web spiders, and will soon cease to be shown in many search engines when the page is updated. However they will still be visible via the edit history, and possibly on some third party websites which re-use Wikimedia content or caches outside Wikimedia Foundation control, and searches may show results from those sites as well.[8]

Information routinely collected or stored by the Foundation edit

authorship and edit information
Each edit made and action taken on a project is available in a public history of edits, which also includes authorship information such as user name (or IP address if not logged in), timestamp, and what was changed. This information is also available in filtered forms, such as by user (see user contributions), page edited (see page history), date (see recent changes), or action type (see Special:Logs). You may contribute to public projects without logging in, and such edits will be credited in edit histories to your IP address at the time of editing, a series of four numbers that identifies your internet connection at that time. This information may be retained indefinitely, unless deliberately removed such as in response to a privacy violation or court order.
user accounts
The name you edit under when logged in is chosen by you, at the point of registration. If you choose to be (or become) identifiable, or use a username that you go by elsewhere, people looking you up on the internet may see your username and others' comments and discussion of your editing.[9] Once created, user accounts will not be removed. It may be possible for a user name to be changed, depending on the policies of the wiki to which you contribute. The Wikimedia Foundation does not guarantee that a user name will be changed on request. A registered user who edits both logged-in and logged-out may have their logged-in edits identified with their IP edits by other editors.[10]
user account passwords
Users' passwords are confidential and used to verify your ownership of an account. No person should disclose, or knowingly expose, user passwords.
You may optionally provide a working email address in your user preferences, which allows other users to send email to you through the wiki. This email address will never be made public by the Foundation other than as described below, with one exception - if you yourself send an email to another person using Wikimedia's email-user feature, the recipient will be told your email address (but not your IP)[11] in order that they may reply. If another logged-in user emails you with this facility, your email address will not be revealed to them unless you respond, or possibly if the email bounces.[12] If you reply using your own email method rather than Wikimedia's "email this user" feature, other information may be sent to the recipient - see above.[13] Participation in any Wikimedia hosted mailing lists is outside the email-user feature, and your email address (and for many lists, your comments) will be publicly available if you email a mailing list.
If you communicate with other users or the Foundation via email or other non-public systems, it will usually be assumed that any response may be sent to you the same way, or via your known email address(es), or by the same means used in the past. Replies of this kind will be assumed to be private in delivery to you and upon receipt by you, and may include copies of the original, or past, messages.[14]
IP and other technical information
Every time you visit a web page or send an email, you automatically send technical information to the recipient's web server. This commonly includes request headers, the IP address which the request is sent from, and (for email and some page requests) routing information. Most servers routinely maintain access logs with a portion of this information for operational purposes (as described below),[15] and when you request or read a page, or send an email to a Wikimedia server,[16] no more information is collected than is typically collected by web sites in general. The Wikimedia Foundation may keep the raw logs, but these will not be published or used to track legitimate users.
When you edit (either logged in or not), the server confidentially stores this information for a limited period of time. This information is automatically deleted after a set period. When you edit without logging in, the IP address used is publicly and permanently credited as the author of the edit. Depending on your connection, this address may be traceable only to a large Internet service provider, or specifically to your school, place of business, or home. It may be possible for a third party to identify you from this IP address in conjunction with any other information available. Logging in allows you to better preserve your privacy in this situation.[17]
The sites will set a temporary session cookie on your computer when you visit the site. If you do not intend to log in or edit, you may deny this cookie. It will be deleted when you close your browser session.
More cookies may be set when you log in to maintain your logged-in status. If you choose to save your user name and password on your terminal, that information will be saved for up to 30 days, and this information will be resent to the server every time you visit the same wiki. If you are using a public machine and do not wish to expose your user name to future users of the machine, you may clear these cookies after use.

Other information which may be stored or held:

other information [18]
As part of site operations, various information may be stored or held, including but not limited to information needed to process emails between users, information needed to maintain accounts and email lists, information provided or being used to address problems or facilitate development, information temporarily held in web server caches or other temporary storage, system and data backups, system and other activity logs, self-identification provided to the Foundation for the purpose of being granted access to restricted software tools, edits by others that relate to you or to your editing, and self-disclosed and voluntary information provided by you.

Uses of "private" information edit

Private and potentially personally identifying information (as described above) is kept and used by the Foundation and selected volunteers, for a variety of purposes, including:

  • To identify (where applicable), investigate, address and respond to breach of terms of use, misuse of the wikis, complaints, and third party communications:[19] A number of mechanisms exist to prevent or remedy abusive activities in WMF projects, and to resolve queries, third party inquiries and complaints, disputes, and other matters. For example, when investigating abuse of a wiki or the blocking of a user, including the suspected use of malicious "sockpuppets" (editorial abuse)[20], vandalism, harassment of other users, or disruption, private information may be used by authorized users, to help identify and investigate the likely source(s) of prima facie abusive behavior.[21] They are also used on occasion, to examine (and try to resolve) more significant user disputes and other concerns, communications, and complaints.
  • To provide site statistics: The Foundation statistically samples raw log data from users' visits to produce site statistics. The raw log data is not made public.
  • To solve technical problems or improve server and site performance: Log data may be examined by developers and others delegated by the Foundation, for maintenance and development purposes.[22]

WMF Policy on data retention, access to, and release of private data edit

The Wikimedia Foundation will not sell, share, or release [23] private information such as email addresses with any third parties, unless it meets one or more of the criteria in this section.[24]

non-public information
Certain users often have access to private information (in the sense of the above definition). These may include, but are not limited to, users who have access to OTRS, or to the Checkuser and Oversight functions, mailing list administrators for hosted mailing lists [25](see note - seems accurate but would have implications), users with access to certain non-public wikis (typically used for administrative and operational collaboration) [26] (likewise need to check), users elected by the editing communities to serve as stewards, Wikimedia Foundation employees, trustees, appointees, and contractors and agents employed by the Foundation, and developers and others with high levels of server access.[27] Access to and publication of this information is governed by the Access to nonpublic data policy, as well as specific policies covering some of the functions in question.[28] All users who have privileged access to nonpublic data must use such information with care and only for the wellbeing of the Wikimedia projects.[29] It is the policy of the Foundation that personally identifiable data collected or stored may be released under the following situations. Distribution to other users authorized to access private information and no other persons, is not considered either "public" or "release".[30] This should generally be done with a view to reducing the amount of private information disclosed[31]:
  1. In response to a valid subpoena or other compulsory request from law enforcement.[32] As a general principle, the access to, and retention of, personally identifiable data in all WMF projects should be minimal and should be used only internally to serve the well-being of the projects. Occasionally, however, the Foundation may receive a subpoena or other compulsory request from a law-enforcement agency or a court or equivalent government body that requests the disclosure of information about a registered user. On such occasions, the Foundation may be compelled by law to comply with the request. In the event of such a legally compulsory request, the Foundation will attempt (if legally permitted[33]) to notify the affected user within three business days after the arrival of such subpoena by sending a notice by email to the email address (if any) that the affected user has listed in his or her user preferences. If no email address is set, then it is possible you may not be informed in the event that such a request is made.[34]

    If you receive such notification, the Foundation cannot advise you regarding the law or an appropriate response to a subpoena. The Foundation does note, however, that you may have the legal right to resist or limit that information in court by filing a motion to quash the subpoena. Should you wish to oppose a subpoena or other compulsory requests, you should seek legal advice concerning applicable rights and procedures that may be available. If the Foundation receives a court-filed motion to quash or otherwise limit the subpoena as a result of action by you or your lawyer, the Foundation will not disclose the requested information until Wikimedia receives an order from the court to do so.

  2. With permission of the user who will be affected. (In the case of a user who is a minor, with permission of the user or a person confirmed to be their parent or legal guardian.) [35]
  3. To the chair of Wikimedia Foundation, the Foundation's legal counsel, or the chair's designee, when necessary for investigation of abuse complaints[36]
  4. Where the information pertains to page views generated by a spider, bot, or other automated process,[37] and its dissemination is necessary to illustrate or resolve technical issues.
  5. [38] Where there is good cause to believe a user or account has interacted in a disruptive or problematic way, or is associated with disruptive, problematic activity,[39] data may be released (or the relationship between an IP editor or user account with another user account may be disclosed[40]) in order to inform discussion, assist in the targeting or explanation of IP blocks,[41] reduce further disruptive activity,[42] or in exceptional cases, assist in the formulation of a complaint to relevant Internet Service Providers, businesses, organizations, schools, and the like, who handle complaints about the internet connection(s) in question.[43]
  6. Where it is reasonably necessary to protect the rights, property or safety of the Wikimedia Foundation, its users or the public.
Wikimedia policy does not permit public distribution of such information under any other circumstances.
removal of content [44]
In some cases specific revisions can be hidden ("deleted") from public view, for example if there is a significant breach of this policy or by court order. Note that hiding is not guaranteed in any given case, and that especially, disclosures facilitated by your own edits, or examination and discussion of concerns in your editing, may not be removed, or only removed to a limited extent. Individual wikis may also have their own guidelines and decision-making process governing this.
Administrators and a number of other users have access to certain deleted content. Some deleted content may be made available for good cause, whilst extreme types of deleted content correctly[3] removed under oversight policy will usually not be released other than under the exceptions above.

Disclaimer edit

The Wikimedia Foundation holds that maintaining and preserving the privacy of user data is an important value. This Privacy Policy, together with other policies, resolutions, and actions by the Foundation, represents a committed effort to safeguard the security of the limited user information that is collected and retained on our servers. Nevertheless, the Foundation cannot guarantee that your user information will necessarily remain private. We acknowledge that, in spite of our committed effort to protect private user information, determined individuals may still develop various data-mining and other methods to uncover such information and disclose it, or that enforcement despite our efforts may not on every occasion meet perfection.[45] For this reason, the Foundation can and will make no guarantee against unauthorized access to any information you may provide (voluntarily or otherwise) in the course of participating in or communicating or interacting with the Foundation, projects, or their related communities and users.[46]

Notes and comments edit

  1. A main risk for many side-methods of communication.
  2. A policy about "private information" and "privacy" needs to state with reasonable certainty, what's to be considered "private". It seems the criteria in simple terms is roughly 1/ it wasnt public and wasnt intended to ordinarily be public, or 2/ it was public but got oversighted or developer-removed. Caveat: IANAL.
  3. a b "Correctly oversighted", so that we can revert incorrectly oversighted edits if any, without problem.
  4. Admin deletion (not to be confused with oversight) does create "non public material". We need to be clear this kind of thing isn't what is meant by "private information" that needs special reason to restore to the public record.
  5. How do we get private information?
  6. A main risk for many side-methods of communication.
  7. Sums up the "historic record" and "publishing" sections of the original, and adds to it specific important information.
  8. More detail on the privacy issues due to searchability of public edits even if later revised, and history revisions - both important.
  9. Extremely important and a common problem with users who "just dont get the point" and run foul of poor collaboration or pov pushing etc. users must be informed of this.
  10. Another common privacy "trap" that users often complain about and hadn't realized.
  11. Worth noting, as users will not know this and may have concerns.
  12. Bounce issues are important.
  13. Informs users that "email this user" replies, and "webmail or email client" replies, may not be the same as regards privacy, and private reply means do not have any privacy policy aspect.
  14. Needed and not in current draft - to ensure good-faith email replies to OTRS or other emails, can't accidentally be breaches of privacy.
  15. Don't need to say "for statistics" here; we say elsewhere what this data is commonly used for.
  16. Omitted - http/https is not the only way people may send headers and computer information to WMF servers. Email is a major mode of communication too.
  17. Much simpler and to-the-point.
  18. Omitted from the original.
  19. Private information is used for many distinct and important purposes that are not mentioned in previous drafts.
  20. Better description.
  21. It may not always be abusive. It may simply initially seem prima facie abusive, which is enough to look into it.
  22. Improvement was omitted; irrelevant examples of one kind of problem out of many, has been removed.
  23. "Share" may seem different from "release" to a lay-person. Release is more stringent. Good to clarify this by adding "or release" as well.
  24. We list below the exact reasons when it may be made public, so "with permission of affected user" and "by court order" are both a bit redundant as both are in that list anyway. Plus highlighting them that way in the header text, may suggest an interpretation they don't have. This statement is now accurate.
  25. A person who subscribes to a mailing list may give an email address even if they do not post and their intention is to merely read. Is the list of email addresses on the server (as opposed to actual emails sent) "private" information in the sense of this policy? Specifically, is a list administrator permitted to publicize the list of subscribers and their email addresses for any mailing list at will, or state "X [optionally: with an email address of Y] is a subscriber to this list"? What if under "subscription" they gave a real name, on the basis they would never send an email to the list and the subscription information was non-public? If so, we need to clarify; if not then we need to consider if list admins are bound by non-public data policy and this hasn't been considered...?
  26. Ditto.
  27. List of who ("included but not limited to") may have access to private information. Again, comprehensive but much shorter.
  28. All that needs saying on this. makes clear other policies exist.
  29. Access, usage and publication are three different things.
  30. Clarifies that information passed from OTRS to a trustee, or between the Board and an oversighter, or between checkusers, is not a problem.
  31. General good practice statement.
  32. Essentially copied from original draft.
  33. We cannot guarantee to "attempt" in this case, since the law may in some cases require us not to notify the user of the investigation.
  34. Wording is carefully chosen here. It ensures we do not tie ourselves down to what we would do, if we don't have an email address. In some cases we may have other means of communication, in other cases we won't.
  35. Second part (minors) is new. If a minor corresponds with OTRS or makes a post on the wiki, or we email a user and it turns out to be a minor and intercepted by a parent or guardian. I'd hate to see us telling a parent that we cannot inform or discuss any aspect of their minor child's suicide email, vandalism case, or household IP global block, with them. Whilst minors need privacy protection too, are there exceptional circumstances where (as for legal matters) we wish to allow ourselves to discuss a matter with a legal parent or guardian? Perhaps one whose net connection was used? We probably need to be able to give relevant information related to a minor, with permission of their parent or legal guardian. The status as parent or guardian should actually be confirmed and not merely claimed or believed, since release on another person's say-so is a serious act.
  36. Remove "for abuse investigation". Users who feel there may be a serious problem, need a blanket permission to at least tell the chair, or legal counsel, even if they can't tell anyone else. Ant: I put it back. There is no implication that the user should ask permission from anyone else. And it is best to limit risks of abuse from chair or legal counsel.
  37. "bot" is ambiguous. Could mean wiki bots only. "Or other automated process" clarifies. Perhaps "or similar automated process" if needed.
  38. This section has a number of important clarifications based on experience in dispute resolution problems. The wording is careful.
  39. (a) We don't "know" a user is disruptive. That's an objective legal statement that requires a legal standard of proof to assert and support if challenged. What we do know is, they are believed with good cause to be acting in a disruptive way, or their usage is somehow associated with other usage that is interacting in a disruptive way. That much is users' judgement and is able to be supported where the current wording (if it was legally required to be supported) usually cannot be.
  40. (b) Although implied in "data may be released", this is the most common practical issue for checkusers - if you have a sock case with both IP and account activity, comprehensive action or an 8-ball answer on-wiki will often tie the two together, and if it involves two accounts, the underlying IP may at times become disclosed in the course of performing an IP block. This comes up often enough and although accepted under "data may be released to target IP blocks", disruptive users are not sufficiently informed that the expression may mean that the connection between IP and account may still become identifiable from block logs or checkuser "8 ball" answers. An explicit statement here would be sufficiently helpful in reducing dispute handling problems, to merit the slight redundancy.
  41. (c) Data may be released to assist in the targeting of IP blocks (the current wording) includes in a number of cases explaining what is going on to administrators, so blocks may be targeted. As above, an explicit statement here would be sufficiently helpful in reducing dispute handling problems, to merit the slight redundancy.
  42. (d) Disclosure may not always "prevent" disruption, an equally valid aim is to "reduce" it.
  43. (e) We may need to contact other persons than ISPs - for instance a school or business' IT manager, if their system is being used for disruption. Worded carefully so that as far as possible this is tied down and can't be taken to mean any minor incident, or any random oppressive authority.
  44. A section on non-public information and privacy needs to comment on a few last things here - 1/ information about removal of breaching content, 2/ that normal admin deletion merely hides from public view, and 3/ not everything in practice may be removed.
  45. Didn't cover this.
  46. Disclaimer updated to highlight the exact risk and emphasize more carefully, "WMF can and will make no guarantee", and the risk areas in the last sentence.