Talk:Privacy policy/Archives/2006

Possible problems


Kate ( ) might be considered a breach of policy §7 Privacy_policy#User_data which states : Data on users, such as the times at which they edited and the number of edits they have made are publicly available via "user contributions" lists, and occasionally in aggregated forms published by other users. Kate is not an other user but a tool displayed on a website owned by the Wikimedia Foundation. Kate is not an "occasional" publication, but a systematic tool available 24 hours a day, and providing informations on all users, not a smaller set of users selected on a particular occasion. The "disclaimer" section on Kate's main page seems to be the result of an inaccurate reading of the above mentioned §7. Kate is a controversial tool : see en:Wikipedia:Editcountitis for further reading.--Theo F 10:36, 4 January 2006 (UTC)

Can't see a problem here. Kate's & Interiot's tools don't publish anything that isn't in MediaWiki's user contribs. If there were external aggregation tools doing the same thing by connecting to Wikipedia & parsing it's HTML output - that wouldn't be a violation. So, why it's a violation when it's done by querying databse directly? And don't forget, these tools are extremely useful for teacking sockpuppets and evaluating user's contributions during RfA's. MaxSem 18:34, 4 March 2006 (UTC)


According to Wikizine #6, Special:unwatchedpages gives a listing of the first 5000 pages that are not on someones watchlist. It is a static list updated regularly (hopefully). This is only for "users with protect permission". Sysops have access. Seems to be live on all wikis.source. That means that this tool is spying, on a regular basis, users' watchlists and transmitting data from the users' watchlists to the sysops. That means that the Wikimedia Foundation allows itself to spy on data supposed to be protected by a password. In order to build a trusting relationship with the Wikipedia users, the Foundation should clearly renounce such intrusive behaviour. A motto « Wikipedia is not GMail » is mostly welcome. See en:Gmail#Privacy for further reading.--Theo F 10:36, 4 January 2006 (UTC)

This is true: Wikipedia is in breach of privacy policy --anon 11:14, 5 January 2006 (UTC)
That's a bit inaccurate, at least in my opinion. In order for that page to be a breach of policy, it has to provide information that can track down a particular user; this tool provides an aggregate report, and does not contain any information that could be used to identify a particular user, so there is no breach of policy there. Titoxd 20:44, 3 March 2006 (UTC)
If all users but one share together which pages they watch, and use the aggregated data, they can make a substraction and find out which pages are watched by the remaining user. When a page never watched before suddenly becomes watched, you could have a look at the list of newly created accounts and make the hypothesis that the newly watched page is being watched by the user who just created a new account.
More generally, when a landlord rents a flat, he should not keep a key and enter the flat without the tenant's consent. By the same token, when you give somone an account with a password, you should not enter this password-kept area without the password holder's consent.
IMHO, this feature should be available on an "opt in" basis only. Theo F 10:32, 4 March 2006 (UTC)
That reasoning contains one major flaw: to be able to figure out the pages that a user watches, you first need to know the pages that every other user watches, which is not revealed anywhere. Besides, this is a server-side feature, data of who watches what page is never transmitted to a sysop, nor a sysop can in any practical scenario derive the information. Titoxd 22:19, 4 March 2006 (UTC)
If all the other users organize a tea party, and during this tea party decide to share their watchlists, they can perform the substraction and extract what the remaining watchlists contain. I think the trend of accessing data which are by nature private, without the account holder's knowledge, without the account holder's consent, is not a good trend. The owner of the account should be told how his data are going to be processed, and for which purpose, so that he can quit, or simply renounce to open an account, if he disagrees with the purposes of the data processing. If the landlord wants to keep a key and enter the flat every time he wants, that should be written on the rental agreement. Theo F 09:04, 7 March 2006 (UTC)
The thousands of them?! You must be kidding. This could be realistic only in small wikis where only tens of users actively participate and watch the pages. ACrush ?!/© 16:51, 18 April 2006 (UTC)

Interiot count edits [1]

This new tool raises the same questions as Kate (see above) Theo F 11:54, 3 March 2006 (UTC)

Ip address logging of logged in users

Does Wikipedia keep a log of ALL IP addresses ever used by a user for admins/sysops, developers or other officials?

I would hope only the most recent one gets "logged"/"tracked", otherwise this could potentially reveal a lot of personal information to the right kind of person.. (and let's not pretend that a sociopath can't become an admin, psychotics can pretend to be quite nice sometimes.) -- 11:14, 5 January 2006 (UTC)

These data are only stored for one week, so edits made prior to that will not be shown via CheckUser says CheckUser Policy. I don't know if that means that prior edits could be available through other means. --Theo F 14:28, 5 January 2006 (UTC)

Danish translation

Here is the Danish translation, could it be added to the list of languages?

It should be named Beskyttelse af personlige oplysninger.

OK, done. McDutchie 03:26, 28 February 2006 (UTC)

Lack of COPPA

My name is Daniel. I'm 10. I like reading and especially like Harry Potter books...

I am not a lawyer, but I think we may need to include COPPA checks and disclaimers. Wikimedia Foundation has "actual knowledge" that children under 13 are providing personal information (e.g., email addresses) when using the site or registering an user account. I am not sure how the non--profit status of WMF plays into this, but NASA and LiveJournal are doing the same.

Thanks, GChriss 19:15, 19 February 2006 (UTC)

This looks like a good suggestion. Not only the United States have laws about privacy. Most European Union countries, and Switzerland do. Wikipedia should provide ways to make Wikipedians comfortable with the privacy standards used in their home country. Theo F 12:18, 3 March 2006 (UTC)

Private logging

There is a link in there (second paragraph) which links to even though that is an invalid link. It's quite confusing when it happens on an 'official' page like it has. I'd fix it if I knew where it was supposed to link to...

Blocking robots from harvesting IP of anon contributors

Does anyone else think it would make sense to block search engine and archive bots from harvesting Talk: pages? This would prevent anonymous contributors from being "unmasked" by employers etc from IP address using a simple Google or Internet Archive search, but wouldn't stop abusive users being tracked by the Admins here (and since Wikipedia keeps its own archives anyway, nothing would be lost). I think you could block the talk pages easily enough with the line: Disallow: /Talk: ... in the "robots.txt" file.

The existing "robots.txt" seems to cover "edit" and "history" pages anyway: "# Friendly, low-speed bots are welcome viewing article pages, but not

  1. dynamically-generated pages please."

... but if these get harvested too then I'd argue for them being blocked in the same way.

I know that hiding your IP address is one of the "perks" of registering, but I for one didn't even know what an IP address was twelve months ago - it doesn't seem fair to penalise the less technologically minded contributors. An increasing number of sites are considering IP addresses pseudo-personal information. I can't think of a single other site that publishes users' IP addresses the way Wikipedia does, and this seems crazy considering the site's excellent privacy policies on usage logs.

On a related note, can formerly-anonymous users "reclaim" anonymous posts when they've registered (so their IP address gets replaced by their username)?


Here [2]. "can not" should be "cannot"

Update to account for CheckUser access

The Privacy policy at Wikimedia:Privacy policy is now out of date, since it precedes the large scale use of "CheckUser" and claims only "developers" have access to the IPs of logged in users.

I am suggesting a revised version at User:Angela/Privacy policy (see [3] for a diff from the current version).

The main changes are to these two paragraphs:

"IP addresses of users, derived either from those logs or from records in the database are frequently used to correlate usernames and network addresses of edits in investigating abuse of the wiki, including the suspected use of malicious "sockpuppets" (duplicate accounts), vandalism, harassment of other users, or disruption of the wiki."
"It is the policy of Wikimedia that personally identifiable data collected in the server logs, or through records in the database via the CheckUser feature, may be released by the system administrators or users with CheckUser access, in the following situations:"

I intend to propose that the Board accept the new draft as official policy, but would appreciate feedback or further improvements before then. Please add comments below.

Thanks. Angela 13:18, 14 April 2006 (UTC)

I am happy with the changes. Others' thoughts?
James F. (talk) 13:35, 14 April 2006 (UTC)

Good idea Angela. Could we check with Brad what he thinks of the overall policy ? Anthere

As a frequent user of CheckUser, I think these changes are reasonable and properly reflect the way the tool is used today. Please note that on enwiki we tend to interpret "behaving in a disruptive way" to mean a significant and sustained violation of local wiki policy in such a manner as to make relevant the fact that two or more accounts are being used by the same individual ("sockpuppetry"). The information to be revealed is limited to an estimate of the likelihood that such a situation exists, based on the totality of the evidence, and a credible case for the allegation of sockpuppetry must exist before a check is performed. (In other words, no fishing expeditions.) Furthermore, on enwiki, we (those of us with CheckUser privileges) have agreed not to release anything other than conclusory statements about an investigation. Inadvertently discovered sockpuppets or other "interesting" facts about editors are not to be revealed except when relevant to the conclusion that an editor is being abusive or disruptive.
The other use made of CheckUser is to assist in the process of identifying and blocking open proxies. There is a particular editing quirk that we've learned is associated with certain types of open proxies; when we find that quirk it is normal to run a CheckUser to determine the origin of the quirky edit and block the originating IP (or IP range, in certain cases). I generally do not announce the identities of the accounts using such proxies unless there is evidence of disruption in addition to the quirky editing behavior. It is my opinion that this usage of CheckUser is consistent with the proposed policy; if it is not, I would strongly urge that the policy be amended to permit this sort of security management activity as it has done a great deal to cut back on open proxy abuse on enwiki. Kelly Martin 04:04, 15 April 2006 (UTC)

I think that de User Elian has used CheckUser in an abusive way by checking assumed sockpuppetry of Dr. Volkmar Weiss who has not shown "behaving in a disruptive way". German wikipedia has no clear rules for sockpuppetry but the criteria for CheckUser (mainly deception in votings) were not fullfilled. CheckUser should be used more cautiously -- 03:08, 28 May 2006 (UTC)

Deleting content

Quote "Only developers can permanently delete information from Wikimedia projects and there is no guarantee this will happen except in response to legal action."
Wow. Rather severe. I understand no one is obligated to delete anything from an edit history except under legal action, but I hope you don't have to resort to legal action in most of these cases. I know some cases which should be open and shut and the contributors' request should be fulfilled. Cases where a contributor in her/his early days disclosed some personal information on a Wikipedia article talk page but later regretted it; removed it; but the information remains in the history. The information is not needed for any legal or Wikipedia purposes---if I were to request the deletion of such information from such an article talk page's history, I'm hoping it can be done without "legal action". Any thoughts? And how can one contact such a developer to make a request (of course, while logged in or via email)? 04:51, 8 May 2006 (UTC)
This is outdated. Some users have oversight, which means they can delete revisions for such reasons as posting personal details and the like. 06:35, 18 June 2006 (UTC).
Oversight is not deletion; it's hiding. Truly permanent deletion still requires a developer's assistance. Kelly Martin 06:42, 18 June 2006 (UTC)

Data on users

I am not sure I understand the meaning of this:

Data on users, such as the times at which they edited and the number of edits they have made are publicly available via "user contributions" lists, and occasionally in aggregated forms published by other users.
Some user make 'aggregators' available for various purposes - such as Interiot's edit counter, which collates information from your 'user contributions' to give details of how many edits you've made, what months they were in and so on. Cynical 11:35, 21 May 2006 (UTC)

Password integrity? Without SSL?

On passwords, the policy says, "Many aspects of the Wikimedia projects' community interactions depend on the reputation and respect that is built up through a history of valued contributions. User passwords are the only guarantee of the integrity of a user's edit history. All users are encouraged to select strong passwords and to never share them. No one shall knowingly expose the password of another user to public release either directly or indirectly."

How can passwords possibly be secure, and total proof of a user's identity, when the passwords are sent unencrypted over the internet, allowing for any Eve who gets between a user and the login server to impersonate said user. And why should I choose a secure password, when using a secure password on Wikipedia might compromise the security of that same password being used on a secure, encrypted login? If password integrity is so important, why not use SSL?

- Armedblowfish 11:02, 15 June 2006 (UTC)

  • you should use secure wikipedia and wikipedia logins should always be done securely, this is a major failing of wikipedia and wikimedia

removing unused accounts

see en:Wikipedia talk:Delete unused username after 90 days, passing this would require an amendment to the policyy. 01:08, 27 June 2006 (UTC)

"Whether specific user information is deleted is dependant on the deletion policies of the project that contains the information." 'Dependant' should be 'dependent' — The preceding unsigned comment was added by (talk)

ofense to my nation...

i would like to lock the info specified below because as an istanbulian everyday i have to re-correct it

{{Infobox Settlement |official_name=İstanbul |settlement_type= |established_title= Founded |established_date=667 BC as Byzantium |established_title1=Roman/Byzantine period |established_date1=AD 330 as Constantinople |established_title2=Byzantium period |established_date2=until 1453 named as Constantinople and various other names in local languages |established_title2=Ottoman period |established_date2=starting from 1453 named as Istanbul by Ottoman Empire |established_title3=Turkish Republic period |established_date3=Istanbul since Ottoman Empire

OTRS team or voluneteer team

About mailing lists:

Some email addresses ... may forward mail to a team of volunteers ... to use a ticket system such as OTRS ....
Mail to board AT wikimedia DOT org or to board members' private addresses may also be forwarded to the OTRS team.

The last line should be "to the voluneteer team". --Mongol 21:01, 10 July 2006 (UTC)

Can I use This?

Can I use this as a basis for the Privacy Policy at my site? — The preceding unsigned comment was added by (talk)

The translated version of the Privacy policy in Japanese

I've just noticed that there are very critical discrepancies between the English original and the Japanese translated version at the Foundation website. We need to update the Japanese Privacy Policy translation. I will post the same message at Talk:Privacy policy/Ja. Thank you. --Californiacondor 13:06, 14 November 2006 (UTC)

Search Privacy

After looking around for 5 or 10 minutes I could not find anything about the privacy or lack thereof of searches. Is everything typed into the search box safe from the government (or other nairdowells)? Or is it all saved and distributed freely? Or something inbetween? Knowing something about what happens when you type into the search box is important (if privacy is important at all). — The preceding unsigned comment was added by (talk)

Return to "Privacy policy/Archives/2006" page.