Talk:Privacy policy/Archives/2005

Latest comment: 15 years ago by 75.165.17.166 in topic Information not detailed enough

Removals

[Policy regarding log retention]:

It is the policy of Wikimedia that server log information, including any backup copies, is destroyed within one year of its creation. Will this be retained longer for abuse/security issues or at the request of law enforcement?
more information needed here, in particular with regards to log publishing. Even though IRC is not officially part of Wikimedia, the question of the log is regularly mentionned, and ihmo should be included in that document, if only to inform people.


[comment under 'Deletion of content']:

or, possibly, in cases of harassment, which may be by a sysop toward another sysop?
this comment is unclear to me. What did you want to say exactly ? Anthere

[Search]:

What happens to the data about what users are searching for?

I have removed the above unclear points and comments. Angela 23:27, 25 Jan 2005 (UTC)

Regarding accounts

Once created, user accounts can not be removed.

Yes they can, you probably meant to say "won't". —Ævar Arnfjörð Bjarmason 00:53, 11 Apr 2005 (UTC)

Indeed, though there are several places where it is said quite explicitly that there is no chance of this happening, so we might want to make it a little stronger than "won't". Perhaps "user accounts will never be removed"?
James F. (talk) 00:55, 11 Apr 2005 (UTC)

I have a concern about committing to that clause in the very long term. I put it at Talk:Right to vanish but maybe should have posted it here. Any thoughts? Rossami 23:03, 12 Apr 2005 (UTC)


"Remember to disconnect"

However, remember to disconnect yourself after using a pseudonym to avoid allowing others to use your identity.

This sentence seems a bit confusing to me. (Disconnect yourself? From where? Do you mean "log out"?) And, is it a good idea to add such general advice to a page stating policy, anyway? --Mormegil 18:47, 16 Apr 2005 (UTC)

I rephrased it the way I understood it.--Patrick 15:45, 6 December 2005 (UTC)

Retained forever

If you contribute to the Wikimedia projects, you are publishing every word you post publicly. If you write something, assume that it will be retained forever. This includes articles, user pages and talk pages. Some limited exceptions are described below.

Does this include images and audio? or am I being too pedantic.

You're not being too pedantic. Yes, it includes images and audio. Unless the media in question is deleted (because of suspected copyright infringement) the image or audio is here forever. See, for example, this image I placed on Wikipedia of New York City w:Image:Area_code_347.png area codes 347, 718 and 917, which is the corrected version I re-uploaded when someone informed me that the distant New Jersey area codes were reversed. The original (incorrect) map I did is still available here on Wikipedia. Paul Robinson (Rfc1394)

To Jimbo Wales/To the President of WMF

¿Shouldn't be said to the President of WMF instead of To Jimbo Wales? --Ascánder 17:14, 30 Apr 2005 (UTC)

Wouldn't it make more sense for it to refer to the Board than either of those? Angela
Agreed. And that was my question: why the other four at the Board isn't eligible to access this sort of infromation? --Aphaia++ 12:16, 5 November 2005 (UTC)

I need help! I contributed to something MONTHS ago without logging in. Yes, I know it was a stupid mistake. When I googled my name and city together, up comes my name as a contributor to this article that quite frankly could get me in trouble professionally. I need to know if there is a way to delete myself from this article when I WASN't logged in. If anyone can help, please email me cbflagginc@yahoo.com - Thank you!

I get a 404 when I click on the site statistics pages link in the Private logging section. Js-js2 01:55, 10 May 2005 (UTC)

I need help! I contributed to something MONTHS ago without logging in. Yes, I know it was a stupid mistake. When I googled my name and city together, up comes my name as a contributor to this article that quite frankly could get me in trouble professionally. I need to know if there is a way to delete myself from this article when I WASN't logged in. If anyone can help, please email me cbflagginc@yahoo.com - Thank you!

Database dumps

I too am concerned with the retention of personal data. Wiki editing generates lots of personal information, including bickering, personal trivia and such. Keeping it forever in an indexed database means it can be searched, giving an in-depth knowledge of someone's interests and opinions (even from normal edits by well-behaved people). Having a serial identity, which is common when first signing up, makes this worse since google often connects this with a name. The solution of renaming a user can help, but it means leaving the wiki, isn't automated, and isn't used without a special reason.

The current data is accessible via a search engine, but it isn't too bad since these keep to the current text - a removed comment will be forgotten, and engines don't understand the history.

Database dumps are worse, and I think they should be tackled by the privacy policy. The options I see are removing talk pages; anonymizing user names from history data (sigs (non-template) can't be removed easily however); making dumps of only the current version (could be already the case).

--Tobu 20:11, 29 May 2005 (UTC)

Hashed passwords

As far as I know Mediawiki does not store users' password, it merely stores password hashes, from which actual passwords can not be recovered. Privacy policy should state this so user can be concerned about more important matters. --195.113.65.10 14:55, 29 Jun 2005 (UTC) It should mention current password store technologies in use by wikipedia, noting that they may change.

Research access to logs

I think we should have a good community discussion to review our privacy policy with an eye towards revising it in order to allow some limited additional access to our access logs for credible academic researchers who are willing to sign a strong non disclosure agreement.

This sort of data is of intense interest to researchers -- I am getting more and more requests for it -- and I think that the results of the research would be incredibly helpful to our global mission. We make a lot of decisions based on our own theories of how the community really works, but I wonder what facts about ourselves we don't realize because they are lost in the data.

--Jimbo (on Foundation-l, 9 August 2005)

Email address releases (when required by law)

According to the "account creation / log-in" form, Wikipedia will never release our email addresses to anyone. However, according to "Sharing information with third parties", Wikipedia will accede to a subpeona, warrant, or other legally required request.

Since all email addresses from before the privacy policy existed were gathered on the promise that they would "never" be released, wouldn't it be unethical (or perhaps a breach of contract, etc.) to release them simply because of a legal requirement? This privacy policy seems to retroactively redefine the terms under which Wikimedia is allowed to release my email address, which I am *very* uncomfortable with.

It comes down to common sense: Wikimedia does not have an army to stop the authorities from seizing a server and getting the email address themselves. Would you say that it's unethical to release an email address when all that refusing will achieve is legal escalation and having the server confiscated? -- Jeronim 21:55, 24 August 2005 (UTC)
Definately let authorities come and seize it .... at least wikimedia Foundation wouldn't have co-operated like google has done in China, and because of that someone who spoke their mind freely is in jail now for 10 years!
In a western country google would have refused and made a courtcase out of it. But 1 billion chinese consumers are to big of a lure. Google publically admitted they have provided the data. For me it is also a personal thing. Would you feel it is right if I would be arrested because I protested the dictatorship in Thailand on a talkpage? And Thailand is developing in a dictatorship unfotunately which is what is worrying me. And I am disappointed in google and yahoo and other big sites who co-operate much more with governments like the Chinese one than they have to. Just follow the news on this subject. Basically China has succeeded in censoring the internet for its citizens. Even wikipedia does selfcensorship to appease Beijing. And other Asian countries and governments are following the developments and want to implement it in their own countries. Like Thaksin here in Thailand, so I say resist. Waerth 17:06, 13 September 2005 (UTC)

Translations

I find it confusing that translations and other suggestions happen at the same time. Translations make comment from everybody easier, but surely we want to translate the finalised version? When will we know the official version? --Alias 08:20, 5 October 2005 (UTC)


This line in the Wikipedia privacy policy ..."# To Jimbo Wales, his legal counsel, or his designee, when necessary for investigation of abuse complaints." ... seems like a potentially large error to me? I think it should reference the Wikimedia Board or designee, not Jimbo. Jimbo Wales, Wikimedia Trustee, Chief of the Board, or similar title might be ok. It is my understanding that the laws in the U.S. which provide protection between corporate responsibility and personal responsiblity depend upon the Corporation or NGO being managed in accordance with Laws and the charter. Courts have found that individuals and officers managing or abusing organizations for their own purposes or as their own property can be held liable personally (personal assets are at risk) for mistakes that made in managing the organization. If Wikimedia has access to legal talent pro bono or has funds to pay for legal expertise then I think it would be a wise investment to consult a lawyer regarding this issue. user:lazyquasar


Naming Jimbo Wales (rather than his role)

It seems unusual to explicitly name an individual in a document of this sort. More usual would be to name a role for which he was the current incumbent or owner

--BozMo 20:21, 1 November 2005 (UTC)

agreed Anthere 10:48, 4 January 2006 (UTC)

Safe Harbor Certification

I think both the Wikipedia and the hopefully impending Wikiversity could benefit by meeting all requirements for self certification according to USA/EU "Safe Harbor" agreement regarding the handling of private information. Both projects are global in nature so the sooner we are in full compliance the less risk we are exposed to and the less likely we are to encounter impacts or cause others harm from unfortunate errors or misunderstanding.

w:user:lazyquasar

Information not detailed enough

I read the german translation a few minutes ago. Statements like If you only read the Wikimedia project websites, no more information is collected than is typically collected in server logs by web sites in general. ist too general. The User should know which information about him are collected. That means: his user name, his IP-Number, time, and maybe more? Not everyone is an internet-specialist.

The Policy on release of data derived from page logs (esp. rules for giving away the IP-Username-log) is very general too. There isn't any guarantee that these files will not be publishished to all users (for example in case of "vandalism") Some people maybe have a profile with their clear name and one with an nickname. I dont think that most of them want to publish this connection, but the rules are not hard enough to guarantee this. That should be made clear for every user. Hadhuey 23:27, 29 November 2005 (UTC)


saying:"no more information is collected than is typically collected in server logs by web sites in general" does not disclose the extent and scope of information recorded by a sites users which is required by law. You cannot hide behind 'common practice' to mask ones activities. This privacy policy needs to be changed to be explicit and complete as to what the foundation records about its users. It seems the foundation stores absolutely everything it can about its users and its promise 'not to track' its users with session cookies is un-convincing. If it wanted to be clear it could say that detailed access logs will not be collated except for contain situations, or detail out exactaly what these logs contain or how long they are stored. By not saying how long information is stored they are also breaking at least common practice and allowing themselves everything without disclosing it. This privacy policy is extremely poor. Google extended their privacy policy to make clearer how they collect information in response to new laws in California and elsewhere.[1] The Wikimedia Foundation is required to be explicit about what degree they are storing and using personal information, this policy does not do that.75.165.17.166 02:20, 5 January 2009 (UTC)

Necessity

Hi. I wonder if someone (a Board member, perhaps?) can clarify one thing. The sixth item on "Policy on release of data derived from page logs" - is this talking about en:Necessity, a legal term? Or is it just a layman's term?

Tomos 02:44, 21 December 2005 (UTC)

Translation

Translation into catalan on catalan wikipedia

Pérez 05:34, 27 December 2005 (UTC)

Return to "Privacy policy/Archives/2005" page.