[Foundation-l] New draft of privacy policy

Sun Jun 15 23:20:19 UTC 2008

On Sun, Jun 15, 2008 at 6:55 PM, David Gerard <dgerard at gmail.com> wrote:
> 2008/6/15 Gregory Maxwell <gmaxwell at gmail.com>:
>> On Sun, Jun 15, 2008 at 10:31 AM, David Gerard <dgerard at gmail.com> wrote:
>>> It's also entirely unclear how this proposal would actually cause a
>>> better encyclopedia, dictionary, media archive, quote database etc. to
>>> be written. You know, the stuff we're supposed to be here for. Project
>>> first, then community.
>
>> By this logic we should grant access to Special:Checkuser to everyone.
>> No?  Explain.
>
> You originally claimed something was in need of fixing; support it.

I only asked why we give the equivalent checkuser on half our users to
the general public.   So far only Anthony has provided a reasonable
explanation. To make you happy I'll go ahead and make an argument for
fixing something:

I don't see any logical cause for the inconsistency in how we treat
registered and unregistered users. There is no particular reason is
has to be this way, it seems to be historical accident as Anthony
suggested. Instead we could publish the IPs of all edits, we could use
opaque identifiers for anons, or we could completely dissallow
anonymous editing.  All of these would be consistent solutions.

The current inconsistent situation generates a lot of problems:
Careful COI pushers are rewarded for being smart enough to log in
while at the same time normal users are harmed by accidentally getting
logged out and having their IP surprisingly leaked.

The edit histories of our articles are frequently sliced and diced to
hide the IPs of established contributors and this sometimes makes the
article history misleading. For example, see my edits on meta today (I
swear I didn't do that intentionally to make a point, I have no clue
how I ended up logged out) ... my IP edits couldn't be hidden without
making the history misleading due to the timing of Cimon's edits.  ...
and the service of IP edit oversighting is generally only available to
the Wiki(p|m)edia elite, if for no other reason than few others know
it is available.

Unregistered users account for roughly half of the contributors on at
least one of the largest projects (EnWP).  They make many valid and
useful contributions (along with a bunch of junk...).  We often
mislead them about their privacy by calling their contributions
"anonymous" when they are far less anonymous than the edits made by
many registered users.   Checkuser is by far one of the most highly
regulated activities on all the projects. We keep a very tight fist
over it. Yet, its equivalent is given freely over an enormous subset
of the contributors.  This smacks of favoritism.

I think our behavior should probably be changed to remove the
inconsistency. By removing the inconsistency we will prevent
unpleasant surprises. I think the ability to *know* and *understand*
the privacy posture you have when editing Wikipedia is more important
than what the posture is, so I don't care which path to consistency is
taken.

I would presume that of the three I suggested most users would prefer
replacing IPs with unique identifiers.  The primary harm this path
would cause is an increase in need for checkusers.

If need-be the increased need for checkusers could be addressed by
creating a lower class of checkusers who only have the ability to view
the (previously public) information related to unregistered users.
Such a solution would preserve an inconsistency but I believe it would
be strictly more consistent than the current behavior.