I am writing to ask that the new privacy policy be stopped, pending briefings of and
thorough consideration by the incoming executive director Lila Tretikov. The timing of
this major policy change with all its implications, including great legal implications, is
at minimum discourteous to Ms. Tretikov in this the second day of her tenure, and in my
judgement should additionally be viewed as alarming.
"Wikimedia is beholden to no one, yet accountable to each and every human
being," she said day before last. Yet the new policy makes every effort to distance
it from accountability, by attempting to force every editor to consent to the most
privacy-invasive technologies known, which include, all quoted:
"You should be aware that specific data made public by you or aggregated data that is
made public by us can be used by anyone for analysis and to infer information about users,
such as which country a user is from, political affiliation, and gender." "Type
of device you are using possibly including unique device identification numbers."
"The type and version of your browser, your browser's language preference, the
type and version of your device's operating system." "The name of your
internet service provider or mobile carrier." "Which pages you request and
visit, and the date and time of each request" (note: says "visit," not
merely "edit"). "We actively collect information with tracking pixels,
cookies, and local storage." "We use your email address." "We can use
GPS and other technologies commonly used to determine location." "We may receive
metadata." "IP address of the device (or your proxy server) you are using to
access the Internet, which could be used to infer your geographical location."
(
http://meta.wikimedia.org/wiki/Privacy_policy).
What is the heck is all this? Editors don't know they are signing up for this! But it
gets even worse, because the WMF is not only providing this to its employees, but to
hundreds of anonymous "administrators" to whom it grants access to this
non-public, easily personally-identifying data. This means particularly, but not limited
to: checkusers, arbitrators, stewards, UTRS users, and "community developers."
Who are they? While Ms. Tretikov aspires to accountability, the new privacy policy flees
to "exemptions" and "we know nothing." It specifically exempts these
hundreds of people from the privacy policy. The WMF's Privacy Fellow Roshni Patel said
two weeks ago "the Foundation can’t control the actions of community members such as
administrative volunteers so we don’t include them under the privacy policy." Is this
accountability? No. She further mystifyingly continues: "however, under the access
policy, these volunteers must sign a confidentiality agreement." Mystifyingly,
because it's *not* *true*. That part of the privacy policy "Requirements for
Community Members Applying for Access to Nonpublic Information" requires only an
email address and an assertion from an anonymous individual that he or she is 18 or over.
Is there requirement there somewhere for a signature? No. Shall they sign for example
under the nicknames of the prominent administrators like "Beeblebrox" and
"Wizardman?" This is not accountability.
(
https://meta.wikimedia.org/wiki/Access_to_nonpublic_information_policy#Mini….)
How can the executive director be expected to assume responsibility for this stuff in 14
hours, on her third official day on the job? Out of simple courtesy to her, it needs to be
delayed, while she is briefed on it by those who most understand it, like the general
counsel Geoff Brigham.
Trillium Corsage