Hi all,
I'm representing a team of researchers from Drexel University who are researching privacy practices among Wikipedia editors. If you have ever thought about your privacy when editing Wikipedia or taken steps to protect your privacy when you edit, we’d like to learn from you about it.
The study is titled “Privacy, Anonymity, and Peer Production.” Details can be found on meta where the project was discussed before beginning recruitment here: ( https://meta.wikimedia.org/wiki/Research:Anonymity_and_Peer_Production).
If you would like to help us out, you need to read and complete the online consent form linked here and we will get in contact with you: http://andreaforte.net/wp.html.
We are planning to conduct interviews that will last anywhere from 30-90 minutes (depending on how much you have to say) by phone or Skype and we can offer you $20 for your time, but you do not need to accept payment to participate.
I have been researching Wikipedia since 2004 and have conducted many studies, most of which have resulted in papers that you can find here: http://andreaforte.net.
Thanks for considering it, please contact me if you have questions!
Andrea Forte
http://en.wikipedia.org/wiki/User:Andicat
and
Rachel Greenstadt
Nazanin Andalibi
I think it's rather curious that edits to Wikipedia aren't private. Why log the IP address? Why log anything? It's invasive.
On Wed, Mar 25, 2015 at 12:53 PM, Andrea Forte andrea.forte@gmail.com wrote:
Hi all,
I'm representing a team of researchers from Drexel University who are researching privacy practices among Wikipedia editors. If you have ever thought about your privacy when editing Wikipedia or taken steps to protect your privacy when you edit, we’d like to learn from you about it.
The study is titled “Privacy, Anonymity, and Peer Production.” Details can be found on meta where the project was discussed before beginning recruitment here: ( https://meta.wikimedia.org/wiki/Research:Anonymity_and_Peer_Production).
If you would like to help us out, you need to read and complete the online consent form linked here and we will get in contact with you: http://andreaforte.net/wp.html.
We are planning to conduct interviews that will last anywhere from 30-90 minutes (depending on how much you have to say) by phone or Skype and we can offer you $20 for your time, but you do not need to accept payment to participate.
I have been researching Wikipedia since 2004 and have conducted many studies, most of which have resulted in papers that you can find here: http://andreaforte.net.
Thanks for considering it, please contact me if you have questions!
Andrea Forte
http://en.wikipedia.org/wiki/User:Andicat
and
Rachel Greenstadt
Nazanin Andalibi _______________________________________________ WikiEN-l mailing list WikiEN-l@lists.wikimedia.org To unsubscribe from this mailing list, visit: https://lists.wikimedia.org/mailman/listinfo/wikien-l
On Wed, Mar 25, 2015 at 01:19:35PM -0400, Brian J Mingus wrote:
I think it's rather curious that edits to Wikipedia aren't private. Why log the IP address? Why log anything? It's invasive.
I guess it's a sensible choice against abuse (vandalism) while still allowing non registered users editing rights
It's actually required so as to provide attribution as per the Creative Commons and other licenses we operate under.
Sent from my Droid 4 Elias Friedman A.S., CCEMT-P אליהו מתתיהו בן צבי elipongo@gmail.com "יְהִי אוֹר" On Mar 27, 2015 4:15 AM, "Francesco Ariis" fa-ml@ariis.it wrote:
On Wed, Mar 25, 2015 at 01:19:35PM -0400, Brian J Mingus wrote:
I think it's rather curious that edits to Wikipedia aren't private. Why
log
the IP address? Why log anything? It's invasive.
I guess it's a sensible choice against abuse (vandalism) while still allowing non registered users editing rights
WikiEN-l mailing list WikiEN-l@lists.wikimedia.org To unsubscribe from this mailing list, visit: https://lists.wikimedia.org/mailman/listinfo/wikien-l
A very precise timestamp would seem to suffice for attribution. Anyone caring to prove they wrote something could take a video of them making the edit, thus confirming the timestamp is them.
On Fri, Mar 27, 2015 at 6:28 AM, Elias Friedman elipongo@gmail.com wrote:
It's actually required so as to provide attribution as per the Creative Commons and other licenses we operate under.
Sent from my Droid 4 Elias Friedman A.S., CCEMT-P אליהו מתתיהו בן צבי elipongo@gmail.com "יְהִי אוֹר" On Mar 27, 2015 4:15 AM, "Francesco Ariis" fa-ml@ariis.it wrote:
On Wed, Mar 25, 2015 at 01:19:35PM -0400, Brian J Mingus wrote:
I think it's rather curious that edits to Wikipedia aren't private. Why
log
the IP address? Why log anything? It's invasive.
I guess it's a sensible choice against abuse (vandalism) while still allowing non registered users editing rights
WikiEN-l mailing list WikiEN-l@lists.wikimedia.org To unsubscribe from this mailing list, visit: https://lists.wikimedia.org/mailman/listinfo/wikien-l
WikiEN-l mailing list WikiEN-l@lists.wikimedia.org To unsubscribe from this mailing list, visit: https://lists.wikimedia.org/mailman/listinfo/wikien-l
Perhaps we should move to a different licensing model for future IP edits. CC0 for IP edits would be a more sensible license for edits by an IP where in many cases no-one could attribute the edit to the individual who made it. If people don't want to release their edits as CC0 they can always create an account.
Regards
Jonathan Cardy
On 27 Mar 2015, at 10:28, Elias Friedman elipongo@gmail.com wrote:
It's actually required so as to provide attribution as per the Creative Commons and other licenses we operate under.
Sent from my Droid 4 Elias Friedman A.S., CCEMT-P אליהו מתתיהו בן צבי elipongo@gmail.com "יְהִי אוֹר"
On Mar 27, 2015 4:15 AM, "Francesco Ariis" fa-ml@ariis.it wrote:
On Wed, Mar 25, 2015 at 01:19:35PM -0400, Brian J Mingus wrote: I think it's rather curious that edits to Wikipedia aren't private. Why
log
the IP address? Why log anything? It's invasive.
I guess it's a sensible choice against abuse (vandalism) while still allowing non registered users editing rights
WikiEN-l mailing list WikiEN-l@lists.wikimedia.org To unsubscribe from this mailing list, visit: https://lists.wikimedia.org/mailman/listinfo/wikien-l
WikiEN-l mailing list WikiEN-l@lists.wikimedia.org To unsubscribe from this mailing list, visit: https://lists.wikimedia.org/mailman/listinfo/wikien-l
Nice "on paper", but the wiki-drama from the switch from GFDL was bad enough for me.
Sent from my Droid 4 Elias Friedman A.S., CCEMT-P אליהו מתתיהו בן צבי elipongo@gmail.com "יְהִי אוֹר" On Mar 27, 2015 9:41 AM, "WereSpielChequers" werespielchequers@gmail.com wrote:
Perhaps we should move to a different licensing model for future IP edits. CC0 for IP edits would be a more sensible license for edits by an IP where in many cases no-one could attribute the edit to the individual who made it. If people don't want to release their edits as CC0 they can always create an account.
Regards
Jonathan Cardy
On 27 Mar 2015, at 10:28, Elias Friedman elipongo@gmail.com wrote:
It's actually required so as to provide attribution as per the Creative Commons and other licenses we operate under.
Sent from my Droid 4 Elias Friedman A.S., CCEMT-P אליהו מתתיהו בן צבי elipongo@gmail.com "יְהִי אוֹר"
On Mar 27, 2015 4:15 AM, "Francesco Ariis" fa-ml@ariis.it wrote:
On Wed, Mar 25, 2015 at 01:19:35PM -0400, Brian J Mingus wrote: I think it's rather curious that edits to Wikipedia aren't private. Why
log
the IP address? Why log anything? It's invasive.
I guess it's a sensible choice against abuse (vandalism) while still allowing non registered users editing rights
WikiEN-l mailing list WikiEN-l@lists.wikimedia.org To unsubscribe from this mailing list, visit: https://lists.wikimedia.org/mailman/listinfo/wikien-l
WikiEN-l mailing list WikiEN-l@lists.wikimedia.org To unsubscribe from this mailing list, visit: https://lists.wikimedia.org/mailman/listinfo/wikien-l
WikiEN-l mailing list WikiEN-l@lists.wikimedia.org To unsubscribe from this mailing list, visit: https://lists.wikimedia.org/mailman/listinfo/wikien-l
I don't see a need to change the copyright. Just switch from the IP address to something that doesn't allow you to personally identify the user, but allows the user to claim ownership over the post if they want to, by recording some bit of information. I think a cryptographer could design a nice scheme here. This scheme should be such that neither WMF nor the public can identify the editor, but the editor can prove that they are the one who wrote the post.
On Fri, Mar 27, 2015 at 9:59 AM, Elias Friedman elipongo@gmail.com wrote:
Nice "on paper", but the wiki-drama from the switch from GFDL was bad enough for me.
Sent from my Droid 4 Elias Friedman A.S., CCEMT-P אליהו מתתיהו בן צבי elipongo@gmail.com "יְהִי אוֹר" On Mar 27, 2015 9:41 AM, "WereSpielChequers" werespielchequers@gmail.com wrote:
Perhaps we should move to a different licensing model for future IP
edits.
CC0 for IP edits would be a more sensible license for edits by an IP
where
in many cases no-one could attribute the edit to the individual who made it. If people don't want to release their edits as CC0 they can always create an account.
Regards
Jonathan Cardy
On 27 Mar 2015, at 10:28, Elias Friedman elipongo@gmail.com wrote:
It's actually required so as to provide attribution as per the Creative Commons and other licenses we operate under.
Sent from my Droid 4 Elias Friedman A.S., CCEMT-P אליהו מתתיהו בן צבי elipongo@gmail.com "יְהִי אוֹר"
On Mar 27, 2015 4:15 AM, "Francesco Ariis" fa-ml@ariis.it wrote:
On Wed, Mar 25, 2015 at 01:19:35PM -0400, Brian J Mingus wrote: I think it's rather curious that edits to Wikipedia aren't private.
Why
log
the IP address? Why log anything? It's invasive.
I guess it's a sensible choice against abuse (vandalism) while still allowing non registered users editing rights
WikiEN-l mailing list WikiEN-l@lists.wikimedia.org To unsubscribe from this mailing list, visit: https://lists.wikimedia.org/mailman/listinfo/wikien-l
WikiEN-l mailing list WikiEN-l@lists.wikimedia.org To unsubscribe from this mailing list, visit: https://lists.wikimedia.org/mailman/listinfo/wikien-l
WikiEN-l mailing list WikiEN-l@lists.wikimedia.org To unsubscribe from this mailing list, visit: https://lists.wikimedia.org/mailman/listinfo/wikien-l
WikiEN-l mailing list WikiEN-l@lists.wikimedia.org To unsubscribe from this mailing list, visit: https://lists.wikimedia.org/mailman/listinfo/wikien-l
I don't believe a different license is needed. CC licenses can be used for anonymous works: The author is not given and does not have to be credited, but everything else (attribution of the work and share-alike) would stay the same. So a change in the terms of use to the effect of, "Unregistered edits are considered to have no named author," would be sufficient.
Kyanos
On 03/27/2015 06:41 AM, WereSpielChequers wrote:
Perhaps we should move to a different licensing model for future IP edits. CC0 for IP edits would be a more sensible license for edits by an IP where in many cases no-one could attribute the edit to the individual who made it. If people don't want to release their edits as CC0 they can always create an account.
Regards
Jonathan Cardy
On 27 Mar 2015, at 10:28, Elias Friedman elipongo@gmail.com wrote:
It's actually required so as to provide attribution as per the Creative Commons and other licenses we operate under.
Sent from my Droid 4 Elias Friedman A.S., CCEMT-P אליהו מתתיהו בן צבי elipongo@gmail.com "יְהִי אוֹר"
The idea of the IP being more private in the history/ public logs (for example a unique hash so that you know it's "an IP" but not where/what IP" ) is one that I know has been discussed and is desired by a good number within the foundation including within legal. I'll try to look for the phabricator task about it tomorrow. I think that's something that is likely to happen, it isn't easy though and requires a fair number of resources to be pointed at it to get it done so it's a question of priorities and convincing those who decide those things that it should be higher. I believe it's something, privacy wise, that legal would really like.
I think it is unlikely in the short to medium term, however, to get rid of the IPs in the backend (in server logs and in the checkuser system for example) because the replacements just aren't there. I've spent a good amount of time thinking of a way to make the checkuser system as usable as necessary without revealing IPs for example (including a consultant who looked a lot but didn't really come up with anything we didn't know already). I think it's doable, but it would be a very difficult and long design process and I think it's unlikely in the near future.
James Alexander Community Advocacy Wikimedia Foundation (415) 839-6885 x6716 @jamesofur
On Fri, Mar 27, 2015 at 10:17 PM, Kyanos someanon126@gmail.com wrote:
I don't believe a different license is needed. CC licenses can be used for anonymous works: The author is not given and does not have to be credited, but everything else (attribution of the work and share-alike) would stay the same. So a change in the terms of use to the effect of, "Unregistered edits are considered to have no named author," would be sufficient.
Kyanos
On 03/27/2015 06:41 AM, WereSpielChequers wrote:
Perhaps we should move to a different licensing model for future IP edits. CC0 for IP edits would be a more sensible license for edits by an IP where in many cases no-one could attribute the edit to the individual who made it. If people don't want to release their edits as CC0 they can always create an account.
Regards
Jonathan Cardy
On 27 Mar 2015, at 10:28, Elias Friedman elipongo@gmail.com wrote:
It's actually required so as to provide attribution as per the Creative Commons and other licenses we operate under.
Sent from my Droid 4 Elias Friedman A.S., CCEMT-P אליהו מתתיהו בן צבי elipongo@gmail.com "יְהִי אוֹר"
WikiEN-l mailing list WikiEN-l@lists.wikimedia.org To unsubscribe from this mailing list, visit: https://lists.wikimedia.org/mailman/listinfo/wikien-l
I think now that we are suing the NSA that it's deeply hypocritical to be surveilling users. A quick fix: stuff the ip field with random numbers.
On Sat, Mar 28, 2015 at 8:38 AM, James Alexander jalexander@wikimedia.org wrote:
The idea of the IP being more private in the history/ public logs (for example a unique hash so that you know it's "an IP" but not where/what IP" ) is one that I know has been discussed and is desired by a good number within the foundation including within legal. I'll try to look for the phabricator task about it tomorrow. I think that's something that is likely to happen, it isn't easy though and requires a fair number of resources to be pointed at it to get it done so it's a question of priorities and convincing those who decide those things that it should be higher. I believe it's something, privacy wise, that legal would really like.
I think it is unlikely in the short to medium term, however, to get rid of the IPs in the backend (in server logs and in the checkuser system for example) because the replacements just aren't there. I've spent a good amount of time thinking of a way to make the checkuser system as usable as necessary without revealing IPs for example (including a consultant who looked a lot but didn't really come up with anything we didn't know already). I think it's doable, but it would be a very difficult and long design process and I think it's unlikely in the near future.
James Alexander Community Advocacy Wikimedia Foundation (415) 839-6885 x6716 @jamesofur
On Fri, Mar 27, 2015 at 10:17 PM, Kyanos someanon126@gmail.com wrote:
I don't believe a different license is needed. CC licenses can be used
for
anonymous works: The author is not given and does not have to be
credited,
but everything else (attribution of the work and share-alike) would stay the same. So a change in the terms of use to the effect of, "Unregistered edits are considered to have no named author," would be sufficient.
Kyanos
On 03/27/2015 06:41 AM, WereSpielChequers wrote:
Perhaps we should move to a different licensing model for future IP edits. CC0 for IP edits would be a more sensible license for edits by
an IP
where in many cases no-one could attribute the edit to the individual
who
made it. If people don't want to release their edits as CC0 they can
always
create an account.
Regards
Jonathan Cardy
On 27 Mar 2015, at 10:28, Elias Friedman elipongo@gmail.com wrote:
It's actually required so as to provide attribution as per the Creative Commons and other licenses we operate under.
Sent from my Droid 4 Elias Friedman A.S., CCEMT-P אליהו מתתיהו בן צבי elipongo@gmail.com "יְהִי אוֹר"
WikiEN-l mailing list WikiEN-l@lists.wikimedia.org To unsubscribe from this mailing list, visit: https://lists.wikimedia.org/mailman/listinfo/wikien-l
WikiEN-l mailing list WikiEN-l@lists.wikimedia.org To unsubscribe from this mailing list, visit: https://lists.wikimedia.org/mailman/listinfo/wikien-l
.....at which point it can no longer be used for checkuser or for rangeblocks. I really don't see the hypocricy there. Are we:
1. Taking user data; 2. Storing it and not saying for how long; 3. Not telling the user we're taking it in the first place, and; 4. Not tellning anyone what we're using it for?
If "yes" to all of the above, the NSA is broadly analogous. If no...a better analogy is needed.
On 28 March 2015 at 11:44, Brian J Mingus brian.mingus@colorado.edu wrote:
I think now that we are suing the NSA that it's deeply hypocritical to be surveilling users. A quick fix: stuff the ip field with random numbers.
On Sat, Mar 28, 2015 at 8:38 AM, James Alexander jalexander@wikimedia.org wrote:
The idea of the IP being more private in the history/ public logs (for example a unique hash so that you know it's "an IP" but not where/what IP" ) is one that I know has been discussed and is desired by a good number within the foundation including within legal. I'll try to look for the phabricator task about it tomorrow. I think that's something that is likely to happen, it isn't easy though and requires a fair number of resources to be pointed at it to get it done so it's a question of priorities and convincing those who decide those things that it should be higher. I believe it's something, privacy wise, that legal would really like.
I think it is unlikely in the short to medium term, however, to get rid of the IPs in the backend (in server logs and in the checkuser system for example) because the replacements just aren't there. I've spent a good amount of time thinking of a way to make the checkuser system as usable as necessary without revealing IPs for example (including a consultant who looked a lot but didn't really come up with anything we didn't know already). I think it's doable, but it would be a very difficult and long design process and I think it's unlikely in the near future.
James Alexander Community Advocacy Wikimedia Foundation (415) 839-6885 x6716 @jamesofur
On Fri, Mar 27, 2015 at 10:17 PM, Kyanos someanon126@gmail.com wrote:
I don't believe a different license is needed. CC licenses can be used
for
anonymous works: The author is not given and does not have to be
credited,
but everything else (attribution of the work and share-alike) would stay the same. So a change in the terms of use to the effect of, "Unregistered edits are considered to have no named author," would be sufficient.
Kyanos
On 03/27/2015 06:41 AM, WereSpielChequers wrote:
Perhaps we should move to a different licensing model for future IP edits. CC0 for IP edits would be a more sensible license for edits by
an IP
where in many cases no-one could attribute the edit to the individual
who
made it. If people don't want to release their edits as CC0 they can
always
create an account.
Regards
Jonathan Cardy
On 27 Mar 2015, at 10:28, Elias Friedman elipongo@gmail.com wrote:
It's actually required so as to provide attribution as per the Creative Commons and other licenses we operate under.
Sent from my Droid 4 Elias Friedman A.S., CCEMT-P אליהו מתתיהו בן צבי elipongo@gmail.com "יְהִי אוֹר"
WikiEN-l mailing list WikiEN-l@lists.wikimedia.org To unsubscribe from this mailing list, visit: https://lists.wikimedia.org/mailman/listinfo/wikien-l
WikiEN-l mailing list WikiEN-l@lists.wikimedia.org To unsubscribe from this mailing list, visit: https://lists.wikimedia.org/mailman/listinfo/wikien-l
WikiEN-l mailing list WikiEN-l@lists.wikimedia.org To unsubscribe from this mailing list, visit: https://lists.wikimedia.org/mailman/listinfo/wikien-l
Do you see the irony here?
The NSA needs to keep harvesting metadata in order to stop terrorism.
The WMF needs to keep harvesting metadata in order to stop vandalism.
On Sun, Mar 29, 2015 at 9:16 AM, Oliver Keyes okeyes@wikimedia.org wrote:
.....at which point it can no longer be used for checkuser or for rangeblocks. I really don't see the hypocricy there. Are we:
- Taking user data;
- Storing it and not saying for how long;
- Not telling the user we're taking it in the first place, and;
- Not tellning anyone what we're using it for?
If "yes" to all of the above, the NSA is broadly analogous. If no...a better analogy is needed.
On 28 March 2015 at 11:44, Brian J Mingus brian.mingus@colorado.edu wrote:
I think now that we are suing the NSA that it's deeply hypocritical to be surveilling users. A quick fix: stuff the ip field with random numbers.
On Sat, Mar 28, 2015 at 8:38 AM, James Alexander <
jalexander@wikimedia.org>
wrote:
The idea of the IP being more private in the history/ public logs (for example a unique hash so that you know it's "an IP" but not where/what
IP"
) is one that I know has been discussed and is desired by a good number within the foundation including within legal. I'll try to look for the phabricator task about it tomorrow. I think that's something that is
likely
to happen, it isn't easy though and requires a fair number of resources
to
be pointed at it to get it done so it's a question of priorities and convincing those who decide those things that it should be higher. I believe it's something, privacy wise, that legal would really like.
I think it is unlikely in the short to medium term, however, to get rid
of
the IPs in the backend (in server logs and in the checkuser system for example) because the replacements just aren't there. I've spent a good amount of time thinking of a way to make the checkuser system as usable
as
necessary without revealing IPs for example (including a consultant who looked a lot but didn't really come up with anything we didn't know already). I think it's doable, but it would be a very difficult and long design process and I think it's unlikely in the near future.
James Alexander Community Advocacy Wikimedia Foundation (415) 839-6885 x6716 @jamesofur
On Fri, Mar 27, 2015 at 10:17 PM, Kyanos someanon126@gmail.com wrote:
I don't believe a different license is needed. CC licenses can be used
for
anonymous works: The author is not given and does not have to be
credited,
but everything else (attribution of the work and share-alike) would
stay
the same. So a change in the terms of use to the effect of,
"Unregistered
edits are considered to have no named author," would be sufficient.
Kyanos
On 03/27/2015 06:41 AM, WereSpielChequers wrote:
Perhaps we should move to a different licensing model for future IP edits. CC0 for IP edits would be a more sensible license for edits by
an IP
where in many cases no-one could attribute the edit to the individual
who
made it. If people don't want to release their edits as CC0 they can
always
create an account.
Regards
Jonathan Cardy
On 27 Mar 2015, at 10:28, Elias Friedman elipongo@gmail.com
wrote:
It's actually required so as to provide attribution as per the
Creative
Commons and other licenses we operate under.
Sent from my Droid 4 Elias Friedman A.S., CCEMT-P אליהו מתתיהו בן צבי elipongo@gmail.com "יְהִי אוֹר"
WikiEN-l mailing list WikiEN-l@lists.wikimedia.org To unsubscribe from this mailing list, visit: https://lists.wikimedia.org/mailman/listinfo/wikien-l
WikiEN-l mailing list WikiEN-l@lists.wikimedia.org To unsubscribe from this mailing list, visit: https://lists.wikimedia.org/mailman/listinfo/wikien-l
WikiEN-l mailing list WikiEN-l@lists.wikimedia.org To unsubscribe from this mailing list, visit: https://lists.wikimedia.org/mailman/listinfo/wikien-l
-- Oliver Keyes Research Analyst Wikimedia Foundation
The WMF keeps data on an informed group of people, those who edit on WMF sites, and for a fixed period of time, (apart of course from the public listing of IP addresses).
If the NSA was only keeping data for as long as the WMF and only keeping data on people who post on the NSA site then the comparison would be more meaningful. I'm not actually suggesting that the NSA match the WMF for privacy, but then I doubt that the WMF would try importing the sort of data on everyone that the NSA tries to hoover up.
Regards
Jonathan Cardy
On 29 Mar 2015, at 14:18, Brian J Mingus brian.mingus@colorado.edu wrote:
Do you see the irony here?
The NSA needs to keep harvesting metadata in order to stop terrorism.
The WMF needs to keep harvesting metadata in order to stop vandalism.
On Sun, Mar 29, 2015 at 9:16 AM, Oliver Keyes okeyes@wikimedia.org wrote:
.....at which point it can no longer be used for checkuser or for rangeblocks. I really don't see the hypocricy there. Are we:
- Taking user data;
- Storing it and not saying for how long;
- Not telling the user we're taking it in the first place, and;
- Not tellning anyone what we're using it for?
If "yes" to all of the above, the NSA is broadly analogous. If no...a better analogy is needed.
On 28 March 2015 at 11:44, Brian J Mingus brian.mingus@colorado.edu wrote:
I think now that we are suing the NSA that it's deeply hypocritical to be surveilling users. A quick fix: stuff the ip field with random numbers.
On Sat, Mar 28, 2015 at 8:38 AM, James Alexander <
jalexander@wikimedia.org>
wrote:
The idea of the IP being more private in the history/ public logs (for example a unique hash so that you know it's "an IP" but not where/what
IP"
) is one that I know has been discussed and is desired by a good number within the foundation including within legal. I'll try to look for the phabricator task about it tomorrow. I think that's something that is
likely
to happen, it isn't easy though and requires a fair number of resources
to
be pointed at it to get it done so it's a question of priorities and convincing those who decide those things that it should be higher. I believe it's something, privacy wise, that legal would really like.
I think it is unlikely in the short to medium term, however, to get rid
of
the IPs in the backend (in server logs and in the checkuser system for example) because the replacements just aren't there. I've spent a good amount of time thinking of a way to make the checkuser system as usable
as
necessary without revealing IPs for example (including a consultant who looked a lot but didn't really come up with anything we didn't know already). I think it's doable, but it would be a very difficult and long design process and I think it's unlikely in the near future.
James Alexander Community Advocacy Wikimedia Foundation (415) 839-6885 x6716 @jamesofur
On Fri, Mar 27, 2015 at 10:17 PM, Kyanos someanon126@gmail.com wrote:
I don't believe a different license is needed. CC licenses can be used
for
anonymous works: The author is not given and does not have to be
credited,
but everything else (attribution of the work and share-alike) would
stay
the same. So a change in the terms of use to the effect of,
"Unregistered
edits are considered to have no named author," would be sufficient.
Kyanos
On 03/27/2015 06:41 AM, WereSpielChequers wrote:
Perhaps we should move to a different licensing model for future IP edits. CC0 for IP edits would be a more sensible license for edits by
an IP
where in many cases no-one could attribute the edit to the individual
who
made it. If people don't want to release their edits as CC0 they can
always
create an account.
Regards
Jonathan Cardy
On 27 Mar 2015, at 10:28, Elias Friedman elipongo@gmail.com
wrote:
> > It's actually required so as to provide attribution as per the
Creative
> Commons and other licenses we operate under. > > Sent from my Droid 4 > Elias Friedman A.S., CCEMT-P > אליהו מתתיהו בן צבי > elipongo@gmail.com > "יְהִי אוֹר"
WikiEN-l mailing list WikiEN-l@lists.wikimedia.org To unsubscribe from this mailing list, visit: https://lists.wikimedia.org/mailman/listinfo/wikien-l
WikiEN-l mailing list WikiEN-l@lists.wikimedia.org To unsubscribe from this mailing list, visit: https://lists.wikimedia.org/mailman/listinfo/wikien-l
WikiEN-l mailing list WikiEN-l@lists.wikimedia.org To unsubscribe from this mailing list, visit: https://lists.wikimedia.org/mailman/listinfo/wikien-l
-- Oliver Keyes Research Analyst Wikimedia Foundation
WikiEN-l mailing list WikiEN-l@lists.wikimedia.org To unsubscribe from this mailing list, visit: https://lists.wikimedia.org/mailman/listinfo/wikien-l
It has worked up to now, but I'm thinking that, especially given Wikimedia is suing the NSA, it is no longer justifiable. If the NSA can't track citizens, Wikimedia shouldn't be tracking them either. Seems simple :)
On Thu, Mar 26, 2015 at 2:56 PM, Francesco Ariis fa-ml@ariis.it wrote:
On Wed, Mar 25, 2015 at 01:19:35PM -0400, Brian J Mingus wrote:
I think it's rather curious that edits to Wikipedia aren't private. Why
log
the IP address? Why log anything? It's invasive.
I guess it's a sensible choice against abuse (vandalism) while still allowing non registered users editing rights
WikiEN-l mailing list WikiEN-l@lists.wikimedia.org To unsubscribe from this mailing list, visit: https://lists.wikimedia.org/mailman/listinfo/wikien-l
Wikipedia is suing the NSA? Seriously? On 28 Mar 2015 11:23, "Brian J Mingus" brian.mingus@colorado.edu wrote:
It has worked up to now, but I'm thinking that, especially given Wikimedia is suing the NSA, it is no longer justifiable. If the NSA can't track citizens, Wikimedia shouldn't be tracking them either. Seems simple :)
On Thu, Mar 26, 2015 at 2:56 PM, Francesco Ariis fa-ml@ariis.it wrote:
On Wed, Mar 25, 2015 at 01:19:35PM -0400, Brian J Mingus wrote:
I think it's rather curious that edits to Wikipedia aren't private. Why
log
the IP address? Why log anything? It's invasive.
I guess it's a sensible choice against abuse (vandalism) while still allowing non registered users editing rights
WikiEN-l mailing list WikiEN-l@lists.wikimedia.org To unsubscribe from this mailing list, visit: https://lists.wikimedia.org/mailman/listinfo/wikien-l
WikiEN-l mailing list WikiEN-l@lists.wikimedia.org To unsubscribe from this mailing list, visit: https://lists.wikimedia.org/mailman/listinfo/wikien-l
In order:
1. Yes, the WMF is suing the NSA. There are a few threads/blog posts about this people here can point you to. 2. Brian: The NSA needs to store data without the permission or consent of the people generating it, sometimes through forcible interception, decryption and the introduction and maintenance of software exploits that allow them to do this but also allow any other reasonably technical nation or non-nation actor who is paying attention to exploit the same vulnerability, keeping this data for an indefinite period, with very little legal or political oversight, in order to stop terrorism, where very little evidence exists that this has helped in any way.
The WMF needs to store data for a 90 day period, which is explicitly set down in a privacy policy that is transparent, human-readable, linked from every edit interface, written with the involvement of the people whose data is being stored, administered by a committee of people who come from this population of editors, and explicitly sets out what the data may or may not be used for, even within the Wikimedia Foundation, in order to stop vandalism, where multiple scientific studies have validated the hypothesis that being able to make rangeblocks and prohibit sockpuppetry is beneficial to the community we are all a part of and the wider population of readers.
That's what's actually going on, here. If you thing these situations are roughly analogous, that's your prerogative. If you think the storage of this data is unnecessary, I recommend you go to your local project and explain to them that being able to checkuser potential sockpuppets or hard-block users is not needed: gaining consensus there would be a good starting point to changing this.
On 29 March 2015 at 11:57, James Farrar james.farrar@gmail.com wrote:
Wikipedia is suing the NSA? Seriously? On 28 Mar 2015 11:23, "Brian J Mingus" brian.mingus@colorado.edu wrote:
It has worked up to now, but I'm thinking that, especially given Wikimedia is suing the NSA, it is no longer justifiable. If the NSA can't track citizens, Wikimedia shouldn't be tracking them either. Seems simple :)
On Thu, Mar 26, 2015 at 2:56 PM, Francesco Ariis fa-ml@ariis.it wrote:
On Wed, Mar 25, 2015 at 01:19:35PM -0400, Brian J Mingus wrote:
I think it's rather curious that edits to Wikipedia aren't private. Why
log
the IP address? Why log anything? It's invasive.
I guess it's a sensible choice against abuse (vandalism) while still allowing non registered users editing rights
WikiEN-l mailing list WikiEN-l@lists.wikimedia.org To unsubscribe from this mailing list, visit: https://lists.wikimedia.org/mailman/listinfo/wikien-l
WikiEN-l mailing list WikiEN-l@lists.wikimedia.org To unsubscribe from this mailing list, visit: https://lists.wikimedia.org/mailman/listinfo/wikien-l
WikiEN-l mailing list WikiEN-l@lists.wikimedia.org To unsubscribe from this mailing list, visit: https://lists.wikimedia.org/mailman/listinfo/wikien-l
In general people do not read privacy policies, nor do they understand what IP addresses are or what you can do with them.
But if you recall, I simply stated that recording IP addresses is invasive. And it is.
This is especially true when you know that your recordings are faciliating the active de-anonymization of people who are editing Wikipedia. Not just de-anonymization, but often public shaming.
For WMF, the principle of neutrality clearly trumps the principles of privacy and free speech. For the NSA, substitute security for neutrality. It's hypocritical.
Luckily, it's easy to fix. Just stuff the ip fields with random numbers and deal with the fallout. Stop tracking people.
On Sun, Mar 29, 2015 at 2:02 PM, Oliver Keyes okeyes@wikimedia.org wrote:
In order:
- Yes, the WMF is suing the NSA. There are a few threads/blog posts
about this people here can point you to. 2. Brian: The NSA needs to store data without the permission or consent of the people generating it, sometimes through forcible interception, decryption and the introduction and maintenance of software exploits that allow them to do this but also allow any other reasonably technical nation or non-nation actor who is paying attention to exploit the same vulnerability, keeping this data for an indefinite period, with very little legal or political oversight, in order to stop terrorism, where very little evidence exists that this has helped in any way.
The WMF needs to store data for a 90 day period, which is explicitly set down in a privacy policy that is transparent, human-readable, linked from every edit interface, written with the involvement of the people whose data is being stored, administered by a committee of people who come from this population of editors, and explicitly sets out what the data may or may not be used for, even within the Wikimedia Foundation, in order to stop vandalism, where multiple scientific studies have validated the hypothesis that being able to make rangeblocks and prohibit sockpuppetry is beneficial to the community we are all a part of and the wider population of readers.
That's what's actually going on, here. If you thing these situations are roughly analogous, that's your prerogative. If you think the storage of this data is unnecessary, I recommend you go to your local project and explain to them that being able to checkuser potential sockpuppets or hard-block users is not needed: gaining consensus there would be a good starting point to changing this.
On 29 March 2015 at 11:57, James Farrar james.farrar@gmail.com wrote:
Wikipedia is suing the NSA? Seriously? On 28 Mar 2015 11:23, "Brian J Mingus" brian.mingus@colorado.edu
wrote:
It has worked up to now, but I'm thinking that, especially given
Wikimedia
is suing the NSA, it is no longer justifiable. If the NSA can't track citizens, Wikimedia shouldn't be tracking them either. Seems simple :)
On Thu, Mar 26, 2015 at 2:56 PM, Francesco Ariis fa-ml@ariis.it
wrote:
On Wed, Mar 25, 2015 at 01:19:35PM -0400, Brian J Mingus wrote:
I think it's rather curious that edits to Wikipedia aren't private.
Why
log
the IP address? Why log anything? It's invasive.
I guess it's a sensible choice against abuse (vandalism) while still allowing non registered users editing rights
WikiEN-l mailing list WikiEN-l@lists.wikimedia.org To unsubscribe from this mailing list, visit: https://lists.wikimedia.org/mailman/listinfo/wikien-l
WikiEN-l mailing list WikiEN-l@lists.wikimedia.org To unsubscribe from this mailing list, visit: https://lists.wikimedia.org/mailman/listinfo/wikien-l
WikiEN-l mailing list WikiEN-l@lists.wikimedia.org To unsubscribe from this mailing list, visit: https://lists.wikimedia.org/mailman/listinfo/wikien-l
-- Oliver Keyes Research Analyst Wikimedia Foundation
Yes, you did state that, but you equated the explanation and circumstances with the NSA's behaviour, when in actual fact they are very different. I note that while you've argued that privacy policies aren't read, that's as far as your rebuttal goes.
There's no trump of one principle over another, and this is nothing to do with content neutrality; again, I invite you to surface your proposal on enwiki. It will completely eliminate the utility of checkuser or hard-blocks or range blocks, but if the community wants it as much as you seem to think I'm sure they'll support the idea.
On 29 March 2015 at 14:10, Brian J Mingus brian.mingus@colorado.edu wrote:
In general people do not read privacy policies, nor do they understand what IP addresses are or what you can do with them.
But if you recall, I simply stated that recording IP addresses is invasive. And it is.
This is especially true when you know that your recordings are faciliating the active de-anonymization of people who are editing Wikipedia. Not just de-anonymization, but often public shaming.
For WMF, the principle of neutrality clearly trumps the principles of privacy and free speech. For the NSA, substitute security for neutrality. It's hypocritical.
Luckily, it's easy to fix. Just stuff the ip fields with random numbers and deal with the fallout. Stop tracking people.
On Sun, Mar 29, 2015 at 2:02 PM, Oliver Keyes okeyes@wikimedia.org wrote:
In order:
- Yes, the WMF is suing the NSA. There are a few threads/blog posts
about this people here can point you to. 2. Brian: The NSA needs to store data without the permission or consent of the people generating it, sometimes through forcible interception, decryption and the introduction and maintenance of software exploits that allow them to do this but also allow any other reasonably technical nation or non-nation actor who is paying attention to exploit the same vulnerability, keeping this data for an indefinite period, with very little legal or political oversight, in order to stop terrorism, where very little evidence exists that this has helped in any way.
The WMF needs to store data for a 90 day period, which is explicitly set down in a privacy policy that is transparent, human-readable, linked from every edit interface, written with the involvement of the people whose data is being stored, administered by a committee of people who come from this population of editors, and explicitly sets out what the data may or may not be used for, even within the Wikimedia Foundation, in order to stop vandalism, where multiple scientific studies have validated the hypothesis that being able to make rangeblocks and prohibit sockpuppetry is beneficial to the community we are all a part of and the wider population of readers.
That's what's actually going on, here. If you thing these situations are roughly analogous, that's your prerogative. If you think the storage of this data is unnecessary, I recommend you go to your local project and explain to them that being able to checkuser potential sockpuppets or hard-block users is not needed: gaining consensus there would be a good starting point to changing this.
On 29 March 2015 at 11:57, James Farrar james.farrar@gmail.com wrote:
Wikipedia is suing the NSA? Seriously? On 28 Mar 2015 11:23, "Brian J Mingus" brian.mingus@colorado.edu wrote:
It has worked up to now, but I'm thinking that, especially given Wikimedia is suing the NSA, it is no longer justifiable. If the NSA can't track citizens, Wikimedia shouldn't be tracking them either. Seems simple :)
On Thu, Mar 26, 2015 at 2:56 PM, Francesco Ariis fa-ml@ariis.it wrote:
On Wed, Mar 25, 2015 at 01:19:35PM -0400, Brian J Mingus wrote:
I think it's rather curious that edits to Wikipedia aren't private. Why
log
the IP address? Why log anything? It's invasive.
I guess it's a sensible choice against abuse (vandalism) while still allowing non registered users editing rights
WikiEN-l mailing list WikiEN-l@lists.wikimedia.org To unsubscribe from this mailing list, visit: https://lists.wikimedia.org/mailman/listinfo/wikien-l
WikiEN-l mailing list WikiEN-l@lists.wikimedia.org To unsubscribe from this mailing list, visit: https://lists.wikimedia.org/mailman/listinfo/wikien-l
WikiEN-l mailing list WikiEN-l@lists.wikimedia.org To unsubscribe from this mailing list, visit: https://lists.wikimedia.org/mailman/listinfo/wikien-l
-- Oliver Keyes Research Analyst Wikimedia Foundation
At this point we're really getting somewhat off-topic; Brian, if you want to continue this discussion about the trade-offs around privacy and oversight, feel free to drop me an email. In the meantime, we should probably leave the thread for the original subject ;)
On 29 March 2015 at 14:55, Oliver Keyes okeyes@wikimedia.org wrote:
Yes, you did state that, but you equated the explanation and circumstances with the NSA's behaviour, when in actual fact they are very different. I note that while you've argued that privacy policies aren't read, that's as far as your rebuttal goes.
There's no trump of one principle over another, and this is nothing to do with content neutrality; again, I invite you to surface your proposal on enwiki. It will completely eliminate the utility of checkuser or hard-blocks or range blocks, but if the community wants it as much as you seem to think I'm sure they'll support the idea.
On 29 March 2015 at 14:10, Brian J Mingus brian.mingus@colorado.edu wrote:
In general people do not read privacy policies, nor do they understand what IP addresses are or what you can do with them.
But if you recall, I simply stated that recording IP addresses is invasive. And it is.
This is especially true when you know that your recordings are faciliating the active de-anonymization of people who are editing Wikipedia. Not just de-anonymization, but often public shaming.
For WMF, the principle of neutrality clearly trumps the principles of privacy and free speech. For the NSA, substitute security for neutrality. It's hypocritical.
Luckily, it's easy to fix. Just stuff the ip fields with random numbers and deal with the fallout. Stop tracking people.
On Sun, Mar 29, 2015 at 2:02 PM, Oliver Keyes okeyes@wikimedia.org wrote:
In order:
- Yes, the WMF is suing the NSA. There are a few threads/blog posts
about this people here can point you to. 2. Brian: The NSA needs to store data without the permission or consent of the people generating it, sometimes through forcible interception, decryption and the introduction and maintenance of software exploits that allow them to do this but also allow any other reasonably technical nation or non-nation actor who is paying attention to exploit the same vulnerability, keeping this data for an indefinite period, with very little legal or political oversight, in order to stop terrorism, where very little evidence exists that this has helped in any way.
The WMF needs to store data for a 90 day period, which is explicitly set down in a privacy policy that is transparent, human-readable, linked from every edit interface, written with the involvement of the people whose data is being stored, administered by a committee of people who come from this population of editors, and explicitly sets out what the data may or may not be used for, even within the Wikimedia Foundation, in order to stop vandalism, where multiple scientific studies have validated the hypothesis that being able to make rangeblocks and prohibit sockpuppetry is beneficial to the community we are all a part of and the wider population of readers.
That's what's actually going on, here. If you thing these situations are roughly analogous, that's your prerogative. If you think the storage of this data is unnecessary, I recommend you go to your local project and explain to them that being able to checkuser potential sockpuppets or hard-block users is not needed: gaining consensus there would be a good starting point to changing this.
On 29 March 2015 at 11:57, James Farrar james.farrar@gmail.com wrote:
Wikipedia is suing the NSA? Seriously? On 28 Mar 2015 11:23, "Brian J Mingus" brian.mingus@colorado.edu wrote:
It has worked up to now, but I'm thinking that, especially given Wikimedia is suing the NSA, it is no longer justifiable. If the NSA can't track citizens, Wikimedia shouldn't be tracking them either. Seems simple :)
On Thu, Mar 26, 2015 at 2:56 PM, Francesco Ariis fa-ml@ariis.it wrote:
On Wed, Mar 25, 2015 at 01:19:35PM -0400, Brian J Mingus wrote: > I think it's rather curious that edits to Wikipedia aren't private. > Why log > the IP address? Why log anything? It's invasive.
I guess it's a sensible choice against abuse (vandalism) while still allowing non registered users editing rights
WikiEN-l mailing list WikiEN-l@lists.wikimedia.org To unsubscribe from this mailing list, visit: https://lists.wikimedia.org/mailman/listinfo/wikien-l
WikiEN-l mailing list WikiEN-l@lists.wikimedia.org To unsubscribe from this mailing list, visit: https://lists.wikimedia.org/mailman/listinfo/wikien-l
WikiEN-l mailing list WikiEN-l@lists.wikimedia.org To unsubscribe from this mailing list, visit: https://lists.wikimedia.org/mailman/listinfo/wikien-l
-- Oliver Keyes Research Analyst Wikimedia Foundation
-- Oliver Keyes Research Analyst Wikimedia Foundation
Somewhat off topic? That means we're somewhat on topic then, right? It sure seems like we're on topic.
I would prefer it of the WMF took the initiative and asked the community what they think about this issue as a whole. The discussion seems to have lacked transparency up to now. "We're suing the NSA for something we're doing. Yes, we're aware of that, and we'd like to do something about it, but it's a low priority and that's the final word." I'm not sure everyone will agree with that.
Best,
On Sun, Mar 29, 2015 at 2:58 PM, Oliver Keyes okeyes@wikimedia.org wrote:
At this point we're really getting somewhat off-topic; Brian, if you want to continue this discussion about the trade-offs around privacy and oversight, feel free to drop me an email. In the meantime, we should probably leave the thread for the original subject ;)
On 29 March 2015 at 14:55, Oliver Keyes okeyes@wikimedia.org wrote:
Yes, you did state that, but you equated the explanation and circumstances with the NSA's behaviour, when in actual fact they are very different. I note that while you've argued that privacy policies aren't read, that's as far as your rebuttal goes.
There's no trump of one principle over another, and this is nothing to do with content neutrality; again, I invite you to surface your proposal on enwiki. It will completely eliminate the utility of checkuser or hard-blocks or range blocks, but if the community wants it as much as you seem to think I'm sure they'll support the idea.
On 29 March 2015 at 14:10, Brian J Mingus brian.mingus@colorado.edu
wrote:
In general people do not read privacy policies, nor do they understand
what
IP addresses are or what you can do with them.
But if you recall, I simply stated that recording IP addresses is
invasive.
And it is.
This is especially true when you know that your recordings are
faciliating
the active de-anonymization of people who are editing Wikipedia. Not
just
de-anonymization, but often public shaming.
For WMF, the principle of neutrality clearly trumps the principles of privacy and free speech. For the NSA, substitute security for
neutrality.
It's hypocritical.
Luckily, it's easy to fix. Just stuff the ip fields with random numbers
and
deal with the fallout. Stop tracking people.
On Sun, Mar 29, 2015 at 2:02 PM, Oliver Keyes okeyes@wikimedia.org
wrote:
In order:
- Yes, the WMF is suing the NSA. There are a few threads/blog posts
about this people here can point you to. 2. Brian: The NSA needs to store data without the permission or consent of the people generating it, sometimes through forcible interception, decryption and the introduction and maintenance of software exploits that allow them to do this but also allow any other reasonably technical nation or non-nation actor who is paying attention to exploit the same vulnerability, keeping this data for an indefinite period, with very little legal or political oversight, in order to stop terrorism, where very little evidence exists that this has helped in any way.
The WMF needs to store data for a 90 day period, which is explicitly set down in a privacy policy that is transparent, human-readable, linked from every edit interface, written with the involvement of the people whose data is being stored, administered by a committee of people who come from this population of editors, and explicitly sets out what the data may or may not be used for, even within the Wikimedia Foundation, in order to stop vandalism, where multiple scientific studies have validated the hypothesis that being able to make rangeblocks and prohibit sockpuppetry is beneficial to the community we are all a part of and the wider population of readers.
That's what's actually going on, here. If you thing these situations are roughly analogous, that's your prerogative. If you think the storage of this data is unnecessary, I recommend you go to your local project and explain to them that being able to checkuser potential sockpuppets or hard-block users is not needed: gaining consensus there would be a good starting point to changing this.
On 29 March 2015 at 11:57, James Farrar james.farrar@gmail.com
wrote:
Wikipedia is suing the NSA? Seriously? On 28 Mar 2015 11:23, "Brian J Mingus" brian.mingus@colorado.edu wrote:
It has worked up to now, but I'm thinking that, especially given Wikimedia is suing the NSA, it is no longer justifiable. If the NSA can't
track
citizens, Wikimedia shouldn't be tracking them either. Seems simple
:)
On Thu, Mar 26, 2015 at 2:56 PM, Francesco Ariis fa-ml@ariis.it wrote:
> On Wed, Mar 25, 2015 at 01:19:35PM -0400, Brian J Mingus wrote: > > I think it's rather curious that edits to Wikipedia aren't
private.
> > Why > log > > the IP address? Why log anything? It's invasive. > > I guess it's a sensible choice against abuse (vandalism) while
still
> allowing non registered users editing rights > > > _______________________________________________ > WikiEN-l mailing list > WikiEN-l@lists.wikimedia.org > To unsubscribe from this mailing list, visit: > https://lists.wikimedia.org/mailman/listinfo/wikien-l > _______________________________________________ WikiEN-l mailing list WikiEN-l@lists.wikimedia.org To unsubscribe from this mailing list, visit: https://lists.wikimedia.org/mailman/listinfo/wikien-l
WikiEN-l mailing list WikiEN-l@lists.wikimedia.org To unsubscribe from this mailing list, visit: https://lists.wikimedia.org/mailman/listinfo/wikien-l
-- Oliver Keyes Research Analyst Wikimedia Foundation
-- Oliver Keyes Research Analyst Wikimedia Foundation
-- Oliver Keyes Research Analyst Wikimedia Foundation
"Wikipedia:Free speech" (http://en.wikipedia.org/wiki/Wikipedia:Free_speech) is probably worth a read.
http://en.wikipedia.org/wiki/Wikipedia:Free_speech
It's not directly about privacy but I think it clearly covers the ground that Wikipedia is a project to create an online encyclopedia, not an experiment in radical free speech. The system is set up to facilitate that goal.
If you think that recording IP addresses is invasive, then you should probably be publishing your content on your own website, not Wikipedia.
Cheers, David...
On Mon, Mar 30, 2015 at 5:10 AM, Brian J Mingus brian.mingus@colorado.edu wrote:
In general people do not read privacy policies, nor do they understand what IP addresses are or what you can do with them.
But if you recall, I simply stated that recording IP addresses is invasive. And it is.
This is especially true when you know that your recordings are faciliating the active de-anonymization of people who are editing Wikipedia. Not just de-anonymization, but often public shaming.
For WMF, the principle of neutrality clearly trumps the principles of privacy and free speech. For the NSA, substitute security for neutrality. It's hypocritical.
Luckily, it's easy to fix. Just stuff the ip fields with random numbers and deal with the fallout. Stop tracking people.
On Sun, Mar 29, 2015 at 2:02 PM, Oliver Keyes okeyes@wikimedia.org wrote:
In order:
- Yes, the WMF is suing the NSA. There are a few threads/blog posts
about this people here can point you to. 2. Brian: The NSA needs to store data without the permission or consent of the people generating it, sometimes through forcible interception, decryption and the introduction and maintenance of software exploits that allow them to do this but also allow any other reasonably technical nation or non-nation actor who is paying attention to exploit the same vulnerability, keeping this data for an indefinite period, with very little legal or political oversight, in order to stop terrorism, where very little evidence exists that this has helped in any way.
The WMF needs to store data for a 90 day period, which is explicitly set down in a privacy policy that is transparent, human-readable, linked from every edit interface, written with the involvement of the people whose data is being stored, administered by a committee of people who come from this population of editors, and explicitly sets out what the data may or may not be used for, even within the Wikimedia Foundation, in order to stop vandalism, where multiple scientific studies have validated the hypothesis that being able to make rangeblocks and prohibit sockpuppetry is beneficial to the community we are all a part of and the wider population of readers.
That's what's actually going on, here. If you thing these situations are roughly analogous, that's your prerogative. If you think the storage of this data is unnecessary, I recommend you go to your local project and explain to them that being able to checkuser potential sockpuppets or hard-block users is not needed: gaining consensus there would be a good starting point to changing this.
On 29 March 2015 at 11:57, James Farrar james.farrar@gmail.com wrote:
Wikipedia is suing the NSA? Seriously? On 28 Mar 2015 11:23, "Brian J Mingus" brian.mingus@colorado.edu
wrote:
It has worked up to now, but I'm thinking that, especially given
Wikimedia
is suing the NSA, it is no longer justifiable. If the NSA can't track citizens, Wikimedia shouldn't be tracking them either. Seems simple :)
On Thu, Mar 26, 2015 at 2:56 PM, Francesco Ariis fa-ml@ariis.it
wrote:
On Wed, Mar 25, 2015 at 01:19:35PM -0400, Brian J Mingus wrote:
I think it's rather curious that edits to Wikipedia aren't
private.
Why
log
the IP address? Why log anything? It's invasive.
I guess it's a sensible choice against abuse (vandalism) while still allowing non registered users editing rights
WikiEN-l mailing list WikiEN-l@lists.wikimedia.org To unsubscribe from this mailing list, visit: https://lists.wikimedia.org/mailman/listinfo/wikien-l
WikiEN-l mailing list WikiEN-l@lists.wikimedia.org To unsubscribe from this mailing list, visit: https://lists.wikimedia.org/mailman/listinfo/wikien-l
WikiEN-l mailing list WikiEN-l@lists.wikimedia.org To unsubscribe from this mailing list, visit: https://lists.wikimedia.org/mailman/listinfo/wikien-l
-- Oliver Keyes Research Analyst Wikimedia Foundation
WikiEN-l mailing list WikiEN-l@lists.wikimedia.org To unsubscribe from this mailing list, visit: https://lists.wikimedia.org/mailman/listinfo/wikien-l
Wikipedia is set up such that if you don't take the measures mentioned in the OP, you are dox'ing yourself. Users are not aware of this.
On Sun, Mar 29, 2015 at 4:33 PM, David Carson carson63000@gmail.com wrote:
"Wikipedia:Free speech" ( http://en.wikipedia.org/wiki/Wikipedia:Free_speech) is probably worth a read.
http://en.wikipedia.org/wiki/Wikipedia:Free_speech
It's not directly about privacy but I think it clearly covers the ground that Wikipedia is a project to create an online encyclopedia, not an experiment in radical free speech. The system is set up to facilitate that goal.
If you think that recording IP addresses is invasive, then you should probably be publishing your content on your own website, not Wikipedia.
Cheers, David...
On Mon, Mar 30, 2015 at 5:10 AM, Brian J Mingus <brian.mingus@colorado.edu
wrote:
In general people do not read privacy policies, nor do they understand what IP addresses are or what you can do with them.
But if you recall, I simply stated that recording IP addresses is invasive. And it is.
This is especially true when you know that your recordings are faciliating the active de-anonymization of people who are editing Wikipedia. Not just de-anonymization, but often public shaming.
For WMF, the principle of neutrality clearly trumps the principles of privacy and free speech. For the NSA, substitute security for neutrality. It's hypocritical.
Luckily, it's easy to fix. Just stuff the ip fields with random numbers and deal with the fallout. Stop tracking people.
On Sun, Mar 29, 2015 at 2:02 PM, Oliver Keyes okeyes@wikimedia.org wrote:
In order:
- Yes, the WMF is suing the NSA. There are a few threads/blog posts
about this people here can point you to. 2. Brian: The NSA needs to store data without the permission or consent of the people generating it, sometimes through forcible interception, decryption and the introduction and maintenance of software exploits that allow them to do this but also allow any other reasonably technical nation or non-nation actor who is paying attention to exploit the same vulnerability, keeping this data for an indefinite period, with very little legal or political oversight, in order to stop terrorism, where very little evidence exists that this has helped in any way.
The WMF needs to store data for a 90 day period, which is explicitly set down in a privacy policy that is transparent, human-readable, linked from every edit interface, written with the involvement of the people whose data is being stored, administered by a committee of people who come from this population of editors, and explicitly sets out what the data may or may not be used for, even within the Wikimedia Foundation, in order to stop vandalism, where multiple scientific studies have validated the hypothesis that being able to make rangeblocks and prohibit sockpuppetry is beneficial to the community we are all a part of and the wider population of readers.
That's what's actually going on, here. If you thing these situations are roughly analogous, that's your prerogative. If you think the storage of this data is unnecessary, I recommend you go to your local project and explain to them that being able to checkuser potential sockpuppets or hard-block users is not needed: gaining consensus there would be a good starting point to changing this.
On 29 March 2015 at 11:57, James Farrar james.farrar@gmail.com wrote:
Wikipedia is suing the NSA? Seriously? On 28 Mar 2015 11:23, "Brian J Mingus" brian.mingus@colorado.edu
wrote:
It has worked up to now, but I'm thinking that, especially given
Wikimedia
is suing the NSA, it is no longer justifiable. If the NSA can't track citizens, Wikimedia shouldn't be tracking them either. Seems simple
:)
On Thu, Mar 26, 2015 at 2:56 PM, Francesco Ariis fa-ml@ariis.it
wrote:
On Wed, Mar 25, 2015 at 01:19:35PM -0400, Brian J Mingus wrote: > I think it's rather curious that edits to Wikipedia aren't
private.
Why
log > the IP address? Why log anything? It's invasive.
I guess it's a sensible choice against abuse (vandalism) while
still
allowing non registered users editing rights
WikiEN-l mailing list WikiEN-l@lists.wikimedia.org To unsubscribe from this mailing list, visit: https://lists.wikimedia.org/mailman/listinfo/wikien-l
WikiEN-l mailing list WikiEN-l@lists.wikimedia.org To unsubscribe from this mailing list, visit: https://lists.wikimedia.org/mailman/listinfo/wikien-l
WikiEN-l mailing list WikiEN-l@lists.wikimedia.org To unsubscribe from this mailing list, visit: https://lists.wikimedia.org/mailman/listinfo/wikien-l
-- Oliver Keyes Research Analyst Wikimedia Foundation
WikiEN-l mailing list WikiEN-l@lists.wikimedia.org To unsubscribe from this mailing list, visit: https://lists.wikimedia.org/mailman/listinfo/wikien-l
Hi Brian,
"Dox'ing yourself"? That's a pretty wild hyperbole.
But just to clarify: are you taking issue with the fact that not-logged-in users have their IP addresses publicly visible? Or with the fact that all edits have IP addresses privately recorded?
I originally thought you were talking about the latter, but now I'm not sure. If it's actually the former, I've got no disagreement with you.
Given that anyone can edit without making their IP public simply by registering a pseudonym and logging in, and given that many new editors might not be aware of the implications of revealing their IP (if they're editing from a static address at work, for instance), it seems to me that the easiest solution - and one which I think would cause absolutely zero astonishment in the minds of new users - would simply be to require users to register a pseudonym and log in in order to edit.
But if you're concerned about the effect that this would have on casual "drive-by" fixes and improvements by people who aren't invested enough in the project to register, then sure, encrypt or hash the IP address before displaying it publicly. I don't think randomizing it on every edit would be a good idea, because I think it's important to be able to tell whether a succession of edits were from the same editor.
Cheers, David...
On Mon, Mar 30, 2015 at 7:36 AM, Brian J Mingus brian.mingus@colorado.edu wrote:
Wikipedia is set up such that if you don't take the measures mentioned in the OP, you are dox'ing yourself. Users are not aware of this.
On Sun, Mar 29, 2015 at 4:33 PM, David Carson carson63000@gmail.com wrote:
"Wikipedia:Free speech" ( http://en.wikipedia.org/wiki/Wikipedia:Free_speech) is probably worth a read.
http://en.wikipedia.org/wiki/Wikipedia:Free_speech
It's not directly about privacy but I think it clearly covers the ground that Wikipedia is a project to create an online encyclopedia, not an experiment in radical free speech. The system is set up to facilitate that goal.
If you think that recording IP addresses is invasive, then you should probably be publishing your content on your own website, not Wikipedia.
Cheers, David...
On Mon, Mar 30, 2015 at 5:10 AM, Brian J Mingus < brian.mingus@colorado.edu> wrote:
In general people do not read privacy policies, nor do they understand what IP addresses are or what you can do with them.
But if you recall, I simply stated that recording IP addresses is invasive. And it is.
This is especially true when you know that your recordings are faciliating the active de-anonymization of people who are editing Wikipedia. Not just de-anonymization, but often public shaming.
For WMF, the principle of neutrality clearly trumps the principles of privacy and free speech. For the NSA, substitute security for neutrality. It's hypocritical.
Luckily, it's easy to fix. Just stuff the ip fields with random numbers and deal with the fallout. Stop tracking people.
On Sun, Mar 29, 2015 at 2:02 PM, Oliver Keyes okeyes@wikimedia.org wrote:
In order:
- Yes, the WMF is suing the NSA. There are a few threads/blog posts
about this people here can point you to. 2. Brian: The NSA needs to store data without the permission or consent of the people generating it, sometimes through forcible interception, decryption and the introduction and maintenance of software exploits that allow them to do this but also allow any other reasonably technical nation or non-nation actor who is paying attention to exploit the same vulnerability, keeping this data for an indefinite period, with very little legal or political oversight, in order to stop terrorism, where very little evidence exists that this has helped in any way.
The WMF needs to store data for a 90 day period, which is explicitly set down in a privacy policy that is transparent, human-readable, linked from every edit interface, written with the involvement of the people whose data is being stored, administered by a committee of people who come from this population of editors, and explicitly sets out what the data may or may not be used for, even within the Wikimedia Foundation, in order to stop vandalism, where multiple scientific studies have validated the hypothesis that being able to make rangeblocks and prohibit sockpuppetry is beneficial to the community we are all a part of and the wider population of readers.
That's what's actually going on, here. If you thing these situations are roughly analogous, that's your prerogative. If you think the storage of this data is unnecessary, I recommend you go to your local project and explain to them that being able to checkuser potential sockpuppets or hard-block users is not needed: gaining consensus there would be a good starting point to changing this.
On 29 March 2015 at 11:57, James Farrar james.farrar@gmail.com
wrote:
Wikipedia is suing the NSA? Seriously? On 28 Mar 2015 11:23, "Brian J Mingus" brian.mingus@colorado.edu
wrote:
It has worked up to now, but I'm thinking that, especially given
Wikimedia
is suing the NSA, it is no longer justifiable. If the NSA can't
track
citizens, Wikimedia shouldn't be tracking them either. Seems simple
:)
On Thu, Mar 26, 2015 at 2:56 PM, Francesco Ariis fa-ml@ariis.it
wrote:
> On Wed, Mar 25, 2015 at 01:19:35PM -0400, Brian J Mingus wrote: > > I think it's rather curious that edits to Wikipedia aren't
private.
Why
> log > > the IP address? Why log anything? It's invasive. > > I guess it's a sensible choice against abuse (vandalism) while
still
> allowing non registered users editing rights > > > _______________________________________________ > WikiEN-l mailing list > WikiEN-l@lists.wikimedia.org > To unsubscribe from this mailing list, visit: > https://lists.wikimedia.org/mailman/listinfo/wikien-l > _______________________________________________ WikiEN-l mailing list WikiEN-l@lists.wikimedia.org To unsubscribe from this mailing list, visit: https://lists.wikimedia.org/mailman/listinfo/wikien-l
WikiEN-l mailing list WikiEN-l@lists.wikimedia.org To unsubscribe from this mailing list, visit: https://lists.wikimedia.org/mailman/listinfo/wikien-l
-- Oliver Keyes Research Analyst Wikimedia Foundation
WikiEN-l mailing list WikiEN-l@lists.wikimedia.org To unsubscribe from this mailing list, visit: https://lists.wikimedia.org/mailman/listinfo/wikien-l
Hi David,
It is a bit of hyperbole, but reductio arguments have their role in helping to make certain things clear.
If you force users to log in, you can still identify them. The IP address is helpful, but not necessary.
On Sun, Mar 29, 2015 at 7:12 PM, David Carson carson63000@gmail.com wrote:
Hi Brian,
"Dox'ing yourself"? That's a pretty wild hyperbole.
But just to clarify: are you taking issue with the fact that not-logged-in users have their IP addresses publicly visible? Or with the fact that all edits have IP addresses privately recorded?
I originally thought you were talking about the latter, but now I'm not sure. If it's actually the former, I've got no disagreement with you.
Given that anyone can edit without making their IP public simply by registering a pseudonym and logging in, and given that many new editors might not be aware of the implications of revealing their IP (if they're editing from a static address at work, for instance), it seems to me that the easiest solution - and one which I think would cause absolutely zero astonishment in the minds of new users - would simply be to require users to register a pseudonym and log in in order to edit.
But if you're concerned about the effect that this would have on casual "drive-by" fixes and improvements by people who aren't invested enough in the project to register, then sure, encrypt or hash the IP address before displaying it publicly. I don't think randomizing it on every edit would be a good idea, because I think it's important to be able to tell whether a succession of edits were from the same editor.
Cheers, David...
On Mon, Mar 30, 2015 at 7:36 AM, Brian J Mingus <brian.mingus@colorado.edu
wrote:
Wikipedia is set up such that if you don't take the measures mentioned in the OP, you are dox'ing yourself. Users are not aware of this.
On Sun, Mar 29, 2015 at 4:33 PM, David Carson carson63000@gmail.com wrote:
"Wikipedia:Free speech" ( http://en.wikipedia.org/wiki/Wikipedia:Free_speech) is probably worth a read.
http://en.wikipedia.org/wiki/Wikipedia:Free_speech
It's not directly about privacy but I think it clearly covers the ground that Wikipedia is a project to create an online encyclopedia, not an experiment in radical free speech. The system is set up to facilitate that goal.
If you think that recording IP addresses is invasive, then you should probably be publishing your content on your own website, not Wikipedia.
Cheers, David...
On Mon, Mar 30, 2015 at 5:10 AM, Brian J Mingus < brian.mingus@colorado.edu> wrote:
In general people do not read privacy policies, nor do they understand what IP addresses are or what you can do with them.
But if you recall, I simply stated that recording IP addresses is invasive. And it is.
This is especially true when you know that your recordings are faciliating the active de-anonymization of people who are editing Wikipedia. Not just de-anonymization, but often public shaming.
For WMF, the principle of neutrality clearly trumps the principles of privacy and free speech. For the NSA, substitute security for neutrality. It's hypocritical.
Luckily, it's easy to fix. Just stuff the ip fields with random numbers and deal with the fallout. Stop tracking people.
On Sun, Mar 29, 2015 at 2:02 PM, Oliver Keyes okeyes@wikimedia.org wrote:
In order:
- Yes, the WMF is suing the NSA. There are a few threads/blog posts
about this people here can point you to. 2. Brian: The NSA needs to store data without the permission or consent of the people generating it, sometimes through forcible interception, decryption and the introduction and maintenance of software exploits that allow them to do this but also allow any other reasonably technical nation or non-nation actor who is paying attention to exploit the same vulnerability, keeping this data for an indefinite period, with very little legal or political oversight, in order to stop terrorism, where very little evidence exists that this has helped in any way.
The WMF needs to store data for a 90 day period, which is explicitly set down in a privacy policy that is transparent, human-readable, linked from every edit interface, written with the involvement of the people whose data is being stored, administered by a committee of people who come from this population of editors, and explicitly sets out what the data may or may not be used for, even within the Wikimedia Foundation, in order to stop vandalism, where multiple scientific studies have validated the hypothesis that being able to make rangeblocks and prohibit sockpuppetry is beneficial to the community we are all a part of and the wider population of readers.
That's what's actually going on, here. If you thing these situations are roughly analogous, that's your prerogative. If you think the storage of this data is unnecessary, I recommend you go to your local project and explain to them that being able to checkuser potential sockpuppets or hard-block users is not needed: gaining consensus there would be a good starting point to changing this.
On 29 March 2015 at 11:57, James Farrar james.farrar@gmail.com
wrote:
Wikipedia is suing the NSA? Seriously? On 28 Mar 2015 11:23, "Brian J Mingus" brian.mingus@colorado.edu
wrote:
> It has worked up to now, but I'm thinking that, especially given
Wikimedia
> is suing the NSA, it is no longer justifiable. If the NSA can't
track
> citizens, Wikimedia shouldn't be tracking them either. Seems
simple :)
> > On Thu, Mar 26, 2015 at 2:56 PM, Francesco Ariis fa-ml@ariis.it
wrote:
> > > On Wed, Mar 25, 2015 at 01:19:35PM -0400, Brian J Mingus wrote: > > > I think it's rather curious that edits to Wikipedia aren't
private.
Why
> > log > > > the IP address? Why log anything? It's invasive. > > > > I guess it's a sensible choice against abuse (vandalism) while
still
> > allowing non registered users editing rights > > > > > > _______________________________________________ > > WikiEN-l mailing list > > WikiEN-l@lists.wikimedia.org > > To unsubscribe from this mailing list, visit: > > https://lists.wikimedia.org/mailman/listinfo/wikien-l > > > _______________________________________________ > WikiEN-l mailing list > WikiEN-l@lists.wikimedia.org > To unsubscribe from this mailing list, visit: > https://lists.wikimedia.org/mailman/listinfo/wikien-l > _______________________________________________ WikiEN-l mailing list WikiEN-l@lists.wikimedia.org To unsubscribe from this mailing list, visit: https://lists.wikimedia.org/mailman/listinfo/wikien-l
-- Oliver Keyes Research Analyst Wikimedia Foundation
WikiEN-l mailing list WikiEN-l@lists.wikimedia.org To unsubscribe from this mailing list, visit: https://lists.wikimedia.org/mailman/listinfo/wikien-l
Hi Brian,
I'm still not entirely clear on your complaint. Are you talking about Wikimedia (not random users, nor Wikipedia Administrators) having access to IP addresses from system logs? Or something else? What does "The IP address is helpful, but not necessary" mean?
Cheers, David...
On Mon, Mar 30, 2015 at 10:14 AM, Brian J Mingus brian.mingus@colorado.edu wrote:
Hi David,
It is a bit of hyperbole, but reductio arguments have their role in helping to make certain things clear.
If you force users to log in, you can still identify them. The IP address is helpful, but not necessary.
On Sun, Mar 29, 2015 at 7:12 PM, David Carson carson63000@gmail.com wrote:
Hi Brian,
"Dox'ing yourself"? That's a pretty wild hyperbole.
But just to clarify: are you taking issue with the fact that not-logged-in users have their IP addresses publicly visible? Or with the fact that all edits have IP addresses privately recorded?
I originally thought you were talking about the latter, but now I'm not sure. If it's actually the former, I've got no disagreement with you.
Given that anyone can edit without making their IP public simply by registering a pseudonym and logging in, and given that many new editors might not be aware of the implications of revealing their IP (if they're editing from a static address at work, for instance), it seems to me that the easiest solution - and one which I think would cause absolutely zero astonishment in the minds of new users - would simply be to require users to register a pseudonym and log in in order to edit.
But if you're concerned about the effect that this would have on casual "drive-by" fixes and improvements by people who aren't invested enough in the project to register, then sure, encrypt or hash the IP address before displaying it publicly. I don't think randomizing it on every edit would be a good idea, because I think it's important to be able to tell whether a succession of edits were from the same editor.
Cheers, David...
On Mon, Mar 30, 2015 at 7:36 AM, Brian J Mingus < brian.mingus@colorado.edu> wrote:
Wikipedia is set up such that if you don't take the measures mentioned in the OP, you are dox'ing yourself. Users are not aware of this.
On Sun, Mar 29, 2015 at 4:33 PM, David Carson carson63000@gmail.com wrote:
"Wikipedia:Free speech" ( http://en.wikipedia.org/wiki/Wikipedia:Free_speech) is probably worth a read.
http://en.wikipedia.org/wiki/Wikipedia:Free_speech
It's not directly about privacy but I think it clearly covers the ground that Wikipedia is a project to create an online encyclopedia, not an experiment in radical free speech. The system is set up to facilitate that goal.
If you think that recording IP addresses is invasive, then you should probably be publishing your content on your own website, not Wikipedia.
Cheers, David...
On Mon, Mar 30, 2015 at 5:10 AM, Brian J Mingus < brian.mingus@colorado.edu> wrote:
In general people do not read privacy policies, nor do they understand what IP addresses are or what you can do with them.
But if you recall, I simply stated that recording IP addresses is invasive. And it is.
This is especially true when you know that your recordings are faciliating the active de-anonymization of people who are editing Wikipedia. Not just de-anonymization, but often public shaming.
For WMF, the principle of neutrality clearly trumps the principles of privacy and free speech. For the NSA, substitute security for neutrality. It's hypocritical.
Luckily, it's easy to fix. Just stuff the ip fields with random numbers and deal with the fallout. Stop tracking people.
On Sun, Mar 29, 2015 at 2:02 PM, Oliver Keyes okeyes@wikimedia.org wrote:
In order:
- Yes, the WMF is suing the NSA. There are a few threads/blog posts
about this people here can point you to. 2. Brian: The NSA needs to store data without the permission or consent of the people generating it, sometimes through forcible interception, decryption and the introduction and maintenance of software exploits that allow them to do this but also allow any other reasonably technical nation or non-nation actor who is paying attention to exploit the same vulnerability, keeping this data for an indefinite period, with very little legal or political oversight, in order to stop terrorism, where very little evidence exists that this has helped in any way.
The WMF needs to store data for a 90 day period, which is explicitly set down in a privacy policy that is transparent, human-readable, linked from every edit interface, written with the involvement of the people whose data is being stored, administered by a committee of people who come from this population of editors, and explicitly sets out what the data may or may not be used for, even within the Wikimedia Foundation, in order to stop vandalism, where multiple scientific studies have validated the hypothesis that being able to make rangeblocks and prohibit sockpuppetry is beneficial to the community we are all a part of and the wider population of readers.
That's what's actually going on, here. If you thing these situations are roughly analogous, that's your prerogative. If you think the storage of this data is unnecessary, I recommend you go to your local project and explain to them that being able to checkuser potential sockpuppets or hard-block users is not needed: gaining consensus
there
would be a good starting point to changing this.
On 29 March 2015 at 11:57, James Farrar james.farrar@gmail.com
wrote:
> Wikipedia is suing the NSA? Seriously? > On 28 Mar 2015 11:23, "Brian J Mingus" brian.mingus@colorado.edu wrote: > >> It has worked up to now, but I'm thinking that, especially given Wikimedia >> is suing the NSA, it is no longer justifiable. If the NSA can't
track
>> citizens, Wikimedia shouldn't be tracking them either. Seems
simple :)
>> >> On Thu, Mar 26, 2015 at 2:56 PM, Francesco Ariis fa-ml@ariis.it wrote: >> >> > On Wed, Mar 25, 2015 at 01:19:35PM -0400, Brian J Mingus wrote: >> > > I think it's rather curious that edits to Wikipedia aren't
private.
Why >> > log >> > > the IP address? Why log anything? It's invasive. >> > >> > I guess it's a sensible choice against abuse (vandalism) while
still
>> > allowing non registered users editing rights >> > >> > >> > _______________________________________________ >> > WikiEN-l mailing list >> > WikiEN-l@lists.wikimedia.org >> > To unsubscribe from this mailing list, visit: >> > https://lists.wikimedia.org/mailman/listinfo/wikien-l >> > >> _______________________________________________ >> WikiEN-l mailing list >> WikiEN-l@lists.wikimedia.org >> To unsubscribe from this mailing list, visit: >> https://lists.wikimedia.org/mailman/listinfo/wikien-l >> > _______________________________________________ > WikiEN-l mailing list > WikiEN-l@lists.wikimedia.org > To unsubscribe from this mailing list, visit: > https://lists.wikimedia.org/mailman/listinfo/wikien-l
-- Oliver Keyes Research Analyst Wikimedia Foundation
WikiEN-l mailing list WikiEN-l@lists.wikimedia.org To unsubscribe from this mailing list, visit: https://lists.wikimedia.org/mailman/listinfo/wikien-l
Just like the Netflix Prize, knowing which topics an entity is interested in, and having access to text they have written, is, in many cases, enough information to reveal who that person is, where they live, etc. You just plug the data into Google and correlate away.
On Sun, Mar 29, 2015 at 7:19 PM, David Carson carson63000@gmail.com wrote:
Hi Brian,
I'm still not entirely clear on your complaint. Are you talking about Wikimedia (not random users, nor Wikipedia Administrators) having access to IP addresses from system logs? Or something else? What does "The IP address is helpful, but not necessary" mean?
Cheers, David...
On Mon, Mar 30, 2015 at 10:14 AM, Brian J Mingus < brian.mingus@colorado.edu> wrote:
Hi David,
It is a bit of hyperbole, but reductio arguments have their role in helping to make certain things clear.
If you force users to log in, you can still identify them. The IP address is helpful, but not necessary.
On Sun, Mar 29, 2015 at 7:12 PM, David Carson carson63000@gmail.com wrote:
Hi Brian,
"Dox'ing yourself"? That's a pretty wild hyperbole.
But just to clarify: are you taking issue with the fact that not-logged-in users have their IP addresses publicly visible? Or with the fact that all edits have IP addresses privately recorded?
I originally thought you were talking about the latter, but now I'm not sure. If it's actually the former, I've got no disagreement with you.
Given that anyone can edit without making their IP public simply by registering a pseudonym and logging in, and given that many new editors might not be aware of the implications of revealing their IP (if they're editing from a static address at work, for instance), it seems to me that the easiest solution - and one which I think would cause absolutely zero astonishment in the minds of new users - would simply be to require users to register a pseudonym and log in in order to edit.
But if you're concerned about the effect that this would have on casual "drive-by" fixes and improvements by people who aren't invested enough in the project to register, then sure, encrypt or hash the IP address before displaying it publicly. I don't think randomizing it on every edit would be a good idea, because I think it's important to be able to tell whether a succession of edits were from the same editor.
Cheers, David...
On Mon, Mar 30, 2015 at 7:36 AM, Brian J Mingus < brian.mingus@colorado.edu> wrote:
Wikipedia is set up such that if you don't take the measures mentioned in the OP, you are dox'ing yourself. Users are not aware of this.
On Sun, Mar 29, 2015 at 4:33 PM, David Carson carson63000@gmail.com wrote:
"Wikipedia:Free speech" ( http://en.wikipedia.org/wiki/Wikipedia:Free_speech) is probably worth a read.
http://en.wikipedia.org/wiki/Wikipedia:Free_speech
It's not directly about privacy but I think it clearly covers the ground that Wikipedia is a project to create an online encyclopedia, not an experiment in radical free speech. The system is set up to facilitate that goal.
If you think that recording IP addresses is invasive, then you should probably be publishing your content on your own website, not Wikipedia.
Cheers, David...
On Mon, Mar 30, 2015 at 5:10 AM, Brian J Mingus < brian.mingus@colorado.edu> wrote:
In general people do not read privacy policies, nor do they understand what IP addresses are or what you can do with them.
But if you recall, I simply stated that recording IP addresses is invasive. And it is.
This is especially true when you know that your recordings are faciliating the active de-anonymization of people who are editing Wikipedia. Not just de-anonymization, but often public shaming.
For WMF, the principle of neutrality clearly trumps the principles of privacy and free speech. For the NSA, substitute security for neutrality. It's hypocritical.
Luckily, it's easy to fix. Just stuff the ip fields with random numbers and deal with the fallout. Stop tracking people.
On Sun, Mar 29, 2015 at 2:02 PM, Oliver Keyes okeyes@wikimedia.org wrote:
> In order: > > 1. Yes, the WMF is suing the NSA. There are a few threads/blog posts > about this people here can point you to. > 2. Brian: The NSA needs to store data without the permission or > consent of the people generating it, sometimes through forcible > interception, decryption and the introduction and maintenance of > software exploits that allow them to do this but also allow any other > reasonably technical nation or non-nation actor who is paying > attention to exploit the same vulnerability, keeping this data for an > indefinite period, with very little legal or political oversight, in > order to stop terrorism, where very little evidence exists that this > has helped in any way. > > The WMF needs to store data for a 90 day period, which is explicitly > set down in a privacy policy that is transparent, human-readable, > linked from every edit interface, written with the involvement of the > people whose data is being stored, administered by a committee of > people who come from this population of editors, and explicitly sets > out what the data may or may not be used for, even within the > Wikimedia Foundation, in order to stop vandalism, where multiple > scientific studies have validated the hypothesis that being able to > make rangeblocks and prohibit sockpuppetry is beneficial to the > community we are all a part of and the wider population of readers. > > That's what's actually going on, here. If you thing these situations > are roughly analogous, that's your prerogative. If you think the > storage of this data is unnecessary, I recommend you go to your local > project and explain to them that being able to checkuser potential > sockpuppets or hard-block users is not needed: gaining consensus there > would be a good starting point to changing this. > > On 29 March 2015 at 11:57, James Farrar james.farrar@gmail.com wrote: > > Wikipedia is suing the NSA? Seriously? > > On 28 Mar 2015 11:23, "Brian J Mingus" <brian.mingus@colorado.edu > > wrote: > > > >> It has worked up to now, but I'm thinking that, especially given > Wikimedia > >> is suing the NSA, it is no longer justifiable. If the NSA can't track > >> citizens, Wikimedia shouldn't be tracking them either. Seems simple :) > >> > >> On Thu, Mar 26, 2015 at 2:56 PM, Francesco Ariis <fa-ml@ariis.it > > wrote: > >> > >> > On Wed, Mar 25, 2015 at 01:19:35PM -0400, Brian J Mingus wrote: > >> > > I think it's rather curious that edits to Wikipedia aren't private. > Why > >> > log > >> > > the IP address? Why log anything? It's invasive. > >> > > >> > I guess it's a sensible choice against abuse (vandalism) while still > >> > allowing non registered users editing rights > >> > > >> > > >> > _______________________________________________ > >> > WikiEN-l mailing list > >> > WikiEN-l@lists.wikimedia.org > >> > To unsubscribe from this mailing list, visit: > >> > https://lists.wikimedia.org/mailman/listinfo/wikien-l > >> > > >> _______________________________________________ > >> WikiEN-l mailing list > >> WikiEN-l@lists.wikimedia.org > >> To unsubscribe from this mailing list, visit: > >> https://lists.wikimedia.org/mailman/listinfo/wikien-l > >> > > _______________________________________________ > > WikiEN-l mailing list > > WikiEN-l@lists.wikimedia.org > > To unsubscribe from this mailing list, visit: > > https://lists.wikimedia.org/mailman/listinfo/wikien-l > > > > -- > Oliver Keyes > Research Analyst > Wikimedia Foundation > _______________________________________________ WikiEN-l mailing list WikiEN-l@lists.wikimedia.org To unsubscribe from this mailing list, visit: https://lists.wikimedia.org/mailman/listinfo/wikien-l
Just like the Netflix Prize, knowing which topics an entity is interested in, and having access to text they have written, is, in many cases, enough information to reveal who that person is, where they live, etc. You just plug the data into Google and correlate away.
On Sun, Mar 29, 2015 at 7:19 PM, David Carson carson63000@gmail.com wrote:
Hi Brian,
I'm still not entirely clear on your complaint. Are you talking about Wikimedia (not random users, nor Wikipedia Administrators) having access to IP addresses from system logs? Or something else? What does "The IP address is helpful, but not necessary" mean?
Cheers, David...
On 30 March 2015 at 00:24, Brian J Mingus brian.mingus@colorado.edu wrote:
Just like the Netflix Prize, knowing which topics an entity is interested in, and having access to text they have written, is, in many cases, enough information to reveal who that person is, where they live, etc. You just plug the data into Google and correlate away.
Then if we want to stop being being able to identify our users, we would have to stop allowing our users to write things...
More seriously, yes, we *could* do radical anonymisation of all contributions to Wikipedia - it would be technically possible to make every non-account contribution labelled "anonymous" (one giant pseudo-account?) rather than an IP number, removing any linkage between those edits. But that would have immense social costs on the Wikipedia community - we would lose a substantial proportion of our capacity to prevent spamming, vandalism, defamation, or other forms of abuse, and put substantially more work on our volunteers handling these problems.
I really doubt our overworked community would be able to cope with that.
Some kind of semi-anonymisation, as James suggests, is workable, obfuscating IPs - but not complete disconnection. The other alternative would be to close off unregistered contributions, which has been discussed repeatedly in the past and is generally unpopular. But it's achievable with our current setup, and if you want to change things advocating for that might be a better approach.
A.
I'm not seeing a reference to IP addresses in this thread or the associated research page (my ctrl-f-fu may just be weak, though): as to why IPs are logged server-side, well, checkuser is a useful tool and that's how rangeblocks work.
On 25 March 2015 at 13:19, Brian J Mingus brian.mingus@colorado.edu wrote:
I think it's rather curious that edits to Wikipedia aren't private. Why log the IP address? Why log anything? It's invasive.
On Wed, Mar 25, 2015 at 12:53 PM, Andrea Forte andrea.forte@gmail.com wrote:
Hi all,
I'm representing a team of researchers from Drexel University who are researching privacy practices among Wikipedia editors. If you have ever thought about your privacy when editing Wikipedia or taken steps to protect your privacy when you edit, we’d like to learn from you about it.
The study is titled “Privacy, Anonymity, and Peer Production.” Details can be found on meta where the project was discussed before beginning recruitment here: ( https://meta.wikimedia.org/wiki/Research:Anonymity_and_Peer_Production).
If you would like to help us out, you need to read and complete the online consent form linked here and we will get in contact with you: http://andreaforte.net/wp.html.
We are planning to conduct interviews that will last anywhere from 30-90 minutes (depending on how much you have to say) by phone or Skype and we can offer you $20 for your time, but you do not need to accept payment to participate.
I have been researching Wikipedia since 2004 and have conducted many studies, most of which have resulted in papers that you can find here: http://andreaforte.net.
Thanks for considering it, please contact me if you have questions!
Andrea Forte
http://en.wikipedia.org/wiki/User:Andicat
and
Rachel Greenstadt
Nazanin Andalibi _______________________________________________ WikiEN-l mailing list WikiEN-l@lists.wikimedia.org To unsubscribe from this mailing list, visit: https://lists.wikimedia.org/mailman/listinfo/wikien-l
WikiEN-l mailing list WikiEN-l@lists.wikimedia.org To unsubscribe from this mailing list, visit: https://lists.wikimedia.org/mailman/listinfo/wikien-l