Ryan writes:
> I noticed that it doesn't mention anywhere the possibility that the
> policy
> may be altered in the future. Most sites, including Yahoo and
> Google, do
> so. Is this omission accidental or deliberate? Is such a mention
> either
> necessary or encouraged legally?
It's deliberate. Almost all commercial sites allow themselves to
change privacy policy unilaterally and without notice. That's not our
practice -- we take pains to let the community (both editors and the
larger community of users) know what we're doing before we do it, and
we seek feedback.
> In general, I agree with others that the policy might be worth
> splitting
> up. But if it isn't, I think it should be pruned. For example, I'm
> looking
> at Section VIII, Point C. Why in the world is it necessary in a
> privacy
> policy to specifically mention "badly-behaved web spiders" as a
> possible
> reason for examining log data?
I think the idea here is to suggest a specific example that promotes
better understanding than a categorical generalization might.
> The mention of IRC is strange. IRC is not a Wikimedia venue, so
> perhaps it
> should be removed completely. But if it is to be left, why was the
> mention
> about the possible exposure of IPs deleted? Surely that's an
> important
> privacy concern regarding IRC (where the IRC guidelines have nothing
> to do
> with privacy)
I'm not necessarily averse to excluding discussion of IRC, but you
will note that IRC is discussed in current WMF privacy policy (at
6.4). It's reasonable to infer that the Board in 2006 wanted IRC
included, perhaps because some users infer that WMF-related IRC
channels are somehow operated by us.
> Perhaps my main point is this:
>
> -- Yahoo privacy policy: 1,427 words
> -- Google privacy policy: 1,858 words
> -- Myspace privacy policy: 2,322 words
> -- WMF current privacy policy: 1,767 words
> -- WMF privacy policy draft: 5,081 words
The fact that our policy is longer than some others is something of
which we are painfully aware, and which we were aware of before any
community feedback started. But there are both reasons and
explanations for this.
First, as I recall from my research, Google has a separate privacy
policy for each product (e.g., a privacy policy for Google search, a
privacy policy for G-mail, one for Maps, one for Shopping, etc.). We
don't do that -- our draft policy covers all projects. (I assume
something similar is going on at Yahoo!)
Second, even if we limit our discussion to Wikipedia, the uses of the
service that may raise privacy implications are more various and
complicated than those of, say, Google search.
The question here is whether it makes sense to put everything in one
place or not. The previous WMF privacy policy put everything in one
place, but was shorter and (I strongly believe) too dense and
technical for non-technical users. We traded off length for
readability. I still think that is the right decision.
That said, any approach to shortening the privacy policy draft that
does not require removing or relocating essential privacy-related
information (and I continue to believe that an expression of the
Foundation's philosophy is essential) is something we're open to.
--Mike