Wikimedia-l November 2010

wikimedia-l@lists.wikimedia.org

130 participants
137 discussions

Re: [Foundation-l] should not web server logs (of requests) be published?
by WJhonson＠aol.com 29 Nov '10

29 Nov '10

How exactly do config files tell us what the WMF is retaining? That the error logs are manually purged tells us that they are in fact retaining details. What I asked was an official statement of what and for how long. The config files do not answer that question. At any rate you didn't link to them anyway, not in this thread. In a message dated 11/28/2010 5:37:18 P.M. Pacific Standard Time, aude.wiki(a)gmail.com writes: The WMF server config files are there for everyone to see. Do you not consider them "reliable" source? Do you not believe they are in fact the server config settings used by WMF? There are apache error logs (notice LogLevel) that are collected. Those are manually purged, as of 2008. (source: Tim Starling http://lists.wikimedia.org/pipermail/foundation-l/2008-September/045811.html )

1 0

[Foundation-l] Chinese wikisource blocked on China
by shi zhao 29 Nov '10

29 Nov '10

Chinese wikisource blocked on China, "zh,wikisource.org" is GFW keyword. test http://www.google.com/search?q=zh.wikisource.org , reset, on China, but wikisource.org and other lang wikisource can access on China. Chinese wikipedia: http://zh.wikipedia.org/ My blog: http://shizhao.org twitter: https://twitter.com/shizhao [[zh:User:Shizhao]]

1 0

Re: [Foundation-l] should not web server logs (of requests) be published?
by aude 29 Nov '10

29 Nov '10

On Sun, Nov 28, 2010 at 6:51 PM, <WJhonson(a)aol.com> wrote: In a message dated 11/28/2010 3:36:34 PM Pacific Standard Time, russnelson(a)gmail.com writes: > You misbelieve. Listen to Aude. She knows what she's talking about. > I'd rather have Aude cite a reliable source. "The Wikimedia Foundation *MAY* keep raw logs of such transactions" (emphasis added) http://wikimediafoundation.org/wiki/Wikimedia:Privacy_policy Under the policy, WMF is permitted to collect and keep apache and squid logs but the policy gives more leeway than what is done in practice. WMF does collect squid logs but only 1/1000 sample. They don't keep apache access logs, (e.g. I think these are what you mean by ip server logs) per httpd.conf file that I linked to in earlier email. The WMF server config files are there for everyone to see. Do you not consider them "reliable" source? Do you not believe they are in fact the server config settings used by WMF? There are apache error logs (notice LogLevel) that are collected. Those are manually purged, as of 2008. (source: Tim Starling http://lists.wikimedia.org/pipermail/foundation-l/2008-September/045811.html ) In that thread, you can read more of what Tim and others had to say on to, including Sue. I can't say more than that but hope you have enough info and sources. Cheers, -Katie (@aude) People are not reliable sources. No living person is such an authority that we should listen to that person. Not even on their own biography, much less anything else. The role of the expert is not to spout dogma, but rather to build a case using citable sources. No one is immune from this diction. The Archangel Gabriel told me so. W On a side-note you completely ignored what I actually stated. Aude mentioned the checkuser logs. I pointed out that IP server logs are *not* the same thing as checkuser logs. The privacy policy states that these exist, that they are kept. It states or at least implies that as I said, they are not the same thing as the checkuser logs. It does not state for how long, either is kept. So there. _______________________________________________ foundation-l mailing list foundation-l(a)lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

1 0

Re: [Foundation-l] should not web server logs (of requests) be published?
by Russell Nelson 29 Nov '10

29 Nov '10

Thank you for letting me know that YOU are not a reliable source of anything. Aude, on the other hand, I trust to be reliable. WJhonson(a)aol.com wrote: >In a message dated 11/28/2010 3:36:34 PM Pacific Standard Time, >russnelson(a)gmail.com writes: > > >> You misbelieve. Listen to Aude. She knows what she's talking about. >> > >I'd rather have Aude cite a reliable source. >People are not reliable sources. No living person is such an authority >that we should listen to that person. Not even on their own biography, much >less anything else. > >The role of the expert is not to spout dogma, but rather to build a case >using citable sources. No one is immune from this diction. The Archangel >Gabriel told me so. > >W > >On a side-note you completely ignored what I actually stated. >Aude mentioned the checkuser logs. I pointed out that IP server logs are >*not* the same thing as checkuser logs. The privacy policy states that these >exist, that they are kept. It states or at least implies that as I said, >they are not the same thing as the checkuser logs. > >It does not state for how long, either is kept. > >So there. > > >_______________________________________________ >foundation-l mailing list >foundation-l(a)lists.wikimedia.org >Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

1 0

Re: [Foundation-l] should not web server logs (of requests) be published?
by WJhonson＠aol.com 29 Nov '10

29 Nov '10

In a message dated 11/28/2010 3:36:34 PM Pacific Standard Time, russnelson(a)gmail.com writes: > You misbelieve. Listen to Aude. She knows what she's talking about. > I'd rather have Aude cite a reliable source. People are not reliable sources. No living person is such an authority that we should listen to that person. Not even on their own biography, much less anything else. The role of the expert is not to spout dogma, but rather to build a case using citable sources. No one is immune from this diction. The Archangel Gabriel told me so. W On a side-note you completely ignored what I actually stated. Aude mentioned the checkuser logs. I pointed out that IP server logs are *not* the same thing as checkuser logs. The privacy policy states that these exist, that they are kept. It states or at least implies that as I said, they are not the same thing as the checkuser logs. It does not state for how long, either is kept. So there.

2 1

Re: [Foundation-l] should not web server logs (of requests) be published?
by WJhonson＠aol.com 29 Nov '10

29 Nov '10

My belief is that this is not so. Checkuser logs are not the same thing as IP logs. Are you suggesting that should a court, three months-and-a-day after a logged in user made a libelous edit, order the WMF to release the IP address of that user, they would not be able to do so? I suggest they would and probably have. I would like to see a clear citation to where, when and how the WMF retains logs of user activity. Is there actually such an official statement somewhere? And could anyone cite it with a link? The issue with the AOL Search Scandal is a red herring. People are not going to be searching for their own phone number or Social Security numbers within Wikipedia. And even if someone searches for such a thing, there is no way to know that they are looking for details on themselves, or on someone else. Our entry on that regardless notes a lawsuit *four years old* with no resolution http://en.wikipedia.org/wiki/AOL_search_data_scandal Indicative I suggest of it being a non-story.

3 2

Re: [Foundation-l] should not web server logs (of requests) be published?
by Erik Zachte 29 Nov '10

29 Nov '10

WJhonson wrote: > Regardless of what occurred with the AOL details, that is a "Red Herring" > as I said, because such an event would not and could not occur with > Wikipedia details. > People regardless of whether or not they searched their own personal > details within the AOL search engine... would not search their own > personal details within the Wikipedia engine. I think you missed my point: that lots of innocent data pieced together tell a new story. People may not search their name in Wikipedia (although I'm not too sure about that, many people might want to search for their surname looking for famous ancestors). They may not search for local shops, but will search for their home town, the university they attended, their favorite car brands and sports, and so on (please show a little imagination here). Here is just one example of an article that may invoke scrutiny of contributors. http://tinyurl.com/2axrcar Erik Zachte

2 1

Re: [Foundation-l] should not web server logs (of requests) be published?
by WJhonson＠aol.com 28 Nov '10

28 Nov '10

In a message dated 11/28/2010 2:34:37 PM Pacific Standard Time, erikzachte(a)infodisiac.com writes: > Repost with shortened url: > > WJhonson: > > The issue with the AOL Search Scandal is a red herring. People are > > not going to be searching for their own phone number or Social > > Security numbers within Wikipedia. And even if someone searches for > > such a thing, there is no way to know that they are looking for > > details on themselves, or on someone else. > > > > Our entry on that regardless notes a lawsuit *four years old* with no > > resolution http://en.wikipedia.org/wiki/AOL_search_data_scandal > > > > Indicative I suggest of it being a non-story. > > Many people did search for their own name occasionally, and relatively > often > did search for local shops and local news. > Each of these clues were ambiguous and insignificant by themselves, but > once > put together often did paint a unique picture of one single person. > > Apparently de-anonimization is a nice pursuit for some would-be > detectives, > and quite possibly also for government officials in some parts of the > world > where privacy is considered a risk to a state's stability. > > The AOL data were taken offline very quickly (and the research team > disbanded), but copies had already been made, and you can still find the > data online now. > > http://www.gregsadetsky.com/aol-data/ > > The following article paints a rather graphical picture of how search > terms > came to haunt back their author. > > http://tinyurl.com/322a5pk > > Erik Zachte > You ignored my point. Regardless of what occurred with the AOL details, that is a "Red Herring" as I said, because such an event would not and could not occur with Wikipedia details. People regardless of whether or not they searched their own personal details within the AOL search engine... would not search their own personal details within the Wikipedia engine. Do you know understand my point? What this thread is about is releasing details of activity *within* Wikipedia. We have no control over details of activity *outside* Wikipedia. Thus, the event described here as the atom bomb of personal exposure, is moot (not relevant, not related, a red herring) to this thread. W

1 0

Re: [Foundation-l] should not web server logs (of requests) be published?
by Erik Zachte 28 Nov '10

28 Nov '10

Repost with shortened url: WJhonson: > The issue with the AOL Search Scandal is a red herring. People are > not going to be searching for their own phone number or Social > Security numbers within Wikipedia. And even if someone searches for > such a thing, there is no way to know that they are looking for > details on themselves, or on someone else. > > Our entry on that regardless notes a lawsuit *four years old* with no > resolution http://en.wikipedia.org/wiki/AOL_search_data_scandal > > Indicative I suggest of it being a non-story. Many people did search for their own name occasionally, and relatively often did search for local shops and local news. Each of these clues were ambiguous and insignificant by themselves, but once put together often did paint a unique picture of one single person. Apparently de-anonimization is a nice pursuit for some would-be detectives, and quite possibly also for government officials in some parts of the world where privacy is considered a risk to a state's stability. The AOL data were taken offline very quickly (and the research team disbanded), but copies had already been made, and you can still find the data online now. http://www.gregsadetsky.com/aol-data/ The following article paints a rather graphical picture of how search terms came to haunt back their author. http://tinyurl.com/322a5pk Erik Zachte

1 0

[Foundation-l] should not web server logs (of requests) be published?
by dinar qorbanof 28 Nov '10

28 Nov '10

hello should not web server logs (of requests) be published? my native language is tatar and i would or i am going to write to tatar wikipedia and say other people to write to it. authors/managers/administrators of tatar texts are tatar people. for that i think it is correct if tatar people can see web server logs. i think this would not be bad for privacy of readers, because they would see that logs are published, and can access wikipedia through proxy to hide their ip address. ip-addresses of anonymous writers are already published. if anonymouse readers want to hide their referer or search keywords, they also can hide that by copy-pasting wikipedia article url, and this also should be said shortly on every page and in privacy page. another advantage of this is that people could create custom analysers of the logs. i think logs should be divided with directory structure by years, months, days, and probably hours.

5 13

← Newer
1
2
3
4
5
6
7
...
14
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Wikimedia-l November 2010