On Fri, Jun 5, 2009 at 4:44 PM, Tisza Gergő gtisza@gmail.com wrote:
Mark (Markie <newsmarkie@...> writes:
I still fail to see how, at this point (not before when there was no
policy)
this can be considered to be acceptable. IP information etc is still
being
passed to an external server, regardless of who it is being operated by.
As
we can see at http://meta.wikimedia.org/wiki/Privacy and copied below I don't see where this is acceptable.
Release: Policy on Release of Data
It is the policy of Wikimedia that personally identifiable data collected
in
the server logs, or through records in the database via the CheckUser feature, or through other non-publicly-available methods, may be released
by
Wikimedia volunteers or staff, in any of the following situations:
- In response to a valid subpoena or other compulsory request from
law
enforcement, 2. With permission of the affected user, 3. When necessary for investigation of abuse complaints, 4. Where the information pertains to page views generated by a spider
or
bot and its dissemination is necessary to illustrate or resolve
technical
issues, 5. Where the user has been vandalizing articles or persistently
behaving
in a disruptive way, data may be released to a service provider,
carrier, or
other third-party entity to assist in the targeting of IP blocks, or
to
assist in the formulation of a complaint to relevant Internet Service Providers, 6. Where it is reasonably necessary to protect the rights, property or safety of the Wikimedia Foundation, its users or the public.
Except as described above, Wikimedia policy does not permit distribution
of
personally identifiable information under any circumstances.
It also says, a few sentences earlier, that "Sharing information with other privileged users is not considered distribution." And Peter has identified himself to the foundation according to the access to nonpublic data policy, so he is a privileged user. I still don't see any violation there - the point of the privacy policy is to regulate release of personally identifiable information from those who have access to those who have not, and in this case no such release happened.
Minor correction: Privacy-related trusted users are required to be identified to the foundation. Yes. But doesn't work the other way: just by sending id to the foundation doesn't make you automatically a trusted user for private data.
Peter may well be knowledgeable and trusted, but not becuse he has identified to the foundation