If I might interject, it seems that the sole purpose of the snail mail described is to link a physical person to a login name in such a way that there is some accountability for one's actions that is acceptable to the organization. Is it really necessary to copy an identity document? Could a document with a notary seal accomplish much the same purpose without the need for a copy (and thus avoid possible legal issues arising from making such a copy)?

We had similar identity concerns when CAcert http://www.cacert.org/ became intercontinental - originally one had to go through a somewhat complicated process with two notarys, etc. to gain certain trust levels, but as the project grew and the founders began to travel all over the world it became possible to meet in person with an "Assurer" and present one's identity documents (which were NOT copied) and thus gain points towards becoming a trusted person to the certification authority (ie. able to generate server keys chained to the CAcert organization's root keys, etc.).

On 7/9/2011 4:45 AM, foundation-l-request@lists.wikimedia.org wrote:

I do think it is absolutely a problem when people on a WMF-hosted wiki are using an unofficial mechanism to demand copies of people's passports.

Note that WMF does not allow local communities to do other things that would violate the privacy policy, such as run Google Analytics, even if the local community is all for it.

When passports are requested of people on the wiki, does the requester stress that this is not WMF-official, not covered by the privacy policy and there is no official oversight whatsoever of the mechanism?

It looks to me like Huib has alerted us to a potentially disastrous privacy time bomb.