Jimmy Wales (jwales@wikia.com) [050430 02:55]:
Ævar Arnfjörð Bjarmason wrote:
The point is that many sites *do* track where specific IPs do on their sites. We need to tell readers that we don't do that - that we respect their privacy.
As far as I know we *do* do that, it's recored in the webserver and/or cache logs along with other per-hit data.
Yes. It's just that we store it as bulk data and don't really care what people are looking at individually. The developers are trusted not to go snooping into other people's reading habits, but there is absolutely no way for us to guarantee that they aren't doing it.
But then, the same holds for the sysadmins of *any* website, particularly a top 100 site - the sysadmins, as the ones responsible for tending the machinery, will look through the logs as the task of keeping the site running requires; whether to optimise things for the pattern of usage or to track noteworthy abusers. That's what sysadmins are for. No privacy policy can reasonably be taken to mean otherwise.
Ours are notably picky on who gets access to the confidential info, which is reassuring :-)
This was a question that came up just today, actually - I was doing a Special:CheckUser sockpuppet check on an IP. It turned out to be someone with a username using their IP as a sockpuppet and pretending it was a different person. I sanity-checked with Tim Starling and he agreed that if it's relevant, and they're sock-puppeteering (they were), then revealing the user-IP link is something they can't reasonably object to. I'd say that if the privacy policy seems to say otherwise, the privacy policy needs fixing. That's almost certainly a Foundation matter, of course, so I've cc'ed this to that list.
- d.
wikimedia-l@lists.wikimedia.org