tpryor@media.mit.edu wrote:
Using publicly-available data you can find out the set of pages edited by each username. Then it is possible, with some degree of uncertainty, to link some usernames to one or more "unique signature"s (from your quoted text above), by matching sets of user page requests to sets of pages edited. Thus some of the data we would release to you is bordering on, if not definitely, personally identifiable data which is not already publicly available.
I would like to work around this issue such that no editor's identity is compromised. If the IP addresses of named wikipedia editors are discernable by matching their wikipedia dated edit saves to the corresponding apache log entries, when such log entries are found by the script, they can be skipped entirely, not SHA1 hashed. Thereby no data that is personally identifiable will exist.
Even records of just page views (no edits) with no time stamps and a hashed IP will give you information about personal interests which can be fuzzily matched to named editors, by virtue of the fact that the set of pages viewed is likely a superset of the set of pages edited. People may have interests in certain topics, read Wikipedia pages related to those topics, but avoid editing these pages in order to keep it private. This personally-identifiable information, or at least an approximation of it, would be leaked, and privacy policy would be violated, no?
The privacy policy [1] says that "personally identifiable data collected in the server logs will not be released by the developers who have access to it," except under certain circumstances, none of which cover this case.
[1] http://wikimediafoundation.org/wiki/Privacy_policy
Tony Pryor
en:user:jeronim
Send instant messages to your online friends http://au.messenger.yahoo.com