[Foundation-l] Data retention

Sat Sep 20 03:17:57 UTC 2008

I wholely agree with Tim.  3 months is a good compromise.

There's nothing wrong with wanting to catch trolls.  There is also
nothing wrong with wanting to uphold privacy.

Thus you need a balance of the two, and neither group should have a
full say in the matter (although I am on the privacy side!).

On Fri, Sep 19, 2008 at 7:23 PM, Tim Starling <tstarling at wikimedia.org> wrote:
> Joe Szilagyi wrote:
>> On Thu, Sep 18, 2008 at 5:33 PM, Tim Starling <tstarling at wikimedia.org>wrote:
>>
>>> Joe Szilagyi wrote:
>>>> That is what has been said around the chatter lines. Was this documented
>>> in
>>>> the SVN somewhere if so, and approved? For all Wikis? Just some?
>>> Are you implying that this change could somehow be controversial? If so,
>>> can you explain how that might be?
>>>
>>
>> Not inherently controversial, but I'm not clear on if the CU data retention
>> is the same on each project, or different on each--does Chinese Wikipedia
>> save as long as English Wikipedia? Does Commons save as long as Wikinews,
>> etc.? If there is any change to the actual length in data retention, who
>> makes that decision? The WMF board? Sue? The checkuser mail list? Shouldn't
>> that sort of matter be decided with community input?
>
> It's the same everywhere, it's three months. Neither the Board nor the
> executive have expressed any desire to make that decision, but they are
> free to weigh in if they want to. We chose the three month figure as a
> compromise between privacy advocates and troll hunters. The checkuser-l
> mailing list only represents one of those two groups, which is why I don't
> think it's appropriate that they should make that decision. I think
> community input should be encouraged, which is why I think the figure
> should be public.
>
>> I've just been thinking aloud and wondering if the debatable value of any
>> obfuscation of the retention length of Checkuser data, rather than clearly
>> articulating it in public, outweighs the risk and harm to some users given
>> that in the wake of the Poetlister incident we've seen that Checkuser data
>> is not compromise-proof.
>
> Some people have said "trolls just leave the site for 3 months and come
> back when they know the CheckUser data has expired". The same argument
> would apply for any finite retention period, it's obvious that some sort
> of trade-off has to be made. If it's secret and short, then the trolls
> will work it out eventually anyway. If it's secret and long, then that's
> the worst possible situation for privacy.
>
> Troll hunters can and should retain CheckUser results for particularly
> troublesome users, beyond the database retention period. Often, their IP
> address becomes public anyway, when it is found in email headers and
> anonymous edits.
>
> If a troll stays away from the site for 3 months to avoid detection by
> CheckUser, then you should consider yourself lucky. That's one of the best
> possible outcomes. There are lots of ways a troll can disrupt the site
> continuously, regardless of the data retention time.
>
> -- Tim Starling
>
>
> _______________________________________________
> foundation-l mailing list
> foundation-l at lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l
>