[Foundation-l] Data retention

Anthony wikimail at inbox.org
Sat Sep 20 17:00:58 UTC 2008 

> >  Just so they can help someone
> > they consider to be a "particularly troublesome user" escape legal
> > consequences for her actions?
>
> Legal consequences? I don't understand... the result of being caught
> by a checkuser is usually a block, I wouldn't call that a legal
> consequence.
>

No, you were talking about subpoenas...I guess I misread you.


>
> > I would advise against making it so easy for so many people, most of whom
> > have undergone no background check and many of whom have nothing to lose,
> to
> > store such data in the first place.  Are there really that many people
> who
> > need immediate unfettered access to actual IP addresses from home?
>
> There aren't many checkusers, are there? I don't think the WMF could
> reasonably handle all requests for checkuser, so what would you
> alternative be?
>

I don't see why checkuser can't be watered down, to simply provide a
"YES/NO" answer, and that two or three WMF employees can have access to the
actual IP addresses (with all but one of those employees only having it for
backup/emergency purposes).  Unlike in the past, blocking of a username
automatically blocks the IP address, even if the user doesn't try to make
any edits, so isn't checkuser basically just for investigations of ongoing
abuse which can wait a few days for a WMF person to get around to it?


>
> > I'd also advise anyone accessing a website run by Wikimedia to assume
> that
> > their every action is being recorded and might be shared with anyone for
> any
> > reason.
>
> That's the assumption you should make about any site in the absence of
> a privacy policy. Wikimedia has a privacy policy that clearly states
> the reasons they'll reveal information, should people really assume
> the WMF won't follow their own policy?
>

Wikimedia has a privacy policy that states the conditions under which
they'll "permit public distribution" of private information.  But what about
private distribution?  They say they won't share private information with
"third parties" without permission or as required by law.  But either they
openly violate that provision, or they have defined "third parties" so
narrowly as to be meaningless.

More information about the foundation-l mailing list