[Foundation-l] Wikipedia tracks user behaviour via third party companies #2

Pedro Sanchez pdsanchez at gmail.com
Fri Jun 5 21:52:52 UTC 2009

On Fri, Jun 5, 2009 at 4:44 PM, Tisza Gergő <gtisza at gmail.com> wrote:

> Mark (Markie <newsmarkie at ...> writes:
> > I still fail to see how, at this point (not before when there was no
> policy)
> > this can be considered to be acceptable.  IP information etc is still
> being
> > passed to an external server, regardless of who it is being operated by.
>  As
> > we can see at http://meta.wikimedia.org/wiki/Privacy and copied below I
> > don't see where this is acceptable.
> >
> > Release: Policy on Release of Data
> >
> > It is the policy of Wikimedia that personally identifiable data collected
> in
> > the server logs, or through records in the database via the CheckUser
> > feature, or through other non-publicly-available methods, may be released
> by
> > Wikimedia volunteers or staff, in any of the following situations:
> >
> >    1. In response to a valid subpoena or other compulsory request from
> law
> >    enforcement,
> >    2. With permission of the affected user,
> >    3. When necessary for investigation of abuse complaints,
> >    4. Where the information pertains to page views generated by a spider
> or
> >    bot and its dissemination is necessary to illustrate or resolve
> technical
> >    issues,
> >    5. Where the user has been vandalizing articles or persistently
> behaving
> >    in a disruptive way, data may be released to a service provider,
> carrier, or
> >    other third-party entity to assist in the targeting of IP blocks, or
> to
> >    assist in the formulation of a complaint to relevant Internet Service
> >    Providers,
> >    6. Where it is reasonably necessary to protect the rights, property or
> >    safety of the Wikimedia Foundation, its users or the public.
> >
> > Except as described above, Wikimedia policy does not permit distribution
> of
> > personally identifiable information under any circumstances.
> It also says, a few sentences earlier, that "Sharing information with other
> privileged users is not considered distribution." And Peter has identified
> himself to the foundation according to the access to nonpublic data policy,
> so
> he is a privileged user. I still don't see any violation there - the point
> of
> the privacy policy is to regulate release of personally identifiable
> information
> from those who have access to those who have not, and in this case no such
> release happened.

Minor correction: Privacy-related trusted users are required to be
identified to the foundation. Yes.
But doesn't work the other way: just by sending id to the foundation doesn't
make you automatically a trusted user for private data.

Peter may well be knowledgeable and trusted, but not becuse he has
identified to the foundation

More information about the foundation-l mailing list