[Foundation-l] Abuse filter

Wed Mar 25 13:32:40 UTC 2009

The peculiarity in some respects of Scandinavian law seems to come up on
this list fairly frequently, but it's usually short on specifics or actual
cases. John, do you have any specific references to what you've described as
a problem?

Adhering to your interpretation on the possible limits on "private"
information would effectively eliminate the abuse filter as a useful tool.
I'm having a hard time seeing this as a widespread problem; there can't be
many jurisdictions that define public and private in this way, or place such
restrictions on what can be done with this data that blocking someone from a
private website in another country could be a violation of the law.

To my mind, private data of the sort we need to worry about is not "private"
in the sense that it is owned by the Foundation or not publicly viewable,
but "private" in the sense that it contains potentially sensitive details of
individual editors and readers. Nothing in the abuse filter would seem to
change the public availability of this sort of data, and I can hardly see
Wikimedia being penalized simply for preventing vandalism instead of
reacting to it.

Nathan

On Wed, Mar 25, 2009 at 8:35 AM, John at Darkstar <vacuum at jeb.no> wrote:

> The problem is that something that previously was public (vandal moving
>  the page "George W. Bush" to "moron") will now be private (he get a
> message that hi isn't allowed to do that), this shifts the context from
> a public context to a private context. Then the extension do logging of
> actions done in this private context to another site. Users of this site
> will then have access to private information. It is not the information
> _disclosed_ which creates the problem, it is the information
> _collected_. It seems like the information is legal for "administrative
> purposes", but as soon as it is used for anything other it creates a lot
> of problems. For example, if anyone takes actions against an user based
> on this collected information it could be a violation of local laws.
> (Imagine collected data being integrated with CU) If such actions must
> be taken, then the central problems are identification of who has access
> to the logs and are they in fact accurate. That is something you don't
> want in a wiki with anonymous contributors! :D
>
> The only solution I see is to avoid all logging of private actions if
> the actions themselves does not lead to a publication of something.
> Probably it will be legal to do some statistical analysis to administer
> the system, but that should limit the possibility of later
> identification of the involved users.
>
> There are a lot of other problems, but I think most of them are minor to
> this.
>
> John
>
>