[Foundation-l] Genisis of WMF Identification policy?

Birgitte SB birgitte_sb at yahoo.com
Sun Feb 27 15:50:39 UTC 2011 





________________________________
From: David Gerard <dgerard at gmail.com>
To: Wikimedia Foundation Mailing List <foundation-l at lists.wikimedia.org>
Sent: Sat, February 26, 2011 9:55:48 PM
Subject: Re: [Foundation-l] Genisis of WMF Identification policy?

On 26 February 2011 22:58, Birgitte SB <birgitte_sb at yahoo.com> wrote:

I think we really need the actual threat and threat model detailed.

Expanding the identification policy without a thorough grounding risks
it turning into worse security theatre - a completely lost purpose.[1]

I have no objection in principle to providing my identification to
WMF. But the rationale needs to be bulletproof. What's it for, what
verification is used, how to deal with documents from countries that
are not like the US ... this is all important and needs to be laid out
in full and explicit detail. It really hasn't been so far.



I don't know what a "threat model" is but surely it is the current privacy 
policy with identifications being record which the piece of theatre. Where the 
"threat model" with full and explicit detail that explains why checkuser are 
give access to *my* private data? 


" Say checkuser User:Foo breaches the privacy policy and rightly loses checkuser 

rights.  There is no record available to WMF identifying  RealName as User:Foo.  

So RealName retires User:Foo and registers User:Bar who is then able to become a 

checkuser. Is this truly a responsible privacy policy when there is no way of 
preventing those who have abused their access to private data from once again 
obtaining access to private data?"

Is that situation not plausible to you, or merely non-threatening? I mean such 
people that fit the first part of the situation exist right now, how do suggest 
they are prevented from having another account reach checkuser? The communities 
are particularly weak in this area.

As I said before, I understand that there are issues to resolve about the 
identification policy before it can be implemented.  However you need to 
understand that the privacy of many more people than those few with access to 
private data is put at an unacceptable level of risk while this remains 
unsettled. I understand that those who are being asked to identify want to 
protect their data.  Please understand that I want someone to protect my data as 
well.  And frankly the having communities electing checkusers is not good enough 
protection as people with a past of abusing their access to private data can win 
such elections. Holding out and risking the privacy of all the users of WMF 
sites until everything is "bulletproof" or perfectly to your satisfaction is 
quite arrogant. If you can not be satisfied short of that, then resign the 
positions which give you access to my private data and let things move forward 
so my data can be given a reasonable amount of protection.  That is all I am 
looking for a reasonable amount of protection for both your(trusted volunteer) 
data and my(regular user) data.  But when people start demanding impossible 
future-predicting protection for volunteer data, then the other group is left 
with inadequate protection.

Birgitte SB

More information about the foundation-l mailing list