[Labs-l] Labs privacy policy questions

Maximilian Doerr maximilian.doerr at gmail.com
Wed Mar 9 14:20:48 UTC 2016 

Or ACC

Cyberpower678
English Wikipedia Account Creation Team
ACC Mailing List Moderator
Global User Renamer

> On Mar 9, 2016, at 08:26, John <phoenixoverride at gmail.com> wrote:
> 
> Keep in mind there are two parts to labs. tools.wmflabs has a proxy in front that filters out ip addresses, but non-tool projects may need user IP info for one thing or another (UTRS for example) 
> 
> 
>> On Wednesday, March 9, 2016, Tim Landscheidt <tim at tim-landscheidt.de> wrote:
>> (anonymous) wrote:
>> 
>> > I think the situation with passwords has been clarified. Thanks for that.
>> 
>> > However, there is still the matter of Labs users potentially logging and
>> > publishing the IPs of users who access the tool. My impression that this
>> > forbidden by policy but not by technical means. Can the wording of "By
>> > using this project, you agree that any private information you give to this
>> > project may be made publicly available and not be treated as confidential."
>> > be made more narrow to reflect that, in fact, it's not true that "any
>> > private information you give to this project may be made publicly available
>> > and not treated as confidential" unless a tool owner is breaking policy?
>> 
>> > Also, I'm wondering what to do about the vulnerability of user IPs being
>> > recorded and tracked. It sounds like there are three options:
>> > 1. Use technical means to prevent Labs tools from loading external
>> > resources that could potentially track IPs
>> > 2. Prohibit this practice by policy, and run some kind of background check
>> > on tool admins similar to what's done for CUs
>> > 3. Keep the status quo of warning users of potential disclosure but not do
>> > much to protect users against improper disclosure.
>> 
>> > Finally, it seems to me that the penalty for publishing private information
>> > in violation of Labs policy should involve far more than simply revoking
>> > Labs permissions. I think that this would merit the same kind of legal
>> > action that would likely be brought to bear if a checkuser or WMF employee
>> > did the same thing. There can be real-world consequences for users whose
>> > private information is made public, and therefore I think that it's
>> > appropriate that real-world legal action be explicitly included in the
>> > scope of possible consequences for misconduct of this kind, and I think
>> > that this should be noted in the Labs Terms of Use.
>> 
>> > Thoughts?
>> 
>> > I'm also looping in Michelle and James.
>> 
>> I live in a country where you need a court order to resolve
>> an IP and a timestamp to a name and an address, so I would
>> strongly recommend emigrating from countries where this is
>> different or using a privacy service in a safe country.
>> 
>> But even if I was concerned about my IP address, I would
>> certainly not access Wikipedia with it where this precious
>> datum can be accessed by an indeterminate and fluctuating
>> number of employees and international contractors of a
>> Florida organization with offices in San Francisco and a
>> legal address in Los Angeles, but also by any administrator
>> on the wiki with the power to add some JavaScript or tracker
>> images.  Much less would I access any site where the de-
>> clared purpose is that random users can host their brilliant
>> tools with no review necessary so that functionality can be
>> provided immediately and not with the years of delay typical
>> of WMF software development.
>> 
>> So if someone is blackmailed about their IP address, I would
>> strongly recommend (even stronger than emigration) to report
>> the blackmailer and the one emphasizing the danger!!!eleven!
>> to the police so that law enforcement can deal with the
>> criminal and investigate any links between the two.
>> 
>> If someone is not blackmailed, they should have plenty of
>> time to come up with a structure for tools not reviewed in
>> any way where breaches of privacy are technically impossi-
>> ble.  It rolls off the tongue like that, so it can't be that
>> hard to implement.
>> 
>> Tim
>> 
>> 
>> _______________________________________________
>> Labs-l mailing list
>> Labs-l at lists.wikimedia.org
>> https://lists.wikimedia.org/mailman/listinfo/labs-l
> _______________________________________________
> Labs-l mailing list
> Labs-l at lists.wikimedia.org
> https://lists.wikimedia.org/mailman/listinfo/labs-l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.wikimedia.org/pipermail/labs-l/attachments/20160309/024c32e1/attachment-0001.html>

More information about the Labs-l mailing list