[WikiEN-l] Privacy policy, law and guessing identitites of anon users

[Kelly Martin]

On 7/1/05, Nyenyec N <nyenyec at gmail.com> wrote:
> Is it against the privacy policy or the law to:
> 
> 1a) publicly claim that an anon user is the same as a logged in User
> when they take part in policy violations such as 3RR
> 
> 1b) publicly claim that they are the same person when they haven't
> violated any policies yet
> 
> 2) publish a list of IP addresses assumed to belong to a user who have
> already violated policy (3RR, personal attacks)

It is certainly not against the law in the United States, which is
where the servers are located.  It may be against the law in other
jurisdictions (I know some European countries have perfectly
ridiculous data privacy laws).  Claiming that someone has violated
policies runs the risk of a defamation claim; again, it's very
unlikely that such a claim would withstand scrutiny in the United
States.

It is my impression, however, that there is no unfair disclosure,
since the conclusions being reached about a user's IP address are
being reached solely by deduction from that user's public behavior. 
For there to be a privacy violation, it would have to involve access
to private information (such as the internal data about user's IP
address that is only available to developers).  There can't be a
privacy violation when the determination of an individual's IP address
is based entirely on public behavior; that would be like arguing that
I have a privacy right in my phone number after I publicly announce
what my phone number is.

Kelly