[WikiEN-l] Proposal for simplified credentials model

[Florence Devouard]

William Pietri wrote:
> Florence Devouard wrote:
>> Many editors of huge quality are not willing to provide their real name.
>> Why would they consider sending this information to a totally anonymous 
>> email address handled by volunteers, who are not necessarily identified 
>> under their real name and have signed no confidentiality agreement them ?
>>   
> 
> 
> Is there possible compromise between your position and Eric's?
> 
> There are plenty of companies in the credential validation business. 
> Most of them are set up for slightly different uses, but I'm sure there 
> are some creative ones we could work with.
> 
> The notion is that for anybody who would like their credentials 
> validated, they can pay a third party to do the work. The Foundation 
> would only get involved to select trusted vendors and verify the vendor 
> accounts on Wikipedia. In addition to verifying credentials, they could 
> perhaps verify real names, or that the user has only one verified 
> Wikipedia account. For the limited cases where the Foundation wanted 
> things verified, they could cover the cost of the verification; 
> otherwise, people would be on their own.
> 
> 
> 
> Personally, I don't have much of an opinion on this topic, but I thought 
> I'd suggest the possibility.
> 
> William

Hello,

As of today, the Foundation does not have the infrastructure to deal 
with this. We are working on a very limited staff, so the only 
verifications that have ever been done were for example for candidates 
on the board of Trustees. The office also know all the real identities 
of the checkusers I was told. Practically, this can only be small scale.

But more importantly, it is important to limit the legal risk of the 
Foundation. When someone is unhappy about a false statement about him or 
a defamatory comment in an article, they rarely try to sue the author of 
the statement (they will often try to hunt him down though). Usually, 
they want to sue the Foundation. In most cases of course, if there is a 
real problem, the bad content is fixed, but a few people behave in bad 
faith, and try to get the opportunity of a mistake in an article to sue 
us, get famous and get rich.

A very nasty guy could sue us and get us down. One of the ways we can 
decrease our liability is by presenting Wikimedia Foundation pretty much 
as a host provider rather than as a publisher/editor in the traditional 
sense.

As long as editing rules are in the hands of the community, we have a 
stronger case claiming that we are only host providers.
Other situations, including Wikimedia Foundation "deciding who the 
arbitrators are", "deciding who should be blocked", "deciding what the 
rules for deleting porn images are", "deciding which articles should be 
deleted", "collecting information about users to give them access to 
certain tools" etc.... are all actions which tends to indicate that the 
Foundation is not only a host provider, but rather acting as the "editor 
in chief".

Which is why, aside from any scalability issues, I think it is not the 
Foundation business to enter into any credential controlling activity.
It makes sense for board candidates. It makes sense for checkuser 
because there is a technical access to data with confidentiality 
agreement. But getting involved in the process of collecting credentials 
is something we better stay away from.

I think Erik is perfectly on agreement with me on this point. But I 
wanted to explain in a clearer way the reasoning.

Cheers


ant