[WikiEN-l] Privacy Study Looking for Volunteers

Brian J Mingus brian.mingus at colorado.edu
Sun Mar 29 23:21:31 UTC 2015


Just like the Netflix Prize, knowing which topics an entity is interested
in, and having access to text they have written, is, in many cases, enough
information to reveal who that person is, where they live, etc. You just
plug the data into Google and correlate away.

On Sun, Mar 29, 2015 at 7:19 PM, David Carson <carson63000 at gmail.com> wrote:

> Hi Brian,
>
> I'm still not entirely clear on your complaint. Are you talking about
> Wikimedia (not random users, nor Wikipedia Administrators) having access to
> IP addresses from system logs? Or something else? What does "The IP address
> is helpful, but not necessary" mean?
>
> Cheers,
> David...
>
>
> On Mon, Mar 30, 2015 at 10:14 AM, Brian J Mingus <
> brian.mingus at colorado.edu> wrote:
>
>> Hi David,
>>
>> It is a bit of hyperbole, but reductio arguments have their role in
>> helping to make certain things clear.
>>
>> If you force users to log in, you can still identify them. The IP address
>> is helpful, but not necessary.
>>
>>
>>
>> On Sun, Mar 29, 2015 at 7:12 PM, David Carson <carson63000 at gmail.com>
>> wrote:
>>
>>> Hi Brian,
>>>
>>> "Dox'ing yourself"? That's a pretty wild hyperbole.
>>>
>>> But just to clarify: are you taking issue with the fact that
>>> not-logged-in users have their IP addresses publicly visible? Or with the
>>> fact that all edits have IP addresses privately recorded?
>>>
>>> I originally thought you were talking about the latter, but now I'm not
>>> sure. If it's actually the former, I've got no disagreement with you.
>>>
>>> Given that anyone can edit without making their IP public simply by
>>> registering a pseudonym and logging in, and given that many new editors
>>> might not be aware of the implications of revealing their IP (if they're
>>> editing from a static address at work, for instance), it seems to me that
>>> the easiest solution - and one which I think would cause absolutely zero
>>> astonishment in the minds of new users - would simply be to require users
>>> to register a pseudonym and log in in order to edit.
>>>
>>> But if you're concerned about the effect that this would have on casual
>>> "drive-by" fixes and improvements by people who aren't invested enough in
>>> the project to register, then sure, encrypt or hash the IP address before
>>> displaying it publicly. I don't think randomizing it on every edit would be
>>> a good idea, because I think it's important to be able to tell whether a
>>> succession of edits were from the same editor.
>>>
>>> Cheers,
>>> David...
>>>
>>>
>>> On Mon, Mar 30, 2015 at 7:36 AM, Brian J Mingus <
>>> brian.mingus at colorado.edu> wrote:
>>>
>>>> Wikipedia is set up such that if you don't take the measures mentioned
>>>> in the OP, you are dox'ing yourself. Users are not aware of this.
>>>>
>>>> On Sun, Mar 29, 2015 at 4:33 PM, David Carson <carson63000 at gmail.com>
>>>> wrote:
>>>>
>>>>> "Wikipedia:Free speech" (
>>>>> http://en.wikipedia.org/wiki/Wikipedia:Free_speech) is probably worth
>>>>> a read.
>>>>>
>>>>> http://en.wikipedia.org/wiki/Wikipedia:Free_speech
>>>>>
>>>>> It's not directly about privacy but I think it clearly covers the
>>>>> ground that Wikipedia is a project to create an online encyclopedia, not an
>>>>> experiment in radical free speech. The system is set up to facilitate that
>>>>> goal.
>>>>>
>>>>> If you think that recording IP addresses is invasive, then you should
>>>>> probably be publishing your content on your own website, not Wikipedia.
>>>>>
>>>>> Cheers,
>>>>> David...
>>>>>
>>>>>
>>>>> On Mon, Mar 30, 2015 at 5:10 AM, Brian J Mingus <
>>>>> brian.mingus at colorado.edu> wrote:
>>>>>
>>>>>> In general people do not read privacy policies, nor do they
>>>>>> understand what
>>>>>> IP addresses are or what you can do with them.
>>>>>>
>>>>>> But if you recall, I simply stated that recording IP addresses is
>>>>>> invasive.
>>>>>> And it is.
>>>>>>
>>>>>> This is especially true when you know that your recordings are
>>>>>> faciliating
>>>>>> the active de-anonymization of people who are editing Wikipedia. Not
>>>>>> just
>>>>>> de-anonymization, but often public shaming.
>>>>>>
>>>>>> For WMF, the principle of neutrality clearly trumps the principles of
>>>>>> privacy and free speech. For the NSA, substitute security for
>>>>>> neutrality.
>>>>>> It's hypocritical.
>>>>>>
>>>>>> Luckily, it's easy to fix. Just stuff the ip fields with random
>>>>>> numbers and
>>>>>> deal with the fallout. Stop tracking people.
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Sun, Mar 29, 2015 at 2:02 PM, Oliver Keyes <okeyes at wikimedia.org>
>>>>>> wrote:
>>>>>>
>>>>>> > In order:
>>>>>> >
>>>>>> > 1. Yes, the WMF is suing the NSA. There are a few threads/blog posts
>>>>>> > about this people here can point you to.
>>>>>> > 2. Brian: The NSA needs to store data without the permission or
>>>>>> > consent of the people generating it, sometimes through forcible
>>>>>> > interception, decryption and the introduction and maintenance of
>>>>>> > software exploits that allow them to do this but also allow any
>>>>>> other
>>>>>> > reasonably technical nation or non-nation actor who is paying
>>>>>> > attention to exploit the same vulnerability, keeping this data for
>>>>>> an
>>>>>> > indefinite period, with very little legal or political oversight, in
>>>>>> > order to stop terrorism, where very little evidence exists that this
>>>>>> > has helped in any way.
>>>>>> >
>>>>>> > The WMF needs to store data for a 90 day period, which is explicitly
>>>>>> > set down in a privacy policy that is transparent, human-readable,
>>>>>> > linked from every edit interface, written with the involvement of
>>>>>> the
>>>>>> > people whose data is being stored, administered by a committee of
>>>>>> > people who come from this population of editors, and explicitly sets
>>>>>> > out what the data may or may not be used for, even within the
>>>>>> > Wikimedia Foundation, in order to stop vandalism, where multiple
>>>>>> > scientific studies have validated the hypothesis that being able to
>>>>>> > make rangeblocks and prohibit sockpuppetry is beneficial to the
>>>>>> > community we are all a part of and the wider population of readers.
>>>>>> >
>>>>>> > That's what's actually going on, here. If you thing these situations
>>>>>> > are roughly analogous, that's your prerogative. If you think the
>>>>>> > storage of this data is unnecessary, I recommend you go to your
>>>>>> local
>>>>>> > project and explain to them that being able to checkuser potential
>>>>>> > sockpuppets or hard-block users is not needed: gaining consensus
>>>>>> there
>>>>>> > would be a good starting point to changing this.
>>>>>> >
>>>>>> > On 29 March 2015 at 11:57, James Farrar <james.farrar at gmail.com>
>>>>>> wrote:
>>>>>> > > Wikipedia is suing the NSA? Seriously?
>>>>>> > > On 28 Mar 2015 11:23, "Brian J Mingus" <brian.mingus at colorado.edu
>>>>>> >
>>>>>> > wrote:
>>>>>> > >
>>>>>> > >> It has worked up to now, but I'm thinking that, especially given
>>>>>> > Wikimedia
>>>>>> > >> is suing the NSA, it is no longer justifiable. If the NSA can't
>>>>>> track
>>>>>> > >> citizens, Wikimedia shouldn't be tracking them either. Seems
>>>>>> simple :)
>>>>>> > >>
>>>>>> > >> On Thu, Mar 26, 2015 at 2:56 PM, Francesco Ariis <fa-ml at ariis.it
>>>>>> >
>>>>>> > wrote:
>>>>>> > >>
>>>>>> > >> > On Wed, Mar 25, 2015 at 01:19:35PM -0400, Brian J Mingus wrote:
>>>>>> > >> > > I think it's rather curious that edits to Wikipedia aren't
>>>>>> private.
>>>>>> > Why
>>>>>> > >> > log
>>>>>> > >> > > the IP address? Why log anything? It's invasive.
>>>>>> > >> >
>>>>>> > >> > I guess it's a sensible choice against abuse (vandalism) while
>>>>>> still
>>>>>> > >> > allowing non registered users editing rights
>>>>>> > >> >
>>>>>> > >> >
>>>>>> > >> > _______________________________________________
>>>>>> > >> > WikiEN-l mailing list
>>>>>> > >> > WikiEN-l at lists.wikimedia.org
>>>>>> > >> > To unsubscribe from this mailing list, visit:
>>>>>> > >> > https://lists.wikimedia.org/mailman/listinfo/wikien-l
>>>>>> > >> >
>>>>>> > >> _______________________________________________
>>>>>> > >> WikiEN-l mailing list
>>>>>> > >> WikiEN-l at lists.wikimedia.org
>>>>>> > >> To unsubscribe from this mailing list, visit:
>>>>>> > >> https://lists.wikimedia.org/mailman/listinfo/wikien-l
>>>>>> > >>
>>>>>> > > _______________________________________________
>>>>>> > > WikiEN-l mailing list
>>>>>> > > WikiEN-l at lists.wikimedia.org
>>>>>> > > To unsubscribe from this mailing list, visit:
>>>>>> > > https://lists.wikimedia.org/mailman/listinfo/wikien-l
>>>>>> >
>>>>>> >
>>>>>> >
>>>>>> > --
>>>>>> > Oliver Keyes
>>>>>> > Research Analyst
>>>>>> > Wikimedia Foundation
>>>>>> >
>>>>>> _______________________________________________
>>>>>> WikiEN-l mailing list
>>>>>> WikiEN-l at lists.wikimedia.org
>>>>>> To unsubscribe from this mailing list, visit:
>>>>>> https://lists.wikimedia.org/mailman/listinfo/wikien-l
>>>>>>
>>>>>
>>>>>
>>>>
>>>
>>
>


More information about the WikiEN-l mailing list