[Foundation-l] spamming of the english wikipedia users detected

[Ray Saintonge]

Gregory Maxwell wrote:

>We could possibly supplement an early delivered email which will reach
>people who do not log in every day, with a dynamic notice that appears
>on a non-cached page, such as watchlists, which says "You are eligible
>to vote in the board election, but you have not done so yet."  I think
>the biggest complication with that will be making it not show when
>someone has voted from another project... I guess this will just be
>something else we put off while waiting for SUL.
>
What I find most disturbing in this is that someone, other than the 
people who are independently running the election, should have access to 
records of who has and who hasn't voted, and then be able to use that 
for his spam list.  Saying that only 15% have voted is one thing, but 
identifying who is in that 15% is quite another.

In some ways this situation is not too different from the recent one 
where the fact that someone was editing from a proxy server was 
revealed. The action is not specifically forbidden, but it nevertheless 
brings  into question the propriety and ethics of the person who would 
use such information.

The argument that some of these people might not be aware that an 
election in progress is spurious justification for these actions.  To 
whatever extent WMF may have democratic structures, the persons who have 
such rights must accept some responsibility for keeping themselves 
informed of major democratic processes.  If they don't they get the 
results that they deserve.

Whether or not I have voted is my business.  It is clearly too late to 
repair this security flaw for this election, but I would expect that 
this breach could be plugged before the next one.

Ec