I'm writing to get an answer (from anybody at the WMF) on the status of the WMF's policy access to private (i.e. IP, Browser, etc.) information. Each day thousands of people edit Wikipedia and deserve to know what measures, if any, are taken to avoid divulging to the wrong sort of people this sensitive information about them.
On 25 April last year, the board of trustees approved, in a non-public and scantily-documented meeting, a policy that accords Checkuser and Oversight and other statuses to "community" members appointed by a community process with essentially a mere two requirements: provide an email address, and assert that you are 18 or over. Name, address, NOT required. Is this truly an adequate way to protect the privacy interests of all those that edit Wikipedia? Well, I don't think so, but my purpose right now is to try to eliminate the ambiguity of what is actually occurring at this time.
One source of this ambiguity is the edit of the WMF's James Alexander (http://wikimediafoundation.org/w/index.php?title=Access_to_nonpublic_data_po...) on 6 June, in which he wrote: "This policy has been replaced by a new [[m:Access to non public information policy|Access to non public information policy]], which was approved by the Board of Trustees on 25 April 2014. However, this policy remains in force until the new processes mandated by the new policy are put into place. A future announcement will be made to those affected before the new policy goes in effect." It's now the future (and after nine months, quite so), so what is the policy?
The old policy mandated that those seeking the accesses fax or secure email a from of identification. Casual and rank-and-file Wikipedia editors were repetitively told that the checkusers and oversighters etc. were "identified to the WMF." This was incredibly misleading because the practice of Philippe Beaudette was to shred and otherwise destroy the identifications after marking the noticeboard. It is apparent to any plain-spoken individual, I think, that you can't tell people that those granted these accesses are "identified to the WMF" when you have shredded the documents and all that is left (except in Mr. Beaudette's memory) is a checkmark by a username on a noticeboard. It wasn't a semantic dodge predicated on the definition of "identified," rather it was in my opinion a smoke-screen. Mr. Beaudette felt loyalty to the privacy of the administrators, and evidently none to the common editors whose IPs and so forth he was exposing to them.
The immediately above is not necessarily a criticism of the old policy, which taken at face value strongly implies that the WMF keeps the identifications on file, on a secure computer, or in a physical safe. It's rather that Mr. Beaudette operated for years in open defiance of the policy. To his credit though, apparently he impelled the Board to rewrite the policy in a manner corresponding to his actions.
BUT MY QUESTION NOW is: "What is the status of the policy?" For example English Wikipedia just got three new checkusers: Bbb23, Callanecc, and Mike V. What information were they required to provide? Proper documents, or merely an email address and assertion that they are over 18?
Trillium Corsage