http://lists.wikimedia.org/pipermail/found...ber/033013.html

Tim Starling wants to know if he can give all the Wikipedia log files to some university in Spain, or if that'd violate the privacy policy. He ends with a partial realization that they're *already* violating the privacy policy by inserting web bugs. Hey isn't that what the cabal was criticizing someone else for doing, calling their site an attack site because it had what they called "spyware"?

As a general rule, you can't violate a policy you don't have.

Here's a hint:

Wikipedia Has No Policies (WP:HØP)

Jonny

A privacy policy is one of the few official policies they have. It might even be the only one. http://wikimediafoundation.org/wiki/Privacy_policy

A Policy, ¬2b≈ a Bunch Of Words On A Sheet Of Paper (BOWOASOP), is a set rules and regulations that people enforce and follow in actual practice.

Like I said:

Wikipedia Has No Policies (WP:HØP)

Jonny

Well I certainly agree that WP is a lawless place. I would agree that Jonny is correct about the WP "Community" having no rules or policies that are worth the transient pixels they are written on.

But anthony has point about the WMF Privacy Policy being a different matter. Given the right circumstances a user might reasonably rely on the policy for something important (a job, a reputation, a business relationship.) If the user's reasonable expectation are disappointed and real harm results they would be able to turn to a court for relief. Now I don't think the WMF view the policy as "a set of rules and regulations that people enforce and follow in actual practice." But a court very well might. Thus it is possible that the Policy could transcend BOWOASOP, not as a matter of internal integrity but as outside IRL forces finally impacting upon WP.

Well, G, G — and ain't she just everbuddy's fave rave 50's ingenue? — I'm not even going to bother going looking for the fineprint that wikipunches the requisite loopholes big enough to drive a Mack Truck™ through, cause I know dese guise well enuff to know it's gonna be dere ∑where.

Jonny

It's important not to get so wrapped up in the MMORPG of Wikipedia that you forget that they operate in the real world, under real rules. Privacy policies are mandated under the laws of many jurisdictions and under even more jurisdictions they are legally binding documents once they are published. You can't compare Wikipedia's privacy policy with some self-enforced wikirule that anyone can edit.

This is a top ten trafficked website we're talking about. For all the heat Google has gotten for its problematic privacy policy (including from people on this site), I would think Wikipedia's would be a hot topic of discussion.

Hey! Have a got just the car for you! Or maybe you're more in the market for a bridge?

Jonny

I think Wikipedia would be able to justify the use of web bugs for internal traffic analysis, but only if they state in their privacy policy that they do this, and guarantee that these bugs are only used for statistical analysis that is entirely separate from any real or imagined interest in the surfing behavior of a particluar IP address. Yahoo uses web bugs in this manner (Yahoo calls them "web beacons"), and mentions this in their privacy policy.

But handing over server logs, complete with IP addresses, to some entity merely on their word that they won't disclose the information, is outrageous. If the National Security Agency asked for the logs, complete with IP addresses, and signed a confidentiality agreement, what would be the reaction? Would Tim Starling be "leaning towards letting them have it," the way that he leans toward letting the Universidad Rey Juan Carlos in Spain have it?

Can Tim Starling guarantee that the Universidad Rey Juan Carlos in Spain is not fronting for some spook outfit? Of course he can't. He doesn't have the resources to check them out.

This should be a no-brainer for Tim Starling, and I'm surprised he had to pose the issue on the Foundation mailing list. One possible approach might be to first do a one-way hash of all the IP addresses, so that they become an identifying number that is still untraceable.

Hello? Now that's what I am talking about! ^

I love this place. Thank you, Daniel. IMO, wisdom is infinitely more impotant than being smart. You seem to have been blessed with both which makes you a rare part of our species, indeed.
There are many smart people at Wikipedia, albeit not very many that are wise.
"It's about time."

Seriously, Anthony, it all boils down to the plain and simple, common sense observation that you learn a lot about a game operator's character from the way that it runs its games, and knowledge of character is a generalization that applies across the board.

If you discover that the Management of a Baseball Team is plugging bats, bribing umpires, and betting on games, then you don't have to think twice about the possibility that they will cheat on contracts whenever they think they can get away with it, now do you?

That's all I'm saying …

Jonny

That was more the reaction I was expecting... I'm glad to see someone gets it.



That doesn't work all that well for normal websites, and probably wouldn't work at all for Wikipedia, because the full logs of all the edits made to Wikipedia are already public. For instance, from the public logs we know that Daniel Brandt edited the "Criticism of Wikipedia" article on April 4, 2006 at 22:43 UTC. Now match that with the line in the logs where that url was accessed and we trivially match the hashed IP to Brandt. We might not know what the actual IP address is, but that part is irrelevant if we know the identity of the person behind the IP.

Now according to Wikipedia's privacy policy they generally throw out these logs after two weeks. So if that's true this particular privacy problem would only affect those who've used the website starting two weeks after they turn over the logs. But the way Tim Starling is asking about giving the logs to this university he's acting as though they have logs from way more than two weeks. That alone would be a serious breach of their privacy policy.

So why are we here? Isn't it in large part to expose this baseball team which is plugging bats, bribing umpires, and betting on games?

I'm not at all surprised by what's going on. But I think it's an issue which deserves more public light and discussion.

WR:PUNCTUS taken.

"Punked Us" — get it !?

Jonny

Amusing he claims he wants the community to discuss it and therefore posts it in the mailing list, since when has that become the place to discuss community issues, Squeak Box

He said before he gave out logs minus IP addresses. Does this mean he gave out oversight or checkuser logs (checkuser logs minus IP addresses)?


For those who don't know, Wikipedia can change their privacy policy when they want, too.

C'mon Squeak.

Jimbo regarded the lists as being "THE place to do business" long ago.

Folks like you are not allowed anywhere near the players' table. The list is where the real "consensus" and "community" decisions are made.

I dont know that I am not allowed to, but I do know I ahve neever tried. i am up for writing an encyclopedia, not some behind the scenes power play and the mailing list just looks so boring! Squeak Box