Talk:Privacy policy/Archives/2003

From Meta, a Wikimedia project coordination wiki
Jump to: navigation, search
Warning! Please do not post any new comments on this page. This is a discussion archive first created in 2003, although the comments contained were likely posted before and after this date. See current discussion or the archives index.

The IP addresses of logged-in users may occasionally be reviewed from the server logs while investigating cases of vandalism.

Who will investigate these logs ? Maintenance people only, or any sysop who ask for them ?

So far, mainly me or Jimbo, though excerpts may sometimes get posted publicly. --Brion VIBBER 13:36 Feb 9, 2003 (UTC)
what defines when excerpts are posted publicly ? Who can ask for them and why ?

Would it be possible to make a link to the Draft privacy policy page on the page where you can log in of make a new user account. It took me a very long time to find any mention of any privacy information, and I found the draft privacy policy very useful.

Thank you

Hey, someone else who finds privacy policies useful! This draft is looking pretty good to me so far. I don't know how the process works, but I imagine a link to a more polished version of this document will be appearing on all Wikipedia pages soon (?).

Does the term "aggregate statistics" refer to statistics in which all or most personally identifiable information has been stripped? Can someone define this term or elaborate on it?


What user information falls under the GFDL? If I get a SQL database dump, are there email addresses, IP addresses, etc. in the dump? -- EvanProdromou

Lookups[edit]

I've noticed that MeatballWiki gives no IPs for anon users, but (what I presume to be) reverse DNS lookups. Has this been proposed/discussed/rejected here? Martin

The old usemod wikipedias also show the hostname. I would be nice to have option to select between IP adres and hostname. Giskart 18:39 Mar 15, 2003 (UTC)
Except in rare cases (dynamic IPs), IPs and hostnames are equivalent, but hostnames are sometimes considered more privacy-invasive, as they often explicitly specify a person's university, workplace, or local ISP by name in text for all to see, which information would require a separate lookup with an IP. That, and we'd have to do reverse lookups on every visitor in order to obtain the information -- that'll slow things down a little. --Brion
This would be useful information, though, in helping to judge such a user's contribution. For example, if the BBCi article was modified by someone with a bbc.co.uk hostname, one might expect it to be accurate, but potentially biased. If the Java programming language was modified by someone with a university hostname, one might expect a certain, more theoretical, slant. If someone with an French-based hostname posted to US plan to invade Iraq, one might want to check for an anti-US slant - and also copyedit the spelling+grammar of someone who may not be a fluent English speaker. Martin

A few points:

  • Shouldn't IP adresses of viewers be deleted periodically, say once a month? That way it wouldn't matter if any authorities asked for them because they would not be available.
    • They already are.
      • OK. It should be noted along with the frequency. I am assuming that any backups done do not contain the purged information (i.e. purge, then backup). Dori
  • Would it be possible to associate tempID's to IP addresses for edits when users are not logged in. This way the public and/or authorities could not exact revenge/hunt down/other evil things the editors, yet at the same time such IP's could be banned by administrators if need be. These matchings would also need to be flushed periodically.
    • If you don't wish to be identified by other visitors, log in and use a pseudonym instead of your real name or your real network address, and screen your language, writing style, and the domain of things you write about very carefully to avoid tipping people off. If you're writing things that are likely to get people to "exact revenge" upon you, you're either not following NPOV or you're in an unhealthy environment which is a bigger problem for you than anything Wikipedia does. --Brion VIBBER 23:39, 20 Oct 2003 (UTC)
      • I already use my login. It was intended for others (those who don't know any better, don't want to, don't care, etc). By protecting others for their own good we can make the environment safer, which in turn will convinve more people to contribute. You do not have to write in POV style to get someone to be angry at you. Sometimes, all it takes is a factual statement. I think we should foster an environment where people are not afraid to speak out as long as they are telling the truth. This may seem theoretical, but it could happen. Dori
  • Shouldn't the IP's of editors that are logged in be deleted periodically? If you have the login name, you may not need the IP address. I could see where this would come in handy for long-term troublemakers, but we must weigh privacy issues more.
    • They aren't stored other than in the webserver log which is already cleared periodically, see above.
      • OK. Again, it should be noted. Perhaps it wasn't clear what exactly is meant by "logs" Dori 01:35, 21 Oct 2003 (UTC)

Most people might see this as having to do with the US government and terrorism, but that, while still a valid concern, may not be the worst case scenario. Say someone edits an article having to do with a dictator, mafia member, government official in a way that angers the latter entity. Since the IP's are public, the editor could be tracked down rather easily.

just a few things to consider, Dori 23:08, 20 Oct 2003 (UTC)


I think the draft in such a state where it could be presented to the public as is (well, almost, must answer and remove notes). I think it is better to have this unfinished draft, than none at all. Also, this policy would probably have to be presented to all the 'pedias. Dori 04:28, 21 Oct 2003 (UTC)

RDNS lookups can be misleading because there is no requirement that they be factual. ISP-run DNS servers are likely to run fairly true, but there is nothing to prevent someone with a block of 255 or more IPs from running their own RDNS and setting the hostname of an IP to, say, www.drudgereport.com. There is no requirement that it match a forward lookup. Thus, hostnames-only may not provide as effective an audit trail. UninvitedCompany 19:50, 24 Dec 2003 (UTC)

Anonymity[edit]

While serious contributors are encouraged to back their contributions with their real names, this is not required; a user account may be created using a pseudonym (but please see Wikipedia:No offensive usernames), or you may continue to edit anonymously (but see note about IP addresses below).

Many of the project's major contributors are pseudonymous, and some choose not to reveal their real name.


E-mail[edit]

You may optionally provide your e-mail address when creating a user account, or update it in your preferences. This is not required, but if you do choose to submit your e-mail address:

  • Other signed-in contributors may send you direct e-mail via your user page and vice-versa; your address will be revealed only to those to whom you send e-mail, and to those who send e-mail to you only if you respond
  • If you lose your password, you can have it reassigned through the login page and a temporary password sent to you.

Users' e-mail addresses are stored only on the main Wikipedia server, accessible only to the site maintainers, and are not included in the publicly available article database dumps.

They will be passed on to the government... upon request under the relevant legislation?

Wikipedia has to comply with the laws of the United States and the state of California, where the server is located. (And possibly the state of Florida, where the Wikimedia Foundation is incorporated, but I'm not sure how that comes into things.) Hypothetically, if ordered by a court of law, records that exist may have to be turned over.

-My guess is Wikimedia foundation might provide information of users when asked by foreign law enforcement officers as well. Police of a country may request Wikimedia to submit some IP address information for reasons like defamation, obscenity, invasion of other's privacy, etc., and Wikipedia might cooperate, I guess. Tomos 03:53, 22 Oct 2003 (UTC)

They will be passed on to third parties... never? They are stored... indefinately?

They're stored indefinitely unless you log in and change the e-mail address listed in your account, at which point it's gone. The SMTP mail server logs may include references to any mail sent to or from you through Wikipedia, but without any connection to your account name, the subject or the content of the mail sent.

What about the mailing lists?

Like the wiki, the mailing lists are public. The archives are public. Anything you send to them is being published publically. Don't publish things you'll regret.
The subscriber list for the mailing lists is as far as I know limited to list admins only, though obviously if you send anything to a list the whole world now knows your email address. A number of different people admin the various lists. If you don't like it, subscribe with a throwaway hotmail account.

Can you subsequently remove your email address if you change your mind? If you do, is the old address stored anywhere?

You can change the email address in your wiki preferences at any time, and the old address is not stored in association with your account. I'm not sure how the mailing list stores its subscriber lists, so I don't know if an address would stick anywhere (besides the mail server logs) in connection with a mailing list after being unsubscribed. Check with the GNU Mailman people for info.

IP addresses[edit]

Depending on how you are connected to the Internet, your IP address may generally identify your Internet service provider, or uniquely identify the computer from which you are connecting.

The IP addresses of anonymous contributors are permanently recorded in the publicly viewable page histories. If you do not wish to publicly reveal your IP address, you should create a user account; your user name (which may be a pseudonym) will then be recorded in place of the IP address.

Internal server logs include the IP address of every viewer; this information is used for aggregate statistics.

The IP addresses of logged-in users may occasionally be reviewed from the server logs while investigating cases of vandalism. Excerpts may be published... when? where? by whom? What about other reasons to review logs - eg bug-tracking?

IP addresses will likely be seen by developers during bug hunting if this involves looking at the logs to get information on diagnosing the bug, but will not be published. Publishing of IP addresses may happen when tracking vandalism, as blocking a logged-in vandal requires also blocking the IP address to prevent the same person from simply creating another account immediately, and the IP block list is public for accountability reasons.

IP addresses may become more widely viewable in the future, pending discussions.

These logs are stored... indefinitely??

Logs are rotated daily; the archives are cleared out every couple weeks (deletion schedule not automated yet).

The logs will be passed on to the US government... upon request under the appropriate legislation? Which means what in practice?

In practice, this means never. Hypothetically law enforcement could serve a warrant asking for log data relating to some investigation, and we'd probably have to comply to the extent that the requested information exists (eg Patriot Act).

Other personal information[edit]

Server logs may include the operating system and browser version that viewers use; this information is used for aggregate statistics.

If you or someone else adds personal information to a wikipedia page, such as your user page, it will be stored indefinately, even if you subsequently edit it to remove it. Do not publish information that you don't want published! Wikipedia is not a private chat room.

If Wikipedia passes into the control of a third party...[edit]

... then we have no control over what they may choose to do with IP addresses and/or emails.

True enough of all websites.
But it never hurts to say it!


Cookies[edit]

Seems relevant here...

Cookies are required to log in. If you choose 'remember my password', a cookie will be stored with a hash of your password. This may be a bad idea if your computer isn't very much yours and you're paranoid.
The main functioning of the login system uses a session cookie which expires at the end of your browser session.
Also set on login are cookies storing your user id number and name, which are used to fill in the last-used name in the login box when you next visit. If you don't like this, clear your cookies after logging out. These cookies last 30 days IIRC.

Link it from the main page?[edit]

This draft does not seem to be getting much more attention. Maybe the notes should be removed and the draft linked from the main page (better this version than none, plus it would get more attention from editors). Maybe I am the only one who feels that Wikipedia should have a privacy policy, so I'll shut up after this. Dori 00:35, 16 Nov 2003 (UTC)


Wikitravel privacy policy[edit]

The Wikitravel privacy policy might be worth comparing and contrasting. --Evan 22:21, 17 Dec 2003 (UTC)



User, and user_talk pages[edit]

This has been discussed elsewhere, but I think it deserves a mention in the privacy policy.

Personally I think a logged in user should have the right to control the content in their own page. I've seen instances of people reverting blanking of another user's (a "bad" user) talk page, and there are talks at personal subpages saying that they should not be deleted.

The user pages are not part of the encyclopedia, they should be deleted upon request. Keeping them viewable by everyone against the user's will is, in my opinion, a misuse of the GFDL.

tristanb (not logged in) 203.96.104.226 00:27, 21 Dec 2003 (UTC)

I disagree. User talk pages are there to support the development of the encyclopedia, and as such include information that is relevant to particular articles. Perhaps that should have gone on the article talk page, but often it doesn't, and the talk pages provide a very useful history of how particular articles and issues were developed. The user talk page is not supposed to be something private. If you want a private discussion with someone, you can do that by e-mail, so I see no reason why these pages should be made part of the privacy policy. The same might not apply to user pages. Angela 01:28, 21 Dec 2003 (UTC) (see below)

I strongly agree with tristanb, to the point that I'm considering using an off-Wikipedia wiki to post my replies to talk comments, then pointing people there, avoiding releasing simple discussions under the GFDL. If something contains text intended for the encyclopedia, of course, I would be deliberately place that in an article-related area, rather than a personal area. I'm here to make an encyclopedia, not to have simple workplace discussions recorded forever by my "employer" here. Jamesday 09:01, 21 Dec 2003 (UTC)

Often the concerns relating to user pages et al are of people seeking to continue to contribute to Wikipedia, while trying to remove criticism from their user talk page (etc). Insofar as Wikipedia is in some sense a deliberative democracy, stifling criticism can have some side effects that make people rightly cautious. However, where people have decided to leave Wikipedia, I agree with JamesDay and Tristan that it makes sense to grant the right to vanish, and such users should have pretty much free reign. The only exception is where someone has been banned, where we want to have a record of why we banned them, and how long the ban is for.
I don't think you would have to remove the comments completely though in order for someone to vanish. This could be done through a name change. Also, agreeing to delete a user talk page doesn't really solve anything if comments they would rather vanish from also appear on article talk pages, which is quite likely to be the case. Article talk pages are obviously not going to be deleted, so there needs to be a solution that can apply to both these and to user talk pages. I can't see any strong reason to treat these differently. I'm also not sure you can state different privacy rules for banned users. It's possible that they might be the ones most wanting to hide their past on Wikipedia after they are made to leave. Angela 23:07, 29 Dec 2003 (PST) (see below)

My thoughts on this have changed now following an experience on another wiki where I did leave and requested my talk page be deleted. A talk page and user page is something more personal than what you write on article pages. User and article talk pages already follow different rules. For example, a user is, in nearly all cases, allowed to refactor and delete comments on their own user/talk page in a way that would not be regarded as acceptable on article talk pages. Therefore, it makes sense for those differences to apply to deletion of the pages as well. People are more attached to their pages than to their comments on article pages, and I think it is this level of attachment that would cause someone to feel uncomfortable about leaving an undeleted user page behind when they exercise their right to leave. It doesn't solve the problem of not vanishing from article talk, but if the user feels separated from these in a way they don't from their own pages, then there is reason to treat the pages differently. Deletion of your user/talk page may also be a way of psychologically breaking away from a wiki, which has a stronger effect than just walking away. Perhaps when people leave they need this as some sort of final statement that they have left, and not only that, but a statement that they no longer wish to be associated with it at all. The history of user talk pages can be fascinating and offer huge insights into the working of the wiki, but this isn't what they are there for. The aim is to build an encyclopædia, not to provide insights into how the community works or to document how individuals played a part in that. So, I now feel that the privacy policy should state that a user/talk page will be deleted on request after someone leaves. Angela 14:50, 2 Jan 2004 (UTC)

Having seen how differently I write on IRC you might also consider whether the user talk pages should be crawlable by search engines. As you've seen, people can act very differently when everything they say is being recorded compared to how they are when that is not the case. Jamesday 20:11, 25 Jan 2004 (PST)

Agreed: I think article talk, user pages and user talk should be excluded by robots.txt as well as database dumps (there is a license requirement as well tackled below, the point is not to facilitate automated processing). --Tobu 20:11, 29 May 2005 (UTC)

Harcèlement Sexuelle[edit]

== Texte du titre == Un Harcèlement Sexuelle


Un harcèlement sexuelle c'est etre violer par des hommes



si vous vous faites fait violer appeler au 0645826356 merci



ou si vous vous etes pas fais violer appeler au 0645826356 merci




si vous avez des questions merci de bien vouloir appeler au 0645826356 merci




saserait avec plaisir de vous parler et répondre aux questions




                       Merci