[Foundation-l] Wikipedia tracks user behaviour via third party companies #2

Domas Mituzas midom.lists at gmail.com
Sun Jun 7 17:17:02 UTC 2009 

Hi!

> Are the developers lawyers?

IANAL.

> A developer claiming something has an
> unwanted privacy issue is very different from making claims about
> something being a legal issue on the behalf of Foundation. Simply  
> don't
> do it.

I failed to phrase what I wanted to write you in a way, that I  
wouldn't make me look like an arrogant prick, so I will not write it.  
Let me tell something else, instead.

Anyway, WMF has always been standing for privacy of our users. I  
wholeheartedly approve the privacy stance, which means that we don't  
even consider exceptions when it comes to giving away private data. We  
just don't give it away. This is why we opt out of phorm, this is why  
we don't facilitate numerous researchers (or whomever hide behind  
those names), and we don't even keep most of private data ourselves.

Someone on this thread said, that WMF keeps private data internally.  
We don't have readership data, there're no such thing as "access logs"  
in our farm, the closest one to the concept is "one out of overall  
requests", which doesn't have long retention, and is used for short  
term operational purposes. Every other private data point is the one  
that is visible by checkusers, has both audit trail, and quite  
restricted access to information (at least there are verification  
procedures).

So, we tend to understand data privacy policies internally quite well,  
that was incentive of written down privacy policy, and that has been  
part of constant internal dialogue how to handle overall privacy. We  
know that our reader privacy is quite good (especially if people use  
TOR and HTTPS :), we know that we have to balance our contributor  
privacy issues in order to be what we are. We err to the side of  
privacy, as that is where we would have highest damages.

Anyway, I answered your question, IANAL, but I'm in one way or another  
part of organization that has one. We asked the lawyer to describe our  
intent and position, and he did. We're happy to enforce it.

And, Brian,
> Volunteer admins cannot take user privacy into their own hands,  
> under their
> own interpretation. That's just not how it works!


You don't seen to have sufficient understanding how it works. :(


Domas

More information about the foundation-l mailing list