Privacy Study Looking for Volunteers

classic Classic list List threaded Threaded
43 messages Options
123
Reply | Threaded
Open this post in threaded view
|

Re: Privacy Study Looking for Volunteers

Oliver Keyes-4
At this point we're really getting somewhat off-topic; Brian, if you
want to continue this discussion about the trade-offs around privacy
and oversight, feel free to drop me an email. In the meantime, we
should probably leave the thread for the original subject  ;)

On 29 March 2015 at 14:55, Oliver Keyes <[hidden email]> wrote:

> Yes, you did state that, but you equated the explanation and
> circumstances with the NSA's behaviour, when in actual fact they are
> very different. I note that while you've argued that privacy policies
> aren't read, that's as far as your rebuttal goes.
>
> There's no trump of one principle over another, and this is nothing to
> do with content neutrality; again, I invite you to surface your
> proposal on enwiki. It will completely eliminate the utility of
> checkuser or hard-blocks or range blocks, but if the community wants
> it as much as you seem to think I'm sure they'll support the idea.
>
> On 29 March 2015 at 14:10, Brian J Mingus <[hidden email]> wrote:
>> In general people do not read privacy policies, nor do they understand what
>> IP addresses are or what you can do with them.
>>
>> But if you recall, I simply stated that recording IP addresses is invasive.
>> And it is.
>>
>> This is especially true when you know that your recordings are faciliating
>> the active de-anonymization of people who are editing Wikipedia. Not just
>> de-anonymization, but often public shaming.
>>
>> For WMF, the principle of neutrality clearly trumps the principles of
>> privacy and free speech. For the NSA, substitute security for neutrality.
>> It's hypocritical.
>>
>> Luckily, it's easy to fix. Just stuff the ip fields with random numbers and
>> deal with the fallout. Stop tracking people.
>>
>>
>>
>> On Sun, Mar 29, 2015 at 2:02 PM, Oliver Keyes <[hidden email]> wrote:
>>>
>>> In order:
>>>
>>> 1. Yes, the WMF is suing the NSA. There are a few threads/blog posts
>>> about this people here can point you to.
>>> 2. Brian: The NSA needs to store data without the permission or
>>> consent of the people generating it, sometimes through forcible
>>> interception, decryption and the introduction and maintenance of
>>> software exploits that allow them to do this but also allow any other
>>> reasonably technical nation or non-nation actor who is paying
>>> attention to exploit the same vulnerability, keeping this data for an
>>> indefinite period, with very little legal or political oversight, in
>>> order to stop terrorism, where very little evidence exists that this
>>> has helped in any way.
>>>
>>> The WMF needs to store data for a 90 day period, which is explicitly
>>> set down in a privacy policy that is transparent, human-readable,
>>> linked from every edit interface, written with the involvement of the
>>> people whose data is being stored, administered by a committee of
>>> people who come from this population of editors, and explicitly sets
>>> out what the data may or may not be used for, even within the
>>> Wikimedia Foundation, in order to stop vandalism, where multiple
>>> scientific studies have validated the hypothesis that being able to
>>> make rangeblocks and prohibit sockpuppetry is beneficial to the
>>> community we are all a part of and the wider population of readers.
>>>
>>> That's what's actually going on, here. If you thing these situations
>>> are roughly analogous, that's your prerogative. If you think the
>>> storage of this data is unnecessary, I recommend you go to your local
>>> project and explain to them that being able to checkuser potential
>>> sockpuppets or hard-block users is not needed: gaining consensus there
>>> would be a good starting point to changing this.
>>>
>>> On 29 March 2015 at 11:57, James Farrar <[hidden email]> wrote:
>>> > Wikipedia is suing the NSA? Seriously?
>>> > On 28 Mar 2015 11:23, "Brian J Mingus" <[hidden email]>
>>> > wrote:
>>> >
>>> >> It has worked up to now, but I'm thinking that, especially given
>>> >> Wikimedia
>>> >> is suing the NSA, it is no longer justifiable. If the NSA can't track
>>> >> citizens, Wikimedia shouldn't be tracking them either. Seems simple :)
>>> >>
>>> >> On Thu, Mar 26, 2015 at 2:56 PM, Francesco Ariis <[hidden email]>
>>> >> wrote:
>>> >>
>>> >> > On Wed, Mar 25, 2015 at 01:19:35PM -0400, Brian J Mingus wrote:
>>> >> > > I think it's rather curious that edits to Wikipedia aren't private.
>>> >> > > Why
>>> >> > log
>>> >> > > the IP address? Why log anything? It's invasive.
>>> >> >
>>> >> > I guess it's a sensible choice against abuse (vandalism) while still
>>> >> > allowing non registered users editing rights
>>> >> >
>>> >> >
>>> >> > _______________________________________________
>>> >> > WikiEN-l mailing list
>>> >> > [hidden email]
>>> >> > To unsubscribe from this mailing list, visit:
>>> >> > https://lists.wikimedia.org/mailman/listinfo/wikien-l
>>> >> >
>>> >> _______________________________________________
>>> >> WikiEN-l mailing list
>>> >> [hidden email]
>>> >> To unsubscribe from this mailing list, visit:
>>> >> https://lists.wikimedia.org/mailman/listinfo/wikien-l
>>> >>
>>> > _______________________________________________
>>> > WikiEN-l mailing list
>>> > [hidden email]
>>> > To unsubscribe from this mailing list, visit:
>>> > https://lists.wikimedia.org/mailman/listinfo/wikien-l
>>>
>>>
>>>
>>> --
>>> Oliver Keyes
>>> Research Analyst
>>> Wikimedia Foundation
>>
>>
>
>
>
> --
> Oliver Keyes
> Research Analyst
> Wikimedia Foundation



--
Oliver Keyes
Research Analyst
Wikimedia Foundation

_______________________________________________
WikiEN-l mailing list
[hidden email]
To unsubscribe from this mailing list, visit:
https://lists.wikimedia.org/mailman/listinfo/wikien-l
Reply | Threaded
Open this post in threaded view
|

Re: Privacy Study Looking for Volunteers

Brian J Mingus
Somewhat off topic? That means we're somewhat on topic then, right? It sure
seems like we're on topic.

I would prefer it of the WMF took the initiative and asked the community
what they think about this issue as a whole. The discussion seems to have
lacked transparency up to now. "We're suing the NSA for something we're
doing. Yes, we're aware of that, and we'd like to do something about it,
but it's a low priority and that's the final word." I'm not sure everyone
will agree with that.

Best,


On Sun, Mar 29, 2015 at 2:58 PM, Oliver Keyes <[hidden email]> wrote:

> At this point we're really getting somewhat off-topic; Brian, if you
> want to continue this discussion about the trade-offs around privacy
> and oversight, feel free to drop me an email. In the meantime, we
> should probably leave the thread for the original subject  ;)
>
> On 29 March 2015 at 14:55, Oliver Keyes <[hidden email]> wrote:
> > Yes, you did state that, but you equated the explanation and
> > circumstances with the NSA's behaviour, when in actual fact they are
> > very different. I note that while you've argued that privacy policies
> > aren't read, that's as far as your rebuttal goes.
> >
> > There's no trump of one principle over another, and this is nothing to
> > do with content neutrality; again, I invite you to surface your
> > proposal on enwiki. It will completely eliminate the utility of
> > checkuser or hard-blocks or range blocks, but if the community wants
> > it as much as you seem to think I'm sure they'll support the idea.
> >
> > On 29 March 2015 at 14:10, Brian J Mingus <[hidden email]>
> wrote:
> >> In general people do not read privacy policies, nor do they understand
> what
> >> IP addresses are or what you can do with them.
> >>
> >> But if you recall, I simply stated that recording IP addresses is
> invasive.
> >> And it is.
> >>
> >> This is especially true when you know that your recordings are
> faciliating
> >> the active de-anonymization of people who are editing Wikipedia. Not
> just
> >> de-anonymization, but often public shaming.
> >>
> >> For WMF, the principle of neutrality clearly trumps the principles of
> >> privacy and free speech. For the NSA, substitute security for
> neutrality.
> >> It's hypocritical.
> >>
> >> Luckily, it's easy to fix. Just stuff the ip fields with random numbers
> and
> >> deal with the fallout. Stop tracking people.
> >>
> >>
> >>
> >> On Sun, Mar 29, 2015 at 2:02 PM, Oliver Keyes <[hidden email]>
> wrote:
> >>>
> >>> In order:
> >>>
> >>> 1. Yes, the WMF is suing the NSA. There are a few threads/blog posts
> >>> about this people here can point you to.
> >>> 2. Brian: The NSA needs to store data without the permission or
> >>> consent of the people generating it, sometimes through forcible
> >>> interception, decryption and the introduction and maintenance of
> >>> software exploits that allow them to do this but also allow any other
> >>> reasonably technical nation or non-nation actor who is paying
> >>> attention to exploit the same vulnerability, keeping this data for an
> >>> indefinite period, with very little legal or political oversight, in
> >>> order to stop terrorism, where very little evidence exists that this
> >>> has helped in any way.
> >>>
> >>> The WMF needs to store data for a 90 day period, which is explicitly
> >>> set down in a privacy policy that is transparent, human-readable,
> >>> linked from every edit interface, written with the involvement of the
> >>> people whose data is being stored, administered by a committee of
> >>> people who come from this population of editors, and explicitly sets
> >>> out what the data may or may not be used for, even within the
> >>> Wikimedia Foundation, in order to stop vandalism, where multiple
> >>> scientific studies have validated the hypothesis that being able to
> >>> make rangeblocks and prohibit sockpuppetry is beneficial to the
> >>> community we are all a part of and the wider population of readers.
> >>>
> >>> That's what's actually going on, here. If you thing these situations
> >>> are roughly analogous, that's your prerogative. If you think the
> >>> storage of this data is unnecessary, I recommend you go to your local
> >>> project and explain to them that being able to checkuser potential
> >>> sockpuppets or hard-block users is not needed: gaining consensus there
> >>> would be a good starting point to changing this.
> >>>
> >>> On 29 March 2015 at 11:57, James Farrar <[hidden email]>
> wrote:
> >>> > Wikipedia is suing the NSA? Seriously?
> >>> > On 28 Mar 2015 11:23, "Brian J Mingus" <[hidden email]>
> >>> > wrote:
> >>> >
> >>> >> It has worked up to now, but I'm thinking that, especially given
> >>> >> Wikimedia
> >>> >> is suing the NSA, it is no longer justifiable. If the NSA can't
> track
> >>> >> citizens, Wikimedia shouldn't be tracking them either. Seems simple
> :)
> >>> >>
> >>> >> On Thu, Mar 26, 2015 at 2:56 PM, Francesco Ariis <[hidden email]>
> >>> >> wrote:
> >>> >>
> >>> >> > On Wed, Mar 25, 2015 at 01:19:35PM -0400, Brian J Mingus wrote:
> >>> >> > > I think it's rather curious that edits to Wikipedia aren't
> private.
> >>> >> > > Why
> >>> >> > log
> >>> >> > > the IP address? Why log anything? It's invasive.
> >>> >> >
> >>> >> > I guess it's a sensible choice against abuse (vandalism) while
> still
> >>> >> > allowing non registered users editing rights
> >>> >> >
> >>> >> >
> >>> >> > _______________________________________________
> >>> >> > WikiEN-l mailing list
> >>> >> > [hidden email]
> >>> >> > To unsubscribe from this mailing list, visit:
> >>> >> > https://lists.wikimedia.org/mailman/listinfo/wikien-l
> >>> >> >
> >>> >> _______________________________________________
> >>> >> WikiEN-l mailing list
> >>> >> [hidden email]
> >>> >> To unsubscribe from this mailing list, visit:
> >>> >> https://lists.wikimedia.org/mailman/listinfo/wikien-l
> >>> >>
> >>> > _______________________________________________
> >>> > WikiEN-l mailing list
> >>> > [hidden email]
> >>> > To unsubscribe from this mailing list, visit:
> >>> > https://lists.wikimedia.org/mailman/listinfo/wikien-l
> >>>
> >>>
> >>>
> >>> --
> >>> Oliver Keyes
> >>> Research Analyst
> >>> Wikimedia Foundation
> >>
> >>
> >
> >
> >
> > --
> > Oliver Keyes
> > Research Analyst
> > Wikimedia Foundation
>
>
>
> --
> Oliver Keyes
> Research Analyst
> Wikimedia Foundation
>
_______________________________________________
WikiEN-l mailing list
[hidden email]
To unsubscribe from this mailing list, visit:
https://lists.wikimedia.org/mailman/listinfo/wikien-l
Reply | Threaded
Open this post in threaded view
|

Re: Privacy Study Looking for Volunteers

David Carson-5
In reply to this post by Brian J Mingus
"Wikipedia:Free speech" (http://en.wikipedia.org/wiki/Wikipedia:Free_speech)
is probably worth a read.

http://en.wikipedia.org/wiki/Wikipedia:Free_speech

It's not directly about privacy but I think it clearly covers the ground
that Wikipedia is a project to create an online encyclopedia, not an
experiment in radical free speech. The system is set up to facilitate that
goal.

If you think that recording IP addresses is invasive, then you should
probably be publishing your content on your own website, not Wikipedia.

Cheers,
David...


On Mon, Mar 30, 2015 at 5:10 AM, Brian J Mingus <[hidden email]>
wrote:

> In general people do not read privacy policies, nor do they understand what
> IP addresses are or what you can do with them.
>
> But if you recall, I simply stated that recording IP addresses is invasive.
> And it is.
>
> This is especially true when you know that your recordings are faciliating
> the active de-anonymization of people who are editing Wikipedia. Not just
> de-anonymization, but often public shaming.
>
> For WMF, the principle of neutrality clearly trumps the principles of
> privacy and free speech. For the NSA, substitute security for neutrality.
> It's hypocritical.
>
> Luckily, it's easy to fix. Just stuff the ip fields with random numbers and
> deal with the fallout. Stop tracking people.
>
>
>
> On Sun, Mar 29, 2015 at 2:02 PM, Oliver Keyes <[hidden email]>
> wrote:
>
> > In order:
> >
> > 1. Yes, the WMF is suing the NSA. There are a few threads/blog posts
> > about this people here can point you to.
> > 2. Brian: The NSA needs to store data without the permission or
> > consent of the people generating it, sometimes through forcible
> > interception, decryption and the introduction and maintenance of
> > software exploits that allow them to do this but also allow any other
> > reasonably technical nation or non-nation actor who is paying
> > attention to exploit the same vulnerability, keeping this data for an
> > indefinite period, with very little legal or political oversight, in
> > order to stop terrorism, where very little evidence exists that this
> > has helped in any way.
> >
> > The WMF needs to store data for a 90 day period, which is explicitly
> > set down in a privacy policy that is transparent, human-readable,
> > linked from every edit interface, written with the involvement of the
> > people whose data is being stored, administered by a committee of
> > people who come from this population of editors, and explicitly sets
> > out what the data may or may not be used for, even within the
> > Wikimedia Foundation, in order to stop vandalism, where multiple
> > scientific studies have validated the hypothesis that being able to
> > make rangeblocks and prohibit sockpuppetry is beneficial to the
> > community we are all a part of and the wider population of readers.
> >
> > That's what's actually going on, here. If you thing these situations
> > are roughly analogous, that's your prerogative. If you think the
> > storage of this data is unnecessary, I recommend you go to your local
> > project and explain to them that being able to checkuser potential
> > sockpuppets or hard-block users is not needed: gaining consensus there
> > would be a good starting point to changing this.
> >
> > On 29 March 2015 at 11:57, James Farrar <[hidden email]> wrote:
> > > Wikipedia is suing the NSA? Seriously?
> > > On 28 Mar 2015 11:23, "Brian J Mingus" <[hidden email]>
> > wrote:
> > >
> > >> It has worked up to now, but I'm thinking that, especially given
> > Wikimedia
> > >> is suing the NSA, it is no longer justifiable. If the NSA can't track
> > >> citizens, Wikimedia shouldn't be tracking them either. Seems simple :)
> > >>
> > >> On Thu, Mar 26, 2015 at 2:56 PM, Francesco Ariis <[hidden email]>
> > wrote:
> > >>
> > >> > On Wed, Mar 25, 2015 at 01:19:35PM -0400, Brian J Mingus wrote:
> > >> > > I think it's rather curious that edits to Wikipedia aren't
> private.
> > Why
> > >> > log
> > >> > > the IP address? Why log anything? It's invasive.
> > >> >
> > >> > I guess it's a sensible choice against abuse (vandalism) while still
> > >> > allowing non registered users editing rights
> > >> >
> > >> >
> > >> > _______________________________________________
> > >> > WikiEN-l mailing list
> > >> > [hidden email]
> > >> > To unsubscribe from this mailing list, visit:
> > >> > https://lists.wikimedia.org/mailman/listinfo/wikien-l
> > >> >
> > >> _______________________________________________
> > >> WikiEN-l mailing list
> > >> [hidden email]
> > >> To unsubscribe from this mailing list, visit:
> > >> https://lists.wikimedia.org/mailman/listinfo/wikien-l
> > >>
> > > _______________________________________________
> > > WikiEN-l mailing list
> > > [hidden email]
> > > To unsubscribe from this mailing list, visit:
> > > https://lists.wikimedia.org/mailman/listinfo/wikien-l
> >
> >
> >
> > --
> > Oliver Keyes
> > Research Analyst
> > Wikimedia Foundation
> >
> _______________________________________________
> WikiEN-l mailing list
> [hidden email]
> To unsubscribe from this mailing list, visit:
> https://lists.wikimedia.org/mailman/listinfo/wikien-l
>
_______________________________________________
WikiEN-l mailing list
[hidden email]
To unsubscribe from this mailing list, visit:
https://lists.wikimedia.org/mailman/listinfo/wikien-l
Reply | Threaded
Open this post in threaded view
|

Re: Privacy Study Looking for Volunteers

Brian J Mingus
Wikipedia is set up such that if you don't take the measures mentioned in
the OP, you are dox'ing yourself. Users are not aware of this.

On Sun, Mar 29, 2015 at 4:33 PM, David Carson <[hidden email]> wrote:

> "Wikipedia:Free speech" (
> http://en.wikipedia.org/wiki/Wikipedia:Free_speech) is probably worth a
> read.
>
> http://en.wikipedia.org/wiki/Wikipedia:Free_speech
>
> It's not directly about privacy but I think it clearly covers the ground
> that Wikipedia is a project to create an online encyclopedia, not an
> experiment in radical free speech. The system is set up to facilitate that
> goal.
>
> If you think that recording IP addresses is invasive, then you should
> probably be publishing your content on your own website, not Wikipedia.
>
> Cheers,
> David...
>
>
> On Mon, Mar 30, 2015 at 5:10 AM, Brian J Mingus <[hidden email]
> > wrote:
>
>> In general people do not read privacy policies, nor do they understand
>> what
>> IP addresses are or what you can do with them.
>>
>> But if you recall, I simply stated that recording IP addresses is
>> invasive.
>> And it is.
>>
>> This is especially true when you know that your recordings are faciliating
>> the active de-anonymization of people who are editing Wikipedia. Not just
>> de-anonymization, but often public shaming.
>>
>> For WMF, the principle of neutrality clearly trumps the principles of
>> privacy and free speech. For the NSA, substitute security for neutrality.
>> It's hypocritical.
>>
>> Luckily, it's easy to fix. Just stuff the ip fields with random numbers
>> and
>> deal with the fallout. Stop tracking people.
>>
>>
>>
>> On Sun, Mar 29, 2015 at 2:02 PM, Oliver Keyes <[hidden email]>
>> wrote:
>>
>> > In order:
>> >
>> > 1. Yes, the WMF is suing the NSA. There are a few threads/blog posts
>> > about this people here can point you to.
>> > 2. Brian: The NSA needs to store data without the permission or
>> > consent of the people generating it, sometimes through forcible
>> > interception, decryption and the introduction and maintenance of
>> > software exploits that allow them to do this but also allow any other
>> > reasonably technical nation or non-nation actor who is paying
>> > attention to exploit the same vulnerability, keeping this data for an
>> > indefinite period, with very little legal or political oversight, in
>> > order to stop terrorism, where very little evidence exists that this
>> > has helped in any way.
>> >
>> > The WMF needs to store data for a 90 day period, which is explicitly
>> > set down in a privacy policy that is transparent, human-readable,
>> > linked from every edit interface, written with the involvement of the
>> > people whose data is being stored, administered by a committee of
>> > people who come from this population of editors, and explicitly sets
>> > out what the data may or may not be used for, even within the
>> > Wikimedia Foundation, in order to stop vandalism, where multiple
>> > scientific studies have validated the hypothesis that being able to
>> > make rangeblocks and prohibit sockpuppetry is beneficial to the
>> > community we are all a part of and the wider population of readers.
>> >
>> > That's what's actually going on, here. If you thing these situations
>> > are roughly analogous, that's your prerogative. If you think the
>> > storage of this data is unnecessary, I recommend you go to your local
>> > project and explain to them that being able to checkuser potential
>> > sockpuppets or hard-block users is not needed: gaining consensus there
>> > would be a good starting point to changing this.
>> >
>> > On 29 March 2015 at 11:57, James Farrar <[hidden email]> wrote:
>> > > Wikipedia is suing the NSA? Seriously?
>> > > On 28 Mar 2015 11:23, "Brian J Mingus" <[hidden email]>
>> > wrote:
>> > >
>> > >> It has worked up to now, but I'm thinking that, especially given
>> > Wikimedia
>> > >> is suing the NSA, it is no longer justifiable. If the NSA can't track
>> > >> citizens, Wikimedia shouldn't be tracking them either. Seems simple
>> :)
>> > >>
>> > >> On Thu, Mar 26, 2015 at 2:56 PM, Francesco Ariis <[hidden email]>
>> > wrote:
>> > >>
>> > >> > On Wed, Mar 25, 2015 at 01:19:35PM -0400, Brian J Mingus wrote:
>> > >> > > I think it's rather curious that edits to Wikipedia aren't
>> private.
>> > Why
>> > >> > log
>> > >> > > the IP address? Why log anything? It's invasive.
>> > >> >
>> > >> > I guess it's a sensible choice against abuse (vandalism) while
>> still
>> > >> > allowing non registered users editing rights
>> > >> >
>> > >> >
>> > >> > _______________________________________________
>> > >> > WikiEN-l mailing list
>> > >> > [hidden email]
>> > >> > To unsubscribe from this mailing list, visit:
>> > >> > https://lists.wikimedia.org/mailman/listinfo/wikien-l
>> > >> >
>> > >> _______________________________________________
>> > >> WikiEN-l mailing list
>> > >> [hidden email]
>> > >> To unsubscribe from this mailing list, visit:
>> > >> https://lists.wikimedia.org/mailman/listinfo/wikien-l
>> > >>
>> > > _______________________________________________
>> > > WikiEN-l mailing list
>> > > [hidden email]
>> > > To unsubscribe from this mailing list, visit:
>> > > https://lists.wikimedia.org/mailman/listinfo/wikien-l
>> >
>> >
>> >
>> > --
>> > Oliver Keyes
>> > Research Analyst
>> > Wikimedia Foundation
>> >
>> _______________________________________________
>> WikiEN-l mailing list
>> [hidden email]
>> To unsubscribe from this mailing list, visit:
>> https://lists.wikimedia.org/mailman/listinfo/wikien-l
>>
>
>
_______________________________________________
WikiEN-l mailing list
[hidden email]
To unsubscribe from this mailing list, visit:
https://lists.wikimedia.org/mailman/listinfo/wikien-l
Reply | Threaded
Open this post in threaded view
|

Re: Privacy Study Looking for Volunteers

Dustin Muniz
In reply to this post by Andrea Forte
People are made aware with each edit as an I am that their information is publicly available. What concerns me about removing IP information is that it'll remove our ability to fight spam, detect socks, and respond to emergency@ issues, unless I've missed something?


Sent from Samsung Mobile

<div>-------- Original message --------</div><div>From: Brian J Mingus <[hidden email]> </div><div>Date:03-29-2015  4:36 PM  (GMT-05:00) </div><div>To: David Carson <[hidden email]> </div><div>Cc: English Wikipedia <[hidden email]> </div><div>Subject: Re: [WikiEN-l] Privacy Study Looking for Volunteers </div><div>
</div>Wikipedia is set up such that if you don't take the measures mentioned in
the OP, you are dox'ing yourself. Users are not aware of this.

On Sun, Mar 29, 2015 at 4:33 PM, David Carson <[hidden email]> wrote:

> "Wikipedia:Free speech" (
> http://en.wikipedia.org/wiki/Wikipedia:Free_speech) is probably worth a
> read.
>
> http://en.wikipedia.org/wiki/Wikipedia:Free_speech
>
> It's not directly about privacy but I think it clearly covers the ground
> that Wikipedia is a project to create an online encyclopedia, not an
> experiment in radical free speech. The system is set up to facilitate that
> goal.
>
> If you think that recording IP addresses is invasive, then you should
> probably be publishing your content on your own website, not Wikipedia.
>
> Cheers,
> David...
>
>
> On Mon, Mar 30, 2015 at 5:10 AM, Brian J Mingus <[hidden email]
> > wrote:
>
>> In general people do not read privacy policies, nor do they understand
>> what
>> IP addresses are or what you can do with them.
>>
>> But if you recall, I simply stated that recording IP addresses is
>> invasive.
>> And it is.
>>
>> This is especially true when you know that your recordings are faciliating
>> the active de-anonymization of people who are editing Wikipedia. Not just
>> de-anonymization, but often public shaming.
>>
>> For WMF, the principle of neutrality clearly trumps the principles of
>> privacy and free speech. For the NSA, substitute security for neutrality.
>> It's hypocritical.
>>
>> Luckily, it's easy to fix. Just stuff the ip fields with random numbers
>> and
>> deal with the fallout. Stop tracking people.
>>
>>
>>
>> On Sun, Mar 29, 2015 at 2:02 PM, Oliver Keyes <[hidden email]>
>> wrote:
>>
>> > In order:
>> >
>> > 1. Yes, the WMF is suing the NSA. There are a few threads/blog posts
>> > about this people here can point you to.
>> > 2. Brian: The NSA needs to store data without the permission or
>> > consent of the people generating it, sometimes through forcible
>> > interception, decryption and the introduction and maintenance of
>> > software exploits that allow them to do this but also allow any other
>> > reasonably technical nation or non-nation actor who is paying
>> > attention to exploit the same vulnerability, keeping this data for an
>> > indefinite period, with very little legal or political oversight, in
>> > order to stop terrorism, where very little evidence exists that this
>> > has helped in any way.
>> >
>> > The WMF needs to store data for a 90 day period, which is explicitly
>> > set down in a privacy policy that is transparent, human-readable,
>> > linked from every edit interface, written with the involvement of the
>> > people whose data is being stored, administered by a committee of
>> > people who come from this population of editors, and explicitly sets
>> > out what the data may or may not be used for, even within the
>> > Wikimedia Foundation, in order to stop vandalism, where multiple
>> > scientific studies have validated the hypothesis that being able to
>> > make rangeblocks and prohibit sockpuppetry is beneficial to the
>> > community we are all a part of and the wider population of readers.
>> >
>> > That's what's actually going on, here. If you thing these situations
>> > are roughly analogous, that's your prerogative. If you think the
>> > storage of this data is unnecessary, I recommend you go to your local
>> > project and explain to them that being able to checkuser potential
>> > sockpuppets or hard-block users is not needed: gaining consensus there
>> > would be a good starting point to changing this.
>> >
>> > On 29 March 2015 at 11:57, James Farrar <[hidden email]> wrote:
>> > > Wikipedia is suing the NSA? Seriously?
>> > > On 28 Mar 2015 11:23, "Brian J Mingus" <[hidden email]>
>> > wrote:
>> > >
>> > >> It has worked up to now, but I'm thinking that, especially given
>> > Wikimedia
>> > >> is suing the NSA, it is no longer justifiable. If the NSA can't track
>> > >> citizens, Wikimedia shouldn't be tracking them either. Seems simple
>> :)
>> > >>
>> > >> On Thu, Mar 26, 2015 at 2:56 PM, Francesco Ariis <[hidden email]>
>> > wrote:
>> > >>
>> > >> > On Wed, Mar 25, 2015 at 01:19:35PM -0400, Brian J Mingus wrote:
>> > >> > > I think it's rather curious that edits to Wikipedia aren't
>> private.
>> > Why
>> > >> > log
>> > >> > > the IP address? Why log anything? It's invasive.
>> > >> >
>> > >> > I guess it's a sensible choice against abuse (vandalism) while
>> still
>> > >> > allowing non registered users editing rights
>> > >> >
>> > >> >
>> > >> > _______________________________________________
>> > >> > WikiEN-l mailing list
>> > >> > [hidden email]
>> > >> > To unsubscribe from this mailing list, visit:
>> > >> > https://lists.wikimedia.org/mailman/listinfo/wikien-l
>> > >> >
>> > >> _______________________________________________
>> > >> WikiEN-l mailing list
>> > >> [hidden email]
>> > >> To unsubscribe from this mailing list, visit:
>> > >> https://lists.wikimedia.org/mailman/listinfo/wikien-l
>> > >>
>> > > _______________________________________________
>> > > WikiEN-l mailing list
>> > > [hidden email]
>> > > To unsubscribe from this mailing list, visit:
>> > > https://lists.wikimedia.org/mailman/listinfo/wikien-l
>> >
>> >
>> >
>> > --
>> > Oliver Keyes
>> > Research Analyst
>> > Wikimedia Foundation
>> >
>> _______________________________________________
>> WikiEN-l mailing list
>> [hidden email]
>> To unsubscribe from this mailing list, visit:
>> https://lists.wikimedia.org/mailman/listinfo/wikien-l
>>
>
>
_______________________________________________
WikiEN-l mailing list
[hidden email]
To unsubscribe from this mailing list, visit:
https://lists.wikimedia.org/mailman/listinfo/wikien-l
_______________________________________________
WikiEN-l mailing list
[hidden email]
To unsubscribe from this mailing list, visit:
https://lists.wikimedia.org/mailman/listinfo/wikien-l
Reply | Threaded
Open this post in threaded view
|

Re: Privacy Study Looking for Volunteers

Brian J Mingus
The notice just says that the IP is public. Most people have no idea what
that means.

It will absolutely make those problems harder. Perhaps it is the
Foundation's trusted role to hide that information from the public and be
trusted with it on the backend. This institutional design sounds similar to
another institution in certain ways..



On Sun, Mar 29, 2015 at 6:58 PM, Dustin Muniz <[hidden email]> wrote:

> People are made aware with each edit as an I am that their information is
> publicly available. What concerns me about removing IP information is that
> it'll remove our ability to fight spam, detect socks, and respond to
> emergency@ issues, unless I've missed something?
>
>
> Sent from Samsung Mobile
>
>
> -------- Original message --------
> From: Brian J Mingus
> Date:03-29-2015 4:36 PM (GMT-05:00)
> To: David Carson
> Cc: English Wikipedia
> Subject: Re: [WikiEN-l] Privacy Study Looking for Volunteers
>
> Wikipedia is set up such that if you don't take the measures mentioned in
> the OP, you are dox'ing yourself. Users are not aware of this.
>
> On Sun, Mar 29, 2015 at 4:33 PM, David Carson <[hidden email]>
> wrote:
>
> > "Wikipedia:Free speech" (
> > http://en.wikipedia.org/wiki/Wikipedia:Free_speech) is probably worth a
> > read.
> >
> > http://en.wikipedia.org/wiki/Wikipedia:Free_speech
> >
> > It's not directly about privacy but I think it clearly covers the ground
> > that Wikipedia is a project to create an online encyclopedia, not an
> > experiment in radical free speech. The system is set up to facilitate
> that
> > goal.
> >
> > If you think that recording IP addresses is invasive, then you should
> > probably be publishing your content on your own website, not Wikipedia.
> >
> > Cheers,
> > David...
> >
> >
> > On Mon, Mar 30, 2015 at 5:10 AM, Brian J Mingus <
> [hidden email]
> > > wrote:
> >
> >> In general people do not read privacy policies, nor do they understand
> >> what
> >> IP addresses are or what you can do with them.
> >>
> >> But if you recall, I simply stated that recording IP addresses is
> >> invasive.
> >> And it is.
> >>
> >> This is especially true when you know that your recordings are
> faciliating
> >> the active de-anonymization of people who are editing Wikipedia. Not
> just
> >> de-anonymization, but often public shaming.
> >>
> >> For WMF, the principle of neutrality clearly trumps the principles of
> >> privacy and free speech. For the NSA, substitute security for
> neutrality.
> >> It's hypocritical.
> >>
> >> Luckily, it's easy to fix. Just stuff the ip fields with random numbers
> >> and
> >> deal with the fallout. Stop tracking people.
> >>
> >>
> >>
> >> On Sun, Mar 29, 2015 at 2:02 PM, Oliver Keyes <[hidden email]>
> >> wrote:
> >>
> >> > In order:
> >> >
> >> > 1. Yes, the WMF is suing the NSA. There are a few threads/blog posts
> >> > about this people here can point you to.
> >> > 2. Brian: The NSA needs to store data without the permission or
> >> > consent of the people generating it, sometimes through forcible
> >> > interception, decryption and the introduction and maintenance of
> >> > software exploits that allow them to do this but also allow any other
> >> > reasonably technical nation or non-nation actor who is paying
> >> > attention to exploit the same vulnerability, keeping this data for an
> >> > indefinite period, with very little legal or political oversight, in
> >> > order to stop terrorism, where very little evidence exists that this
> >> > has helped in any way.
> >> >
> >> > The WMF needs to store data for a 90 day period, which is explicitly
> >> > set down in a privacy policy that is transparent, human-readable,
> >> > linked from every edit interface, written with the involvement of the
> >> > people whose data is being stored, administered by a committee of
> >> > people who come from this population of editors, and explicitly sets
> >> > out what the data may or may not be used for, even within the
> >> > Wikimedia Foundation, in order to stop vandalism, where multiple
> >> > scientific studies have validated the hypothesis that being able to
> >> > make rangeblocks and prohibit sockpuppetry is beneficial to the
> >> > community we are all a part of and the wider population of readers.
> >> >
> >> > That's what's actually going on, here. If you thing these situations
> >> > are roughly analogous, that's your prerogative. If you think the
> >> > storage of this data is unnecessary, I recommend you go to your local
> >> > project and explain to them that being able to checkuser potential
> >> > sockpuppets or hard-block users is not needed: gaining consensus there
> >> > would be a good starting point to changing this.
> >> >
> >> > On 29 March 2015 at 11:57, James Farrar <[hidden email]>
> wrote:
> >> > > Wikipedia is suing the NSA? Seriously?
> >> > > On 28 Mar 2015 11:23, "Brian J Mingus" <[hidden email]>
> >> > wrote:
> >> > >
> >> > >> It has worked up to now, but I'm thinking that, especially given
> >> > Wikimedia
> >> > >> is suing the NSA, it is no longer justifiable. If the NSA can't
> track
> >> > >> citizens, Wikimedia shouldn't be tracking them either. Seems simple
> >> :)
> >> > >>
> >> > >> On Thu, Mar 26, 2015 at 2:56 PM, Francesco Ariis <[hidden email]>
> >> > wrote:
> >> > >>
> >> > >> > On Wed, Mar 25, 2015 at 01:19:35PM -0400, Brian J Mingus wrote:
> >> > >> > > I think it's rather curious that edits to Wikipedia aren't
> >> private.
> >> > Why
> >> > >> > log
> >> > >> > > the IP address? Why log anything? It's invasive.
> >> > >> >
> >> > >> > I guess it's a sensible choice against abuse (vandalism) while
> >> still
> >> > >> > allowing non registered users editing rights
> >> > >> >
> >> > >> >
> >> > >> > _______________________________________________
> >> > >> > WikiEN-l mailing list
> >> > >> > [hidden email]
> >> > >> > To unsubscribe from this mailing list, visit:
> >> > >> > https://lists.wikimedia.org/mailman/listinfo/wikien-l
> >> > >> >
> >> > >> _______________________________________________
> >> > >> WikiEN-l mailing list
> >> > >> [hidden email]
> >> > >> To unsubscribe from this mailing list, visit:
> >> > >> https://lists.wikimedia.org/mailman/listinfo/wikien-l
> >> > >>
> >> > > _______________________________________________
> >> > > WikiEN-l mailing list
> >> > > [hidden email]
> >> > > To unsubscribe from this mailing list, visit:
> >> > > https://lists.wikimedia.org/mailman/listinfo/wikien-l
> >> >
> >> >
> >> >
> >> > --
> >> > Oliver Keyes
> >> > Research Analyst
> >> > Wikimedia Foundation
> >> >
> >> _______________________________________________
> >> WikiEN-l mailing list
> >> [hidden email]
> >> To unsubscribe from this mailing list, visit:
> >> https://lists.wikimedia.org/mailman/listinfo/wikien-l
> >>
> >
> >
> _______________________________________________
> WikiEN-l mailing list
> [hidden email]
> To unsubscribe from this mailing list, visit:
> https://lists.wikimedia.org/mailman/listinfo/wikien-l
>
_______________________________________________
WikiEN-l mailing list
[hidden email]
To unsubscribe from this mailing list, visit:
https://lists.wikimedia.org/mailman/listinfo/wikien-l
Reply | Threaded
Open this post in threaded view
|

Re: Privacy Study Looking for Volunteers

David Carson-5
In reply to this post by Brian J Mingus
Hi Brian,

"Dox'ing yourself"? That's a pretty wild hyperbole.

But just to clarify: are you taking issue with the fact that not-logged-in
users have their IP addresses publicly visible? Or with the fact that all
edits have IP addresses privately recorded?

I originally thought you were talking about the latter, but now I'm not
sure. If it's actually the former, I've got no disagreement with you.

Given that anyone can edit without making their IP public simply by
registering a pseudonym and logging in, and given that many new editors
might not be aware of the implications of revealing their IP (if they're
editing from a static address at work, for instance), it seems to me that
the easiest solution - and one which I think would cause absolutely zero
astonishment in the minds of new users - would simply be to require users
to register a pseudonym and log in in order to edit.

But if you're concerned about the effect that this would have on casual
"drive-by" fixes and improvements by people who aren't invested enough in
the project to register, then sure, encrypt or hash the IP address before
displaying it publicly. I don't think randomizing it on every edit would be
a good idea, because I think it's important to be able to tell whether a
succession of edits were from the same editor.

Cheers,
David...


On Mon, Mar 30, 2015 at 7:36 AM, Brian J Mingus <[hidden email]>
wrote:

> Wikipedia is set up such that if you don't take the measures mentioned in
> the OP, you are dox'ing yourself. Users are not aware of this.
>
> On Sun, Mar 29, 2015 at 4:33 PM, David Carson <[hidden email]>
> wrote:
>
>> "Wikipedia:Free speech" (
>> http://en.wikipedia.org/wiki/Wikipedia:Free_speech) is probably worth a
>> read.
>>
>> http://en.wikipedia.org/wiki/Wikipedia:Free_speech
>>
>> It's not directly about privacy but I think it clearly covers the ground
>> that Wikipedia is a project to create an online encyclopedia, not an
>> experiment in radical free speech. The system is set up to facilitate that
>> goal.
>>
>> If you think that recording IP addresses is invasive, then you should
>> probably be publishing your content on your own website, not Wikipedia.
>>
>> Cheers,
>> David...
>>
>>
>> On Mon, Mar 30, 2015 at 5:10 AM, Brian J Mingus <
>> [hidden email]> wrote:
>>
>>> In general people do not read privacy policies, nor do they understand
>>> what
>>> IP addresses are or what you can do with them.
>>>
>>> But if you recall, I simply stated that recording IP addresses is
>>> invasive.
>>> And it is.
>>>
>>> This is especially true when you know that your recordings are
>>> faciliating
>>> the active de-anonymization of people who are editing Wikipedia. Not just
>>> de-anonymization, but often public shaming.
>>>
>>> For WMF, the principle of neutrality clearly trumps the principles of
>>> privacy and free speech. For the NSA, substitute security for neutrality.
>>> It's hypocritical.
>>>
>>> Luckily, it's easy to fix. Just stuff the ip fields with random numbers
>>> and
>>> deal with the fallout. Stop tracking people.
>>>
>>>
>>>
>>> On Sun, Mar 29, 2015 at 2:02 PM, Oliver Keyes <[hidden email]>
>>> wrote:
>>>
>>> > In order:
>>> >
>>> > 1. Yes, the WMF is suing the NSA. There are a few threads/blog posts
>>> > about this people here can point you to.
>>> > 2. Brian: The NSA needs to store data without the permission or
>>> > consent of the people generating it, sometimes through forcible
>>> > interception, decryption and the introduction and maintenance of
>>> > software exploits that allow them to do this but also allow any other
>>> > reasonably technical nation or non-nation actor who is paying
>>> > attention to exploit the same vulnerability, keeping this data for an
>>> > indefinite period, with very little legal or political oversight, in
>>> > order to stop terrorism, where very little evidence exists that this
>>> > has helped in any way.
>>> >
>>> > The WMF needs to store data for a 90 day period, which is explicitly
>>> > set down in a privacy policy that is transparent, human-readable,
>>> > linked from every edit interface, written with the involvement of the
>>> > people whose data is being stored, administered by a committee of
>>> > people who come from this population of editors, and explicitly sets
>>> > out what the data may or may not be used for, even within the
>>> > Wikimedia Foundation, in order to stop vandalism, where multiple
>>> > scientific studies have validated the hypothesis that being able to
>>> > make rangeblocks and prohibit sockpuppetry is beneficial to the
>>> > community we are all a part of and the wider population of readers.
>>> >
>>> > That's what's actually going on, here. If you thing these situations
>>> > are roughly analogous, that's your prerogative. If you think the
>>> > storage of this data is unnecessary, I recommend you go to your local
>>> > project and explain to them that being able to checkuser potential
>>> > sockpuppets or hard-block users is not needed: gaining consensus there
>>> > would be a good starting point to changing this.
>>> >
>>> > On 29 March 2015 at 11:57, James Farrar <[hidden email]>
>>> wrote:
>>> > > Wikipedia is suing the NSA? Seriously?
>>> > > On 28 Mar 2015 11:23, "Brian J Mingus" <[hidden email]>
>>> > wrote:
>>> > >
>>> > >> It has worked up to now, but I'm thinking that, especially given
>>> > Wikimedia
>>> > >> is suing the NSA, it is no longer justifiable. If the NSA can't
>>> track
>>> > >> citizens, Wikimedia shouldn't be tracking them either. Seems simple
>>> :)
>>> > >>
>>> > >> On Thu, Mar 26, 2015 at 2:56 PM, Francesco Ariis <[hidden email]>
>>> > wrote:
>>> > >>
>>> > >> > On Wed, Mar 25, 2015 at 01:19:35PM -0400, Brian J Mingus wrote:
>>> > >> > > I think it's rather curious that edits to Wikipedia aren't
>>> private.
>>> > Why
>>> > >> > log
>>> > >> > > the IP address? Why log anything? It's invasive.
>>> > >> >
>>> > >> > I guess it's a sensible choice against abuse (vandalism) while
>>> still
>>> > >> > allowing non registered users editing rights
>>> > >> >
>>> > >> >
>>> > >> > _______________________________________________
>>> > >> > WikiEN-l mailing list
>>> > >> > [hidden email]
>>> > >> > To unsubscribe from this mailing list, visit:
>>> > >> > https://lists.wikimedia.org/mailman/listinfo/wikien-l
>>> > >> >
>>> > >> _______________________________________________
>>> > >> WikiEN-l mailing list
>>> > >> [hidden email]
>>> > >> To unsubscribe from this mailing list, visit:
>>> > >> https://lists.wikimedia.org/mailman/listinfo/wikien-l
>>> > >>
>>> > > _______________________________________________
>>> > > WikiEN-l mailing list
>>> > > [hidden email]
>>> > > To unsubscribe from this mailing list, visit:
>>> > > https://lists.wikimedia.org/mailman/listinfo/wikien-l
>>> >
>>> >
>>> >
>>> > --
>>> > Oliver Keyes
>>> > Research Analyst
>>> > Wikimedia Foundation
>>> >
>>> _______________________________________________
>>> WikiEN-l mailing list
>>> [hidden email]
>>> To unsubscribe from this mailing list, visit:
>>> https://lists.wikimedia.org/mailman/listinfo/wikien-l
>>>
>>
>>
>
_______________________________________________
WikiEN-l mailing list
[hidden email]
To unsubscribe from this mailing list, visit:
https://lists.wikimedia.org/mailman/listinfo/wikien-l
Reply | Threaded
Open this post in threaded view
|

Re: Privacy Study Looking for Volunteers

Brian J Mingus
Hi David,

It is a bit of hyperbole, but reductio arguments have their role in helping
to make certain things clear.

If you force users to log in, you can still identify them. The IP address
is helpful, but not necessary.



On Sun, Mar 29, 2015 at 7:12 PM, David Carson <[hidden email]> wrote:

> Hi Brian,
>
> "Dox'ing yourself"? That's a pretty wild hyperbole.
>
> But just to clarify: are you taking issue with the fact that not-logged-in
> users have their IP addresses publicly visible? Or with the fact that all
> edits have IP addresses privately recorded?
>
> I originally thought you were talking about the latter, but now I'm not
> sure. If it's actually the former, I've got no disagreement with you.
>
> Given that anyone can edit without making their IP public simply by
> registering a pseudonym and logging in, and given that many new editors
> might not be aware of the implications of revealing their IP (if they're
> editing from a static address at work, for instance), it seems to me that
> the easiest solution - and one which I think would cause absolutely zero
> astonishment in the minds of new users - would simply be to require users
> to register a pseudonym and log in in order to edit.
>
> But if you're concerned about the effect that this would have on casual
> "drive-by" fixes and improvements by people who aren't invested enough in
> the project to register, then sure, encrypt or hash the IP address before
> displaying it publicly. I don't think randomizing it on every edit would be
> a good idea, because I think it's important to be able to tell whether a
> succession of edits were from the same editor.
>
> Cheers,
> David...
>
>
> On Mon, Mar 30, 2015 at 7:36 AM, Brian J Mingus <[hidden email]
> > wrote:
>
>> Wikipedia is set up such that if you don't take the measures mentioned in
>> the OP, you are dox'ing yourself. Users are not aware of this.
>>
>> On Sun, Mar 29, 2015 at 4:33 PM, David Carson <[hidden email]>
>> wrote:
>>
>>> "Wikipedia:Free speech" (
>>> http://en.wikipedia.org/wiki/Wikipedia:Free_speech) is probably worth a
>>> read.
>>>
>>> http://en.wikipedia.org/wiki/Wikipedia:Free_speech
>>>
>>> It's not directly about privacy but I think it clearly covers the ground
>>> that Wikipedia is a project to create an online encyclopedia, not an
>>> experiment in radical free speech. The system is set up to facilitate that
>>> goal.
>>>
>>> If you think that recording IP addresses is invasive, then you should
>>> probably be publishing your content on your own website, not Wikipedia.
>>>
>>> Cheers,
>>> David...
>>>
>>>
>>> On Mon, Mar 30, 2015 at 5:10 AM, Brian J Mingus <
>>> [hidden email]> wrote:
>>>
>>>> In general people do not read privacy policies, nor do they understand
>>>> what
>>>> IP addresses are or what you can do with them.
>>>>
>>>> But if you recall, I simply stated that recording IP addresses is
>>>> invasive.
>>>> And it is.
>>>>
>>>> This is especially true when you know that your recordings are
>>>> faciliating
>>>> the active de-anonymization of people who are editing Wikipedia. Not
>>>> just
>>>> de-anonymization, but often public shaming.
>>>>
>>>> For WMF, the principle of neutrality clearly trumps the principles of
>>>> privacy and free speech. For the NSA, substitute security for
>>>> neutrality.
>>>> It's hypocritical.
>>>>
>>>> Luckily, it's easy to fix. Just stuff the ip fields with random numbers
>>>> and
>>>> deal with the fallout. Stop tracking people.
>>>>
>>>>
>>>>
>>>> On Sun, Mar 29, 2015 at 2:02 PM, Oliver Keyes <[hidden email]>
>>>> wrote:
>>>>
>>>> > In order:
>>>> >
>>>> > 1. Yes, the WMF is suing the NSA. There are a few threads/blog posts
>>>> > about this people here can point you to.
>>>> > 2. Brian: The NSA needs to store data without the permission or
>>>> > consent of the people generating it, sometimes through forcible
>>>> > interception, decryption and the introduction and maintenance of
>>>> > software exploits that allow them to do this but also allow any other
>>>> > reasonably technical nation or non-nation actor who is paying
>>>> > attention to exploit the same vulnerability, keeping this data for an
>>>> > indefinite period, with very little legal or political oversight, in
>>>> > order to stop terrorism, where very little evidence exists that this
>>>> > has helped in any way.
>>>> >
>>>> > The WMF needs to store data for a 90 day period, which is explicitly
>>>> > set down in a privacy policy that is transparent, human-readable,
>>>> > linked from every edit interface, written with the involvement of the
>>>> > people whose data is being stored, administered by a committee of
>>>> > people who come from this population of editors, and explicitly sets
>>>> > out what the data may or may not be used for, even within the
>>>> > Wikimedia Foundation, in order to stop vandalism, where multiple
>>>> > scientific studies have validated the hypothesis that being able to
>>>> > make rangeblocks and prohibit sockpuppetry is beneficial to the
>>>> > community we are all a part of and the wider population of readers.
>>>> >
>>>> > That's what's actually going on, here. If you thing these situations
>>>> > are roughly analogous, that's your prerogative. If you think the
>>>> > storage of this data is unnecessary, I recommend you go to your local
>>>> > project and explain to them that being able to checkuser potential
>>>> > sockpuppets or hard-block users is not needed: gaining consensus there
>>>> > would be a good starting point to changing this.
>>>> >
>>>> > On 29 March 2015 at 11:57, James Farrar <[hidden email]>
>>>> wrote:
>>>> > > Wikipedia is suing the NSA? Seriously?
>>>> > > On 28 Mar 2015 11:23, "Brian J Mingus" <[hidden email]>
>>>> > wrote:
>>>> > >
>>>> > >> It has worked up to now, but I'm thinking that, especially given
>>>> > Wikimedia
>>>> > >> is suing the NSA, it is no longer justifiable. If the NSA can't
>>>> track
>>>> > >> citizens, Wikimedia shouldn't be tracking them either. Seems
>>>> simple :)
>>>> > >>
>>>> > >> On Thu, Mar 26, 2015 at 2:56 PM, Francesco Ariis <[hidden email]>
>>>> > wrote:
>>>> > >>
>>>> > >> > On Wed, Mar 25, 2015 at 01:19:35PM -0400, Brian J Mingus wrote:
>>>> > >> > > I think it's rather curious that edits to Wikipedia aren't
>>>> private.
>>>> > Why
>>>> > >> > log
>>>> > >> > > the IP address? Why log anything? It's invasive.
>>>> > >> >
>>>> > >> > I guess it's a sensible choice against abuse (vandalism) while
>>>> still
>>>> > >> > allowing non registered users editing rights
>>>> > >> >
>>>> > >> >
>>>> > >> > _______________________________________________
>>>> > >> > WikiEN-l mailing list
>>>> > >> > [hidden email]
>>>> > >> > To unsubscribe from this mailing list, visit:
>>>> > >> > https://lists.wikimedia.org/mailman/listinfo/wikien-l
>>>> > >> >
>>>> > >> _______________________________________________
>>>> > >> WikiEN-l mailing list
>>>> > >> [hidden email]
>>>> > >> To unsubscribe from this mailing list, visit:
>>>> > >> https://lists.wikimedia.org/mailman/listinfo/wikien-l
>>>> > >>
>>>> > > _______________________________________________
>>>> > > WikiEN-l mailing list
>>>> > > [hidden email]
>>>> > > To unsubscribe from this mailing list, visit:
>>>> > > https://lists.wikimedia.org/mailman/listinfo/wikien-l
>>>> >
>>>> >
>>>> >
>>>> > --
>>>> > Oliver Keyes
>>>> > Research Analyst
>>>> > Wikimedia Foundation
>>>> >
>>>> _______________________________________________
>>>> WikiEN-l mailing list
>>>> [hidden email]
>>>> To unsubscribe from this mailing list, visit:
>>>> https://lists.wikimedia.org/mailman/listinfo/wikien-l
>>>>
>>>
>>>
>>
>
_______________________________________________
WikiEN-l mailing list
[hidden email]
To unsubscribe from this mailing list, visit:
https://lists.wikimedia.org/mailman/listinfo/wikien-l
Reply | Threaded
Open this post in threaded view
|

Re: Privacy Study Looking for Volunteers

David Carson-5
Hi Brian,

I'm still not entirely clear on your complaint. Are you talking about
Wikimedia (not random users, nor Wikipedia Administrators) having access to
IP addresses from system logs? Or something else? What does "The IP address
is helpful, but not necessary" mean?

Cheers,
David...


On Mon, Mar 30, 2015 at 10:14 AM, Brian J Mingus <[hidden email]>
wrote:

> Hi David,
>
> It is a bit of hyperbole, but reductio arguments have their role in
> helping to make certain things clear.
>
> If you force users to log in, you can still identify them. The IP address
> is helpful, but not necessary.
>
>
>
> On Sun, Mar 29, 2015 at 7:12 PM, David Carson <[hidden email]>
> wrote:
>
>> Hi Brian,
>>
>> "Dox'ing yourself"? That's a pretty wild hyperbole.
>>
>> But just to clarify: are you taking issue with the fact that
>> not-logged-in users have their IP addresses publicly visible? Or with the
>> fact that all edits have IP addresses privately recorded?
>>
>> I originally thought you were talking about the latter, but now I'm not
>> sure. If it's actually the former, I've got no disagreement with you.
>>
>> Given that anyone can edit without making their IP public simply by
>> registering a pseudonym and logging in, and given that many new editors
>> might not be aware of the implications of revealing their IP (if they're
>> editing from a static address at work, for instance), it seems to me that
>> the easiest solution - and one which I think would cause absolutely zero
>> astonishment in the minds of new users - would simply be to require users
>> to register a pseudonym and log in in order to edit.
>>
>> But if you're concerned about the effect that this would have on casual
>> "drive-by" fixes and improvements by people who aren't invested enough in
>> the project to register, then sure, encrypt or hash the IP address before
>> displaying it publicly. I don't think randomizing it on every edit would be
>> a good idea, because I think it's important to be able to tell whether a
>> succession of edits were from the same editor.
>>
>> Cheers,
>> David...
>>
>>
>> On Mon, Mar 30, 2015 at 7:36 AM, Brian J Mingus <
>> [hidden email]> wrote:
>>
>>> Wikipedia is set up such that if you don't take the measures mentioned
>>> in the OP, you are dox'ing yourself. Users are not aware of this.
>>>
>>> On Sun, Mar 29, 2015 at 4:33 PM, David Carson <[hidden email]>
>>> wrote:
>>>
>>>> "Wikipedia:Free speech" (
>>>> http://en.wikipedia.org/wiki/Wikipedia:Free_speech) is probably worth
>>>> a read.
>>>>
>>>> http://en.wikipedia.org/wiki/Wikipedia:Free_speech
>>>>
>>>> It's not directly about privacy but I think it clearly covers the
>>>> ground that Wikipedia is a project to create an online encyclopedia, not an
>>>> experiment in radical free speech. The system is set up to facilitate that
>>>> goal.
>>>>
>>>> If you think that recording IP addresses is invasive, then you should
>>>> probably be publishing your content on your own website, not Wikipedia.
>>>>
>>>> Cheers,
>>>> David...
>>>>
>>>>
>>>> On Mon, Mar 30, 2015 at 5:10 AM, Brian J Mingus <
>>>> [hidden email]> wrote:
>>>>
>>>>> In general people do not read privacy policies, nor do they understand
>>>>> what
>>>>> IP addresses are or what you can do with them.
>>>>>
>>>>> But if you recall, I simply stated that recording IP addresses is
>>>>> invasive.
>>>>> And it is.
>>>>>
>>>>> This is especially true when you know that your recordings are
>>>>> faciliating
>>>>> the active de-anonymization of people who are editing Wikipedia. Not
>>>>> just
>>>>> de-anonymization, but often public shaming.
>>>>>
>>>>> For WMF, the principle of neutrality clearly trumps the principles of
>>>>> privacy and free speech. For the NSA, substitute security for
>>>>> neutrality.
>>>>> It's hypocritical.
>>>>>
>>>>> Luckily, it's easy to fix. Just stuff the ip fields with random
>>>>> numbers and
>>>>> deal with the fallout. Stop tracking people.
>>>>>
>>>>>
>>>>>
>>>>> On Sun, Mar 29, 2015 at 2:02 PM, Oliver Keyes <[hidden email]>
>>>>> wrote:
>>>>>
>>>>> > In order:
>>>>> >
>>>>> > 1. Yes, the WMF is suing the NSA. There are a few threads/blog posts
>>>>> > about this people here can point you to.
>>>>> > 2. Brian: The NSA needs to store data without the permission or
>>>>> > consent of the people generating it, sometimes through forcible
>>>>> > interception, decryption and the introduction and maintenance of
>>>>> > software exploits that allow them to do this but also allow any other
>>>>> > reasonably technical nation or non-nation actor who is paying
>>>>> > attention to exploit the same vulnerability, keeping this data for an
>>>>> > indefinite period, with very little legal or political oversight, in
>>>>> > order to stop terrorism, where very little evidence exists that this
>>>>> > has helped in any way.
>>>>> >
>>>>> > The WMF needs to store data for a 90 day period, which is explicitly
>>>>> > set down in a privacy policy that is transparent, human-readable,
>>>>> > linked from every edit interface, written with the involvement of the
>>>>> > people whose data is being stored, administered by a committee of
>>>>> > people who come from this population of editors, and explicitly sets
>>>>> > out what the data may or may not be used for, even within the
>>>>> > Wikimedia Foundation, in order to stop vandalism, where multiple
>>>>> > scientific studies have validated the hypothesis that being able to
>>>>> > make rangeblocks and prohibit sockpuppetry is beneficial to the
>>>>> > community we are all a part of and the wider population of readers.
>>>>> >
>>>>> > That's what's actually going on, here. If you thing these situations
>>>>> > are roughly analogous, that's your prerogative. If you think the
>>>>> > storage of this data is unnecessary, I recommend you go to your local
>>>>> > project and explain to them that being able to checkuser potential
>>>>> > sockpuppets or hard-block users is not needed: gaining consensus
>>>>> there
>>>>> > would be a good starting point to changing this.
>>>>> >
>>>>> > On 29 March 2015 at 11:57, James Farrar <[hidden email]>
>>>>> wrote:
>>>>> > > Wikipedia is suing the NSA? Seriously?
>>>>> > > On 28 Mar 2015 11:23, "Brian J Mingus" <[hidden email]>
>>>>> > wrote:
>>>>> > >
>>>>> > >> It has worked up to now, but I'm thinking that, especially given
>>>>> > Wikimedia
>>>>> > >> is suing the NSA, it is no longer justifiable. If the NSA can't
>>>>> track
>>>>> > >> citizens, Wikimedia shouldn't be tracking them either. Seems
>>>>> simple :)
>>>>> > >>
>>>>> > >> On Thu, Mar 26, 2015 at 2:56 PM, Francesco Ariis <[hidden email]>
>>>>> > wrote:
>>>>> > >>
>>>>> > >> > On Wed, Mar 25, 2015 at 01:19:35PM -0400, Brian J Mingus wrote:
>>>>> > >> > > I think it's rather curious that edits to Wikipedia aren't
>>>>> private.
>>>>> > Why
>>>>> > >> > log
>>>>> > >> > > the IP address? Why log anything? It's invasive.
>>>>> > >> >
>>>>> > >> > I guess it's a sensible choice against abuse (vandalism) while
>>>>> still
>>>>> > >> > allowing non registered users editing rights
>>>>> > >> >
>>>>> > >> >
>>>>> > >> > _______________________________________________
>>>>> > >> > WikiEN-l mailing list
>>>>> > >> > [hidden email]
>>>>> > >> > To unsubscribe from this mailing list, visit:
>>>>> > >> > https://lists.wikimedia.org/mailman/listinfo/wikien-l
>>>>> > >> >
>>>>> > >> _______________________________________________
>>>>> > >> WikiEN-l mailing list
>>>>> > >> [hidden email]
>>>>> > >> To unsubscribe from this mailing list, visit:
>>>>> > >> https://lists.wikimedia.org/mailman/listinfo/wikien-l
>>>>> > >>
>>>>> > > _______________________________________________
>>>>> > > WikiEN-l mailing list
>>>>> > > [hidden email]
>>>>> > > To unsubscribe from this mailing list, visit:
>>>>> > > https://lists.wikimedia.org/mailman/listinfo/wikien-l
>>>>> >
>>>>> >
>>>>> >
>>>>> > --
>>>>> > Oliver Keyes
>>>>> > Research Analyst
>>>>> > Wikimedia Foundation
>>>>> >
>>>>> _______________________________________________
>>>>> WikiEN-l mailing list
>>>>> [hidden email]
>>>>> To unsubscribe from this mailing list, visit:
>>>>> https://lists.wikimedia.org/mailman/listinfo/wikien-l
>>>>>
>>>>
>>>>
>>>
>>
>
_______________________________________________
WikiEN-l mailing list
[hidden email]
To unsubscribe from this mailing list, visit:
https://lists.wikimedia.org/mailman/listinfo/wikien-l
Reply | Threaded
Open this post in threaded view
|

Re: Privacy Study Looking for Volunteers

Brian J Mingus
Just like the Netflix Prize, knowing which topics an entity is interested
in, and having access to text they have written, is, in many cases, enough
information to reveal who that person is, where they live, etc. You just
plug the data into Google and correlate away.

On Sun, Mar 29, 2015 at 7:19 PM, David Carson <[hidden email]> wrote:

> Hi Brian,
>
> I'm still not entirely clear on your complaint. Are you talking about
> Wikimedia (not random users, nor Wikipedia Administrators) having access to
> IP addresses from system logs? Or something else? What does "The IP address
> is helpful, but not necessary" mean?
>
> Cheers,
> David...
>
>
> On Mon, Mar 30, 2015 at 10:14 AM, Brian J Mingus <
> [hidden email]> wrote:
>
>> Hi David,
>>
>> It is a bit of hyperbole, but reductio arguments have their role in
>> helping to make certain things clear.
>>
>> If you force users to log in, you can still identify them. The IP address
>> is helpful, but not necessary.
>>
>>
>>
>> On Sun, Mar 29, 2015 at 7:12 PM, David Carson <[hidden email]>
>> wrote:
>>
>>> Hi Brian,
>>>
>>> "Dox'ing yourself"? That's a pretty wild hyperbole.
>>>
>>> But just to clarify: are you taking issue with the fact that
>>> not-logged-in users have their IP addresses publicly visible? Or with the
>>> fact that all edits have IP addresses privately recorded?
>>>
>>> I originally thought you were talking about the latter, but now I'm not
>>> sure. If it's actually the former, I've got no disagreement with you.
>>>
>>> Given that anyone can edit without making their IP public simply by
>>> registering a pseudonym and logging in, and given that many new editors
>>> might not be aware of the implications of revealing their IP (if they're
>>> editing from a static address at work, for instance), it seems to me that
>>> the easiest solution - and one which I think would cause absolutely zero
>>> astonishment in the minds of new users - would simply be to require users
>>> to register a pseudonym and log in in order to edit.
>>>
>>> But if you're concerned about the effect that this would have on casual
>>> "drive-by" fixes and improvements by people who aren't invested enough in
>>> the project to register, then sure, encrypt or hash the IP address before
>>> displaying it publicly. I don't think randomizing it on every edit would be
>>> a good idea, because I think it's important to be able to tell whether a
>>> succession of edits were from the same editor.
>>>
>>> Cheers,
>>> David...
>>>
>>>
>>> On Mon, Mar 30, 2015 at 7:36 AM, Brian J Mingus <
>>> [hidden email]> wrote:
>>>
>>>> Wikipedia is set up such that if you don't take the measures mentioned
>>>> in the OP, you are dox'ing yourself. Users are not aware of this.
>>>>
>>>> On Sun, Mar 29, 2015 at 4:33 PM, David Carson <[hidden email]>
>>>> wrote:
>>>>
>>>>> "Wikipedia:Free speech" (
>>>>> http://en.wikipedia.org/wiki/Wikipedia:Free_speech) is probably worth
>>>>> a read.
>>>>>
>>>>> http://en.wikipedia.org/wiki/Wikipedia:Free_speech
>>>>>
>>>>> It's not directly about privacy but I think it clearly covers the
>>>>> ground that Wikipedia is a project to create an online encyclopedia, not an
>>>>> experiment in radical free speech. The system is set up to facilitate that
>>>>> goal.
>>>>>
>>>>> If you think that recording IP addresses is invasive, then you should
>>>>> probably be publishing your content on your own website, not Wikipedia.
>>>>>
>>>>> Cheers,
>>>>> David...
>>>>>
>>>>>
>>>>> On Mon, Mar 30, 2015 at 5:10 AM, Brian J Mingus <
>>>>> [hidden email]> wrote:
>>>>>
>>>>>> In general people do not read privacy policies, nor do they
>>>>>> understand what
>>>>>> IP addresses are or what you can do with them.
>>>>>>
>>>>>> But if you recall, I simply stated that recording IP addresses is
>>>>>> invasive.
>>>>>> And it is.
>>>>>>
>>>>>> This is especially true when you know that your recordings are
>>>>>> faciliating
>>>>>> the active de-anonymization of people who are editing Wikipedia. Not
>>>>>> just
>>>>>> de-anonymization, but often public shaming.
>>>>>>
>>>>>> For WMF, the principle of neutrality clearly trumps the principles of
>>>>>> privacy and free speech. For the NSA, substitute security for
>>>>>> neutrality.
>>>>>> It's hypocritical.
>>>>>>
>>>>>> Luckily, it's easy to fix. Just stuff the ip fields with random
>>>>>> numbers and
>>>>>> deal with the fallout. Stop tracking people.
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Sun, Mar 29, 2015 at 2:02 PM, Oliver Keyes <[hidden email]>
>>>>>> wrote:
>>>>>>
>>>>>> > In order:
>>>>>> >
>>>>>> > 1. Yes, the WMF is suing the NSA. There are a few threads/blog posts
>>>>>> > about this people here can point you to.
>>>>>> > 2. Brian: The NSA needs to store data without the permission or
>>>>>> > consent of the people generating it, sometimes through forcible
>>>>>> > interception, decryption and the introduction and maintenance of
>>>>>> > software exploits that allow them to do this but also allow any
>>>>>> other
>>>>>> > reasonably technical nation or non-nation actor who is paying
>>>>>> > attention to exploit the same vulnerability, keeping this data for
>>>>>> an
>>>>>> > indefinite period, with very little legal or political oversight, in
>>>>>> > order to stop terrorism, where very little evidence exists that this
>>>>>> > has helped in any way.
>>>>>> >
>>>>>> > The WMF needs to store data for a 90 day period, which is explicitly
>>>>>> > set down in a privacy policy that is transparent, human-readable,
>>>>>> > linked from every edit interface, written with the involvement of
>>>>>> the
>>>>>> > people whose data is being stored, administered by a committee of
>>>>>> > people who come from this population of editors, and explicitly sets
>>>>>> > out what the data may or may not be used for, even within the
>>>>>> > Wikimedia Foundation, in order to stop vandalism, where multiple
>>>>>> > scientific studies have validated the hypothesis that being able to
>>>>>> > make rangeblocks and prohibit sockpuppetry is beneficial to the
>>>>>> > community we are all a part of and the wider population of readers.
>>>>>> >
>>>>>> > That's what's actually going on, here. If you thing these situations
>>>>>> > are roughly analogous, that's your prerogative. If you think the
>>>>>> > storage of this data is unnecessary, I recommend you go to your
>>>>>> local
>>>>>> > project and explain to them that being able to checkuser potential
>>>>>> > sockpuppets or hard-block users is not needed: gaining consensus
>>>>>> there
>>>>>> > would be a good starting point to changing this.
>>>>>> >
>>>>>> > On 29 March 2015 at 11:57, James Farrar <[hidden email]>
>>>>>> wrote:
>>>>>> > > Wikipedia is suing the NSA? Seriously?
>>>>>> > > On 28 Mar 2015 11:23, "Brian J Mingus" <[hidden email]
>>>>>> >
>>>>>> > wrote:
>>>>>> > >
>>>>>> > >> It has worked up to now, but I'm thinking that, especially given
>>>>>> > Wikimedia
>>>>>> > >> is suing the NSA, it is no longer justifiable. If the NSA can't
>>>>>> track
>>>>>> > >> citizens, Wikimedia shouldn't be tracking them either. Seems
>>>>>> simple :)
>>>>>> > >>
>>>>>> > >> On Thu, Mar 26, 2015 at 2:56 PM, Francesco Ariis <[hidden email]
>>>>>> >
>>>>>> > wrote:
>>>>>> > >>
>>>>>> > >> > On Wed, Mar 25, 2015 at 01:19:35PM -0400, Brian J Mingus wrote:
>>>>>> > >> > > I think it's rather curious that edits to Wikipedia aren't
>>>>>> private.
>>>>>> > Why
>>>>>> > >> > log
>>>>>> > >> > > the IP address? Why log anything? It's invasive.
>>>>>> > >> >
>>>>>> > >> > I guess it's a sensible choice against abuse (vandalism) while
>>>>>> still
>>>>>> > >> > allowing non registered users editing rights
>>>>>> > >> >
>>>>>> > >> >
>>>>>> > >> > _______________________________________________
>>>>>> > >> > WikiEN-l mailing list
>>>>>> > >> > [hidden email]
>>>>>> > >> > To unsubscribe from this mailing list, visit:
>>>>>> > >> > https://lists.wikimedia.org/mailman/listinfo/wikien-l
>>>>>> > >> >
>>>>>> > >> _______________________________________________
>>>>>> > >> WikiEN-l mailing list
>>>>>> > >> [hidden email]
>>>>>> > >> To unsubscribe from this mailing list, visit:
>>>>>> > >> https://lists.wikimedia.org/mailman/listinfo/wikien-l
>>>>>> > >>
>>>>>> > > _______________________________________________
>>>>>> > > WikiEN-l mailing list
>>>>>> > > [hidden email]
>>>>>> > > To unsubscribe from this mailing list, visit:
>>>>>> > > https://lists.wikimedia.org/mailman/listinfo/wikien-l
>>>>>> >
>>>>>> >
>>>>>> >
>>>>>> > --
>>>>>> > Oliver Keyes
>>>>>> > Research Analyst
>>>>>> > Wikimedia Foundation
>>>>>> >
>>>>>> _______________________________________________
>>>>>> WikiEN-l mailing list
>>>>>> [hidden email]
>>>>>> To unsubscribe from this mailing list, visit:
>>>>>> https://lists.wikimedia.org/mailman/listinfo/wikien-l
>>>>>>
>>>>>
>>>>>
>>>>
>>>
>>
>
_______________________________________________
WikiEN-l mailing list
[hidden email]
To unsubscribe from this mailing list, visit:
https://lists.wikimedia.org/mailman/listinfo/wikien-l
Reply | Threaded
Open this post in threaded view
|

Re: Privacy Study Looking for Volunteers

Brian J Mingus
In reply to this post by David Carson-5
Just like the Netflix Prize, knowing which topics an entity is interested
in, and having access to text they have written, is, in many cases, enough
information to reveal who that person is, where they live, etc. You just
plug the data into Google and correlate away.

On Sun, Mar 29, 2015 at 7:19 PM, David Carson <[hidden email]> wrote:

> Hi Brian,
>
> I'm still not entirely clear on your complaint. Are you talking about
> Wikimedia (not random users, nor Wikipedia Administrators) having access to
> IP addresses from system logs? Or something else? What does "The IP address
> is helpful, but not necessary" mean?
>
> Cheers,
> David...
>
_______________________________________________
WikiEN-l mailing list
[hidden email]
To unsubscribe from this mailing list, visit:
https://lists.wikimedia.org/mailman/listinfo/wikien-l
Reply | Threaded
Open this post in threaded view
|

Re: Privacy Study Looking for Volunteers

Oliver Keyes-4
In reply to this post by Brian J Mingus
Or perhaps you're reading far too much into it, and in the process,
being incredibly rude to the WMF employees reading this thread, who
are people too, and don't particularly appreciate being compared to
the NSA. If you're trying to have a constructive discussion, you
should pick a better format and attitude.

On 29 March 2015 at 19:02, Brian J Mingus <[hidden email]> wrote:

> The notice just says that the IP is public. Most people have no idea what
> that means.
>
> It will absolutely make those problems harder. Perhaps it is the
> Foundation's trusted role to hide that information from the public and be
> trusted with it on the backend. This institutional design sounds similar to
> another institution in certain ways..
>
>
>
> On Sun, Mar 29, 2015 at 6:58 PM, Dustin Muniz <[hidden email]> wrote:
>
>> People are made aware with each edit as an I am that their information is
>> publicly available. What concerns me about removing IP information is that
>> it'll remove our ability to fight spam, detect socks, and respond to
>> emergency@ issues, unless I've missed something?
>>
>>
>> Sent from Samsung Mobile
>>
>>
>> -------- Original message --------
>> From: Brian J Mingus
>> Date:03-29-2015 4:36 PM (GMT-05:00)
>> To: David Carson
>> Cc: English Wikipedia
>> Subject: Re: [WikiEN-l] Privacy Study Looking for Volunteers
>>
>> Wikipedia is set up such that if you don't take the measures mentioned in
>> the OP, you are dox'ing yourself. Users are not aware of this.
>>
>> On Sun, Mar 29, 2015 at 4:33 PM, David Carson <[hidden email]>
>> wrote:
>>
>> > "Wikipedia:Free speech" (
>> > http://en.wikipedia.org/wiki/Wikipedia:Free_speech) is probably worth a
>> > read.
>> >
>> > http://en.wikipedia.org/wiki/Wikipedia:Free_speech
>> >
>> > It's not directly about privacy but I think it clearly covers the ground
>> > that Wikipedia is a project to create an online encyclopedia, not an
>> > experiment in radical free speech. The system is set up to facilitate
>> that
>> > goal.
>> >
>> > If you think that recording IP addresses is invasive, then you should
>> > probably be publishing your content on your own website, not Wikipedia.
>> >
>> > Cheers,
>> > David...
>> >
>> >
>> > On Mon, Mar 30, 2015 at 5:10 AM, Brian J Mingus <
>> [hidden email]
>> > > wrote:
>> >
>> >> In general people do not read privacy policies, nor do they understand
>> >> what
>> >> IP addresses are or what you can do with them.
>> >>
>> >> But if you recall, I simply stated that recording IP addresses is
>> >> invasive.
>> >> And it is.
>> >>
>> >> This is especially true when you know that your recordings are
>> faciliating
>> >> the active de-anonymization of people who are editing Wikipedia. Not
>> just
>> >> de-anonymization, but often public shaming.
>> >>
>> >> For WMF, the principle of neutrality clearly trumps the principles of
>> >> privacy and free speech. For the NSA, substitute security for
>> neutrality.
>> >> It's hypocritical.
>> >>
>> >> Luckily, it's easy to fix. Just stuff the ip fields with random numbers
>> >> and
>> >> deal with the fallout. Stop tracking people.
>> >>
>> >>
>> >>
>> >> On Sun, Mar 29, 2015 at 2:02 PM, Oliver Keyes <[hidden email]>
>> >> wrote:
>> >>
>> >> > In order:
>> >> >
>> >> > 1. Yes, the WMF is suing the NSA. There are a few threads/blog posts
>> >> > about this people here can point you to.
>> >> > 2. Brian: The NSA needs to store data without the permission or
>> >> > consent of the people generating it, sometimes through forcible
>> >> > interception, decryption and the introduction and maintenance of
>> >> > software exploits that allow them to do this but also allow any other
>> >> > reasonably technical nation or non-nation actor who is paying
>> >> > attention to exploit the same vulnerability, keeping this data for an
>> >> > indefinite period, with very little legal or political oversight, in
>> >> > order to stop terrorism, where very little evidence exists that this
>> >> > has helped in any way.
>> >> >
>> >> > The WMF needs to store data for a 90 day period, which is explicitly
>> >> > set down in a privacy policy that is transparent, human-readable,
>> >> > linked from every edit interface, written with the involvement of the
>> >> > people whose data is being stored, administered by a committee of
>> >> > people who come from this population of editors, and explicitly sets
>> >> > out what the data may or may not be used for, even within the
>> >> > Wikimedia Foundation, in order to stop vandalism, where multiple
>> >> > scientific studies have validated the hypothesis that being able to
>> >> > make rangeblocks and prohibit sockpuppetry is beneficial to the
>> >> > community we are all a part of and the wider population of readers.
>> >> >
>> >> > That's what's actually going on, here. If you thing these situations
>> >> > are roughly analogous, that's your prerogative. If you think the
>> >> > storage of this data is unnecessary, I recommend you go to your local
>> >> > project and explain to them that being able to checkuser potential
>> >> > sockpuppets or hard-block users is not needed: gaining consensus there
>> >> > would be a good starting point to changing this.
>> >> >
>> >> > On 29 March 2015 at 11:57, James Farrar <[hidden email]>
>> wrote:
>> >> > > Wikipedia is suing the NSA? Seriously?
>> >> > > On 28 Mar 2015 11:23, "Brian J Mingus" <[hidden email]>
>> >> > wrote:
>> >> > >
>> >> > >> It has worked up to now, but I'm thinking that, especially given
>> >> > Wikimedia
>> >> > >> is suing the NSA, it is no longer justifiable. If the NSA can't
>> track
>> >> > >> citizens, Wikimedia shouldn't be tracking them either. Seems simple
>> >> :)
>> >> > >>
>> >> > >> On Thu, Mar 26, 2015 at 2:56 PM, Francesco Ariis <[hidden email]>
>> >> > wrote:
>> >> > >>
>> >> > >> > On Wed, Mar 25, 2015 at 01:19:35PM -0400, Brian J Mingus wrote:
>> >> > >> > > I think it's rather curious that edits to Wikipedia aren't
>> >> private.
>> >> > Why
>> >> > >> > log
>> >> > >> > > the IP address? Why log anything? It's invasive.
>> >> > >> >
>> >> > >> > I guess it's a sensible choice against abuse (vandalism) while
>> >> still
>> >> > >> > allowing non registered users editing rights
>> >> > >> >
>> >> > >> >
>> >> > >> > _______________________________________________
>> >> > >> > WikiEN-l mailing list
>> >> > >> > [hidden email]
>> >> > >> > To unsubscribe from this mailing list, visit:
>> >> > >> > https://lists.wikimedia.org/mailman/listinfo/wikien-l
>> >> > >> >
>> >> > >> _______________________________________________
>> >> > >> WikiEN-l mailing list
>> >> > >> [hidden email]
>> >> > >> To unsubscribe from this mailing list, visit:
>> >> > >> https://lists.wikimedia.org/mailman/listinfo/wikien-l
>> >> > >>
>> >> > > _______________________________________________
>> >> > > WikiEN-l mailing list
>> >> > > [hidden email]
>> >> > > To unsubscribe from this mailing list, visit:
>> >> > > https://lists.wikimedia.org/mailman/listinfo/wikien-l
>> >> >
>> >> >
>> >> >
>> >> > --
>> >> > Oliver Keyes
>> >> > Research Analyst
>> >> > Wikimedia Foundation
>> >> >
>> >> _______________________________________________
>> >> WikiEN-l mailing list
>> >> [hidden email]
>> >> To unsubscribe from this mailing list, visit:
>> >> https://lists.wikimedia.org/mailman/listinfo/wikien-l
>> >>
>> >
>> >
>> _______________________________________________
>> WikiEN-l mailing list
>> [hidden email]
>> To unsubscribe from this mailing list, visit:
>> https://lists.wikimedia.org/mailman/listinfo/wikien-l
>>
> _______________________________________________
> WikiEN-l mailing list
> [hidden email]
> To unsubscribe from this mailing list, visit:
> https://lists.wikimedia.org/mailman/listinfo/wikien-l



--
Oliver Keyes
Research Analyst
Wikimedia Foundation

_______________________________________________
WikiEN-l mailing list
[hidden email]
To unsubscribe from this mailing list, visit:
https://lists.wikimedia.org/mailman/listinfo/wikien-l
Reply | Threaded
Open this post in threaded view
|

Re: Privacy Study Looking for Volunteers

Brian J Mingus
I propose we run a study. We will survey random editors and ask them if
they realize that there is a chance they are leaking enough information for
their identity to be revealed. *Even if they are logged in.*

Regarding comparisons - institutions have structure, and if there is a
structure mapping, then it's a matter of fact. A given mapping will have
strengths and weaknesses. You may prefer one mapping to another. If you
have reasons for preferring one mapping (other than that it offends you),
I'm all ears. But be aware: simply changing the vocabulary that you use to
describe the space doesn't mean that two different descriptions of
institutions aren't in fact describing a construct that is more similar
than different, or that is similar in important ways.

This is all to say, there are often reasons that institutions like the NSA
and WMF are structured the way they are. Given the investment in the topic,
it's probably worth exploring how the institutional structures emerged. But
given the investment, confirmation bias may prevail in this case: even if
there are important similarities, nobody wants to look like a hypocrite.

That's OK, though. Much as I am invested in Wikipedia and appreciate the
WMF, if I turn out to be a hypocrite, *I* will call myself one. Just as I
will do it to others.

Best,

Brian

"*Other dogs bite only their enemies, whereas I bite also my friends.*" -
Diogenes the Cynic


On Mon, Mar 30, 2015 at 10:32 AM, Oliver Keyes <[hidden email]> wrote:

> Or perhaps you're reading far too much into it, and in the process,
> being incredibly rude to the WMF employees reading this thread, who
> are people too, and don't particularly appreciate being compared to
> the NSA. If you're trying to have a constructive discussion, you
> should pick a better format and attitude.
>
> On 29 March 2015 at 19:02, Brian J Mingus <[hidden email]>
> wrote:
> > The notice just says that the IP is public. Most people have no idea what
> > that means.
> >
> > It will absolutely make those problems harder. Perhaps it is the
> > Foundation's trusted role to hide that information from the public and be
> > trusted with it on the backend. This institutional design sounds similar
> to
> > another institution in certain ways..
> >
> >
> >
> > On Sun, Mar 29, 2015 at 6:58 PM, Dustin Muniz <[hidden email]>
> wrote:
> >
> >> People are made aware with each edit as an I am that their information
> is
> >> publicly available. What concerns me about removing IP information is
> that
> >> it'll remove our ability to fight spam, detect socks, and respond to
> >> emergency@ issues, unless I've missed something?
> >>
> >>
> >> Sent from Samsung Mobile
> >>
> >>
> >> -------- Original message --------
> >> From: Brian J Mingus
> >> Date:03-29-2015 4:36 PM (GMT-05:00)
> >> To: David Carson
> >> Cc: English Wikipedia
> >> Subject: Re: [WikiEN-l] Privacy Study Looking for Volunteers
> >>
> >> Wikipedia is set up such that if you don't take the measures mentioned
> in
> >> the OP, you are dox'ing yourself. Users are not aware of this.
> >>
> >> On Sun, Mar 29, 2015 at 4:33 PM, David Carson <[hidden email]>
> >> wrote:
> >>
> >> > "Wikipedia:Free speech" (
> >> > http://en.wikipedia.org/wiki/Wikipedia:Free_speech) is probably
> worth a
> >> > read.
> >> >
> >> > http://en.wikipedia.org/wiki/Wikipedia:Free_speech
> >> >
> >> > It's not directly about privacy but I think it clearly covers the
> ground
> >> > that Wikipedia is a project to create an online encyclopedia, not an
> >> > experiment in radical free speech. The system is set up to facilitate
> >> that
> >> > goal.
> >> >
> >> > If you think that recording IP addresses is invasive, then you should
> >> > probably be publishing your content on your own website, not
> Wikipedia.
> >> >
> >> > Cheers,
> >> > David...
> >> >
> >> >
> >> > On Mon, Mar 30, 2015 at 5:10 AM, Brian J Mingus <
> >> [hidden email]
> >> > > wrote:
> >> >
> >> >> In general people do not read privacy policies, nor do they
> understand
> >> >> what
> >> >> IP addresses are or what you can do with them.
> >> >>
> >> >> But if you recall, I simply stated that recording IP addresses is
> >> >> invasive.
> >> >> And it is.
> >> >>
> >> >> This is especially true when you know that your recordings are
> >> faciliating
> >> >> the active de-anonymization of people who are editing Wikipedia. Not
> >> just
> >> >> de-anonymization, but often public shaming.
> >> >>
> >> >> For WMF, the principle of neutrality clearly trumps the principles of
> >> >> privacy and free speech. For the NSA, substitute security for
> >> neutrality.
> >> >> It's hypocritical.
> >> >>
> >> >> Luckily, it's easy to fix. Just stuff the ip fields with random
> numbers
> >> >> and
> >> >> deal with the fallout. Stop tracking people.
> >> >>
> >> >>
> >> >>
> >> >> On Sun, Mar 29, 2015 at 2:02 PM, Oliver Keyes <[hidden email]>
> >> >> wrote:
> >> >>
> >> >> > In order:
> >> >> >
> >> >> > 1. Yes, the WMF is suing the NSA. There are a few threads/blog
> posts
> >> >> > about this people here can point you to.
> >> >> > 2. Brian: The NSA needs to store data without the permission or
> >> >> > consent of the people generating it, sometimes through forcible
> >> >> > interception, decryption and the introduction and maintenance of
> >> >> > software exploits that allow them to do this but also allow any
> other
> >> >> > reasonably technical nation or non-nation actor who is paying
> >> >> > attention to exploit the same vulnerability, keeping this data for
> an
> >> >> > indefinite period, with very little legal or political oversight,
> in
> >> >> > order to stop terrorism, where very little evidence exists that
> this
> >> >> > has helped in any way.
> >> >> >
> >> >> > The WMF needs to store data for a 90 day period, which is
> explicitly
> >> >> > set down in a privacy policy that is transparent, human-readable,
> >> >> > linked from every edit interface, written with the involvement of
> the
> >> >> > people whose data is being stored, administered by a committee of
> >> >> > people who come from this population of editors, and explicitly
> sets
> >> >> > out what the data may or may not be used for, even within the
> >> >> > Wikimedia Foundation, in order to stop vandalism, where multiple
> >> >> > scientific studies have validated the hypothesis that being able to
> >> >> > make rangeblocks and prohibit sockpuppetry is beneficial to the
> >> >> > community we are all a part of and the wider population of readers.
> >> >> >
> >> >> > That's what's actually going on, here. If you thing these
> situations
> >> >> > are roughly analogous, that's your prerogative. If you think the
> >> >> > storage of this data is unnecessary, I recommend you go to your
> local
> >> >> > project and explain to them that being able to checkuser potential
> >> >> > sockpuppets or hard-block users is not needed: gaining consensus
> there
> >> >> > would be a good starting point to changing this.
> >> >> >
> >> >> > On 29 March 2015 at 11:57, James Farrar <[hidden email]>
> >> wrote:
> >> >> > > Wikipedia is suing the NSA? Seriously?
> >> >> > > On 28 Mar 2015 11:23, "Brian J Mingus" <
> [hidden email]>
> >> >> > wrote:
> >> >> > >
> >> >> > >> It has worked up to now, but I'm thinking that, especially given
> >> >> > Wikimedia
> >> >> > >> is suing the NSA, it is no longer justifiable. If the NSA can't
> >> track
> >> >> > >> citizens, Wikimedia shouldn't be tracking them either. Seems
> simple
> >> >> :)
> >> >> > >>
> >> >> > >> On Thu, Mar 26, 2015 at 2:56 PM, Francesco Ariis <
> [hidden email]>
> >> >> > wrote:
> >> >> > >>
> >> >> > >> > On Wed, Mar 25, 2015 at 01:19:35PM -0400, Brian J Mingus
> wrote:
> >> >> > >> > > I think it's rather curious that edits to Wikipedia aren't
> >> >> private.
> >> >> > Why
> >> >> > >> > log
> >> >> > >> > > the IP address? Why log anything? It's invasive.
> >> >> > >> >
> >> >> > >> > I guess it's a sensible choice against abuse (vandalism) while
> >> >> still
> >> >> > >> > allowing non registered users editing rights
> >> >> > >> >
> >> >> > >> >
> >> >> > >> > _______________________________________________
> >> >> > >> > WikiEN-l mailing list
> >> >> > >> > [hidden email]
> >> >> > >> > To unsubscribe from this mailing list, visit:
> >> >> > >> > https://lists.wikimedia.org/mailman/listinfo/wikien-l
> >> >> > >> >
> >> >> > >> _______________________________________________
> >> >> > >> WikiEN-l mailing list
> >> >> > >> [hidden email]
> >> >> > >> To unsubscribe from this mailing list, visit:
> >> >> > >> https://lists.wikimedia.org/mailman/listinfo/wikien-l
> >> >> > >>
> >> >> > > _______________________________________________
> >> >> > > WikiEN-l mailing list
> >> >> > > [hidden email]
> >> >> > > To unsubscribe from this mailing list, visit:
> >> >> > > https://lists.wikimedia.org/mailman/listinfo/wikien-l
> >> >> >
> >> >> >
> >> >> >
> >> >> > --
> >> >> > Oliver Keyes
> >> >> > Research Analyst
> >> >> > Wikimedia Foundation
> >> >> >
> >> >> _______________________________________________
> >> >> WikiEN-l mailing list
> >> >> [hidden email]
> >> >> To unsubscribe from this mailing list, visit:
> >> >> https://lists.wikimedia.org/mailman/listinfo/wikien-l
> >> >>
> >> >
> >> >
> >> _______________________________________________
> >> WikiEN-l mailing list
> >> [hidden email]
> >> To unsubscribe from this mailing list, visit:
> >> https://lists.wikimedia.org/mailman/listinfo/wikien-l
> >>
> > _______________________________________________
> > WikiEN-l mailing list
> > [hidden email]
> > To unsubscribe from this mailing list, visit:
> > https://lists.wikimedia.org/mailman/listinfo/wikien-l
>
>
>
> --
> Oliver Keyes
> Research Analyst
> Wikimedia Foundation
>
> _______________________________________________
> WikiEN-l mailing list
> [hidden email]
> To unsubscribe from this mailing list, visit:
> https://lists.wikimedia.org/mailman/listinfo/wikien-l
>
_______________________________________________
WikiEN-l mailing list
[hidden email]
To unsubscribe from this mailing list, visit:
https://lists.wikimedia.org/mailman/listinfo/wikien-l
Reply | Threaded
Open this post in threaded view
|

Re: Privacy Study Looking for Volunteers

Andrew Gray-3
In reply to this post by Brian J Mingus
On 30 March 2015 at 00:24, Brian J Mingus <[hidden email]> wrote:
> Just like the Netflix Prize, knowing which topics an entity is interested
> in, and having access to text they have written, is, in many cases, enough
> information to reveal who that person is, where they live, etc. You just
> plug the data into Google and correlate away.

Then if we want to stop being being able to identify our users, we
would have to stop allowing our users to write things...

More seriously, yes, we *could* do radical anonymisation of all
contributions to Wikipedia - it would be technically possible to make
every non-account contribution labelled "anonymous" (one giant
pseudo-account?) rather than an IP number, removing any linkage
between those edits. But that would have immense social costs on the
Wikipedia community - we would lose a substantial proportion of our
capacity to prevent spamming, vandalism, defamation, or other forms of
abuse, and put substantially more work on our volunteers handling
these problems.

I really doubt our overworked community would be able to cope with that.

Some kind of semi-anonymisation, as James suggests, is workable,
obfuscating IPs - but not complete disconnection. The other
alternative would be to close off unregistered contributions, which
has been discussed repeatedly in the past and is generally unpopular.
But it's achievable with our current setup, and if you want to change
things advocating for that might be a better approach.

A.

--
- Andrew Gray
  [hidden email]

_______________________________________________
WikiEN-l mailing list
[hidden email]
To unsubscribe from this mailing list, visit:
https://lists.wikimedia.org/mailman/listinfo/wikien-l
Reply | Threaded
Open this post in threaded view
|

Re: Privacy Study Looking for Volunteers

geni
In reply to this post by Brian J Mingus
On 30 March 2015 at 16:00, Brian J Mingus <[hidden email]> wrote:

> I propose we run a study. We will survey random editors and ask them if
> they realize that there is a chance they are leaking enough information for
> their identity to be revealed. *Even if they are logged in.*
>


What exactly do you hope to learn?




> Regarding comparisons - institutions have structure, and if there is a
> structure mapping, then it's a matter of fact. A given mapping will have
> strengths and weaknesses. You may prefer one mapping to another. If you
> have reasons for preferring one mapping (other than that it offends you),
> I'm all ears. But be aware: simply changing the vocabulary that you use to
> describe the space doesn't mean that two different descriptions of
> institutions aren't in fact describing a construct that is more similar
> than different, or that is similar in important ways.
>
> This is all to say, there are often reasons that institutions like the NSA
> and WMF are structured the way they are. Given the investment in the topic,
> it's probably worth exploring how the institutional structures emerged. But
> given the investment, confirmation bias may prevail in this case: even if
> there are important similarities, nobody wants to look like a hypocrite.
>

What does this have to do with anything?

--
geni
_______________________________________________
WikiEN-l mailing list
[hidden email]
To unsubscribe from this mailing list, visit:
https://lists.wikimedia.org/mailman/listinfo/wikien-l
Reply | Threaded
Open this post in threaded view
|

Re: Privacy Study Looking for Volunteers

James Farrar
In reply to this post by Brian J Mingus
I'm far from convinced that the Foundation should be involved in
push-polling.
On 31 Mar 2015 09:24, "Brian J Mingus" <[hidden email]> wrote:

> I propose we run a study. We will survey random editors and ask them if
> they realize that there is a chance they are leaking enough information for
> their identity to be revealed. *Even if they are logged in.*
>
> Regarding comparisons - institutions have structure, and if there is a
> structure mapping, then it's a matter of fact. A given mapping will have
> strengths and weaknesses. You may prefer one mapping to another. If you
> have reasons for preferring one mapping (other than that it offends you),
> I'm all ears. But be aware: simply changing the vocabulary that you use to
> describe the space doesn't mean that two different descriptions of
> institutions aren't in fact describing a construct that is more similar
> than different, or that is similar in important ways.
>
> This is all to say, there are often reasons that institutions like the NSA
> and WMF are structured the way they are. Given the investment in the topic,
> it's probably worth exploring how the institutional structures emerged. But
> given the investment, confirmation bias may prevail in this case: even if
> there are important similarities, nobody wants to look like a hypocrite.
>
> That's OK, though. Much as I am invested in Wikipedia and appreciate the
> WMF, if I turn out to be a hypocrite, *I* will call myself one. Just as I
> will do it to others.
>
> Best,
>
> Brian
>
> "*Other dogs bite only their enemies, whereas I bite also my friends.*" -
> Diogenes the Cynic
>
>
> On Mon, Mar 30, 2015 at 10:32 AM, Oliver Keyes <[hidden email]>
> wrote:
>
> > Or perhaps you're reading far too much into it, and in the process,
> > being incredibly rude to the WMF employees reading this thread, who
> > are people too, and don't particularly appreciate being compared to
> > the NSA. If you're trying to have a constructive discussion, you
> > should pick a better format and attitude.
> >
> > On 29 March 2015 at 19:02, Brian J Mingus <[hidden email]>
> > wrote:
> > > The notice just says that the IP is public. Most people have no idea
> what
> > > that means.
> > >
> > > It will absolutely make those problems harder. Perhaps it is the
> > > Foundation's trusted role to hide that information from the public and
> be
> > > trusted with it on the backend. This institutional design sounds
> similar
> > to
> > > another institution in certain ways..
> > >
> > >
> > >
> > > On Sun, Mar 29, 2015 at 6:58 PM, Dustin Muniz <[hidden email]>
> > wrote:
> > >
> > >> People are made aware with each edit as an I am that their information
> > is
> > >> publicly available. What concerns me about removing IP information is
> > that
> > >> it'll remove our ability to fight spam, detect socks, and respond to
> > >> emergency@ issues, unless I've missed something?
> > >>
> > >>
> > >> Sent from Samsung Mobile
> > >>
> > >>
> > >> -------- Original message --------
> > >> From: Brian J Mingus
> > >> Date:03-29-2015 4:36 PM (GMT-05:00)
> > >> To: David Carson
> > >> Cc: English Wikipedia
> > >> Subject: Re: [WikiEN-l] Privacy Study Looking for Volunteers
> > >>
> > >> Wikipedia is set up such that if you don't take the measures mentioned
> > in
> > >> the OP, you are dox'ing yourself. Users are not aware of this.
> > >>
> > >> On Sun, Mar 29, 2015 at 4:33 PM, David Carson <[hidden email]>
> > >> wrote:
> > >>
> > >> > "Wikipedia:Free speech" (
> > >> > http://en.wikipedia.org/wiki/Wikipedia:Free_speech) is probably
> > worth a
> > >> > read.
> > >> >
> > >> > http://en.wikipedia.org/wiki/Wikipedia:Free_speech
> > >> >
> > >> > It's not directly about privacy but I think it clearly covers the
> > ground
> > >> > that Wikipedia is a project to create an online encyclopedia, not an
> > >> > experiment in radical free speech. The system is set up to
> facilitate
> > >> that
> > >> > goal.
> > >> >
> > >> > If you think that recording IP addresses is invasive, then you
> should
> > >> > probably be publishing your content on your own website, not
> > Wikipedia.
> > >> >
> > >> > Cheers,
> > >> > David...
> > >> >
> > >> >
> > >> > On Mon, Mar 30, 2015 at 5:10 AM, Brian J Mingus <
> > >> [hidden email]
> > >> > > wrote:
> > >> >
> > >> >> In general people do not read privacy policies, nor do they
> > understand
> > >> >> what
> > >> >> IP addresses are or what you can do with them.
> > >> >>
> > >> >> But if you recall, I simply stated that recording IP addresses is
> > >> >> invasive.
> > >> >> And it is.
> > >> >>
> > >> >> This is especially true when you know that your recordings are
> > >> faciliating
> > >> >> the active de-anonymization of people who are editing Wikipedia.
> Not
> > >> just
> > >> >> de-anonymization, but often public shaming.
> > >> >>
> > >> >> For WMF, the principle of neutrality clearly trumps the principles
> of
> > >> >> privacy and free speech. For the NSA, substitute security for
> > >> neutrality.
> > >> >> It's hypocritical.
> > >> >>
> > >> >> Luckily, it's easy to fix. Just stuff the ip fields with random
> > numbers
> > >> >> and
> > >> >> deal with the fallout. Stop tracking people.
> > >> >>
> > >> >>
> > >> >>
> > >> >> On Sun, Mar 29, 2015 at 2:02 PM, Oliver Keyes <
> [hidden email]>
> > >> >> wrote:
> > >> >>
> > >> >> > In order:
> > >> >> >
> > >> >> > 1. Yes, the WMF is suing the NSA. There are a few threads/blog
> > posts
> > >> >> > about this people here can point you to.
> > >> >> > 2. Brian: The NSA needs to store data without the permission or
> > >> >> > consent of the people generating it, sometimes through forcible
> > >> >> > interception, decryption and the introduction and maintenance of
> > >> >> > software exploits that allow them to do this but also allow any
> > other
> > >> >> > reasonably technical nation or non-nation actor who is paying
> > >> >> > attention to exploit the same vulnerability, keeping this data
> for
> > an
> > >> >> > indefinite period, with very little legal or political oversight,
> > in
> > >> >> > order to stop terrorism, where very little evidence exists that
> > this
> > >> >> > has helped in any way.
> > >> >> >
> > >> >> > The WMF needs to store data for a 90 day period, which is
> > explicitly
> > >> >> > set down in a privacy policy that is transparent, human-readable,
> > >> >> > linked from every edit interface, written with the involvement of
> > the
> > >> >> > people whose data is being stored, administered by a committee of
> > >> >> > people who come from this population of editors, and explicitly
> > sets
> > >> >> > out what the data may or may not be used for, even within the
> > >> >> > Wikimedia Foundation, in order to stop vandalism, where multiple
> > >> >> > scientific studies have validated the hypothesis that being able
> to
> > >> >> > make rangeblocks and prohibit sockpuppetry is beneficial to the
> > >> >> > community we are all a part of and the wider population of
> readers.
> > >> >> >
> > >> >> > That's what's actually going on, here. If you thing these
> > situations
> > >> >> > are roughly analogous, that's your prerogative. If you think the
> > >> >> > storage of this data is unnecessary, I recommend you go to your
> > local
> > >> >> > project and explain to them that being able to checkuser
> potential
> > >> >> > sockpuppets or hard-block users is not needed: gaining consensus
> > there
> > >> >> > would be a good starting point to changing this.
> > >> >> >
> > >> >> > On 29 March 2015 at 11:57, James Farrar <[hidden email]>
> > >> wrote:
> > >> >> > > Wikipedia is suing the NSA? Seriously?
> > >> >> > > On 28 Mar 2015 11:23, "Brian J Mingus" <
> > [hidden email]>
> > >> >> > wrote:
> > >> >> > >
> > >> >> > >> It has worked up to now, but I'm thinking that, especially
> given
> > >> >> > Wikimedia
> > >> >> > >> is suing the NSA, it is no longer justifiable. If the NSA
> can't
> > >> track
> > >> >> > >> citizens, Wikimedia shouldn't be tracking them either. Seems
> > simple
> > >> >> :)
> > >> >> > >>
> > >> >> > >> On Thu, Mar 26, 2015 at 2:56 PM, Francesco Ariis <
> > [hidden email]>
> > >> >> > wrote:
> > >> >> > >>
> > >> >> > >> > On Wed, Mar 25, 2015 at 01:19:35PM -0400, Brian J Mingus
> > wrote:
> > >> >> > >> > > I think it's rather curious that edits to Wikipedia aren't
> > >> >> private.
> > >> >> > Why
> > >> >> > >> > log
> > >> >> > >> > > the IP address? Why log anything? It's invasive.
> > >> >> > >> >
> > >> >> > >> > I guess it's a sensible choice against abuse (vandalism)
> while
> > >> >> still
> > >> >> > >> > allowing non registered users editing rights
> > >> >> > >> >
> > >> >> > >> >
> > >> >> > >> > _______________________________________________
> > >> >> > >> > WikiEN-l mailing list
> > >> >> > >> > [hidden email]
> > >> >> > >> > To unsubscribe from this mailing list, visit:
> > >> >> > >> > https://lists.wikimedia.org/mailman/listinfo/wikien-l
> > >> >> > >> >
> > >> >> > >> _______________________________________________
> > >> >> > >> WikiEN-l mailing list
> > >> >> > >> [hidden email]
> > >> >> > >> To unsubscribe from this mailing list, visit:
> > >> >> > >> https://lists.wikimedia.org/mailman/listinfo/wikien-l
> > >> >> > >>
> > >> >> > > _______________________________________________
> > >> >> > > WikiEN-l mailing list
> > >> >> > > [hidden email]
> > >> >> > > To unsubscribe from this mailing list, visit:
> > >> >> > > https://lists.wikimedia.org/mailman/listinfo/wikien-l
> > >> >> >
> > >> >> >
> > >> >> >
> > >> >> > --
> > >> >> > Oliver Keyes
> > >> >> > Research Analyst
> > >> >> > Wikimedia Foundation
> > >> >> >
> > >> >> _______________________________________________
> > >> >> WikiEN-l mailing list
> > >> >> [hidden email]
> > >> >> To unsubscribe from this mailing list, visit:
> > >> >> https://lists.wikimedia.org/mailman/listinfo/wikien-l
> > >> >>
> > >> >
> > >> >
> > >> _______________________________________________
> > >> WikiEN-l mailing list
> > >> [hidden email]
> > >> To unsubscribe from this mailing list, visit:
> > >> https://lists.wikimedia.org/mailman/listinfo/wikien-l
> > >>
> > > _______________________________________________
> > > WikiEN-l mailing list
> > > [hidden email]
> > > To unsubscribe from this mailing list, visit:
> > > https://lists.wikimedia.org/mailman/listinfo/wikien-l
> >
> >
> >
> > --
> > Oliver Keyes
> > Research Analyst
> > Wikimedia Foundation
> >
> > _______________________________________________
> > WikiEN-l mailing list
> > [hidden email]
> > To unsubscribe from this mailing list, visit:
> > https://lists.wikimedia.org/mailman/listinfo/wikien-l
> >
> _______________________________________________
> WikiEN-l mailing list
> [hidden email]
> To unsubscribe from this mailing list, visit:
> https://lists.wikimedia.org/mailman/listinfo/wikien-l
>
_______________________________________________
WikiEN-l mailing list
[hidden email]
To unsubscribe from this mailing list, visit:
https://lists.wikimedia.org/mailman/listinfo/wikien-l
Reply | Threaded
Open this post in threaded view
|

Re: Privacy Study Looking for Volunteers

Federico Leva (Nemo)
In reply to this post by Brian J Mingus
 > I propose we run a study. We will survey random editors

I always find it curious that we had dozens or hundreds of threads on
having IPs in history: this worry is very elitist, at most few millions
people ever edited.

What about the hundreds millions users who never edited? What are
*their* IPs being logged for? It would be rather trivial to do as the IA
does:
http://blog.archive.org/2013/10/25/reader-privacy-at-the-internet-archive/

I'll start worrying about the millions when we have solved privacy
issues for the billions.

Nemo

_______________________________________________
WikiEN-l mailing list
[hidden email]
To unsubscribe from this mailing list, visit:
https://lists.wikimedia.org/mailman/listinfo/wikien-l
Reply | Threaded
Open this post in threaded view
|

Re: Privacy Study Looking for Volunteers

WereSpielChequers-2
In reply to this post by Andrea Forte
There is an important difference here. The WMF does not publicly log the IP
addresses of visitors to the site.
<https://meta.wikimedia.org/wiki/Privacy_policy#your-use-of-wm-sites> It
does however publish the IP addresses of editors who are not logged in.

I could understand the elitist claim if the WMF were more privacy conscious
of editors than readers. But it isn't, if anything the divide is a three
way one, with unregistered editors as the ones who by default have least
privacy

Regards

Jonathan

On 5 April 2015 at 21:18, Federico Leva (Nemo) <[hidden email]> wrote:

> > I propose we run a study. We will survey random editors
>
> I always find it curious that we had dozens or hundreds of threads on
> having IPs in history: this worry is very elitist, at most few millions
> people ever edited.
>
> What about the hundreds millions users who never edited? What are *their*
> IPs being logged for? It would be rather trivial to do as the IA does:
> http://blog.archive.org/2013/10/25/reader-privacy-at-the-internet-archive/
>
> I'll start worrying about the millions when we have solved privacy issues
> for the billions.
>
> Nemo
>
>
> _______________________________________________
> WikiEN-l mailing list
> [hidden email]
> To unsubscribe from this mailing list, visit:
> https://lists.wikimedia.org/mailman/listinfo/wikien-l
>
_______________________________________________
WikiEN-l mailing list
[hidden email]
To unsubscribe from this mailing list, visit:
https://lists.wikimedia.org/mailman/listinfo/wikien-l
Reply | Threaded
Open this post in threaded view
|

Re: Privacy Study Looking for Volunteers

Andrea Forte
The discussion here has been great. I've been keeping out of it since I
have an active research project and I don't want to seed my own ideas, but
to circle back to the original post... if anyone here would like to
contribute their experiences with privacy on Wikipedia to our project,
please consider doing an interview. This is not related to the lawsuit,
btw, we started the project before that happened.

The consent form is here:
http://drexel.qualtrics.com/jfe/form/SV_elzNLEUeTjIphrv

Thanks,
Andrea



On Tue, Apr 7, 2015 at 9:00 AM, WereSpielChequers <
[hidden email]> wrote:

> There is an important difference here. The WMF does not publicly log the IP
> addresses of visitors to the site.
> <https://meta.wikimedia.org/wiki/Privacy_policy#your-use-of-wm-sites> It
> does however publish the IP addresses of editors who are not logged in.
>
> I could understand the elitist claim if the WMF were more privacy conscious
> of editors than readers. But it isn't, if anything the divide is a three
> way one, with unregistered editors as the ones who by default have least
> privacy
>
> Regards
>
> Jonathan
>
> On 5 April 2015 at 21:18, Federico Leva (Nemo) <[hidden email]> wrote:
>
> > > I propose we run a study. We will survey random editors
> >
> > I always find it curious that we had dozens or hundreds of threads on
> > having IPs in history: this worry is very elitist, at most few millions
> > people ever edited.
> >
> > What about the hundreds millions users who never edited? What are *their*
> > IPs being logged for? It would be rather trivial to do as the IA does:
> >
> http://blog.archive.org/2013/10/25/reader-privacy-at-the-internet-archive/
> >
> > I'll start worrying about the millions when we have solved privacy issues
> > for the billions.
> >
> > Nemo
> >
> >
> > _______________________________________________
> > WikiEN-l mailing list
> > [hidden email]
> > To unsubscribe from this mailing list, visit:
> > https://lists.wikimedia.org/mailman/listinfo/wikien-l
> >
> _______________________________________________
> WikiEN-l mailing list
> [hidden email]
> To unsubscribe from this mailing list, visit:
> https://lists.wikimedia.org/mailman/listinfo/wikien-l
>



--
 :: Andrea Forte
 :: Assistant Professor
 :: College of Computing and Informatics, Drexel University
 :: http://www.andreaforte.net
_______________________________________________
WikiEN-l mailing list
[hidden email]
To unsubscribe from this mailing list, visit:
https://lists.wikimedia.org/mailman/listinfo/wikien-l
Reply | Threaded
Open this post in threaded view
|

Re: Privacy Study Looking for Volunteers

Alan Liefting
I use my own name on WMF sites.  I was warned against doing that not
long after I started editing back in 2004.  Ten years later and as a
hothead editor having my real identity known does not seem to be a problem.

Most editors use an alias.  I don't know why.  What are they afraid of?  
Editing wikis, if you are doing it right, is a laudable task and editors
should be proud of the fact that they are helping to share knowledge in
an altruistic manner.

Rather than ensuring privacy of editors the WMF should DEMAND that
editors make their identity known.  I am sure that this may cure some of
the many problems that we are seeing on WMF projects.

Having said all that there is of course a problem in some of the dodgy
countries where speaking out gets you killed.  It has happened with
journalists, bloggers, activists etc.  It could (has?) happen with WMF
project editors.


Alan Liefting




On 09/04/15 00:06, Andrea Forte wrote:

> The discussion here has been great. I've been keeping out of it since I
> have an active research project and I don't want to seed my own ideas, but
> to circle back to the original post... if anyone here would like to
> contribute their experiences with privacy on Wikipedia to our project,
> please consider doing an interview. This is not related to the lawsuit,
> btw, we started the project before that happened.
>
> The consent form is here:
> http://drexel.qualtrics.com/jfe/form/SV_elzNLEUeTjIphrv
>
> Thanks,
> Andrea
>
>
>
> On Tue, Apr 7, 2015 at 9:00 AM, WereSpielChequers <
> [hidden email]> wrote:
>
>> There is an important difference here. The WMF does not publicly log the IP
>> addresses of visitors to the site.
>> <https://meta.wikimedia.org/wiki/Privacy_policy#your-use-of-wm-sites> It
>> does however publish the IP addresses of editors who are not logged in.
>>
>> I could understand the elitist claim if the WMF were more privacy conscious
>> of editors than readers. But it isn't, if anything the divide is a three
>> way one, with unregistered editors as the ones who by default have least
>> privacy
>>
>> Regards
>>
>> Jonathan
>>
>> On 5 April 2015 at 21:18, Federico Leva (Nemo) <[hidden email]> wrote:
>>
>>>> I propose we run a study. We will survey random editors
>>> I always find it curious that we had dozens or hundreds of threads on
>>> having IPs in history: this worry is very elitist, at most few millions
>>> people ever edited.
>>>
>>> What about the hundreds millions users who never edited? What are *their*
>>> IPs being logged for? It would be rather trivial to do as the IA does:
>>>
>> http://blog.archive.org/2013/10/25/reader-privacy-at-the-internet-archive/
>>> I'll start worrying about the millions when we have solved privacy issues
>>> for the billions.
>>>
>>> Nemo
>>>
>>>
>>> _______________________________________________
>>> WikiEN-l mailing list
>>> [hidden email]
>>> To unsubscribe from this mailing list, visit:
>>> https://lists.wikimedia.org/mailman/listinfo/wikien-l
>>>
>> _______________________________________________
>> WikiEN-l mailing list
>> [hidden email]
>> To unsubscribe from this mailing list, visit:
>> https://lists.wikimedia.org/mailman/listinfo/wikien-l
>>
>
>


_______________________________________________
WikiEN-l mailing list
[hidden email]
To unsubscribe from this mailing list, visit:
https://lists.wikimedia.org/mailman/listinfo/wikien-l
123