Mailing List Archive

My only quibble is that its still visually not very presentable. Definitely
not a big deal, but I wonder if anyone wants to take a stab at making it
more stylistically pleasant - on the web and on paper. Often makes it easier
to read and follow along, particularly for people who aren't frequent
readers of corporate policy documents.

Otherwise, good work folks.

Nathan
_______________________________________________
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

2008/8/8 Michael Snow <wikipedia@verizon.net>:

> The board intends to vote on this version, but before we do, I wanted to
> provide one last opportunity for your feedback.

Thank you for the reminder :-)

My thoughts on the draft:
* length & style: it can be shortened and it should be shortened.
there's a lot of redundancy in it. My favorite "publishers publicly
puplish in a public act" paragraph for example:
"Anyone with Internet access (and not otherwise restricted from doing
so) may edit the publicly editable pages of these sites with or
without logging in as a registered user. By doing this, editors create
a published document, and a public record of every word added,
subtracted, or changed. This is a public act, and editors are
identified publicly as the author of such changes. All contributions
made to a Project, and all publicly available information about those
contributions, are irrevocably licensed and may be freely copied,
quoted, reused and adapted by third parties with few restrictions."

Translated by amateurs as we usually do, it will read in other
languages absolutely ridiculous (and not very comprehensible).

* Contradicition
In the introduction I read "In general, this Policy only applies to
private information stored or held by the Foundation which is not
publicly available." but in the following the policy deals extensively
with public contributions, public discussions, public postings to
public mailing lists etc (possible solution: deal with everything
public in the "scope" paragraph)

* commitments
A privacy poliy is a commitment. Lawyers may love the phrase "include
but is not limited to" which I find several times in the policy but it
does nothing to assure the reader. As a reader and user of the
wikimedia projects, I would prefer a privacy policy which gives a
commitment of some sort to _not_ give access to my private information
to any random person. This refers to this:
" Other users who may have access to private identifiable information
include, but are not limited to, users who have access to OTRS, or to
the CheckUser and Oversight functions, users elected by project
communities to serve as stewards or Arbitrators, Wikimedia Foundation
employees, trustees, appointees, and contractors and agents employed
by the Foundation, and developers and others with high levels of
server access."

the question of access leads me to the next point; I read a few
privacy policies for comparison and I found something I really liked
as informative in one: a mention of where all these private
informations are stored, bluntly spoken: which country can confiscate
the servers. Including this will obviously requiring the privacy
policy each time a server farm is founded in a new country but this
isn't necessarily a bad thing.

*to have access and to access
While the policy deals at length with who has access it is very silent
about when all these persons are allowed to access my data and
actually access my data. The only thing somehow related to this was
"As a general principle, the access to, and retention of, personally
identifiable data in all projects should be minimal and should be used
only internally to serve the well-being of the projects." which is
somehow a bit vague. Who defines what is well-being? How is this
controlled? Who does guarantee that a nosy checkuser doesn't just look
up my user information, revealing my employer, the wikipedia user
name of my boyfriend and other friends just for fun? How would I even
know?

Wikimedia has a wonderful institution called ombudsmen commission -
might be an idea to mention it in the privacy policy. It might also be
an idea to establish a right for users to be informed on request if
they were checkusered.

* now for the disclaimer...
okay, disclaimers are legally a sensible thing. "We try to do our best
and if this isn't enough..." We recently had in the german Wikipedia a
discussion about individual user rankings. One person used the current
privacy poliy to argue that the Wikimedia foundation approved such
statistics because it said they were possible. While this dispute
concerned fairly trivial rankings of aggregated nr. of edits, blocks
etc. it is possible to do much worse with the public data. Bot created
user profiles with interests, hobbies, living rhythm, estimated
timezone. Network analysis with the users position in the community.

While the Wikimedia Foundation can't legally prevent any third parties
from generating and publishing such informations, it can do two
things:
* it can issue a policy for these cases for the Wikimedia projects
* it can issue recommendations for third parties, for example to
anonymize user names in research publications.

greetings,
elian

_______________________________________________
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

On Sat, Aug 9, 2008 at 10:46 AM, elisabeth bauer
<eflebeth@googlemail.com> wrote:
> 2008/8/8 Michael Snow <wikipedia@verizon.net>:
>
>> The board intends to vote on this version, but before we do, I wanted to
>> provide one last opportunity for your feedback.
> While the policy deals at length with who has access it is very silent
> about when all these persons are allowed to access my data and
> actually access my data. The only thing somehow related to this was
> "As a general principle, the access to, and retention of, personally
> identifiable data in all projects should be minimal and should be used
> only internally to serve the well-being of the projects." which is
> somehow a bit vague. Who defines what is well-being? How is this
> controlled? Who does guarantee that a nosy checkuser doesn't just look
> up my user information, revealing my employer, the wikipedia user
> name of my boyfriend and other friends just for fun? How would I even
> know?

Elian, this is exactly the situation we have on the English Wikipedia.
Jimbo takes the view that checkusers may be conducted more or less at
random, for no reason, and the checkusers follow that lead. In other
words, the Foundation's checkuser policy is being openly flouted.

We've been told we can't complain to the Ombudsman commission because
they only deal with violations of the privacy policy, not the
checkuser policy. We've been told we have no right to know whether
we've been checked. Attempts to introduce such a rule have led to the
checkusers saying they will not follow it. And when we do find out
that we've been checked, the only concern of the checkusers is to find
out who told us, and to punish that person. It really is a very bad
situation for the Foundation, one that's bound to lead to trouble
sooner or later.

Sarah

_______________________________________________
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SlimVirgin wrote:
> On Sat, Aug 9, 2008 at 10:46 AM, elisabeth bauer
> <eflebeth@googlemail.com> wrote:
>> 2008/8/8 Michael Snow <wikipedia@verizon.net>:
>>
>>> The board intends to vote on this version, but before we do, I wanted to
>>> provide one last opportunity for your feedback.
>> While the policy deals at length with who has access it is very silent
>> about when all these persons are allowed to access my data and
>> actually access my data. The only thing somehow related to this was
>> "As a general principle, the access to, and retention of, personally
>> identifiable data in all projects should be minimal and should be used
>> only internally to serve the well-being of the projects." which is
>> somehow a bit vague. Who defines what is well-being? How is this
>> controlled? Who does guarantee that a nosy checkuser doesn't just look
>> up my user information, revealing my employer, the wikipedia user
>> name of my boyfriend and other friends just for fun? How would I even
>> know?
>
> Elian, this is exactly the situation we have on the English Wikipedia.
> Jimbo takes the view that checkusers may be conducted more or less at
> random, for no reason, and the checkusers follow that lead. In other
> words, the Foundation's checkuser policy is being openly flouted.
>
> We've been told we can't complain to the Ombudsman commission because
> they only deal with violations of the privacy policy, not the
> checkuser policy. We've been told we have no right to know whether
> we've been checked. Attempts to introduce such a rule have led to the
> checkusers saying they will not follow it. And when we do find out
> that we've been checked, the only concern of the checkusers is to find
> out who told us, and to punish that person. It really is a very bad
> situation for the Foundation, one that's bound to lead to trouble
> sooner or later.
>
> Sarah
>
> _______________________________________________
> foundation-l mailing list
> foundation-l@lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

I personally don't mind being checked. Whenever, by whomever, so long
as the results are not disclosed. (disclosure, not checking, is governed
by the privacy policy.

- --
Best,
Jon

[User:NonvocalScream]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkid0QcACgkQ6+ro8Pm1AtVy0QCeMQHlFaTDaQxNSNcE8CMzzknY
hBwAoK05fUsbUBc4gXcWkZsfEazCNvA/
=GMaV
-----END PGP SIGNATURE-----

_______________________________________________
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

On Sat, Aug 9, 2008 at 11:16 AM, Jon <scream@datascreamer.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> SlimVirgin wrote:
>> On Sat, Aug 9, 2008 at 10:46 AM, elisabeth bauer
>> <eflebeth@googlemail.com> wrote:
>>> 2008/8/8 Michael Snow <wikipedia@verizon.net>:
>>>
>>>> The board intends to vote on this version, but before we do, I wanted to
>>>> provide one last opportunity for your feedback.
>>> While the policy deals at length with who has access it is very silent
>>> about when all these persons are allowed to access my data and
>>> actually access my data. The only thing somehow related to this was
>>> "As a general principle, the access to, and retention of, personally
>>> identifiable data in all projects should be minimal and should be used
>>> only internally to serve the well-being of the projects." which is
>>> somehow a bit vague. Who defines what is well-being? How is this
>>> controlled? Who does guarantee that a nosy checkuser doesn't just look
>>> up my user information, revealing my employer, the wikipedia user
>>> name of my boyfriend and other friends just for fun? How would I even
>>> know?
>>
>> Elian, this is exactly the situation we have on the English Wikipedia.
>> Jimbo takes the view that checkusers may be conducted more or less at
>> random, for no reason, and the checkusers follow that lead. In other
>> words, the Foundation's checkuser policy is being openly flouted.
>>
>> We've been told we can't complain to the Ombudsman commission because
>> they only deal with violations of the privacy policy, not the
>> checkuser policy. We've been told we have no right to know whether
>> we've been checked. Attempts to introduce such a rule have led to the
>> checkusers saying they will not follow it. And when we do find out
>> that we've been checked, the only concern of the checkusers is to find
>> out who told us, and to punish that person. It really is a very bad
>> situation for the Foundation, one that's bound to lead to trouble
>> sooner or later.
>>
>> Sarah
>>
>> _______________________________________________
>> foundation-l mailing list
>> foundation-l@lists.wikimedia.org
>> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l
>
> I personally don't mind being checked. Whenever, by whomever, so long
> as the results are not disclosed. (disclosure, not checking, is governed
> by the privacy policy.
>
> - --
> Best,
> Jon
>
> [User:NonvocalScream]
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iEYEARECAAYFAkid0QcACgkQ6+ro8Pm1AtVy0QCeMQHlFaTDaQxNSNcE8CMzzknY
> hBwAoK05fUsbUBc4gXcWkZsfEazCNvA/
> =GMaV
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> foundation-l mailing list
> foundation-l@lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l
>

I do believe that checking is covered as well. And if it's not, it
needs to be. Checks should only be conducted at least upon reasonable
suspicion.

--
Freedom is the right to say that 2+2=4. From this all else follows.

_______________________________________________
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

Hoi,
So you are checked. You have to appreciate that by your own words, there
must be a reasonable suspicion. You even insist that it is published that
you have been checked. This means that it is now generally known that you
are under a reasonable suspicion... How nice, that you are now known to have
a tarnished reputation...

Actually when you are checked, and it is not published that you were
checked, you are much better off. When everyone can demand checking because
THEY are suspicious, publication of check results will only increase the
amount of vigilantism. Really, you are much better off when trusted people
do their checking and keep their confidences.
Thanks,
GerardM

On Sat, Aug 9, 2008 at 7:46 PM, Todd Allen <toddmallen@gmail.com> wrote:

> On Sat, Aug 9, 2008 at 11:16 AM, Jon <scream@datascreamer.com> wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > SlimVirgin wrote:
> >> On Sat, Aug 9, 2008 at 10:46 AM, elisabeth bauer
> >> <eflebeth@googlemail.com> wrote:
> >>> 2008/8/8 Michael Snow <wikipedia@verizon.net>:
> >>>
> >>>> The board intends to vote on this version, but before we do, I wanted
> to
> >>>> provide one last opportunity for your feedback.
> >>> While the policy deals at length with who has access it is very silent
> >>> about when all these persons are allowed to access my data and
> >>> actually access my data. The only thing somehow related to this was
> >>> "As a general principle, the access to, and retention of, personally
> >>> identifiable data in all projects should be minimal and should be used
> >>> only internally to serve the well-being of the projects." which is
> >>> somehow a bit vague. Who defines what is well-being? How is this
> >>> controlled? Who does guarantee that a nosy checkuser doesn't just look
> >>> up my user information, revealing my employer, the wikipedia user
> >>> name of my boyfriend and other friends just for fun? How would I even
> >>> know?
> >>
> >> Elian, this is exactly the situation we have on the English Wikipedia.
> >> Jimbo takes the view that checkusers may be conducted more or less at
> >> random, for no reason, and the checkusers follow that lead. In other
> >> words, the Foundation's checkuser policy is being openly flouted.
> >>
> >> We've been told we can't complain to the Ombudsman commission because
> >> they only deal with violations of the privacy policy, not the
> >> checkuser policy. We've been told we have no right to know whether
> >> we've been checked. Attempts to introduce such a rule have led to the
> >> checkusers saying they will not follow it. And when we do find out
> >> that we've been checked, the only concern of the checkusers is to find
> >> out who told us, and to punish that person. It really is a very bad
> >> situation for the Foundation, one that's bound to lead to trouble
> >> sooner or later.
> >>
> >> Sarah
> >>
> >> _______________________________________________
> >> foundation-l mailing list
> >> foundation-l@lists.wikimedia.org
> >> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l
> >
> > I personally don't mind being checked. Whenever, by whomever, so long
> > as the results are not disclosed. (disclosure, not checking, is governed
> > by the privacy policy.
> >
> > - --
> > Best,
> > Jon
> >
> > [User:NonvocalScream]
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.4.9 (MingW32)
> > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> >
> > iEYEARECAAYFAkid0QcACgkQ6+ro8Pm1AtVy0QCeMQHlFaTDaQxNSNcE8CMzzknY
> > hBwAoK05fUsbUBc4gXcWkZsfEazCNvA/
> > =GMaV
> > -----END PGP SIGNATURE-----
> >
> > _______________________________________________
> > foundation-l mailing list
> > foundation-l@lists.wikimedia.org
> > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l
> >
>
> I do believe that checking is covered as well. And if it's not, it
> needs to be. Checks should only be conducted at least upon reasonable
> suspicion.
>
> --
> Freedom is the right to say that 2+2=4. From this all else follows.
>
> _______________________________________________
> foundation-l mailing list
> foundation-l@lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l
>
_______________________________________________
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

On Sat, Aug 9, 2008 at 11:58 AM, Gerard Meijssen
<gerard.meijssen@gmail.com> wrote:
> Hoi,
> So you are checked. You have to appreciate that by your own words, there
> must be a reasonable suspicion. You even insist that it is published that
> you have been checked. This means that it is now generally known that you
> are under a reasonable suspicion... How nice, that you are now known to have
> a tarnished reputation...
>
> Actually when you are checked, and it is not published that you were
> checked, you are much better off. When everyone can demand checking because
> THEY are suspicious, publication of check results will only increase the
> amount of vigilantism. Really, you are much better off when trusted people
> do their checking and keep their confidences.
> Thanks,
> GerardM
>
> On Sat, Aug 9, 2008 at 7:46 PM, Todd Allen <toddmallen@gmail.com> wrote:
>
>> On Sat, Aug 9, 2008 at 11:16 AM, Jon <scream@datascreamer.com> wrote:
>> > -----BEGIN PGP SIGNED MESSAGE-----
>> > Hash: SHA1
>> >
>> > SlimVirgin wrote:
>> >> On Sat, Aug 9, 2008 at 10:46 AM, elisabeth bauer
>> >> <eflebeth@googlemail.com> wrote:
>> >>> 2008/8/8 Michael Snow <wikipedia@verizon.net>:
>> >>>
>> >>>> The board intends to vote on this version, but before we do, I wanted
>> to
>> >>>> provide one last opportunity for your feedback.
>> >>> While the policy deals at length with who has access it is very silent
>> >>> about when all these persons are allowed to access my data and
>> >>> actually access my data. The only thing somehow related to this was
>> >>> "As a general principle, the access to, and retention of, personally
>> >>> identifiable data in all projects should be minimal and should be used
>> >>> only internally to serve the well-being of the projects." which is
>> >>> somehow a bit vague. Who defines what is well-being? How is this
>> >>> controlled? Who does guarantee that a nosy checkuser doesn't just look
>> >>> up my user information, revealing my employer, the wikipedia user
>> >>> name of my boyfriend and other friends just for fun? How would I even
>> >>> know?
>> >>
>> >> Elian, this is exactly the situation we have on the English Wikipedia.
>> >> Jimbo takes the view that checkusers may be conducted more or less at
>> >> random, for no reason, and the checkusers follow that lead. In other
>> >> words, the Foundation's checkuser policy is being openly flouted.
>> >>
>> >> We've been told we can't complain to the Ombudsman commission because
>> >> they only deal with violations of the privacy policy, not the
>> >> checkuser policy. We've been told we have no right to know whether
>> >> we've been checked. Attempts to introduce such a rule have led to the
>> >> checkusers saying they will not follow it. And when we do find out
>> >> that we've been checked, the only concern of the checkusers is to find
>> >> out who told us, and to punish that person. It really is a very bad
>> >> situation for the Foundation, one that's bound to lead to trouble
>> >> sooner or later.
>> >>
>> >> Sarah
>> >>
>> >> _______________________________________________
>> >> foundation-l mailing list
>> >> foundation-l@lists.wikimedia.org
>> >> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l
>> >
>> > I personally don't mind being checked. Whenever, by whomever, so long
>> > as the results are not disclosed. (disclosure, not checking, is governed
>> > by the privacy policy.
>> >
>> > - --
>> > Best,
>> > Jon
>> >
>> > [User:NonvocalScream]
>> > -----BEGIN PGP SIGNATURE-----
>> > Version: GnuPG v1.4.9 (MingW32)
>> > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>> >
>> > iEYEARECAAYFAkid0QcACgkQ6+ro8Pm1AtVy0QCeMQHlFaTDaQxNSNcE8CMzzknY
>> > hBwAoK05fUsbUBc4gXcWkZsfEazCNvA/
>> > =GMaV
>> > -----END PGP SIGNATURE-----
>> >
>> > _______________________________________________
>> > foundation-l mailing list
>> > foundation-l@lists.wikimedia.org
>> > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l
>> >
>>
>> I do believe that checking is covered as well. And if it's not, it
>> needs to be. Checks should only be conducted at least upon reasonable
>> suspicion.
>>
>> --
>> Freedom is the right to say that 2+2=4. From this all else follows.
>>
>> _______________________________________________
>> foundation-l mailing list
>> foundation-l@lists.wikimedia.org
>> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l
>>
> _______________________________________________
> foundation-l mailing list
> foundation-l@lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l
>

If I have a "Contact me" email address, I can be easily notified that
I have been checked without "tarnishing my reputation", and I can
choose to make that as public or nonpublic as I like. "You have been
checkusered" by email would result in no tarnishment of a public
reputation while properly notifying the target. Granted, in some
circumstances, suppression of notification may be appropriate, but
such suppression should be logged and justified.

--
Freedom is the right to say that 2+2=4. From this all else follows.

_______________________________________________
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

2008/8/9 SlimVirgin <slimvirgin@gmail.com>:

> We've been told we can't complain to the Ombudsman commission because
> they only deal with violations of the privacy policy, not the
> checkuser policy. We've been told we have no right to know whether
> we've been checked. Attempts to introduce such a rule have led to the
> checkusers saying they will not follow it. And when we do find out
> that we've been checked, the only concern of the checkusers is to find
> out who told us, and to punish that person. It really is a very bad
> situation for the Foundation, one that's bound to lead to trouble
> sooner or later.


Sarah neglects to note that there is a body that can answer this, that
being the Arbitration Committee, and that the matter is currently with
this body after Sarah brought it up in a lengthy and accusation-filled
but evidence-poor thread on wiken-l (she refused to file a case even
while making extensive accusations, so someone else did):

http://en.wikipedia.org/wiki/Wikipedia:Requests_for_arbitration/SlimVirgin-Lar


- d.

_______________________________________________
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

On Sat, Aug 9, 2008 at 2:02 PM, Todd Allen <toddmallen@gmail.com> wrote:
> If I have a "Contact me" email address, I can be easily notified that
> I have been checked without "tarnishing my reputation", and I can
> choose to make that as public or nonpublic as I like. "You have been
> checkusered" by email would result in no tarnishment of a public
> reputation while properly notifying the target. Granted, in some
> circumstances, suppression of notification may be appropriate, but
> such suppression should be logged and justified.
>
> --
> Freedom is the right to say that 2+2=4. From this all else follows.
>
> _______________________________________________
> foundation-l mailing list
> foundation-l@lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l
>

Agreed in principle, however I don't believe it would work. Knowing
some communities fondness for drama, I could easily imagine
the clusterfuck that would ensue by a highly active editor getting an
e-mail saying "You've been checkusered."

Personally, I would be rather put off that someone felt the need to
use a tool that is supposed to be used for countering vandalism
(both obvious and subversive) being used for no real reason against me.

-Chad

_______________________________________________
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

Hoi,
An e-mail address is not universal nor is it compulsory to have one and as a
consequence it is not the solution that you think it is.
Thanks,
GerardM

On Sat, Aug 9, 2008 at 8:02 PM, Todd Allen <toddmallen@gmail.com> wrote:

> On Sat, Aug 9, 2008 at 11:58 AM, Gerard Meijssen
> <gerard.meijssen@gmail.com> wrote:
> > Hoi,
> > So you are checked. You have to appreciate that by your own words, there
> > must be a reasonable suspicion. You even insist that it is published that
> > you have been checked. This means that it is now generally known that you
> > are under a reasonable suspicion... How nice, that you are now known to
> have
> > a tarnished reputation...
> >
> > Actually when you are checked, and it is not published that you were
> > checked, you are much better off. When everyone can demand checking
> because
> > THEY are suspicious, publication of check results will only increase the
> > amount of vigilantism. Really, you are much better off when trusted
> people
> > do their checking and keep their confidences.
> > Thanks,
> > GerardM
> >
> > On Sat, Aug 9, 2008 at 7:46 PM, Todd Allen <toddmallen@gmail.com> wrote:
> >
> >> On Sat, Aug 9, 2008 at 11:16 AM, Jon <scream@datascreamer.com> wrote:
> >> > -----BEGIN PGP SIGNED MESSAGE-----
> >> > Hash: SHA1
> >> >
> >> > SlimVirgin wrote:
> >> >> On Sat, Aug 9, 2008 at 10:46 AM, elisabeth bauer
> >> >> <eflebeth@googlemail.com> wrote:
> >> >>> 2008/8/8 Michael Snow <wikipedia@verizon.net>:
> >> >>>
> >> >>>> The board intends to vote on this version, but before we do, I
> wanted
> >> to
> >> >>>> provide one last opportunity for your feedback.
> >> >>> While the policy deals at length with who has access it is very
> silent
> >> >>> about when all these persons are allowed to access my data and
> >> >>> actually access my data. The only thing somehow related to this was
> >> >>> "As a general principle, the access to, and retention of, personally
> >> >>> identifiable data in all projects should be minimal and should be
> used
> >> >>> only internally to serve the well-being of the projects." which is
> >> >>> somehow a bit vague. Who defines what is well-being? How is this
> >> >>> controlled? Who does guarantee that a nosy checkuser doesn't just
> look
> >> >>> up my user information, revealing my employer, the wikipedia user
> >> >>> name of my boyfriend and other friends just for fun? How would I
> even
> >> >>> know?
> >> >>
> >> >> Elian, this is exactly the situation we have on the English
> Wikipedia.
> >> >> Jimbo takes the view that checkusers may be conducted more or less at
> >> >> random, for no reason, and the checkusers follow that lead. In other
> >> >> words, the Foundation's checkuser policy is being openly flouted.
> >> >>
> >> >> We've been told we can't complain to the Ombudsman commission because
> >> >> they only deal with violations of the privacy policy, not the
> >> >> checkuser policy. We've been told we have no right to know whether
> >> >> we've been checked. Attempts to introduce such a rule have led to the
> >> >> checkusers saying they will not follow it. And when we do find out
> >> >> that we've been checked, the only concern of the checkusers is to
> find
> >> >> out who told us, and to punish that person. It really is a very bad
> >> >> situation for the Foundation, one that's bound to lead to trouble
> >> >> sooner or later.
> >> >>
> >> >> Sarah
> >> >>
> >> >> _______________________________________________
> >> >> foundation-l mailing list
> >> >> foundation-l@lists.wikimedia.org
> >> >> Unsubscribe:
> https://lists.wikimedia.org/mailman/listinfo/foundation-l
> >> >
> >> > I personally don't mind being checked. Whenever, by whomever, so long
> >> > as the results are not disclosed. (disclosure, not checking, is
> governed
> >> > by the privacy policy.
> >> >
> >> > - --
> >> > Best,
> >> > Jon
> >> >
> >> > [User:NonvocalScream]
> >> > -----BEGIN PGP SIGNATURE-----
> >> > Version: GnuPG v1.4.9 (MingW32)
> >> > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> >> >
> >> > iEYEARECAAYFAkid0QcACgkQ6+ro8Pm1AtVy0QCeMQHlFaTDaQxNSNcE8CMzzknY
> >> > hBwAoK05fUsbUBc4gXcWkZsfEazCNvA/
> >> > =GMaV
> >> > -----END PGP SIGNATURE-----
> >> >
> >> > _______________________________________________
> >> > foundation-l mailing list
> >> > foundation-l@lists.wikimedia.org
> >> > Unsubscribe:
> https://lists.wikimedia.org/mailman/listinfo/foundation-l
> >> >
> >>
> >> I do believe that checking is covered as well. And if it's not, it
> >> needs to be. Checks should only be conducted at least upon reasonable
> >> suspicion.
> >>
> >> --
> >> Freedom is the right to say that 2+2=4. From this all else follows.
> >>
> >> _______________________________________________
> >> foundation-l mailing list
> >> foundation-l@lists.wikimedia.org
> >> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l
> >>
> > _______________________________________________
> > foundation-l mailing list
> > foundation-l@lists.wikimedia.org
> > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l
> >
>
> If I have a "Contact me" email address, I can be easily notified that
> I have been checked without "tarnishing my reputation", and I can
> choose to make that as public or nonpublic as I like. "You have been
> checkusered" by email would result in no tarnishment of a public
> reputation while properly notifying the target. Granted, in some
> circumstances, suppression of notification may be appropriate, but
> such suppression should be logged and justified.
>
> --
> Freedom is the right to say that 2+2=4. From this all else follows.
>
> _______________________________________________
> foundation-l mailing list
> foundation-l@lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l
>
_______________________________________________
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

On Thu, Aug 7, 2008 at 10:37 PM, Michael Snow <wikipedia@verizon.net> wrote:

> If you see something in this last draft that strikes you as a
> dealbreaker: that is potentially misleading or seriously problematic for
> any reason, please send me or Mike a note. If we don't hear anything
> within a week, I will ask the board to vote on the current version for
> formal adoption.
>

It seems okay as a descriptive document. I wish there were stricter and
more explicit limits on what can be collected and for how long it can be
kept, but that's probably not going to happen. Specifically, I'd like to
see a commitment to throw away the IP address and username information after
a definite period of time, maybe 30 days.

On a separate point, I disagree with Jon that "disclosure, not checking, is
governed by the privacy policy". There is essentially no difference between
disclosure and checking when the people doing the checking are not agents of
the foundation. Checkusers are, for the most part, *third parties*, so
giving them access to private information *is* disclosure to third parties.
Maybe the privacy policy can (or is) worded in a way to get around that
fact, but it shouldn't be.
_______________________________________________
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

On Sat, Aug 9, 2008 at 6:58 PM, Gerard Meijssen
<gerard.meijssen@gmail.com> wrote:
> Hoi,
> So you are checked. You have to appreciate that by your own words, there
> must be a reasonable suspicion. You even insist that it is published that
> you have been checked. This means that it is now generally known that you
> are under a reasonable suspicion... How nice, that you are now known to have
> a tarnished reputation...
>
> Actually when you are checked, and it is not published that you were
> checked, you are much better off. When everyone can demand checking because
> THEY are suspicious, publication of check results will only increase the
> amount of vigilantism. Really, you are much better off when trusted people
> do their checking and keep their confidences.

Not to mention the leak of confidential information that such
information would entail. Suppose that I am checking whether X and Y
are sockpuppets, and instead I find that X shares an ip with Z. I go
on, check Z some more. Whether Z and X actually are the same person or
not, the information that while checking X and Y I came to Z contains
confidential information that I'm not supposed to give out - whether
it is the information that they are allowed sockpuppets or the
information that they (for example) happen to work in the same
company.


--
André Engels, andreengels@gmail.com
_______________________________________________
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

Hoi,
When someone accepts the function to checkuser, he accepts a role that is
clearly with the community. Calling such a person a "third party" is in my
opinion wrong. The person doing the check user has accepted the rules that
allows for executing this function.
Thanks,
GerardM

On Sat, Aug 9, 2008 at 9:11 PM, Anthony <wikimail@inbox.org> wrote:

> On Thu, Aug 7, 2008 at 10:37 PM, Michael Snow <wikipedia@verizon.net>
> wrote:
>
> > If you see something in this last draft that strikes you as a
> > dealbreaker: that is potentially misleading or seriously problematic for
> > any reason, please send me or Mike a note. If we don't hear anything
> > within a week, I will ask the board to vote on the current version for
> > formal adoption.
> >
>
> It seems okay as a descriptive document. I wish there were stricter and
> more explicit limits on what can be collected and for how long it can be
> kept, but that's probably not going to happen. Specifically, I'd like to
> see a commitment to throw away the IP address and username information
> after
> a definite period of time, maybe 30 days.
>
> On a separate point, I disagree with Jon that "disclosure, not checking, is
> governed by the privacy policy". There is essentially no difference
> between
> disclosure and checking when the people doing the checking are not agents
> of
> the foundation. Checkusers are, for the most part, *third parties*, so
> giving them access to private information *is* disclosure to third parties.
> Maybe the privacy policy can (or is) worded in a way to get around that
> fact, but it shouldn't be.
> _______________________________________________
> foundation-l mailing list
> foundation-l@lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l
>
_______________________________________________
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

Gerard Meijssen wrote:
> Hoi,
> When someone accepts the function to checkuser, he accepts a role that is
> clearly with the community. Calling such a person a "third party" is in my
> opinion wrong. The person doing the check user has accepted the rules that
> allows for executing this function.
> Thanks,
> GerardM


This is an extremely important point. As you can imagine, it was
challenging for Mike to construct a policy that made it clear that there
are roles in the projects such as checkuser which are inside the
community (and therefore, as per Gerard, not considered 'external'), and
yet whose behaviour is not controlled/controllable by the Foundation.

It's an unusual situation, and we tried to be extremely clear, here:

"Projects are primarily run by volunteer contributors. Some dedicated
users are chosen by the community to be given privileged access. For
example, for an English Wikipedia user, user access levels to Wikipedia
are determined by the user's presence in various 'user groups'.

Other users who may have access to private identifiable information
include, but are not limited to, users who have access to OTRS, or to
the CheckUser and Oversight functions, users elected by project
communities to serve as stewards or Arbitrators, Wikimedia Foundation
employees, trustees, appointees, and contractors and agents employed by
the Foundation, and developers and others with high levels of server access.

Access to and publication of this information is governed by the Access
to nonpublic data policy, as well as specific policies covering some of
the functions in question. Sharing information with other privileged
users is not considered "distribution.""


>
> On Sat, Aug 9, 2008 at 9:11 PM, Anthony <wikimail@inbox.org> wrote:
>
>> On Thu, Aug 7, 2008 at 10:37 PM, Michael Snow <wikipedia@verizon.net>
>> wrote:
>>
>>> If you see something in this last draft that strikes you as a
>>> dealbreaker: that is potentially misleading or seriously problematic for
>>> any reason, please send me or Mike a note. If we don't hear anything
>>> within a week, I will ask the board to vote on the current version for
>>> formal adoption.
>>>
>> It seems okay as a descriptive document. I wish there were stricter and
>> more explicit limits on what can be collected and for how long it can be
>> kept, but that's probably not going to happen. Specifically, I'd like to
>> see a commitment to throw away the IP address and username information
>> after
>> a definite period of time, maybe 30 days.
>>
>> On a separate point, I disagree with Jon that "disclosure, not checking, is
>> governed by the privacy policy". There is essentially no difference
>> between
>> disclosure and checking when the people doing the checking are not agents
>> of
>> the foundation. Checkusers are, for the most part, *third parties*, so
>> giving them access to private information *is* disclosure to third parties.
>> Maybe the privacy policy can (or is) worded in a way to get around that
>> fact, but it shouldn't be.
>> _______________________________________________
>> foundation-l mailing list
>> foundation-l@lists.wikimedia.org
>> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l
>>
> _______________________________________________
> foundation-l mailing list
> foundation-l@lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l


_______________________________________________
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

On Sat, Aug 9, 2008 at 1:04 PM, David Gerard <dgerard@gmail.com> wrote:
> 2008/8/9 SlimVirgin <slimvirgin@gmail.com>:
>
>> We've been told we can't complain to the Ombudsman commission because
>> they only deal with violations of the privacy policy, not the
>> checkuser policy. We've been told we have no right to know whether
>> we've been checked. Attempts to introduce such a rule have led to the
>> checkusers saying they will not follow it. And when we do find out
>> that we've been checked, the only concern of the checkusers is to find
>> out who told us, and to punish that person. It really is a very bad
>> situation for the Foundation, one that's bound to lead to trouble
>> sooner or later.
>
>
> Sarah neglects to note that there is a body that can answer this, that
> being the Arbitration Committee, and that the matter is currently with
> this body after Sarah brought it up in a lengthy and accusation-filled
> but evidence-poor thread on wiken-l (she refused to file a case even
> while making extensive accusations, so someone else did):

There is a body that is full of other checkusers, who instantly take
the side of their colleague, so there really is no point in
complaining to it. What we need is a truly independent body run by the
Foundation, answering only to the Foundation and not to people's
mates.

The point is that the Foundation has a checkuser policy that is being
ignored. My argument is either enforce it or get rid of it.

_______________________________________________
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

2008/8/9 SlimVirgin <slimvirgin@gmail.com>:

> There is a body that is full of other checkusers, who instantly take
> the side of their colleague, so there really is no point in
> complaining to it. What we need is a truly independent body run by the
> Foundation, answering only to the Foundation and not to people's
> mates.


Because it must surely be conspiracy, not that you're actually wrong
and forum-shopping.


- d.

_______________________________________________
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

> There is a body that is full of other checkusers, who instantly take
> the side of their colleague, so there really is no point in
> complaining to it. What we need is a truly independent body run by the
> Foundation, answering only to the Foundation and not to people's
> mates.

It's normal for appeals to go to people with the same powers as the
person that made the original decision, it doesn't really work
otherwise. When you think a judge has made a mistake you appeal to a
higher court where the matter will be considered by other judges.
ArbCom is a group of checkusers, whereas the original decision was
made by a single checkuser, that's why the appeal is worthwhile. It's
much easier for one person to make a mistake than for a majority of a
group to make that mistake.

_______________________________________________
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

On Sat, Aug 9, 2008 at 5:08 PM, David Gerard <dgerard@gmail.com> wrote:
> 2008/8/9 SlimVirgin <slimvirgin@gmail.com>:
>
>> There is a body that is full of other checkusers, who instantly take
>> the side of their colleague, so there really is no point in
>> complaining to it. What we need is a truly independent body run by the
>> Foundation, answering only to the Foundation and not to people's
>> mates.
>
>
> Because it must surely be conspiracy, not that you're actually wrong
> and forum-shopping.

Your attitude is an example of the problem. When someone has a
complaint about checkuser use, they are insulted and ridiculed by
ArbCom members, moaned about by other checkusers, and ignored by the
Ombudsman commission. Then attacked on this list for "forum shopping"
if they dare to mention it here.

Of the recent case regarding Lar, I've been told all evidence must be
submitted by this Sunday, then the case will be closed. But I don't
have time to hunt for diffs right now, because I have family coming to
stay until the end of the month. They know this -- they also know this
is a holiday season -- but they want it closed by Sunday nevertheless,
for reasons they're unable to explain. So nothing will be resolved.

What puzzles me is why people like you argue against enforcing the
checkuser policy. If you want to get rid of it -- and if it's so
patently absurd that only lunatics and conspiracy theorists like me
would ever want to enforce it -- why not argue for its removal? There
is simply no point in having a policy that assures editors reasons are
needed for checks, when in fact no reason is ever needed, and Jimbo
supports that, while the Ombudsmen won't look at it, the ArbCom won't
act, the checkuser list won't self-police, and when the issue is
raised here, it's "forum shopping" and time for more abuse from David
Gerard.

With the current gulf between policy and practice, we are lying to
users, pure and simple.

_______________________________________________
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

On Sat, Aug 9, 2008 at 5:19 PM, Thomas Dalton <thomas.dalton@gmail.com> wrote:
>> There is a body that is full of other checkusers, who instantly take
>> the side of their colleague, so there really is no point in
>> complaining to it. What we need is a truly independent body run by the
>> Foundation, answering only to the Foundation and not to people's
>> mates.
>
> It's normal for appeals to go to people with the same powers as the
> person that made the original decision, it doesn't really work
> otherwise. When you think a judge has made a mistake you appeal to a
> higher court where the matter will be considered by other judges.
> ArbCom is a group of checkusers, whereas the original decision was
> made by a single checkuser, that's why the appeal is worthwhile. It's
> much easier for one person to make a mistake than for a majority of a
> group to make that mistake.

Self-policing works where people have integrity and are willing to
criticize their friends. In reality, it's too much to ask of many
people, and there's no need to ask it. It would be a simple matter for
the Foundation to find a couple of mature, truly independent-minded
volunteers (who couldn't care a stuff about being liked by the other
checkusers) to act as a checkuser oversight panel. The very existence
of such a panel would instantly reduce checkuser misuse.

_______________________________________________
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

2008/8/9 SlimVirgin <slimvirgin@gmail.com>:


For those with too much time on their hands, this is largely a
reiteration of the following thread, starting July 19th, after lengthy
postings by SlimVirgin on the subject to [[:en:WP:ANI]]:

http://lists.wikimedia.org/pipermail/wikien-l/2008-July/thread.html#94535

The "put up or shut up" RFAr was accepted July 23rd.


- d.

_______________________________________________
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

> Of the recent case regarding Lar, I've been told all evidence must be
> submitted by this Sunday, then the case will be closed. But I don't
> have time to hunt for diffs right now, because I have family coming to
> stay until the end of the month. They know this -- they also know this
> is a holiday season -- but they want it closed by Sunday nevertheless,
> for reasons they're unable to explain. So nothing will be resolved.

Have you tried politely requesting an extension? That you have family
staying seems to be an excellent reason for needing some more time and
I really can't see ArbCom saying no. I've had my own problems with
ArbCom (I was recently desysoped and was appalled at the bad practices
and judgement shown), but they are usually pretty reasonable when it
comes to real life commitments.

_______________________________________________
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

> Self-policing works where people have integrity and are willing to
> criticize their friends. In reality, it's too much to ask of many
> people, and there's no need to ask it. It would be a simple matter for
> the Foundation to find a couple of mature, truly independent-minded
> volunteers (who couldn't care a stuff about being liked by the other
> checkusers) to act as a checkuser oversight panel. The very existence
> of such a panel would instantly reduce checkuser misuse.

The foundation generally avoids getting involved in the running of the
projects except where absolutely necessary. How about you wait and see
how ArbCom rule (and the reasons they give - those probably will be
private, but presumably you'll be privy to them as a party) before
passing judgement on them?

_______________________________________________
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

If you cannot share the trust that en wp has placed in its checkusers
via a duly elected arbcom you can either vote against that body at
election time or contribute elsewhere. But on en wp mistrusting entire
groups is a no no per WP:AGF.

Btw this is not a foundation l issue and I'm scared to say I agree
with both of gerardm's posts.

Dan
Sent from my iPhone

On Aug 9, 2008, at 6:29 PM, SlimVirgin <slimvirgin@gmail.com> wrote:

> On Sat, Aug 9, 2008 at 5:19 PM, Thomas Dalton
> <thomas.dalton@gmail.com> wrote:
>>> There is a body that is full of other checkusers, who instantly take
>>> the side of their colleague, so there really is no point in
>>> complaining to it. What we need is a truly independent body run by
>>> the
>>> Foundation, answering only to the Foundation and not to people's
>>> mates.
>>
>> It's normal for appeals to go to people with the same powers as the
>> person that made the original decision, it doesn't really work
>> otherwise. When you think a judge has made a mistake you appeal to a
>> higher court where the matter will be considered by other judges.
>> ArbCom is a group of checkusers, whereas the original decision was
>> made by a single checkuser, that's why the appeal is worthwhile. It's
>> much easier for one person to make a mistake than for a majority of a
>> group to make that mistake.
>
> Self-policing works where people have integrity and are willing to
> criticize their friends. In reality, it's too much to ask of many
> people, and there's no need to ask it. It would be a simple matter for
> the Foundation to find a couple of mature, truly independent-minded
> volunteers (who couldn't care a stuff about being liked by the other
> checkusers) to act as a checkuser oversight panel. The very existence
> of such a panel would instantly reduce checkuser misuse.
>
> _______________________________________________
> foundation-l mailing list
> foundation-l@lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

_______________________________________________
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

On Sat, Aug 9, 2008 at 5:11 PM, Sue Gardner <sgardner@wikimedia.org> wrote:

> Gerard Meijssen wrote:
> > Hoi,
> > When someone accepts the function to checkuser, he accepts a role that is
> > clearly with the community. Calling such a person a "third party" is in
> my
> > opinion wrong. The person doing the check user has accepted the rules
> that
> > allows for executing this function.
> > Thanks,
> > GerardM
>
> This is an extremely important point. As you can imagine, it was
> challenging for Mike to construct a policy that made it clear that there
> are roles in the projects such as checkuser which are inside the
> community (and therefore, as per Gerard, not considered 'external'), and
> yet whose behaviour is not controlled/controllable by the Foundation.
>
> It's an unusual situation, and we tried to be extremely clear, here:
>

There's a good reason it's unusual. It's a recipe for disaster. Did you
know that Kelly Martin (alleged "attack site" proprietor) has printed copies
of checkuser results sitting around the house? The privacy policy might
explain how thing are done, but that doesn't mean it's a sane thing to do.
_______________________________________________
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l