Policy talk:Privacy policy: Difference between revisions

Talk:Privacy policy/header

Template:Archive box non-auto User:MiszaBot/config

Even after spending 1/2 hr chasing down links, I have no friggin' idea what the changes are. Whatever you are doing is not, and I repeat not, transparent. G41rn8

Hi G41rn8. Yes, a few of us have been wondering the same in the #Diff quality section of this talk page. It's confusing why it's so difficult to discern what changed. --MZMcBride (talk) 01:41, 23 May 2018 (UTC)[reply]

When I uploaded some photos taken using my smartphone I didn’t realise that the wikiMedia website would display all the EXIF metadata from the camera. Please can you add a privacy feature to the user account to hide camera make and model information for my contributions Adrian816 (talk) 14:23, 27 February 2018 (UTC)[reply]

I think that's a technical question about removal of the EXIF metadata from your existing uploads, and about removing EXIF during your future uploads. Perhaps ask Commons:Village pump? --Gryllida 22:30, 27 February 2018 (UTC)[reply]

If your photo is displayed somewhere and you download it from there, the downloaded file has no EXIF metadata. The problem though is that without the metadata, there is no evidence that you're the photographer. Guido den Broeder (talk) 23:47, 1 March 2018 (UTC)[reply]

But metadata may be edited by a some easy ways, and this is not a evidence in the general case. --Kaganer (talk) 14:49, 10 April 2018 (UTC)[reply]

In my POV show the metadata of a file in Commons improves the transparency and openness of the project. But many persons as Adrian can't be aware of this. We can suggest a legend or banner in the Upload Form to prevent the people to be uninformed of this technical characteristic. ProtoplasmaKid (WM-MX) (talk) 20:17, 21 May 2018 (UTC)[reply]

There seems to be a wide push for USA companies to apply the standards of the GDPR worldwide, for all users: https://uk.reuters.com/article/uk-facebook-ceo-privacy-exclusive/exclusive-facebook-ceo-stops-short-of-extending-european-privacy-globally-idUKKCN1HA2MN

The implications of GDPR may be unclear for our free software, but it would still be helpful if Wikimedia Foundation were ready to answer similar questions. --Nemo 06:06, 4 April 2018 (UTC)[reply]

Strongly agree. Unjustified expansion of application GDPR is a very dangerous and toxic initiative for free knowledge world (and primarily for Wikimedia Commons). It is very important that the WMF Legal Team investigate this topic and publish a special appeal and lead a public campaign against this expansion. @EHershenov (WMF) and TSebro (WMF): what your opinion about this issue? Maybe someone is already working on learning this?--Kaganer (talk) 15:35, 4 April 2018 (UTC)[reply]

GDPR is particularly dangerous for machine learning and data analytics but we needed to pay this price some time.Erkin Alp Güney (talk) 07:30, 22 May 2018 (UTC)[reply]

Where can one report mappings, true or not, that have been made on Wikimedia sites from an IP address to a living person? 85.179.161.128 09:19, 18 May 2018 (UTC)[reply]

On the English Wikipedia, please contact oversight. On other sites, contact their local oversight process. For meta, and other sites without an oversight process, contact a Steward. TheDragonFire (talk) 11:33, 18 May 2018 (UTC)[reply]

Meta have their own oversighters. Meta:OS — regards, Revi 09:34, 22 May 2018 (UTC)[reply]

The quite unreadable diff doesn't help the conversation. I recommend that you revert it and apply things like translation unit changes and uppercase changes in separate diffs. Also, some translation units don't follow best practices for translatability. --Nemo 17:28, 21 May 2018 (UTC)[reply]

Is there a reason a link to the diff wasn't included in the blog post? Or some kind of summary of the changes? I read a few references to "minor edits" without a description of what was actually changing. I eventually found <https://meta.wikimedia.org/w/index.php?title=Privacy_policy&diff=18063543&oldid=17995859> myself, and I agree with Nemo that this diff is not enjoyable to read, even for long-time editors. It's not immediately clear which paragraphs were removed, which were added, which were reformatted, and why. --MZMcBride (talk) 23:40, 21 May 2018 (UTC)[reply]

• Agreed, it's pretty disappointing that there's no plain English summary of the changes that I can see, let alone no easy-to-access full diff. Come on WMF; y'all can do better than this. — OwenBlacker (Talk) 06:00, 22 May 2018 (UTC)[reply]

• I subscribe to everything said above. I was wondering the same. --Waldir (talk) 09:34, 22 May 2018 (UTC)[reply]

• I too came here looking for the actual changes being made. I saw the banner announcement, read the blogpost, read the message on the mailing list... but other than saying that there are some minor changes, nowhere does it actually tell you what these changes actually are. If they're that minor it should be easy to identify them. Since the timing is specifically the same as GDPR, and yet the comments here on this talkpage indicate that these changes do not actually address GDPR issues, is this just a conspicuous coincidence? Wittylama (talk) 12:41, 22 May 2018 (UTC)[reply]

It's troubling that the updated FAQ section and the link on "Wikipedia:Courtesy_vanishing" make specific reference to a guideline specific to the English Wikipedia. What does "for further reference" entail? --Nemo 17:32, 21 May 2018 (UTC)[reply]

I'm glad that the new text removed the sentence «you consent to the collection, transfer, storage, processing, disclosure, and other uses of your information in the U.S.», which was quite user-hostile because users don't quite consent to anything. Saying «We will access, use, preserve, and/or disclose» is definitely more honest than «We may access, preserve, or disclose»; same for all the other removed "may" and removed «Information available through public logs will not include personal information about you».

The sentence «Depending on your jurisdiction, you also may have the right to lodge a complaint with a supervisory authority competent for your country or region» is also a welcome admission. The WMF often sounded tone-deaf on this matter in the past. --Nemo 17:56, 21 May 2018 (UTC)[reply]

I see that a sentence was removed: «If you choose to provide your email address, we will keep it confidential, except as provided in this Policy». Other sections kept similar sentences, for instance «We keep IP addresses confidential» and «We keep information obtained by these technologies confidential», in addition to «In the extremely unlikely event that ownership of all or substantially all of the Foundation changes, or we go through a reorganization (such as a merger, consolidation, or acquisition), we will continue to keep your personal information confidential».

What does this mean? Does it mean that other parts of the policy can allow such data to be shared even without saying it explicitly? --Nemo 17:56, 21 May 2018 (UTC)[reply]

Why move the paragraph about "Your username will be publicly visible" in the collapsed box? This also breaks the translation unit and forces new translation for all languages. Please just revert (the text is identical).

The paragraphs on "Publicly Visible Information" were hidden too. --Nemo 17:56, 21 May 2018 (UTC)[reply]

I am curious about whether the current policy is compliant with GDPR when it comes to Europeans people in its databases. For example, has every donator currently receiving sollicitations (by email) to make a donation explicitly given consent for it ? Or is WMF boldly deciding not to follow the requirements in that policy ? Thank you for the answer. Anthere (talk) 21:20, 21 May 2018 (UTC)[reply]

it goes without saying that the current change of policy seems to be particularly fitting well with the GDPR calendar... Anthere (talk) 21:21, 21 May 2018 (UTC)[reply]

Just to avoid confusion: The changes do not make the privacy policy GDPR compliant: A lot of the mandatory information required by art. 13 GDPR is missing. This is a little confusing in light of the timing of the current changes, which would suggest otherwise. —Gnom (talk) Let's make Wikipedia green! 21:47, 21 May 2018 (UTC)[reply]

ok. Thank you for the clarification. Anthere (talk) 17:25, 22 May 2018 (UTC)[reply]

Official summary on article 13 etc.: https://ec.europa.eu/info/law/law-topic/data-protection/reform/rules-business-and-organisations/principles-gdpr/what-information-must-be-given-individuals-whose-data-collected_en --Nemo 20:47, 22 May 2018 (UTC)[reply]

It looks to me like the biggest change is to how email addreses will be handled. The changes around it imply that the foundation will now use email addresses to solicit funds. Also, WMF will possibly share email addresses with other entities that further its "charitable mission." Why was the language that protected email addresses removed? It looks a little like a sleight of hand maneuver to allow the giving of information (not "sell") to other organizations that may have donated or contributed to WMF "charitable mission" with no definition of what the mission is or who may use the information to further it. —Preceding unsigned comment added by 2600:8800:1300:16E:F15F:D980:8971:23A0 (talk • contribs)

Really? I've read the changes in the exact opposite way, making the policy more permissive about emails (though arguably nothing extraordinary)=: see #Confidential data. --Nemo 20:43, 22 May 2018 (UTC)[reply]

One of the things that always surprised me about mediawiki is that we publicly expose the IP address of editors who we claim to be "anonymous". In reality, through both our software and policies, registered editors are far more anonymous (or pseudonymous) than unregistered editors. This, I don't believe, was ever an active specific choice to expose IP addresses, and is something which we have built many tools upon to help vandal-fighting and sockpuppet-fighting. However, it seems to me to be quite contrary to our general culture of being extremely high privacy-conscious. It is also counter to the practice of most (all?) other websites which allow unregistered contributions: where newbies are automatically assigned a random username e.g. 'Newbie123456789'.

Even if it is not legally required of us by GDPR or other regulations, it feels to me to be the right thing to do to NOT display IP addresses, and instead display an auto-generated ID number.... Admins, or Checkusers or some other level of user-right should still be able to query for the IP address to do vandalfighting of course. Whether the auto-generated ID should be persistent to the IP address, and whether such a system should be retroactive are questions of software implementation (I would argue for "no" in both cases, personally).

Thoughts? Wittylama (talk) 12:49, 22 May 2018 (UTC)[reply]

Note, "we" (as in Wikimedia and MediaWiki) don't claim they're anonymous. The official term is unregistered user. --Nemo 20:44, 22 May 2018 (UTC)[reply]