Policy talk:Privacy policy: Difference between revisions

Talk:Privacy policy/header

Template:Archive box non-auto User:MiszaBot/config

When I uploaded some photos taken using my smartphone I didn’t realise that the wikiMedia website would display all the EXIF metadata from the camera. Please can you add a privacy feature to the user account to hide camera make and model information for my contributions Adrian816 (talk) 14:23, 27 February 2018 (UTC)[reply]

I think that's a technical question about removal of the EXIF metadata from your existing uploads, and about removing EXIF during your future uploads. Perhaps ask Commons:Village pump? --Gryllida 22:30, 27 February 2018 (UTC)[reply]

If your photo is displayed somewhere and you download it from there, the downloaded file has no EXIF metadata. The problem though is that without the metadata, there is no evidence that you're the photographer. Guido den Broeder (talk) 23:47, 1 March 2018 (UTC)[reply]

But metadata may be edited by a some easy ways, and this is not a evidence in the general case. --Kaganer (talk) 14:49, 10 April 2018 (UTC)[reply]

In my POV show the metadata of a file in Commons improves the transparency and openness of the project. But many persons as Adrian can't be aware of this. We can suggest a legend or banner in the Upload Form to prevent the people to be uninformed of this technical characteristic. ProtoplasmaKid (WM-MX) (talk) 20:17, 21 May 2018 (UTC)[reply]

There seems to be a wide push for USA companies to apply the standards of the GDPR worldwide, for all users: https://uk.reuters.com/article/uk-facebook-ceo-privacy-exclusive/exclusive-facebook-ceo-stops-short-of-extending-european-privacy-globally-idUKKCN1HA2MN

The implications of GDPR may be unclear for our free software, but it would still be helpful if Wikimedia Foundation were ready to answer similar questions. --Nemo 06:06, 4 April 2018 (UTC)[reply]

Strongly agree. Unjustified expansion of application GDPR is a very dangerous and toxic initiative for free knowledge world (and primarily for Wikimedia Commons). It is very important that the WMF Legal Team investigate this topic and publish a special appeal and lead a public campaign against this expansion. @EHershenov (WMF) and TSebro (WMF): what your opinion about this issue? Maybe someone is already working on learning this?--Kaganer (talk) 15:35, 4 April 2018 (UTC)[reply]

GDPR is particularly dangerous for machine learning and data analytics but we needed to pay this price some time.Erkin Alp Güney (talk) 07:30, 22 May 2018 (UTC)[reply]

Hi Kaganer. Since privacy is one of the key values of the Wikimedia movement and the Wikimedia Foundation, the Foundation legal team works hard to monitor related developments all around the world, not just in law, but also in users' expectations and understanding of what constitutes good privacy practices. Privacy is much-discussed these days for a variety of reasons, and we are using this current global conversation as impetus to strengthen our own practices. That's why we reexamined our Privacy Policy and decided to improve it with some minor changes, and why we want to hear from users about what they'd like to see as our privacy practices continue to evolve. We will continue to support and protect the projects and the movement, including user privacy, and we welcome everyone’s feedback on how we can best achieve this. TSebro (WMF) (talk) 21:40, 23 May 2018 (UTC)[reply]

@TSebro (WMF): Dear Tony! Are you sure that your speech is exactly the answer to the questions asked above? Is it possible for us to see your replicas in a less "abstract" form? So that we do not have the impression that these are the robot's answers? --Kaganer (talk) 23:07, 23 May 2018 (UTC)[reply]

Where can one report mappings, true or not, that have been made on Wikimedia sites from an IP address to a living person? 85.179.161.128 09:19, 18 May 2018 (UTC)[reply]

On the English Wikipedia, please contact oversight. On other sites, contact their local oversight process. For meta, and other sites without an oversight process, contact a Steward. TheDragonFire (talk) 11:33, 18 May 2018 (UTC)[reply]

Meta have their own oversighters. Meta:OS — regards, Revi 09:34, 22 May 2018 (UTC)[reply]

The quite unreadable diff doesn't help the conversation. I recommend that you revert it and apply things like translation unit changes and uppercase changes in separate diffs. Also, some translation units don't follow best practices for translatability. --Nemo 17:28, 21 May 2018 (UTC)[reply]

Is there a reason a link to the diff wasn't included in the blog post? Or some kind of summary of the changes? I read a few references to "minor edits" without a description of what was actually changing. I eventually found <https://meta.wikimedia.org/w/index.php?title=Privacy_policy&diff=18063543&oldid=17995859> myself, and I agree with Nemo that this diff is not enjoyable to read, even for long-time editors. It's not immediately clear which paragraphs were removed, which were added, which were reformatted, and why. --MZMcBride (talk) 23:40, 21 May 2018 (UTC)[reply]

I tried to do my own quick diff, but it's still nasty. Attempt 1: <https://meta.wikimedia.org/w/index.php?title=Meta:Sandbox&diff=18069162&oldid=18069161>. Attempt 2: <https://meta.wikimedia.org/w/index.php?title=Meta:Sandbox&diff=18069182&oldid=18069171>. Woof. --MZMcBride (talk) 02:05, 23 May 2018 (UTC)[reply]

• Agreed, it's pretty disappointing that there's no plain English summary of the changes that I can see, let alone no easy-to-access full diff. Come on WMF; y'all can do better than this. — OwenBlacker (Talk) 06:00, 22 May 2018 (UTC)[reply]

• I subscribe to everything said above. I was wondering the same. --Waldir (talk) 09:34, 22 May 2018 (UTC)[reply]

• I too came here looking for the actual changes being made. I saw the banner announcement, read the blogpost, read the message on the mailing list... but other than saying that there are some minor changes, nowhere does it actually tell you what these changes actually are. If they're that minor it should be easy to identify them. Since the timing is specifically the same as GDPR, and yet the comments here on this talkpage indicate that these changes do not actually address GDPR issues, is this just a conspicuous coincidence? Wittylama (talk) 12:41, 22 May 2018 (UTC)[reply]

• +1 - Just had the privacy banner appear hence the lateness - Like everyone above I too came here to see what had actually changed ..... I didn't really expect diffs .... just a "this has been added" and "this has been removed" ..... Without sounding disrespectful I'm not going to spend all my life reading Privacy policy (FWIW I don't read any of that on other sites either), I guess I just liked to have known what those minor changes were –Davey2010^Talk 01:21, 24 May 2018 (UTC)[reply]

As the person who did most of this wikification, I guess I’m the best person to answer this. The answer is, unfortunately, not terribly satisfying: a combination of limitations on the way the content was built up and updated and constraints on version control between different formats as the text wandered through various processes meant that we ended up having to choose between getting the content up in a timely manner or getting the diff viewability and translation markup perfect. The team estimated that the latter would be a considerable additional time investment and we chose the former in this instance and, well, here we are.

So, the bad news is that we don’t really have any feasible way to go back and re-do all the changes in a more diff-able manner, because the changes don’t exist, even on our end, in that format. The good news is that my team has been working with Legal this week this week on better way to address the version control issue going forward. Kbrown (WMF) (talk) 13:53, 23 May 2018 (UTC)[reply]

@Kbrown (WMF): a mark-up page with striken and inserted text seems like it would be the simplest option for something like this, agree with everyone on this page that trying to determine what was changed is even challenging for us seasoned editors. — xaosflux ^Talk 01:49, 24 May 2018 (UTC)[reply]

It's troubling that the updated FAQ section and the link on "Wikipedia:Courtesy_vanishing" make specific reference to a guideline specific to the English Wikipedia. What does "for further reference" entail? --Nemo 17:32, 21 May 2018 (UTC)[reply]

Hi, could you clarify where you’re seeing that problematic link to enwp’s Courtesy vanishing policy? I can’t find it in the FAQ, but wherever it is, I think we can replace a link to enwp vanishing policy with the Meta version of the page I posted yesterday, so if I can get a pointer I think I can fix this. Kbrown (WMF) (talk) 13:54, 23 May 2018 (UTC)[reply]

I'm glad that the new text removed the sentence «you consent to the collection, transfer, storage, processing, disclosure, and other uses of your information in the U.S.», which was quite user-hostile because users don't quite consent to anything. Saying «We will access, use, preserve, and/or disclose» is definitely more honest than «We may access, preserve, or disclose»; same for all the other removed "may" and removed «Information available through public logs will not include personal information about you».

The sentence «Depending on your jurisdiction, you also may have the right to lodge a complaint with a supervisory authority competent for your country or region» is also a welcome admission. The WMF often sounded tone-deaf on this matter in the past. --Nemo 17:56, 21 May 2018 (UTC)[reply]

I see that a sentence was removed: «If you choose to provide your email address, we will keep it confidential, except as provided in this Policy». Other sections kept similar sentences, for instance «We keep IP addresses confidential» and «We keep information obtained by these technologies confidential», in addition to «In the extremely unlikely event that ownership of all or substantially all of the Foundation changes, or we go through a reorganization (such as a merger, consolidation, or acquisition), we will continue to keep your personal information confidential».

What does this mean? Does it mean that other parts of the policy can allow such data to be shared even without saying it explicitly? --Nemo 17:56, 21 May 2018 (UTC)[reply]

Hi Nemo_bis. We are not changing our email handling practices. We just removed this sentence for the sake of clarity and readability. As the policy provides elsewhere, we are committed to keeping Personal Information, including email addresses, confidential as described in the policy. When you use the "Email this user" feature, your email address may become visible, as disclosed in the interface. TSebro (WMF) (talk) 21:45, 23 May 2018 (UTC)[reply]

Why move the paragraph about "Your username will be publicly visible" in the collapsed box? This also breaks the translation unit and forces new translation for all languages. Please just revert (the text is identical).

The paragraphs on "Publicly Visible Information" were hidden too. --Nemo 17:56, 21 May 2018 (UTC)[reply]

Hi Nemo_bis. Our goal in moving some text to collapsed boxes was to make the policy more readable overall. This makes it easier for people to read the main points of the privacy policy, while giving them the opportunity to expand out particular sections if they wish to read further details. We welcome community perspectives on how we can best present this information. If others have opinions about the collapsible box, please let us know. TSebro (WMF) (talk) 21:48, 23 May 2018 (UTC)[reply]

I am curious about whether the current policy is compliant with GDPR when it comes to Europeans people in its databases. For example, has every donator currently receiving sollicitations (by email) to make a donation explicitly given consent for it ? Or is WMF boldly deciding not to follow the requirements in that policy ? Thank you for the answer. Anthere (talk) 21:20, 21 May 2018 (UTC)[reply]

it goes without saying that the current change of policy seems to be particularly fitting well with the GDPR calendar... Anthere (talk) 21:21, 21 May 2018 (UTC)[reply]

Just to avoid confusion: The changes do not make the privacy policy GDPR compliant: A lot of the mandatory information required by art. 13 GDPR is missing. This is a little confusing in light of the timing of the current changes, which would suggest otherwise. —Gnom (talk) Let's make Wikipedia green! 21:47, 21 May 2018 (UTC)[reply]

ok. Thank you for the clarification. Anthere (talk) 17:25, 22 May 2018 (UTC)[reply]

Official summary on article 13 etc.: https://ec.europa.eu/info/law/law-topic/data-protection/reform/rules-business-and-organisations/principles-gdpr/what-information-must-be-given-individuals-whose-data-collected_en --Nemo 20:47, 22 May 2018 (UTC)[reply]

WMF-policy is not compliant to GDPR at least for following rules and probably more: Not clear is

• for how long the data will be kept;
• who else might receive it;

You're much too late to make changes IMNSHO. Perhaps following USA laws and ignore those valid in EU?  Klaas `Z4␟` V:  17:33, 23 May 2018 (UTC)[reply]

And where is WMF's Data Protection Officer? Taraseq (talk) 22:11, 23 May 2018 (UTC)[reply]

It looks to me like the biggest change is to how email addreses will be handled. The changes around it imply that the foundation will now use email addresses to solicit funds. Also, WMF will possibly share email addresses with other entities that further its "charitable mission." Why was the language that protected email addresses removed? It looks a little like a sleight of hand maneuver to allow the giving of information (not "sell") to other organizations that may have donated or contributed to WMF "charitable mission" with no definition of what the mission is or who may use the information to further it. —Preceding unsigned comment added by 2600:8800:1300:16E:F15F:D980:8971:23A0 (talk • contribs)

Really? I've read the changes in the exact opposite way, making the policy more permissive about emails (though arguably nothing extraordinary)=: see #Confidential data. --Nemo 20:43, 22 May 2018 (UTC)[reply]

I think you two have the same point. --Gnom (talk) Let's make Wikipedia green! 04:46, 23 May 2018 (UTC)[reply]

Although the new policy changed the summary sentence that mentions email addresses, the policy keeps a commitment to treat Personal Information, including email addresses, confidential as described in the policy. The minor updates in the policy do not change our practice in handling email addresses. As I mentioned to a question above, one area where your email address may be revealed if you use the "Email this user feature" (as disclosed in the interface). TSebro (WMF) (talk) 21:51, 23 May 2018 (UTC)[reply]

One of the things that always surprised me about mediawiki is that we publicly expose the IP address of editors who we claim to be "anonymous". In reality, through both our software and policies, registered editors are far more anonymous (or pseudonymous) than unregistered editors. This, I don't believe, was ever an active specific choice to expose IP addresses, and is something which we have built many tools upon to help vandal-fighting and sockpuppet-fighting. However, it seems to me to be quite contrary to our general culture of being extremely high privacy-conscious. It is also counter to the practice of most (all?) other websites which allow unregistered contributions: where newbies are automatically assigned a random username e.g. 'Newbie123456789'.

Even if it is not legally required of us by GDPR or other regulations, it feels to me to be the right thing to do to NOT display IP addresses, and instead display an auto-generated ID number.... Admins, or Checkusers or some other level of user-right should still be able to query for the IP address to do vandalfighting of course. Whether the auto-generated ID should be persistent to the IP address, and whether such a system should be retroactive are questions of software implementation (I would argue for "no" in both cases, personally).

Thoughts? Wittylama (talk) 12:49, 22 May 2018 (UTC)[reply]

Note, "we" (as in Wikimedia and MediaWiki) don't claim they're anonymous. The official term is unregistered user. --Nemo 20:44, 22 May 2018 (UTC)[reply]

I think I agree with Wittylama. I bet this has already been discussed elsewhere, though. --Gnom (talk) Let's make Wikipedia green! 04:43, 23 May 2018 (UTC)[reply]

The main reference is mw:Requests for comment/Exposure of user IP addresses. --Nemo 06:23, 23 May 2018 (UTC)[reply]

Thanks for the suggestion, Wittylama. We've passed it along to our technical teams for consideration. TSebro (WMF) (talk) 21:55, 23 May 2018 (UTC)[reply]

I think your reply here is incredibly lame and disappointing. --MZMcBride (talk) 03:04, 24 May 2018 (UTC)[reply]

Hi Wittylama. I would certainly be interested if you gave these ideas more thought and probed the nuance here further. How and if we handle users have not logged in is a pretty complex subject. For example, we could pretty trivially require that all users log in, which pretty neatly solves the problem of exposing IP addresses. Do we want to do that today? Do we ever want to do that? How much of the wiki's strength and identity is tied to the ability of drive-by, casual contributors to make edits? Do we want to retain that capability?

Brion has suggested eliminating the use of IP addresses entirely. Your position seems to be more of a compromise, where IP addresses are still retained, but less exposed. This is not a novel idea, but it quickly raises difficult implementation questions. Namely, how would this actually work? Would every edit that's not logged in get a new unique user ID? If so, how do you prevent abuse? How would we track a single computer user editing across many articles? If you try to persist the identity for more than one edit, how long do you do this? Let's say you can auto-create an account for the first edit and assign it a user name such as "Newbie123". What password would this user account have? What e-mail address would be associated with it? How long would it stay logged in and once it's logged out, how would anyone get back in?

Consider a bit deeper what you're asking for regarding the privacy of accounts. You acknowledge that knowing which IP address "Newbie123" is using could be important and we may need to expand the pool of users with access to this information to include administrators. This stands pretty directly in contrast with the people who think storing IP addresses at all is risky and problematic. And even to people like you who are seeking a compromise solution, you'd be expanding the pool of people with access to what previously would've been considered private and confidential info (IP address info of registered users). Is it reasonable to expand the pool of users who can view the IP addresses of users? Would such an expansion be better than the status quo of exposing IP addresses to the general public? Are we okay with destroying the ability of projects such as <https://twitter.com/congressedits> to function?

As Nemo notes, there's a draft document about this topic. You're more than welcome to help expand it. --MZMcBride (talk) 03:25, 24 May 2018 (UTC)[reply]

Even after spending 1/2 hr chasing down links, I have no friggin' idea what the changes are. Whatever you are doing is not, and I repeat not, transparent. G41rn8 (talk) 02:29, 23 May 2018 (UTC)[reply]

Hi G41rn8. Yes, a few of us have been wondering the same in the #Diff quality section of this talk page. It's confusing why it's so difficult to discern what changed. --MZMcBride (talk) 01:41, 23 May 2018 (UTC)[reply]

I strongly agree, MZMcBride! --G41rn8 (talk) 02:29, 23 May 2018 (UTC)[reply]

I think http://www.wikia.com/Privacy_Policy makes for an instructive reading. --Nemo 12:12, 23 May 2018 (UTC)[reply]