Policy talk:Privacy policy

Talk:Privacy policy/header

Template:Archive box non-auto User:MiszaBot/config

When I uploaded some photos taken using my smartphone I didn’t realise that the wikiMedia website would display all the EXIF metadata from the camera. Please can you add a privacy feature to the user account to hide camera make and model information for my contributions Adrian816 (talk) 14:23, 27 February 2018 (UTC)Reply

I think that's a technical question about removal of the EXIF metadata from your existing uploads, and about removing EXIF during your future uploads. Perhaps ask Commons:Village pump? --Gryllida 22:30, 27 February 2018 (UTC)Reply

If your photo is displayed somewhere and you download it from there, the downloaded file has no EXIF metadata. The problem though is that without the metadata, there is no evidence that you're the photographer. Guido den Broeder (talk) 23:47, 1 March 2018 (UTC)Reply

But metadata may be edited by a some easy ways, and this is not a evidence in the general case. --Kaganer (talk) 14:49, 10 April 2018 (UTC)Reply

In my POV show the metadata of a file in Commons improves the transparency and openness of the project. But many persons as Adrian can't be aware of this. We can suggest a legend or banner in the Upload Form to prevent the people to be uninformed of this technical characteristic. ProtoplasmaKid (WM-MX) (talk) 20:17, 21 May 2018 (UTC)Reply

ProtoplasmaKid, Good idea. Rutheni (talk) 10:15, 24 May 2018 (UTC)Reply

I sugest the commons help me —The preceding unsigned comment was added by 168.194.161.181 (talk) 16:27, 7 August 2018 (UTC)Reply

The quite unreadable diff doesn't help the conversation. I recommend that you revert it and apply things like translation unit changes and uppercase changes in separate diffs. Also, some translation units don't follow best practices for translatability. --Nemo 17:28, 21 May 2018 (UTC)Reply

Is there a reason a link to the diff wasn't included in the blog post? Or some kind of summary of the changes? I read a few references to "minor edits" without a description of what was actually changing. I eventually found <https://meta.wikimedia.org/w/index.php?title=Privacy_policy&diff=18063543&oldid=17995859> myself, and I agree with Nemo that this diff is not enjoyable to read, even for long-time editors. It's not immediately clear which paragraphs were removed, which were added, which were reformatted, and why. --MZMcBride (talk) 23:40, 21 May 2018 (UTC)Reply

I tried to do my own quick diff, but it's still nasty. Attempt 1: <https://meta.wikimedia.org/w/index.php?title=Meta:Sandbox&diff=18069162&oldid=18069161>. Attempt 2: <https://meta.wikimedia.org/w/index.php?title=Meta:Sandbox&diff=18069182&oldid=18069171>. Woof. --MZMcBride (talk) 02:05, 23 May 2018 (UTC)Reply

• Agreed, it's pretty disappointing that there's no plain English summary of the changes that I can see, let alone no easy-to-access full diff. Come on WMF; y'all can do better than this. — OwenBlacker (Talk) 06:00, 22 May 2018 (UTC)Reply

• I subscribe to everything said above. I was wondering the same. --Waldir (talk) 09:34, 22 May 2018 (UTC)Reply

• I too came here looking for the actual changes being made. I saw the banner announcement, read the blogpost, read the message on the mailing list... but other than saying that there are some minor changes, nowhere does it actually tell you what these changes actually are. If they're that minor it should be easy to identify them. Since the timing is specifically the same as GDPR, and yet the comments here on this talkpage indicate that these changes do not actually address GDPR issues, is this just a conspicuous coincidence? Wittylama (talk) 12:41, 22 May 2018 (UTC)Reply

• +1 - Just had the privacy banner appear hence the lateness - Like everyone above I too came here to see what had actually changed ..... I didn't really expect diffs .... just a "this has been added" and "this has been removed" ..... Without sounding disrespectful I'm not going to spend all my life reading Privacy policy (FWIW I don't read any of that on other sites either), I guess I just liked to have known what those minor changes were –Davey2010^Talk 01:21, 24 May 2018 (UTC)Reply

As the person who did most of this wikification, I guess I’m the best person to answer this. The answer is, unfortunately, not terribly satisfying: a combination of limitations on the way the content was built up and updated and constraints on version control between different formats as the text wandered through various processes meant that we ended up having to choose between getting the content up in a timely manner or getting the diff viewability and translation markup perfect. The team estimated that the latter would be a considerable additional time investment and we chose the former in this instance and, well, here we are.

So, the bad news is that we don’t really have any feasible way to go back and re-do all the changes in a more diff-able manner, because the changes don’t exist, even on our end, in that format. The good news is that my team has been working with Legal this week this week on better way to address the version control issue going forward. Kbrown (WMF) (talk) 13:53, 23 May 2018 (UTC)Reply

@Kbrown (WMF): a mark-up page with striken and inserted text seems like it would be the simplest option for something like this, agree with everyone on this page that trying to determine what was changed is even challenging for us seasoned editors. — xaosflux ^Talk 01:49, 24 May 2018 (UTC)Reply

Kbrown, nobody has asked that you rewrite history. Just read your own diff, separate it in different parts, revert your edit and apply all the different edits separately. You can save the wikitext on local files and test how the diff looks like on a sandbox, don't worry. --Nemo 06:31, 24 May 2018 (UTC)Reply

@Nemo bis, MZMcBride, OwenBlacker, Waldir, Wittylama, Davey2010, and Xaosflux: I created a hopefully more easily-readable diff over at Privacy policy/2018 update. Hopefully that's more useful. :) I should probably also note that I made this myself and it's not totally impossible I missed some stuff where the changes involved section moves (which are more difficult to display in a format like this). Joe Sutherland (Wikimedia Foundation) (talk) 21:52, 29 May 2018 (UTC)Reply

@JSutherland (WMF): Thank you; good work! — OwenBlacker (Talk) 22:23, 29 May 2018 (UTC)Reply

Thanks so much JS :), –Davey2010^Talk 22:40, 30 May 2018 (UTC)Reply

What are the changes???

Even after spending 1/2 hr chasing down links, I have no friggin' idea what the changes are. Whatever you are doing is not, and I repeat not, transparent. G41rn8 (talk) 02:29, 23 May 2018 (UTC)Reply

Hi G41rn8. Yes, a few of us have been wondering the same in the #Diff quality section of this talk page. It's confusing why it's so difficult to discern what changed. --MZMcBride (talk) 01:41, 23 May 2018 (UTC)Reply

I strongly agree, MZMcBride! --G41rn8 (talk) 02:29, 23 May 2018 (UTC)Reply

Do we know what the changes are yet? Jason Quinn (talk) 14:57, 27 May 2018 (UTC)Reply

@Jason Quinn: I had a go at creating a more easily-readable diff at Privacy policy/2018 update. Perhaps that's useful. Joe Sutherland (Wikimedia Foundation) (talk) 21:48, 29 May 2018 (UTC)Reply

@JSutherland (WMF):. Brilliant. Belated big thanks for that. That's a great way to display the info and this should be done for all changes in the future. Jason Quinn (talk) 13:15, 10 June 2018 (UTC)Reply

Policy is always nice, but without enforcement it is meaningless. There have been multiple breaches of privacy of more than one individual, and by the very people who are supposed to be enforcing it. In some cases, volunteers entrusted with PII have even released this information intentionally. There is still no standard for vetting and training oversighters, or reporting mechanism for breaches. The NDAs signed by oversighters are meaningless, because they are volunteers, not employees or contractors. In spite of multiple failures of the system, there has been no public investigation or examination of the system itself, or even an acknowledgment of the problem. Perhaps it is time for an outside evaluation? —Neotarf (talk) 23:13, 24 May 2018 (UTC)Reply

Hi Neotarf. Concerns about users with Oversight or Checkuser Permissions should be raised with the local Arbitration Committee or with the Ombuds Committee, and the Foundation will work closely with them to resolve any issues. TSebro (WMF) (talk) 04:59, 5 June 2018 (UTC)Reply

So, TSebro (WMF), concerns about the arbitration committee or the ombuds committee should be taken to the arbitration committee or the ombuds committee, and everything will be just fine? The problem with that is that the WMF doesn't *know* whether everything will be just fine, because they aren't tracking it. It may be that instead of "working closely with the Foundation", the committee members will instead choose to block the user so they can't object, block their talk page so they cannot ping someone to unblock them, publish further dox about the individual, remove their email access so they cannot contact someone else to remove the dox, and send them bounce notifications if they try to email the committee directly. I would also note that any private information that someone sends the arbitration committee will then end up being stored in the personal email accounts of the individual arbitrators, even after they are no longer participating with Wikipedia. And the arbcom mailing list has historically been very leaky. Also, if the user is in an region with heavy internet censorship or surveillance, or a repressive government, expecting them to send more and more emails to try to get something removed may actually be dangerous advice and bring additional unwanted attention. It would be better just to have an arbitrators that didn't publish personal information in the first place. Neotarf (talk) 01:30, 15 June 2018 (UTC)Reply

Additional privacy and safety issues

I hope this is not too far off topic, but I don't see a better place to post these concerns.

My first concern is with potential medical and child safety situations and their reporting and followup. I was 17 years old the first time I had to handle a suicide attempt, and within minutes was able to get professional and medical attention to the situation, and was kept informed of the situation throughout the night. The individual survived and later sent me a thank you note. This was in the context of a small non-profit organization with almost no resources. In contrast, with the situations I have been involved with in the Wikimedia organization, no one knows what to do or how to report or how to know whether the situation has been turned over to an appropriate professional. It is known that some people do carry a special phone at times, but they may not be fluent in English or they may just cancel calls without evaluating them. In addition they may not have enough medical skills to make an evaluation or they may have a personal friendship or history of conflict with the individual in question that makes it awkward to report to them or discuss and have taken seriously any information you may have about their medical history that may bear on the situation. In addition, the nature of Wikipedia's pseudo-court/police model of governance makes it less likely that any situation will make it out of the talk pages and get appropriate attention. Administrators and arbitrators are more likely to try to sanction anyone who tries to report something, instead of turning it over to someone who knows how to handle it. In the real world you do not want security handling these situations, they simply escalate and get out of hand; you need someone with management skills. In the context of Wikimedia, these ad hoc solutions that individuals try to put together when they are faced with a situation are simply not working.

The other concern is with PII (Personally Identifying Information) and the refusal of volunteer oversighters and arbitrators to remove it. In December 2014, while serving as an arbitrator with checkuser privileges, user:AGK sent an email refusing to remove Personally Identifying Information, as defined by the Wikimedia Privacy Policy. This year he is a candidate for the 2018 arbitration committee election and I have asked him about this on his talk page. His answer seems to indicate that arbitrators believe they have the authority to suspend the privacy policy retroactively on an individual by banning them, and at that point they do not have to answer for their actions. This to me underscores the necessity of using paid staff who have signed a meaningful NDA for these positions. Trying to get something revdeleted or oversighted is very, very difficult under any circumstances unless you know someone personally. Once you have been named to an arbitration case, you automatically become high profile, whether you want to or not, and there is an almost certain probability you will be stalked on Wikipedia and beyond. This makes it even more urgent that any information, accidental or otherwise, be removed as quickly as possible. Even if you do know someone, and they speak fluent English, it can take dozens of emails to get them to understand and agree. The format of the policy page itself is not much help since it does not incorporate a TOC for navigation or paragraph numbering.

I don't want to just point out issues without suggesting solutions, so I am proposing a button for flagging potential safety situations. Every social media from YouTube to Facebook to Twitter has a button like this, it is extraordinary that Wikipedia does not. Since administrators and arbitrators are usually the first to be made aware of a situation, they should be trained on how to respond to dox and where to request a medical or child safety evaluation. It would take a less than 10 minute self-paced test, and they could be asked to complete it the first time they pass an RFA and every year thereafter, in order to stay current on the latest safety procedures. The proposal is on the community wishlist talk page; I'm sure it can be improved on. Pinging TSebro (WMF) and Mdennis (WMF). Also Doc James might know where to refer any medical related questions.

Thank you for your attention to this. —Neotarf (talk) 22:31, 29 November 2018 (UTC)Reply

Many people here bring up good ideas about hiding camera metadata, ip addresses and so forth. My thought is that a UI window could be added after the ‘describe the edit you made’ window that could give the user privacy options. The purpose of this would be 1.) to let new or uninformed users make their edits without too much effort up front thereby not ‘scaring them away’ and 2.) to have transparent options to publish or delete and explanation about what publishing metadata or IP info (or other similar info) can mean for the user. Victorgrigas (talk) 13:53, 28 May 2018 (UTC) Victorgrigas (talk) 13:53, 28 May 2018 (UTC)Reply

Hi Victorgrigas. Thanks for the suggestion; we've passed it along to our technical teams for consideration. So that I understand your suggestion correctly: are you suggesting the creation of an extra dialogue box that explains the privacy implications of their submission? Some Wikipedias already have a warning for people editing while not logged in, encouraging them to create an account to hide their IP address. We can investigate what kind of privacy information users want to see. TSebro (WMF) (talk) 05:03, 5 June 2018 (UTC)Reply

Yes that's more or less what I'm suggesting, basically add a way AFTER someone has pressed 'edit' and made changes but BEFORE they press save and publish to inform them about the privacy options and implications of saving and publishing. Victorgrigas (talk) 14:00, 5 June 2018 (UTC)Reply

• See also phab:T22326 — xaosflux ^Talk 22:31, 27 September 2018 (UTC)Reply

If you scroll down the page and to the collapse box containing items that the policy does not cover (titled "More on what this Privacy Policy doesn’t cover"), a </noinclude> closing wiki markup tag can be seen. It looks like it's coming from Template:Anchor. I would have just fixed it, but only accounts can edit on wikimediafoundation.org and I don't have one... Who has an account there that can fix this? ~Oshwah~^{(talk) (contribs)} 22:53, 6 July 2018 (UTC)Reply

Hey Oshwah - just fixed it, thanks. Joe Sutherland (Wikimedia Foundation) (talk) 22:07, 7 July 2018 (UTC)Reply

Hi all, wrong tagging detected in the original English page around tags T:109/T110 Text "More on Locally Stored Data" remains in english; why ???

Thank you

I feel Privacy Policy exist for our personal and business information privacy. The lack of concern and properly run area's which can have Privacy the way it's issued in our privacy policy's, we need to implement the known solutions so people and others can feel better no matter where they are or go.

Template:Edit fully-protected Two elements from this page are untranslatable:

• {{Hidden |header=Publicly Visible Information |content=<translate><!--T:94-->
• {{Hidden |header=More on Usernames |content=<translate><!--T:250-->

Please add translate markup on both:

• {{Hidden |header=<translate>Publicly Visible Information</translate> |content=<translate><!--T:94-->
• {{Hidden |header=<translate>More on Usernames</translate> |content=<translate><!--T:250-->

Trizek (WMF) (talk) 09:41, 16 November 2018 (UTC)Reply

 Done and pushed to translation. @Trizek (WMF): thanks for the corrections  — billinghurst sDrewth 09:54, 16 November 2018 (UTC)Reply

Thank you billinghurst! Trizek (WMF) (talk) 10:18, 16 November 2018 (UTC)Reply