Mark (Markie <newsmar...@...> writes: > I still fail to see how, at this point (not before when there was no policy) > this can be considered to be acceptable. IP information etc is still being > passed to an external server, regardless of who it is being operated by. As > we can see at http://meta.wikimedia.org/wiki/Privacy and copied below I > don't see where this is acceptable. > > Release: Policy on Release of Data > > It is the policy of Wikimedia that personally identifiable data collected in > the server logs, or through records in the database via the CheckUser > feature, or through other non-publicly-available methods, may be released by > Wikimedia volunteers or staff, in any of the following situations: > > 1. In response to a valid subpoena or other compulsory request from law > enforcement, > 2. With permission of the affected user, > 3. When necessary for investigation of abuse complaints, > 4. Where the information pertains to page views generated by a spider or > bot and its dissemination is necessary to illustrate or resolve technical > issues, > 5. Where the user has been vandalizing articles or persistently behaving > in a disruptive way, data may be released to a service provider, carrier, > or > other third-party entity to assist in the targeting of IP blocks, or to > assist in the formulation of a complaint to relevant Internet Service > Providers, > 6. Where it is reasonably necessary to protect the rights, property or > safety of the Wikimedia Foundation, its users or the public. > > Except as described above, Wikimedia policy does not permit distribution of > personally identifiable information under any circumstances.
It also says, a few sentences earlier, that "Sharing information with other privileged users is not considered distribution." And Peter has identified himself to the foundation according to the access to nonpublic data policy, so he is a privileged user. I still don't see any violation there - the point of the privacy policy is to regulate release of personally identifiable information from those who have access to those who have not, and in this case no such release happened. > Also there *may* be issues with the security > of that server that means it could be compromised and could probably be > accessed by the web hosting company if they so wished. Peter is CTO of a Hungarian ISP; he is the one hosting the server, and he certainly has the required expertise. Anyway, the privacy policy explicitly disclaims any responsibility for unauthorized access; while the security of the server is certainly a valid issue, it is not an issue with the privacy policy. _______________________________________________ foundation-l mailing list foundation-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l