On Fri, Jun 5, 2009 at 5:58 PM, Tisza Gergő<gti...@gmail.com> wrote: > I do argue that it is not in violation of the privacy policy (whether the > people > here find it acceptable is another question).
It may be within the letter of the privacy policy. I think that's entirely arguable, since the policy is so vague. However, it's very clearly against the *intent* of the privacy policy as dictated by the Board. Domas Mitzuas and Michael Snow are both Board members and have both made it clear that they think there's no question that the script in question violated the privacy policy. I believe the major problems with the script are 1) It sent data to a server not directly controlled by the Wikimedia Foundation. No personally identifiable information should be sent in bulk to any non-Wikimedia server. Operation of any server hosting significant amounts of sensitive information must be directly and immediately accountable to Wikimedia's normal chain of command. 2) This use of data was not specifically authorized by the Wikimedia Foundation, via either the Board or appropriate officers. Peter may be a checkuser, but that gives him authorization only to use checkuser functions, not to collect or harvest other types of data. As has been noted, the data collected includes much more than checkusers can access in the course of using their checkuser rights. Neither of these points is made clear in the written privacy policy, however, if they are in fact intended. Last I heard, Erik Zachte is working on improved statistics for all Wikimedia projects. These are running on Wikimedia servers and specifically approved by Wikimedia. It seems like the best course of action would be for people to point out what they think is lacking in his statistics, and perhaps offer to help improve them. _______________________________________________ foundation-l mailing list foundation-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l