________________________________
From: David Gerard <[email protected]>
To: Wikimedia Foundation Mailing List <[email protected]>
Sent: Sat, February 26, 2011 9:55:48 PM
Subject: Re: [Foundation-l] Genisis of WMF Identification policy?
On 26 February 2011 22:58, Birgitte SB <[email protected]> wrote:
I think we really need the actual threat and threat model detailed.
Expanding the identification policy without a thorough grounding risks
it turning into worse security theatre - a completely lost purpose.[1]
I have no objection in principle to providing my identification to
WMF. But the rationale needs to be bulletproof. What's it for, what
verification is used, how to deal with documents from countries that
are not like the US ... this is all important and needs to be laid out
in full and explicit detail. It really hasn't been so far.
I don't know what a "threat model" is but surely it is the current privacy
policy with identifications being record which the piece of theatre. Where the
"threat model" with full and explicit detail that explains why checkuser are
give access to *my* private data?
" Say checkuser User:Foo breaches the privacy policy and rightly loses
checkuser
rights. There is no record available to WMF identifying RealName as User:Foo.
So RealName retires User:Foo and registers User:Bar who is then able to become
a
checkuser. Is this truly a responsible privacy policy when there is no way of
preventing those who have abused their access to private data from once again
obtaining access to private data?"
Is that situation not plausible to you, or merely non-threatening? I mean such
people that fit the first part of the situation exist right now, how do suggest
they are prevented from having another account reach checkuser? The communities
are particularly weak in this area.
As I said before, I understand that there are issues to resolve about the
identification policy before it can be implemented. However you need to
understand that the privacy of many more people than those few with access to
private data is put at an unacceptable level of risk while this remains
unsettled. I understand that those who are being asked to identify want to
protect their data. Please understand that I want someone to protect my data
as
well. And frankly the having communities electing checkusers is not good
enough
protection as people with a past of abusing their access to private data can
win
such elections. Holding out and risking the privacy of all the users of WMF
sites until everything is "bulletproof" or perfectly to your satisfaction is
quite arrogant. If you can not be satisfied short of that, then resign the
positions which give you access to my private data and let things move forward
so my data can be given a reasonable amount of protection. That is all I am
looking for a reasonable amount of protection for both your(trusted volunteer)
data and my(regular user) data. But when people start demanding impossible
future-predicting protection for volunteer data, then the other group is left
with inadequate protection.
Birgitte SB
_______________________________________________
foundation-l mailing list
[email protected]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l
