Or ACC Cyberpower678 English Wikipedia Account Creation Team ACC Mailing List Moderator Global User Renamer
> On Mar 9, 2016, at 08:26, John <[email protected]> wrote: > > Keep in mind there are two parts to labs. tools.wmflabs has a proxy in front > that filters out ip addresses, but non-tool projects may need user IP info > for one thing or another (UTRS for example) > > >> On Wednesday, March 9, 2016, Tim Landscheidt <[email protected]> wrote: >> (anonymous) wrote: >> >> > I think the situation with passwords has been clarified. Thanks for that. >> >> > However, there is still the matter of Labs users potentially logging and >> > publishing the IPs of users who access the tool. My impression that this >> > forbidden by policy but not by technical means. Can the wording of "By >> > using this project, you agree that any private information you give to this >> > project may be made publicly available and not be treated as confidential." >> > be made more narrow to reflect that, in fact, it's not true that "any >> > private information you give to this project may be made publicly available >> > and not treated as confidential" unless a tool owner is breaking policy? >> >> > Also, I'm wondering what to do about the vulnerability of user IPs being >> > recorded and tracked. It sounds like there are three options: >> > 1. Use technical means to prevent Labs tools from loading external >> > resources that could potentially track IPs >> > 2. Prohibit this practice by policy, and run some kind of background check >> > on tool admins similar to what's done for CUs >> > 3. Keep the status quo of warning users of potential disclosure but not do >> > much to protect users against improper disclosure. >> >> > Finally, it seems to me that the penalty for publishing private information >> > in violation of Labs policy should involve far more than simply revoking >> > Labs permissions. I think that this would merit the same kind of legal >> > action that would likely be brought to bear if a checkuser or WMF employee >> > did the same thing. There can be real-world consequences for users whose >> > private information is made public, and therefore I think that it's >> > appropriate that real-world legal action be explicitly included in the >> > scope of possible consequences for misconduct of this kind, and I think >> > that this should be noted in the Labs Terms of Use. >> >> > Thoughts? >> >> > I'm also looping in Michelle and James. >> >> I live in a country where you need a court order to resolve >> an IP and a timestamp to a name and an address, so I would >> strongly recommend emigrating from countries where this is >> different or using a privacy service in a safe country. >> >> But even if I was concerned about my IP address, I would >> certainly not access Wikipedia with it where this precious >> datum can be accessed by an indeterminate and fluctuating >> number of employees and international contractors of a >> Florida organization with offices in San Francisco and a >> legal address in Los Angeles, but also by any administrator >> on the wiki with the power to add some JavaScript or tracker >> images. Much less would I access any site where the de- >> clared purpose is that random users can host their brilliant >> tools with no review necessary so that functionality can be >> provided immediately and not with the years of delay typical >> of WMF software development. >> >> So if someone is blackmailed about their IP address, I would >> strongly recommend (even stronger than emigration) to report >> the blackmailer and the one emphasizing the danger!!!eleven! >> to the police so that law enforcement can deal with the >> criminal and investigate any links between the two. >> >> If someone is not blackmailed, they should have plenty of >> time to come up with a structure for tools not reviewed in >> any way where breaches of privacy are technically impossi- >> ble. It rolls off the tongue like that, so it can't be that >> hard to implement. >> >> Tim >> >> >> _______________________________________________ >> Labs-l mailing list >> [email protected] >> https://lists.wikimedia.org/mailman/listinfo/labs-l > _______________________________________________ > Labs-l mailing list > [email protected] > https://lists.wikimedia.org/mailman/listinfo/labs-l
_______________________________________________ Labs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/labs-l
