Re: [Wikimedia-l] Who invoked "principle of least surprise" for the image filter?

[Bjoern Hoehrmann]

* Michael Peel wrote:
>My understanding of this line of argument was that images would be
>displayed where you would expect them to be displayed (e.g. the article
>on penis or vagina would naturally include a picture of a penis or
>vagina), but wouldn't be immediately displayed where you wouldn't expect
>them (e.g. if you want to find information on necklaces made of pearls).

Did anyone argue for displaying images where they would not expect them?
-- 
Björn Höhrmann · mailto:bjo...@hoehrmann.de · http://bjoern.hoehrmann.de
Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de
25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/ 

___
Wikimedia-l mailing list
Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l

Re: [Wikimedia-l] CheckUser openness

[John]

I am not asking for checkuser results, rather the basic logs about
when/why/who may have checkusered the account. I am not asking CUs to
release IP/user-agent/other info, but to let users know that they are being
CUed, by whom and why. and to be able to request that historical
information from the CU logs

On Wed, Jun 13, 2012 at 9:54 PM, James Alexander wrote:

> To be honest the biggest problem is that releasing this information can
> hurt quite a lot. It can give away the techniques the checkuser (or
> checkusers, more then one working together is very common to make sure
> they're right) used to draw the connections. This is especially true for
> technical information where it can easily give away 'tell-tale' signs used
> as part of the determination.
>
> Almost every time I've ever seen the information demanded it was quite
> clear (usually even with out any type of technical information) that the
> user was guilty as charged and now they just wanted one of those two
> things: A target (the CU) or the information (to find out where they went
> wrong).
>
> Yes, if a horrible checkuser was checking you you wouldn't know instantly
> but that's why we have so many checks and balances. Giving all of this
> information to everyone, especially automatically, would make it almost
> infinitely harder for checkusers to do their job.
>
> James
>
> On Wed, Jun 13, 2012 at 6:30 PM, John  wrote:
>
> > Risker comment was basically "lets not set a global accountability and
> > ability to get CU related logs of our self on a global level, instead
> take
> > it to each project and fight it out there" to me that reeks of
> obfuscation.
> > Realistically this should be a global policy, just like our privacy
> policy
> > is. Why shouldnt users know when they have been checkusered and why?
> >
> > On Wed, Jun 13, 2012 at 9:24 PM, Philippe Beaudette, Wikimedia
> Foundation <
> > pbeaude...@wikimedia.org> wrote:
> >
> > > I dunno, John, you almost had me convinced until that email. I saw in
> > that
> > > mail a reasonable comment from Risker based on long time precedent.
> > >
> > > As you may know, there are a number of checks and balances in place.
> > > First, the CUs watch each other. With a broad group, you can be assured
> > > they don't all always agree and there is healthy debate and dialogue.
> > > Second, enwp has an audit subcommittee that routinely audits the logs
> > with
> > > a fine toothed comb.  They are NOT all previous checkusers, to avoid
> the
> > > sort of groupthink that appears to concern you. Then, the WMF has an
> > > ombudsman commission, which also may audit with commission from the
> > Board.
> > > Those people take their role very seriously. And last, anyone with
> > genuine
> > > privacy concerns can contact the WMF:  me, Maggie, anyone in the legal
> or
> > > community advocacy department.
> > >
> > > Is it an iron clad assurance of no misbehavior?  Probably not, and we
> > will
> > > continue to get better at it: but I will say that in 3 years of being
> > > pretty closely involved with that team, I'm impressed with how much
> they
> > > err on the side of protection of privacy. I have a window into their
> > world,
> > > and they have my respect.
> > >
> > > Best, PB
> > > ---
> > > Philippe Beaudette
> > > Director, Community Advocacy
> > > Wikimedia Foundation, Inc
> > >
> > >
> > > Sent from my Verizon Wireless BlackBerry
> > >
> > > -Original Message-
> > > From: John 
> > > Sender: wikimedia-l-boun...@lists.wikimedia.org
> > > Date: Wed, 13 Jun 2012 21:17:09
> > > To: Wikimedia Mailing List
> > > Reply-To: Wikimedia Mailing List 
> > > Subject: Re: [Wikimedia-l] CheckUser openness
> > >
> > > Yet another attempt from a checkuser to make monitoring their actions
> and
> > > ensuring our privacy more difficult.
> > >
> > > On Wed, Jun 13, 2012 at 9:10 PM, Risker  wrote:
> > >
> > > > Each project has its own standards and thresholds for when checkusers
> > may
> > > > be done, provided that they are within the limits of the privacy
> > policy.
> > > > These standards vary widely.  So, the correct place to discuss this
> is
> > on
> > > > each project.
> > > >
> > > > Risker
> > > >
> > > > On 13 June 2012 21:02, Thomas Dalton 
> wrote:
> > > >
> > > > > Why shouldn't spambots and vandals be notified? Just have the
> > software
> > > > > automatically email anyone that is CUed. Then the threshold is
> simply
> > > > > whether you have an email address attached to your account or not.
> > > > >
> > > > > This seems like a good idea. People have a right to know what is
> > being
> > > > done
> > > > > with their data.
> > > > > On Jun 14, 2012 12:35 AM, "Risker"  wrote:
> > > > >
> > > > > > On 13 June 2012 19:18, John  wrote:
> > > > > >
> > > > > > > This is something that has been bugging me for a while. When a
> > user
> > > > has
> > > > > > > been checkusered they should at least be notified of who
> > preformed
> > > it
> > > > > and
> > > > > > > why it w

Re: [Wikimedia-l] CheckUser openness

[James Alexander]

To be honest the biggest problem is that releasing this information can
hurt quite a lot. It can give away the techniques the checkuser (or
checkusers, more then one working together is very common to make sure
they're right) used to draw the connections. This is especially true for
technical information where it can easily give away 'tell-tale' signs used
as part of the determination.

Almost every time I've ever seen the information demanded it was quite
clear (usually even with out any type of technical information) that the
user was guilty as charged and now they just wanted one of those two
things: A target (the CU) or the information (to find out where they went
wrong).

Yes, if a horrible checkuser was checking you you wouldn't know instantly
but that's why we have so many checks and balances. Giving all of this
information to everyone, especially automatically, would make it almost
infinitely harder for checkusers to do their job.

James

On Wed, Jun 13, 2012 at 6:30 PM, John  wrote:

> Risker comment was basically "lets not set a global accountability and
> ability to get CU related logs of our self on a global level, instead take
> it to each project and fight it out there" to me that reeks of obfuscation.
> Realistically this should be a global policy, just like our privacy policy
> is. Why shouldnt users know when they have been checkusered and why?
>
> On Wed, Jun 13, 2012 at 9:24 PM, Philippe Beaudette, Wikimedia Foundation <
> pbeaude...@wikimedia.org> wrote:
>
> > I dunno, John, you almost had me convinced until that email. I saw in
> that
> > mail a reasonable comment from Risker based on long time precedent.
> >
> > As you may know, there are a number of checks and balances in place.
> > First, the CUs watch each other. With a broad group, you can be assured
> > they don't all always agree and there is healthy debate and dialogue.
> > Second, enwp has an audit subcommittee that routinely audits the logs
> with
> > a fine toothed comb.  They are NOT all previous checkusers, to avoid the
> > sort of groupthink that appears to concern you. Then, the WMF has an
> > ombudsman commission, which also may audit with commission from the
> Board.
> > Those people take their role very seriously. And last, anyone with
> genuine
> > privacy concerns can contact the WMF:  me, Maggie, anyone in the legal or
> > community advocacy department.
> >
> > Is it an iron clad assurance of no misbehavior?  Probably not, and we
> will
> > continue to get better at it: but I will say that in 3 years of being
> > pretty closely involved with that team, I'm impressed with how much they
> > err on the side of protection of privacy. I have a window into their
> world,
> > and they have my respect.
> >
> > Best, PB
> > ---
> > Philippe Beaudette
> > Director, Community Advocacy
> > Wikimedia Foundation, Inc
> >
> >
> > Sent from my Verizon Wireless BlackBerry
> >
> > -Original Message-
> > From: John 
> > Sender: wikimedia-l-boun...@lists.wikimedia.org
> > Date: Wed, 13 Jun 2012 21:17:09
> > To: Wikimedia Mailing List
> > Reply-To: Wikimedia Mailing List 
> > Subject: Re: [Wikimedia-l] CheckUser openness
> >
> > Yet another attempt from a checkuser to make monitoring their actions and
> > ensuring our privacy more difficult.
> >
> > On Wed, Jun 13, 2012 at 9:10 PM, Risker  wrote:
> >
> > > Each project has its own standards and thresholds for when checkusers
> may
> > > be done, provided that they are within the limits of the privacy
> policy.
> > > These standards vary widely.  So, the correct place to discuss this is
> on
> > > each project.
> > >
> > > Risker
> > >
> > > On 13 June 2012 21:02, Thomas Dalton  wrote:
> > >
> > > > Why shouldn't spambots and vandals be notified? Just have the
> software
> > > > automatically email anyone that is CUed. Then the threshold is simply
> > > > whether you have an email address attached to your account or not.
> > > >
> > > > This seems like a good idea. People have a right to know what is
> being
> > > done
> > > > with their data.
> > > > On Jun 14, 2012 12:35 AM, "Risker"  wrote:
> > > >
> > > > > On 13 June 2012 19:18, John  wrote:
> > > > >
> > > > > > This is something that has been bugging me for a while. When a
> user
> > > has
> > > > > > been checkusered they should at least be notified of who
> preformed
> > it
> > > > and
> > > > > > why it was preformed. I know this is not viable for every single
> CU
> > > > > action
> > > > > > as many are for anons. But for those users who have been around
> > for a
> > > > > > period, (say autoconfirmed) they should be notified when they are
> > > CU'ed
> > > > > and
> > > > > > any user should be able to request the CU logs pertaining to
> > > themselves
> > > > > > (who CU'ed them, when, and why) at will. I have seen CU's refuse
> to
> > > > > provide
> > > > > > information to the accused.
> > > > > >
> > > > > > See the Rich Farmbrough ArbCom case where I suspect obvious
> > fishing,
> > > > > 

Re: [Wikimedia-l] CheckUser openness

[Nathan]

On Wed, Jun 13, 2012 at 9:24 PM, Philippe Beaudette, Wikimedia Foundation <
pbeaude...@wikimedia.org> wrote:

> I dunno, John, you almost had me convinced until that email. I saw in that
> mail a reasonable comment from Risker based on long time precedent.
>
> As you may know, there are a number of checks and balances in place.
> First, the CUs watch each other. With a broad group, you can be assured
> they don't all always agree and there is healthy debate and dialogue.
> Second, enwp has an audit subcommittee that routinely audits the logs with
> a fine toothed comb.  They are NOT all previous checkusers, to avoid the
> sort of groupthink that appears to concern you. Then, the WMF has an
> ombudsman commission, which also may audit with commission from the Board.
> Those people take their role very seriously. And last, anyone with genuine
> privacy concerns can contact the WMF:  me, Maggie, anyone in the legal or
> community advocacy department.
>
> Is it an iron clad assurance of no misbehavior?  Probably not, and we will
> continue to get better at it: but I will say that in 3 years of being
> pretty closely involved with that team, I'm impressed with how much they
> err on the side of protection of privacy. I have a window into their world,
> and they have my respect.
>
> Best, PB
> ---
> Philippe Beaudette
> Director, Community Advocacy
> Wikimedia Foundation, Inc
>
>
>
There is also the Meta checkuser policy; not all policy guidance for
checkusers is set locally, they all have to abide by the global policy on
checkuser usage (which incorporates by reference the privacy policy).

To make an analogy to the health world... In the United States, the privacy
and security of health information is governed by the Health Insurance
Portability And Accountability Act (HIPAA). Part of the act is the
requirement that access to health information be auditable, and that an
accounting of access to protected information be provided to the person
concerned upon request. It's not that far out to suggest that people should
be notified when their personally identifying information is accessed on
Wikimedia, if we invest that information with the significance that many
wish to. To be honest, I'm surprised Risker doesn't agree, given the
emphasis on personal privacy demonstrated in the IPv6 thread on this list.

Nathan
___
Wikimedia-l mailing list
Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l

Re: [Wikimedia-l] CheckUser openness

[John]

Risker comment was basically "lets not set a global accountability and
ability to get CU related logs of our self on a global level, instead take
it to each project and fight it out there" to me that reeks of obfuscation.
Realistically this should be a global policy, just like our privacy policy
is. Why shouldnt users know when they have been checkusered and why?

On Wed, Jun 13, 2012 at 9:24 PM, Philippe Beaudette, Wikimedia Foundation <
pbeaude...@wikimedia.org> wrote:

> I dunno, John, you almost had me convinced until that email. I saw in that
> mail a reasonable comment from Risker based on long time precedent.
>
> As you may know, there are a number of checks and balances in place.
> First, the CUs watch each other. With a broad group, you can be assured
> they don't all always agree and there is healthy debate and dialogue.
> Second, enwp has an audit subcommittee that routinely audits the logs with
> a fine toothed comb.  They are NOT all previous checkusers, to avoid the
> sort of groupthink that appears to concern you. Then, the WMF has an
> ombudsman commission, which also may audit with commission from the Board.
> Those people take their role very seriously. And last, anyone with genuine
> privacy concerns can contact the WMF:  me, Maggie, anyone in the legal or
> community advocacy department.
>
> Is it an iron clad assurance of no misbehavior?  Probably not, and we will
> continue to get better at it: but I will say that in 3 years of being
> pretty closely involved with that team, I'm impressed with how much they
> err on the side of protection of privacy. I have a window into their world,
> and they have my respect.
>
> Best, PB
> ---
> Philippe Beaudette
> Director, Community Advocacy
> Wikimedia Foundation, Inc
>
>
> Sent from my Verizon Wireless BlackBerry
>
> -Original Message-
> From: John 
> Sender: wikimedia-l-boun...@lists.wikimedia.org
> Date: Wed, 13 Jun 2012 21:17:09
> To: Wikimedia Mailing List
> Reply-To: Wikimedia Mailing List 
> Subject: Re: [Wikimedia-l] CheckUser openness
>
> Yet another attempt from a checkuser to make monitoring their actions and
> ensuring our privacy more difficult.
>
> On Wed, Jun 13, 2012 at 9:10 PM, Risker  wrote:
>
> > Each project has its own standards and thresholds for when checkusers may
> > be done, provided that they are within the limits of the privacy policy.
> > These standards vary widely.  So, the correct place to discuss this is on
> > each project.
> >
> > Risker
> >
> > On 13 June 2012 21:02, Thomas Dalton  wrote:
> >
> > > Why shouldn't spambots and vandals be notified? Just have the software
> > > automatically email anyone that is CUed. Then the threshold is simply
> > > whether you have an email address attached to your account or not.
> > >
> > > This seems like a good idea. People have a right to know what is being
> > done
> > > with their data.
> > > On Jun 14, 2012 12:35 AM, "Risker"  wrote:
> > >
> > > > On 13 June 2012 19:18, John  wrote:
> > > >
> > > > > This is something that has been bugging me for a while. When a user
> > has
> > > > > been checkusered they should at least be notified of who preformed
> it
> > > and
> > > > > why it was preformed. I know this is not viable for every single CU
> > > > action
> > > > > as many are for anons. But for those users who have been around
> for a
> > > > > period, (say autoconfirmed) they should be notified when they are
> > CU'ed
> > > > and
> > > > > any user should be able to request the CU logs pertaining to
> > themselves
> > > > > (who CU'ed them, when, and why) at will. I have seen CU's refuse to
> > > > provide
> > > > > information to the accused.
> > > > >
> > > > > See the Rich Farmbrough ArbCom case where I suspect obvious
> fishing,
> > > > where
> > > > > the CU'ed user was requesting information and the CU claimed it
> would
> > > be
> > > > a
> > > > > violation of the privacy policy to release the
> time/reason/performer
> > of
> > > > the
> > > > > checkuser.
> > > > >
> > > > > This screams of obfuscation and the hiding of information. I know
> the
> > > > > ombudsman committee exists as a check and balance, however before
> > > > something
> > > > > can be passed to them evidence of inappropriate action is needed.
> > Ergo
> > > > > Catch-22
> > > > >
> > > > > I know checkusers  keep a private wiki
> > > > > https://checkuser.wikimedia.org/wiki/Main_Page and I know
> according
> > to
> > > > our
> > > > > privacy policy we are supposed to purge our information regularly
> (on
> > > > wiki
> > > > > CU logs exist for 90 days) however who oversees the regular removal
> > of
> > > > > private information on the wiki?
> > > > >
> > > > > My proposal would be for all users who are at least auto confirmed
> to
> > > be
> > > > > notified and be able to request all CU logs regarding themselves at
> > any
> > > > > point, and any mentions of themselves on the CU wiki should be
> > > > retrievable.
> > > > >
> > > > >
> > > > >
> > > > Pe

Re: [Wikimedia-l] CheckUser openness

[Philippe Beaudette, Wikimedia Foundation]

I dunno, John, you almost had me convinced until that email. I saw in that mail 
a reasonable comment from Risker based on long time precedent.

As you may know, there are a number of checks and balances in place. First, the 
CUs watch each other. With a broad group, you can be assured they don't all 
always agree and there is healthy debate and dialogue. Second, enwp has an 
audit subcommittee that routinely audits the logs with a fine toothed comb.  
They are NOT all previous checkusers, to avoid the sort of groupthink that 
appears to concern you. Then, the WMF has an ombudsman commission, which also 
may audit with commission from the Board. Those people take their role very 
seriously. And last, anyone with genuine privacy concerns can contact the WMF:  
me, Maggie, anyone in the legal or community advocacy department. 

Is it an iron clad assurance of no misbehavior?  Probably not, and we will 
continue to get better at it: but I will say that in 3 years of being pretty 
closely involved with that team, I'm impressed with how much they err on the 
side of protection of privacy. I have a window into their world, and they have 
my respect. 

Best, PB
---
Philippe Beaudette
Director, Community Advocacy
Wikimedia Foundation, Inc 


Sent from my Verizon Wireless BlackBerry

-Original Message-
From: John 
Sender: wikimedia-l-boun...@lists.wikimedia.org
Date: Wed, 13 Jun 2012 21:17:09 
To: Wikimedia Mailing List
Reply-To: Wikimedia Mailing List 
Subject: Re: [Wikimedia-l] CheckUser openness

Yet another attempt from a checkuser to make monitoring their actions and
ensuring our privacy more difficult.

On Wed, Jun 13, 2012 at 9:10 PM, Risker  wrote:

> Each project has its own standards and thresholds for when checkusers may
> be done, provided that they are within the limits of the privacy policy.
> These standards vary widely.  So, the correct place to discuss this is on
> each project.
>
> Risker
>
> On 13 June 2012 21:02, Thomas Dalton  wrote:
>
> > Why shouldn't spambots and vandals be notified? Just have the software
> > automatically email anyone that is CUed. Then the threshold is simply
> > whether you have an email address attached to your account or not.
> >
> > This seems like a good idea. People have a right to know what is being
> done
> > with their data.
> > On Jun 14, 2012 12:35 AM, "Risker"  wrote:
> >
> > > On 13 June 2012 19:18, John  wrote:
> > >
> > > > This is something that has been bugging me for a while. When a user
> has
> > > > been checkusered they should at least be notified of who preformed it
> > and
> > > > why it was preformed. I know this is not viable for every single CU
> > > action
> > > > as many are for anons. But for those users who have been around for a
> > > > period, (say autoconfirmed) they should be notified when they are
> CU'ed
> > > and
> > > > any user should be able to request the CU logs pertaining to
> themselves
> > > > (who CU'ed them, when, and why) at will. I have seen CU's refuse to
> > > provide
> > > > information to the accused.
> > > >
> > > > See the Rich Farmbrough ArbCom case where I suspect obvious fishing,
> > > where
> > > > the CU'ed user was requesting information and the CU claimed it would
> > be
> > > a
> > > > violation of the privacy policy to release the time/reason/performer
> of
> > > the
> > > > checkuser.
> > > >
> > > > This screams of obfuscation and the hiding of information. I know the
> > > > ombudsman committee exists as a check and balance, however before
> > > something
> > > > can be passed to them evidence of inappropriate action is needed.
> Ergo
> > > > Catch-22
> > > >
> > > > I know checkusers  keep a private wiki
> > > > https://checkuser.wikimedia.org/wiki/Main_Page and I know according
> to
> > > our
> > > > privacy policy we are supposed to purge our information regularly (on
> > > wiki
> > > > CU logs exist for 90 days) however who oversees the regular removal
> of
> > > > private information on the wiki?
> > > >
> > > > My proposal would be for all users who are at least auto confirmed to
> > be
> > > > notified and be able to request all CU logs regarding themselves at
> any
> > > > point, and any mentions of themselves on the CU wiki should be
> > > retrievable.
> > > >
> > > >
> > > >
> > > Perhaps some full disclosure should be made here John.  You are a
> > checkuser
> > > yourself, have access to the checkuser-L mailing list and the checkuser
> > > wiki, helped to set up the Audit Subcommittee on the English Wikipedia
> > > (which carries out reviews of checkuser/oversighter actions on
> request);
> > > you are also a member of the English Wikipedia functionaries mailing
> list
> > > because you are a former arbitrator, a checkuser and an oversighter on
> > > enwp. (so have access there to express your concerns or suggest changes
> > in
> > > standards),   It seems you are complaining about a specific case, and
> > > instead of talking things out about this specific case, you

Re: [Wikimedia-l] CheckUser openness

[John]

Yet another attempt from a checkuser to make monitoring their actions and
ensuring our privacy more difficult.

On Wed, Jun 13, 2012 at 9:10 PM, Risker  wrote:

> Each project has its own standards and thresholds for when checkusers may
> be done, provided that they are within the limits of the privacy policy.
> These standards vary widely.  So, the correct place to discuss this is on
> each project.
>
> Risker
>
> On 13 June 2012 21:02, Thomas Dalton  wrote:
>
> > Why shouldn't spambots and vandals be notified? Just have the software
> > automatically email anyone that is CUed. Then the threshold is simply
> > whether you have an email address attached to your account or not.
> >
> > This seems like a good idea. People have a right to know what is being
> done
> > with their data.
> > On Jun 14, 2012 12:35 AM, "Risker"  wrote:
> >
> > > On 13 June 2012 19:18, John  wrote:
> > >
> > > > This is something that has been bugging me for a while. When a user
> has
> > > > been checkusered they should at least be notified of who preformed it
> > and
> > > > why it was preformed. I know this is not viable for every single CU
> > > action
> > > > as many are for anons. But for those users who have been around for a
> > > > period, (say autoconfirmed) they should be notified when they are
> CU'ed
> > > and
> > > > any user should be able to request the CU logs pertaining to
> themselves
> > > > (who CU'ed them, when, and why) at will. I have seen CU's refuse to
> > > provide
> > > > information to the accused.
> > > >
> > > > See the Rich Farmbrough ArbCom case where I suspect obvious fishing,
> > > where
> > > > the CU'ed user was requesting information and the CU claimed it would
> > be
> > > a
> > > > violation of the privacy policy to release the time/reason/performer
> of
> > > the
> > > > checkuser.
> > > >
> > > > This screams of obfuscation and the hiding of information. I know the
> > > > ombudsman committee exists as a check and balance, however before
> > > something
> > > > can be passed to them evidence of inappropriate action is needed.
> Ergo
> > > > Catch-22
> > > >
> > > > I know checkusers  keep a private wiki
> > > > https://checkuser.wikimedia.org/wiki/Main_Page and I know according
> to
> > > our
> > > > privacy policy we are supposed to purge our information regularly (on
> > > wiki
> > > > CU logs exist for 90 days) however who oversees the regular removal
> of
> > > > private information on the wiki?
> > > >
> > > > My proposal would be for all users who are at least auto confirmed to
> > be
> > > > notified and be able to request all CU logs regarding themselves at
> any
> > > > point, and any mentions of themselves on the CU wiki should be
> > > retrievable.
> > > >
> > > >
> > > >
> > > Perhaps some full disclosure should be made here John.  You are a
> > checkuser
> > > yourself, have access to the checkuser-L mailing list and the checkuser
> > > wiki, helped to set up the Audit Subcommittee on the English Wikipedia
> > > (which carries out reviews of checkuser/oversighter actions on
> request);
> > > you are also a member of the English Wikipedia functionaries mailing
> list
> > > because you are a former arbitrator, a checkuser and an oversighter on
> > > enwp. (so have access there to express your concerns or suggest changes
> > in
> > > standards),   It seems you are complaining about a specific case, and
> > > instead of talking things out about this specific case, you've decided
> to
> > > propose an entirely different checkusering standard.  I'll point out
>  in
> > > passing that half of the spambots blocked in recent weeks by checkusers
> > > were autoconfirmed on one or more projects, and even obvious vandals
> can
> > > hit the autoconfirmed threshold easily on most projects.
> > >
> > > Full disclosure on my part: I am also an Enwp checkuser and a member of
> > the
> > > Arbitration Committee.
> > >
> > > Risker
> > > ___
> > > Wikimedia-l mailing list
> > > Wikimedia-l@lists.wikimedia.org
> > > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
> > >
> > ___
> > Wikimedia-l mailing list
> > Wikimedia-l@lists.wikimedia.org
> > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
> >
> ___
> Wikimedia-l mailing list
> Wikimedia-l@lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
>
___
Wikimedia-l mailing list
Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l

Re: [Wikimedia-l] CheckUser openness

[Risker]

Each project has its own standards and thresholds for when checkusers may
be done, provided that they are within the limits of the privacy policy.
These standards vary widely.  So, the correct place to discuss this is on
each project.

Risker

On 13 June 2012 21:02, Thomas Dalton  wrote:

> Why shouldn't spambots and vandals be notified? Just have the software
> automatically email anyone that is CUed. Then the threshold is simply
> whether you have an email address attached to your account or not.
>
> This seems like a good idea. People have a right to know what is being done
> with their data.
> On Jun 14, 2012 12:35 AM, "Risker"  wrote:
>
> > On 13 June 2012 19:18, John  wrote:
> >
> > > This is something that has been bugging me for a while. When a user has
> > > been checkusered they should at least be notified of who preformed it
> and
> > > why it was preformed. I know this is not viable for every single CU
> > action
> > > as many are for anons. But for those users who have been around for a
> > > period, (say autoconfirmed) they should be notified when they are CU'ed
> > and
> > > any user should be able to request the CU logs pertaining to themselves
> > > (who CU'ed them, when, and why) at will. I have seen CU's refuse to
> > provide
> > > information to the accused.
> > >
> > > See the Rich Farmbrough ArbCom case where I suspect obvious fishing,
> > where
> > > the CU'ed user was requesting information and the CU claimed it would
> be
> > a
> > > violation of the privacy policy to release the time/reason/performer of
> > the
> > > checkuser.
> > >
> > > This screams of obfuscation and the hiding of information. I know the
> > > ombudsman committee exists as a check and balance, however before
> > something
> > > can be passed to them evidence of inappropriate action is needed. Ergo
> > > Catch-22
> > >
> > > I know checkusers  keep a private wiki
> > > https://checkuser.wikimedia.org/wiki/Main_Page and I know according to
> > our
> > > privacy policy we are supposed to purge our information regularly (on
> > wiki
> > > CU logs exist for 90 days) however who oversees the regular removal of
> > > private information on the wiki?
> > >
> > > My proposal would be for all users who are at least auto confirmed to
> be
> > > notified and be able to request all CU logs regarding themselves at any
> > > point, and any mentions of themselves on the CU wiki should be
> > retrievable.
> > >
> > >
> > >
> > Perhaps some full disclosure should be made here John.  You are a
> checkuser
> > yourself, have access to the checkuser-L mailing list and the checkuser
> > wiki, helped to set up the Audit Subcommittee on the English Wikipedia
> > (which carries out reviews of checkuser/oversighter actions on request);
> > you are also a member of the English Wikipedia functionaries mailing list
> > because you are a former arbitrator, a checkuser and an oversighter on
> > enwp. (so have access there to express your concerns or suggest changes
> in
> > standards),   It seems you are complaining about a specific case, and
> > instead of talking things out about this specific case, you've decided to
> > propose an entirely different checkusering standard.  I'll point out  in
> > passing that half of the spambots blocked in recent weeks by checkusers
> > were autoconfirmed on one or more projects, and even obvious vandals can
> > hit the autoconfirmed threshold easily on most projects.
> >
> > Full disclosure on my part: I am also an Enwp checkuser and a member of
> the
> > Arbitration Committee.
> >
> > Risker
> > ___
> > Wikimedia-l mailing list
> > Wikimedia-l@lists.wikimedia.org
> > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
> >
> ___
> Wikimedia-l mailing list
> Wikimedia-l@lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
>
___
Wikimedia-l mailing list
Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l

Re: [Wikimedia-l] CheckUser openness

[Thomas Dalton]

Why shouldn't spambots and vandals be notified? Just have the software
automatically email anyone that is CUed. Then the threshold is simply
whether you have an email address attached to your account or not.

This seems like a good idea. People have a right to know what is being done
with their data.
On Jun 14, 2012 12:35 AM, "Risker"  wrote:

> On 13 June 2012 19:18, John  wrote:
>
> > This is something that has been bugging me for a while. When a user has
> > been checkusered they should at least be notified of who preformed it and
> > why it was preformed. I know this is not viable for every single CU
> action
> > as many are for anons. But for those users who have been around for a
> > period, (say autoconfirmed) they should be notified when they are CU'ed
> and
> > any user should be able to request the CU logs pertaining to themselves
> > (who CU'ed them, when, and why) at will. I have seen CU's refuse to
> provide
> > information to the accused.
> >
> > See the Rich Farmbrough ArbCom case where I suspect obvious fishing,
> where
> > the CU'ed user was requesting information and the CU claimed it would be
> a
> > violation of the privacy policy to release the time/reason/performer of
> the
> > checkuser.
> >
> > This screams of obfuscation and the hiding of information. I know the
> > ombudsman committee exists as a check and balance, however before
> something
> > can be passed to them evidence of inappropriate action is needed. Ergo
> > Catch-22
> >
> > I know checkusers  keep a private wiki
> > https://checkuser.wikimedia.org/wiki/Main_Page and I know according to
> our
> > privacy policy we are supposed to purge our information regularly (on
> wiki
> > CU logs exist for 90 days) however who oversees the regular removal of
> > private information on the wiki?
> >
> > My proposal would be for all users who are at least auto confirmed to be
> > notified and be able to request all CU logs regarding themselves at any
> > point, and any mentions of themselves on the CU wiki should be
> retrievable.
> >
> >
> >
> Perhaps some full disclosure should be made here John.  You are a checkuser
> yourself, have access to the checkuser-L mailing list and the checkuser
> wiki, helped to set up the Audit Subcommittee on the English Wikipedia
> (which carries out reviews of checkuser/oversighter actions on request);
> you are also a member of the English Wikipedia functionaries mailing list
> because you are a former arbitrator, a checkuser and an oversighter on
> enwp. (so have access there to express your concerns or suggest changes in
> standards),   It seems you are complaining about a specific case, and
> instead of talking things out about this specific case, you've decided to
> propose an entirely different checkusering standard.  I'll point out  in
> passing that half of the spambots blocked in recent weeks by checkusers
> were autoconfirmed on one or more projects, and even obvious vandals can
> hit the autoconfirmed threshold easily on most projects.
>
> Full disclosure on my part: I am also an Enwp checkuser and a member of the
> Arbitration Committee.
>
> Risker
> ___
> Wikimedia-l mailing list
> Wikimedia-l@lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
>
___
Wikimedia-l mailing list
Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l

Re: [Wikimedia-l] CheckUser openness

[Nathan]

On Wed, Jun 13, 2012 at 8:34 PM, Samuel Klein  wrote:

> On Wed, Jun 13, 2012 at 7:42 PM, John  wrote:
> > PS I am not a former arb, do not have access to functionaries mailing
> list,
> > I do not have access nor have ever had access to any of the above
> including
> > Oversight. I was just throwing out autoconfirmed as a line in the sand,
> we
> > can adjust the line so that normal users can be notified while excluding
> > spambots. One point could be say 50 edits and at least a month old
> account?
>
> Using a similarly arbitrary high threshhold: how often are checks -
> order of magnitude - made on users who are eligible to vote in arbcom
> elections?
>
> SJ
>

At least every day, there are 5 or 6 who qualify by edit count waiting for
CU on SPI right now.

~Nathan
___
Wikimedia-l mailing list
Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l

Re: [Wikimedia-l] Update on IPv6

[John Vandenberg]

On Jun 14, 2012 1:30 AM, "Brandon Harris"  wrote:
>
>A couple of weeks ago, Brion Vibber and I started walking through
a series of thoughts about eliminating publicly viewable IP addresses
altogether, creating "Proto Accounts".  That is, to completely anonymize
anonymous users (by calling them "Anonymous XX") and at the same time
creating system whereby Anonymous users might be encouraged to become
registered users (and retain the edits they did anonymously).
>
>This would work by "back-loading" the account creation process:
>
>1) User makes anonymous edit (as "Anonymous 1234").  Edit
is logged as "Anonymous 1234").
>2) User is given call-to-action to convert to a registered
account.
>3) User fills out account form (username, password, email)
(let's call them "AwesomeSauce89")
>4) Proto account gets renamed to "AwesomeSauce89"; the
edits that were under "Anonymous 1234" are now listed as being by
"AwesomeSauce89"
>
>I also spoke with Tim Starling about this in Berlin and he agreed
that it was a good idea.  However, this would be no small feat.  A big part
of the problems involved in this type of anonymizing involve how we deal
with range blocks.
>
>Would this be something people might like to see. .

Yes!

--JV
___
Wikimedia-l mailing list
Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l

Re: [Wikimedia-l] CheckUser openness

[Samuel Klein]

On Wed, Jun 13, 2012 at 7:42 PM, John  wrote:
> PS I am not a former arb, do not have access to functionaries mailing list,
> I do not have access nor have ever had access to any of the above including
> Oversight. I was just throwing out autoconfirmed as a line in the sand, we
> can adjust the line so that normal users can be notified while excluding
> spambots. One point could be say 50 edits and at least a month old account?

Using a similarly arbitrary high threshhold: how often are checks -
order of magnitude - made on users who are eligible to vote in arbcom
elections?

SJ

___
Wikimedia-l mailing list
Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l

Re: [Wikimedia-l] .wiki TLD

[James Salsman]

Someone is willing to pay $210K for the .wiki TLD? The Foundation
could have had it for $120,000 in 2009, per Rod Beckstrom's quote. I
did an analysis showing it would have probably have been worth it then
in amount of time an extreme compact URL would have saved typing.  It
turned out that users' time would have only had to have been worth
$1.50/hour for it to pay for itself in five years, but since then
combined search/URL bars have become far more prevalent, so I'm sure
that's gone up along with the price. Meh.

___
Wikimedia-l mailing list
Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l

Re: [Wikimedia-l] CheckUser openness

[John]

PS I am not a former arb, do not have access to functionaries mailing list,
I do not have access nor have ever had access to any of the above including
Oversight. I was just throwing out autoconfirmed as a line in the sand, we
can adjust the line so that normal users can be notified while excluding
spambots. One point could be say 50 edits and at least a month old account?
The nature and required secrecy for such a open project is scary in this
regards.

John

On Wed, Jun 13, 2012 at 7:37 PM, John  wrote:

> I am not a checkuser, I do not have access to checkuser-l, the CU wiki, or
> any other private information. This goes far beyond the one case, I was
> just using it as a recent example
>
>
> On Wed, Jun 13, 2012 at 7:34 PM, Risker  wrote:
>
>> On 13 June 2012 19:18, John  wrote:
>>
>> > This is something that has been bugging me for a while. When a user has
>> > been checkusered they should at least be notified of who preformed it
>> and
>> > why it was preformed. I know this is not viable for every single CU
>> action
>> > as many are for anons. But for those users who have been around for a
>> > period, (say autoconfirmed) they should be notified when they are CU'ed
>> and
>> > any user should be able to request the CU logs pertaining to themselves
>> > (who CU'ed them, when, and why) at will. I have seen CU's refuse to
>> provide
>> > information to the accused.
>> >
>> > See the Rich Farmbrough ArbCom case where I suspect obvious fishing,
>> where
>> > the CU'ed user was requesting information and the CU claimed it would
>> be a
>> > violation of the privacy policy to release the time/reason/performer of
>> the
>> > checkuser.
>> >
>> > This screams of obfuscation and the hiding of information. I know the
>> > ombudsman committee exists as a check and balance, however before
>> something
>> > can be passed to them evidence of inappropriate action is needed. Ergo
>> > Catch-22
>> >
>> > I know checkusers  keep a private wiki
>> > https://checkuser.wikimedia.org/wiki/Main_Page and I know according to
>> our
>> > privacy policy we are supposed to purge our information regularly (on
>> wiki
>> > CU logs exist for 90 days) however who oversees the regular removal of
>> > private information on the wiki?
>> >
>> > My proposal would be for all users who are at least auto confirmed to be
>> > notified and be able to request all CU logs regarding themselves at any
>> > point, and any mentions of themselves on the CU wiki should be
>> retrievable.
>> >
>> >
>> >
>> Perhaps some full disclosure should be made here John.  You are a
>> checkuser
>> yourself, have access to the checkuser-L mailing list and the checkuser
>> wiki, helped to set up the Audit Subcommittee on the English Wikipedia
>> (which carries out reviews of checkuser/oversighter actions on request);
>> you are also a member of the English Wikipedia functionaries mailing list
>> because you are a former arbitrator, a checkuser and an oversighter on
>> enwp. (so have access there to express your concerns or suggest changes in
>> standards),   It seems you are complaining about a specific case, and
>> instead of talking things out about this specific case, you've decided to
>> propose an entirely different checkusering standard.  I'll point out  in
>> passing that half of the spambots blocked in recent weeks by checkusers
>> were autoconfirmed on one or more projects, and even obvious vandals can
>> hit the autoconfirmed threshold easily on most projects.
>>
>> Full disclosure on my part: I am also an Enwp checkuser and a member of
>> the
>> Arbitration Committee.
>>
>> Risker
>> ___
>> Wikimedia-l mailing list
>> Wikimedia-l@lists.wikimedia.org
>> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
>>
>
>
___
Wikimedia-l mailing list
Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l

Re: [Wikimedia-l] CheckUser openness

[Risker]

My apologies to you John - and also to John Vandenberg, whose name popped
up when I cursored over this.

Please do consider expressing a concern to the Audit Subcommittee with
respect to this case, or alternately to the Ombudsman.

Risker

On 13 June 2012 19:37, John  wrote:

> I am not a checkuser, I do not have access to checkuser-l, the CU wiki, or
> any other private information. This goes far beyond the one case, I was
> just using it as a recent example
>
> On Wed, Jun 13, 2012 at 7:34 PM, Risker  wrote:
>
> > On 13 June 2012 19:18, John  wrote:
> >
> > > This is something that has been bugging me for a while. When a user has
> > > been checkusered they should at least be notified of who preformed it
> and
> > > why it was preformed. I know this is not viable for every single CU
> > action
> > > as many are for anons. But for those users who have been around for a
> > > period, (say autoconfirmed) they should be notified when they are CU'ed
> > and
> > > any user should be able to request the CU logs pertaining to themselves
> > > (who CU'ed them, when, and why) at will. I have seen CU's refuse to
> > provide
> > > information to the accused.
> > >
> > > See the Rich Farmbrough ArbCom case where I suspect obvious fishing,
> > where
> > > the CU'ed user was requesting information and the CU claimed it would
> be
> > a
> > > violation of the privacy policy to release the time/reason/performer of
> > the
> > > checkuser.
> > >
> > > This screams of obfuscation and the hiding of information. I know the
> > > ombudsman committee exists as a check and balance, however before
> > something
> > > can be passed to them evidence of inappropriate action is needed. Ergo
> > > Catch-22
> > >
> > > I know checkusers  keep a private wiki
> > > https://checkuser.wikimedia.org/wiki/Main_Page and I know according to
> > our
> > > privacy policy we are supposed to purge our information regularly (on
> > wiki
> > > CU logs exist for 90 days) however who oversees the regular removal of
> > > private information on the wiki?
> > >
> > > My proposal would be for all users who are at least auto confirmed to
> be
> > > notified and be able to request all CU logs regarding themselves at any
> > > point, and any mentions of themselves on the CU wiki should be
> > retrievable.
> > >
> > >
> > >
> > Perhaps some full disclosure should be made here John.  You are a
> checkuser
> > yourself, have access to the checkuser-L mailing list and the checkuser
> > wiki, helped to set up the Audit Subcommittee on the English Wikipedia
> > (which carries out reviews of checkuser/oversighter actions on request);
> > you are also a member of the English Wikipedia functionaries mailing list
> > because you are a former arbitrator, a checkuser and an oversighter on
> > enwp. (so have access there to express your concerns or suggest changes
> in
> > standards),   It seems you are complaining about a specific case, and
> > instead of talking things out about this specific case, you've decided to
> > propose an entirely different checkusering standard.  I'll point out  in
> > passing that half of the spambots blocked in recent weeks by checkusers
> > were autoconfirmed on one or more projects, and even obvious vandals can
> > hit the autoconfirmed threshold easily on most projects.
> >
> > Full disclosure on my part: I am also an Enwp checkuser and a member of
> the
> > Arbitration Committee.
> >
> > Risker
> > ___
> > Wikimedia-l mailing list
> > Wikimedia-l@lists.wikimedia.org
> > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
> >
> ___
> Wikimedia-l mailing list
> Wikimedia-l@lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
>
___
Wikimedia-l mailing list
Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l

Re: [Wikimedia-l] CheckUser openness

[John]

I am not a checkuser, I do not have access to checkuser-l, the CU wiki, or
any other private information. This goes far beyond the one case, I was
just using it as a recent example

On Wed, Jun 13, 2012 at 7:34 PM, Risker  wrote:

> On 13 June 2012 19:18, John  wrote:
>
> > This is something that has been bugging me for a while. When a user has
> > been checkusered they should at least be notified of who preformed it and
> > why it was preformed. I know this is not viable for every single CU
> action
> > as many are for anons. But for those users who have been around for a
> > period, (say autoconfirmed) they should be notified when they are CU'ed
> and
> > any user should be able to request the CU logs pertaining to themselves
> > (who CU'ed them, when, and why) at will. I have seen CU's refuse to
> provide
> > information to the accused.
> >
> > See the Rich Farmbrough ArbCom case where I suspect obvious fishing,
> where
> > the CU'ed user was requesting information and the CU claimed it would be
> a
> > violation of the privacy policy to release the time/reason/performer of
> the
> > checkuser.
> >
> > This screams of obfuscation and the hiding of information. I know the
> > ombudsman committee exists as a check and balance, however before
> something
> > can be passed to them evidence of inappropriate action is needed. Ergo
> > Catch-22
> >
> > I know checkusers  keep a private wiki
> > https://checkuser.wikimedia.org/wiki/Main_Page and I know according to
> our
> > privacy policy we are supposed to purge our information regularly (on
> wiki
> > CU logs exist for 90 days) however who oversees the regular removal of
> > private information on the wiki?
> >
> > My proposal would be for all users who are at least auto confirmed to be
> > notified and be able to request all CU logs regarding themselves at any
> > point, and any mentions of themselves on the CU wiki should be
> retrievable.
> >
> >
> >
> Perhaps some full disclosure should be made here John.  You are a checkuser
> yourself, have access to the checkuser-L mailing list and the checkuser
> wiki, helped to set up the Audit Subcommittee on the English Wikipedia
> (which carries out reviews of checkuser/oversighter actions on request);
> you are also a member of the English Wikipedia functionaries mailing list
> because you are a former arbitrator, a checkuser and an oversighter on
> enwp. (so have access there to express your concerns or suggest changes in
> standards),   It seems you are complaining about a specific case, and
> instead of talking things out about this specific case, you've decided to
> propose an entirely different checkusering standard.  I'll point out  in
> passing that half of the spambots blocked in recent weeks by checkusers
> were autoconfirmed on one or more projects, and even obvious vandals can
> hit the autoconfirmed threshold easily on most projects.
>
> Full disclosure on my part: I am also an Enwp checkuser and a member of the
> Arbitration Committee.
>
> Risker
> ___
> Wikimedia-l mailing list
> Wikimedia-l@lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
>
___
Wikimedia-l mailing list
Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l

Re: [Wikimedia-l] CheckUser openness

[Risker]

On 13 June 2012 19:18, John  wrote:

> This is something that has been bugging me for a while. When a user has
> been checkusered they should at least be notified of who preformed it and
> why it was preformed. I know this is not viable for every single CU action
> as many are for anons. But for those users who have been around for a
> period, (say autoconfirmed) they should be notified when they are CU'ed and
> any user should be able to request the CU logs pertaining to themselves
> (who CU'ed them, when, and why) at will. I have seen CU's refuse to provide
> information to the accused.
>
> See the Rich Farmbrough ArbCom case where I suspect obvious fishing, where
> the CU'ed user was requesting information and the CU claimed it would be a
> violation of the privacy policy to release the time/reason/performer of the
> checkuser.
>
> This screams of obfuscation and the hiding of information. I know the
> ombudsman committee exists as a check and balance, however before something
> can be passed to them evidence of inappropriate action is needed. Ergo
> Catch-22
>
> I know checkusers  keep a private wiki
> https://checkuser.wikimedia.org/wiki/Main_Page and I know according to our
> privacy policy we are supposed to purge our information regularly (on wiki
> CU logs exist for 90 days) however who oversees the regular removal of
> private information on the wiki?
>
> My proposal would be for all users who are at least auto confirmed to be
> notified and be able to request all CU logs regarding themselves at any
> point, and any mentions of themselves on the CU wiki should be retrievable.
>
>
>
Perhaps some full disclosure should be made here John.  You are a checkuser
yourself, have access to the checkuser-L mailing list and the checkuser
wiki, helped to set up the Audit Subcommittee on the English Wikipedia
(which carries out reviews of checkuser/oversighter actions on request);
you are also a member of the English Wikipedia functionaries mailing list
because you are a former arbitrator, a checkuser and an oversighter on
enwp. (so have access there to express your concerns or suggest changes in
standards),   It seems you are complaining about a specific case, and
instead of talking things out about this specific case, you've decided to
propose an entirely different checkusering standard.  I'll point out  in
passing that half of the spambots blocked in recent weeks by checkusers
were autoconfirmed on one or more projects, and even obvious vandals can
hit the autoconfirmed threshold easily on most projects.

Full disclosure on my part: I am also an Enwp checkuser and a member of the
Arbitration Committee.

Risker
___
Wikimedia-l mailing list
Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l

[Wikimedia-l] CheckUser openness

[John]

This is something that has been bugging me for a while. When a user has
been checkusered they should at least be notified of who preformed it and
why it was preformed. I know this is not viable for every single CU action
as many are for anons. But for those users who have been around for a
period, (say autoconfirmed) they should be notified when they are CU'ed and
any user should be able to request the CU logs pertaining to themselves
(who CU'ed them, when, and why) at will. I have seen CU's refuse to provide
information to the accused.

See the Rich Farmbrough ArbCom case where I suspect obvious fishing, where
the CU'ed user was requesting information and the CU claimed it would be a
violation of the privacy policy to release the time/reason/performer of the
checkuser.

This screams of obfuscation and the hiding of information. I know the
ombudsman committee exists as a check and balance, however before something
can be passed to them evidence of inappropriate action is needed. Ergo
Catch-22

I know checkusers  keep a private wiki
https://checkuser.wikimedia.org/wiki/Main_Page and I know according to our
privacy policy we are supposed to purge our information regularly (on wiki
CU logs exist for 90 days) however who oversees the regular removal of
private information on the wiki?

My proposal would be for all users who are at least auto confirmed to be
notified and be able to request all CU logs regarding themselves at any
point, and any mentions of themselves on the CU wiki should be retrievable.

John
___
Wikimedia-l mailing list
Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l

Re: [Wikimedia-l] Pro-active user privacy (Was: Update on IPv6)

[Kim Bruning]

On Wed, Jun 13, 2012 at 11:22:52AM -0700, James Forrester wrote:
> 
> Can I suggest that we try to discuss this on-wiki (as it's more
> inclusive of the community)? -
> https://meta.wikimedia.org/wiki/Unregistered_user or something linked
> from there would be the 'obvious' place to start.


Wow, current state of affairs is (paraphrased)
"new users are not welcome"? :-(

That might explain some issues! 

sincerely,
Kim Bruning

___
Wikimedia-l mailing list
Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l

Re: [Wikimedia-l] Who invoked "principle of least surprise" for the image filter?

[Tom Morris]

On 13 June 2012 22:02, David Gerard  wrote:
> On 13 June 2012 21:56, Nathan  wrote:
>
>> Earliest I have it on a Wikimedia list is from WikiEn-L on 2/11/08 from Ian
>> Woollard (written as principle of least surprise), in the context of a
>> Muhammad images thread started by Jimbo -- but my logs only go back to the
>> summer of 07.
>
>
> Bingo - and he specifically invoked it to "minimise offence".
>

Sure, but it also applies to getting back what you expect.

A male heterosexual friend of mine typed in the word "Boobs" into
Commons search engine a while back and came back with the page "Boobs
on Bikes". It's not a matter of minimising offence, it's simply that
if you type in one thing and get something else and rather surprising,
that's a problem.

That a subset of that surprise happens to be involve people getting
offended doesn't mean that avoiding unnecessary surprise isn't a
laudable goal.

There's surprise in the "reading a book and learning something new"
sense, then there is surprise in the "being told that the book is on
this shelf, but instead it's on a different shelf" sense. The two are
rather different, and I fear some conflation is going on.

-- 
Tom Morris


___
Wikimedia-l mailing list
Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l

Re: [Wikimedia-l] Who invoked "principle of least surprise" for the image filter?

[Federico Leva (Nemo)]

David Gerard, 13/06/2012 23:02:

On-wiki, I see it being used in naming convention arguments for years, as
early as April 2005.



Yeah, that's arguably a user interface issue (with arguments being
somewhat alleviated by a forest of redirects). I see it's been
commonly used around user interface issues in Wikimedia for many
years.


And still you had reactions like this: 
http://lists.wikimedia.org/pipermail/wikien-l/2006-April/044011.html 
(notice the other big threads in the same month about images...).


Nemo

___
Wikimedia-l mailing list
Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l

Re: [Wikimedia-l] Who invoked "principle of least surprise" for the image filter?

[FT2]

I can't say who came up with it.  The point I first became aware of it was
the posts, and consultation reports series, on Meta.  It may well have
predated that though, in which case I couldn't say.

Advanced search in old enwp and meta dumps, or mailing lists would be a way
to explore before that.  The topic was only discussed _in depth_ in a
limited number of places easily identified by search, the expressions are
very distinctive, and a list of wiki pages or list threads can be searched
fairly easily to find exact posts or dates.

FT2


On Wed, Jun 13, 2012 at 9:30 PM, David Gerard  wrote:

> I was looking over old discussions, and wondered: who originally came
> up with the notion that the "principle of least surprise" should apply
> to educational content? If it existed before Wikimedia, who introduced
> it to the image filter discussion, on what rationale?
>
___
Wikimedia-l mailing list
Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l

Re: [Wikimedia-l] Update on IPv6

[Platonides]

On 13/06/12 00:39, Kim Bruning wrote:
> What with XS4ALL (my ISP) now also offering IPv6 out-of-the-box, there's 
> at least one extra IPv6 anon on en.wp. ;-)
> 
> I noticed that my current IPv6 address appears to be assigned
> dynamically by XS4ALL. I can probably get static if I choose it. But the
> dynamic assignment option does alleviate some people's privacy
> concerns, right?

A 'privacy problem' of IPv6 addresses is that they could be tied to your
network card identification number (the MAC), so even if you changed
networks, and got a different ip, the lower bytes would remain constant
indentifying you. Then privacy extensions were developed to avoid that.
I think you should check how much dynamic it by looking not just but
what ranges change. Maybe it's static but your OS is making it look
dynamic on each reboot. Or viceversa, your OS could be leaking your MAC
even though your ISP gives you a dynamic one.


___
Wikimedia-l mailing list
Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l

Re: [Wikimedia-l] Who invoked "principle of least surprise" for the image filter?

[phoebe ayers]

On Wed, Jun 13, 2012 at 1:44 PM, Michael Peel
 wrote:
> My understanding of this line of argument was that images would be displayed 
> where you would expect them to be displayed (e.g. the article on penis or 
> vagina would naturally include a picture of a penis or vagina), but wouldn't 
> be immediately displayed where you wouldn't expect them (e.g. if you want to 
> find information on necklaces made of pearls).
>
> Whether that is called 'principle of least surprise' or 'principle of least 
> astonishment' or something else is semantics...
>
> Thanks,
> Mike

That's exactly how I understand the idea as well.

As for where it came from -- from my imperfect memory, the idea has
been kicking around in the English Wikipedia style guide and in
Commons for some years (I found it in a style guide history in 2004,
also cf Nathan's research).

In the context of this discussion, however, the "principle of least
astonishment" had I believe been brought up early on; it was
highlighted in the Harris report as a potentially useful concept for
thinking about the whole range of issues around handling controversial
content. This was actually a separate bullet point/idea from the
recommendation to allow readers to hide images. They're not
necessarily connected; overall I haven't heard a lot of complaints
about trying to implement the principle of least astonishment, i.e. by
improving search etc.

The concept itself, as a usability term, has been around for a while;
there's a (not very good) article, which was started in 2002:
http://en.wikipedia.org/wiki/Principle_of_least_astonishment
 I don't know when it came into use in the world at large.

-- phoebe

___
Wikimedia-l mailing list
Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l

Re: [Wikimedia-l] Who invoked "principle of least surprise" for the image filter?

[David Gerard]

On 13 June 2012 21:56, Nathan  wrote:

> Earliest I have it on a Wikimedia list is from WikiEn-L on 2/11/08 from Ian
> Woollard (written as principle of least surprise), in the context of a
> Muhammad images thread started by Jimbo -- but my logs only go back to the
> summer of 07.


Bingo - and he specifically invoked it to "minimise offence".


> On-wiki, I see it being used in naming convention arguments for years, as
> early as April 2005.


Yeah, that's arguably a user interface issue (with arguments being
somewhat alleviated by a forest of redirects). I see it's been
commonly used around user interface issues in Wikimedia for many
years.


- d.

___
Wikimedia-l mailing list
Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l

Re: [Wikimedia-l] Who invoked "principle of least surprise" for the image filter?

[Nathan]

Earliest I have it on a Wikimedia list is from WikiEn-L on 2/11/08 from Ian
Woollard (written as principle of least surprise), in the context of a
Muhammad images thread started by Jimbo -- but my logs only go back to the
summer of 07.

On-wiki, I see it being used in naming convention arguments for years, as
early as April 2005. I'm not sure when it made the transition from user
interface design principle to a more general content principle, but it
looks like (from a web search) it was commonly used for Ruby as early as
2002-2003.
___
Wikimedia-l mailing list
Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l

Re: [Wikimedia-l] Who invoked "principle of least surprise" for the image filter?

[David Gerard]

On 13 June 2012 21:44, Michael Peel  wrote:

> My understanding of this line of argument was that images would be displayed 
> where you would expect them to be displayed (e.g. the article on penis or 
> vagina would naturally include a picture of a penis or vagina),


I don't recall this being conceded. (The discussions of image filter
plans seemed to me to assume that images considered unsuitable would
indeed be filtered in such places.)

So who first brought the phrase into the discussion?


- d.

___
Wikimedia-l mailing list
Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l

Re: [Wikimedia-l] Who invoked "principle of least surprise" for the image filter?

[Michael Peel]

My understanding of this line of argument was that images would be displayed 
where you would expect them to be displayed (e.g. the article on penis or 
vagina would naturally include a picture of a penis or vagina), but wouldn't be 
immediately displayed where you wouldn't expect them (e.g. if you want to find 
information on necklaces made of pearls).

Whether that is called 'principle of least surprise' or 'principle of least 
astonishment' or something else is semantics...

Thanks,
Mike

On 13 Jun 2012, at 21:38, David Gerard wrote:

> On 13 June 2012 21:32, Richard Symonds  
> wrote:
> 
>> Not sure, but I think it's the principle of least /astonishment/ - which
>> may be an important difference...
> 
> 
> Pretty sure it doesn't for educational purposes. I think my objection
> stands in its entirety.
> 
> (I note that in interface design, "principle of least astonishment" is
> in opposition to "educating" the user. With educational materials,
> that is ahahaha indeed the point.)
> 
> 
> - d.
> 
> ___
> Wikimedia-l mailing list
> Wikimedia-l@lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l


___
Wikimedia-l mailing list
Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l

Re: [Wikimedia-l] Who invoked "principle of least surprise" for the image filter?

[David Gerard]

On 13 June 2012 21:32, Richard Symonds  wrote:

> Not sure, but I think it's the principle of least /astonishment/ - which
> may be an important difference...


Pretty sure it doesn't for educational purposes. I think my objection
stands in its entirety.

(I note that in interface design, "principle of least astonishment" is
in opposition to "educating" the user. With educational materials,
that is ahahaha indeed the point.)


- d.

___
Wikimedia-l mailing list
Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l

Re: [Wikimedia-l] Who invoked "principle of least surprise" for the image filter?

[Richard Symonds]

Not sure, but I think it's the principle of least /astonishment/ - which
may be an important difference...

Richard Symonds
Wikimedia UK
0207 065 0992
Disclaimer viewable at
http://uk.wikimedia.org/wiki/Wikimedia:Email_disclaimer
Visit http://www.wikimedia.org.uk/ and @wikimediauk



On 13 June 2012 21:30, David Gerard  wrote:

> I was looking over old discussions, and wondered: who originally came
> up with the notion that the "principle of least surprise" should apply
> to educational content? If it existed before Wikimedia, who introduced
> it to the image filter discussion, on what rationale?
>
> [Personally I think it's an inanity - an education that doesn't turn
> your head upside down might as well be basket weaving - and it's too
> easily applied to shocking and outrageous concepts that children
> shouldn't be exposed to, like homosexuality or rights for minorities -
> but I could of course be convinced I'm wrong.]
>
>
> - d.
>
> ___
> Wikimedia-l mailing list
> Wikimedia-l@lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
>
___
Wikimedia-l mailing list
Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l

[Wikimedia-l] Who invoked "principle of least surprise" for the image filter?

[David Gerard]

I was looking over old discussions, and wondered: who originally came
up with the notion that the "principle of least surprise" should apply
to educational content? If it existed before Wikimedia, who introduced
it to the image filter discussion, on what rationale?

[Personally I think it's an inanity - an education that doesn't turn
your head upside down might as well be basket weaving - and it's too
easily applied to shocking and outrageous concepts that children
shouldn't be exposed to, like homosexuality or rights for minorities -
but I could of course be convinced I'm wrong.]


- d.

___
Wikimedia-l mailing list
Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l

Re: [Wikimedia-l] .wiki TLD

[phoebe ayers]

On Wed, Jun 13, 2012 at 12:39 PM, Casey Brown  wrote:
> On Wed, Jun 13, 2012 at 3:29 PM, Richard Symonds
>  wrote:
>> Little bit confused as to who this chap is... any ideas?
>
> It looks like he works for AboutUs.org:
> 

Yep :) He's been a core part of the wider wiki community for a long
time and is personally involved with ICANN as well.

-- phoebe

___
Wikimedia-l mailing list
Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l

Re: [Wikimedia-l] Update on IPv6

[Nathan]

On Wed, Jun 13, 2012 at 3:49 PM, Risker  wrote:

>
> Nathan, I'm still trying to come up with *any* site that permits
> unregistered users to post but also publishes their full IP address.  Can
> you think of any at all?  Let's not limit it to the big guys, let's really
> think this through and explore what is going on outside of our own
> bailiwick.  Just because we've done things for a long time doesn't mean we
> shouldn't improve ourselves.
>

Well, there are many sites (my local newspaper for instance) that permit
users with no site-specific registration to comment, but only using a
Facebook profile. Assuming the commenter is following Facebook's account
policies, that is at least as revealing as an IP address.

And we can just as easily look at it from the other direction - are there
really other sites out there like Wikipedia, with our mix of mission and
global impact for a user-generated product? I think Wikipedia is unique in
many ways, and I believe that renders the comparison you're attempting to
make not useful. And finally, you take for granted a principle that I have
challenged - mandating complete anonymity for all users (other than those
who edit using a real name) is not, in my view, the same as "improv[ing]
ourselves."

I'd like to get other opinions on this, so I'm going to hold off on posting
again in this thread... at least for as long as I can stand it :-P

~Nathan
___
Wikimedia-l mailing list
Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l

Re: [Wikimedia-l] Update on IPv6

[Risker]

On 13 June 2012 15:39, Nathan  wrote:

> On Wed, Jun 13, 2012 at 3:18 PM, Risker  wrote:
> Risker wrote:
>
> "I am struggling to think of any other website of any nature that I have
> ever visited that publicly identifies editors/posters by their IP address,
> except for a few other wikis.  I've seen "unregistered user" before, and
> similar nomenclature. Can anyone think of another site (regardless of
> purpose) that links the editor/poster publicly to their full IP address?"
>
> IP address, no. Facebook profile (which is, as for most people, under my
> real name)? Sure. Even so, a comparison between Wikimedia and Google or the
> NY Times or Facebook or Gawker etc. fails because it does not recognize the
> many philosophical and practical differences between those sites and a
> Wikimedia project.
>

Nathan, I'm still trying to come up with *any* site that permits
unregistered users to post but also publishes their full IP address.  Can
you think of any at all?  Let's not limit it to the big guys, let's really
think this through and explore what is going on outside of our own
bailiwick.  Just because we've done things for a long time doesn't mean we
shouldn't improve ourselves.

Risker

Risker
___
Wikimedia-l mailing list
Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l

Re: [Wikimedia-l] .wiki TLD

[Casey Brown]

On Wed, Jun 13, 2012 at 3:29 PM, Richard Symonds
 wrote:
> Little bit confused as to who this chap is... any ideas?

It looks like he works for AboutUs.org:


-- 
Casey Brown (Cbrown1023)
caseybrown.org

___
Wikimedia-l mailing list
Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l

Re: [Wikimedia-l] Update on IPv6

[Nathan]

On Wed, Jun 13, 2012 at 3:18 PM, Risker  wrote:

>
> The original Wikipedia platform (lo those long years ago) published only
> partial IP addresses.  Today, "significantly less transparency" seems to
> mean "create an acccount" to many people. However, that is antithetical to
> the "anyone can edit" principle on which our projects are based.  "Anyone
> can edit, as long as they don't mind that everyone in the world will know
> where they're from, what ISP they use, and possibly even the physical
> location from which they are editing and what equipment they're using to do
> so,  unless they create an account" is what it has become.
>

I'm not sure I understand how "create an account" is antithetical to
"anyone can edit". Are you saying there is some bar to creating an account
that prevents some people from editing? People can choose to use an account
name or choose to edit from an IP address. You're suggesting making account
names mandatory and dynamic, I'm not seeing how that is a necessary
outgrowth of "anyone can edit."


>
> We want the edits. We don't need to know the rest, and never have. If we
> needed to know that information, we would have decided not to permit
> account-based editing in the first place.  There's no template at the
> bottom of the talk pages of editors with accounts that allows
> identification and geolocation of their IP.  If it's useful for logged-out
> editors, it is just as useful for logged-in ones, according to the
> "transparency" logic.
>
>
Sure - the same principle that makes IP information useful for transparency
purposes works as well on IP editors as it does on account holders. But
account holders have chosen to restrict access to that information, and IP
editors have not. A better solution to mandating automatically assigned
account names is to provide reasonable education and disclosure (say, a
pop-up on first edit or something else fairly prominent) to people editing
without an account. That way we let users judge privacy for themselves, and
preserve the usefulness of IP data when a user chooses to disclose it.

Risker wrote:

"I am struggling to think of any other website of any nature that I have
ever visited that publicly identifies editors/posters by their IP address,
except for a few other wikis.  I've seen "unregistered user" before, and
similar nomenclature. Can anyone think of another site (regardless of
purpose) that links the editor/poster publicly to their full IP address?"

IP address, no. Facebook profile (which is, as for most people, under my
real name)? Sure. Even so, a comparison between Wikimedia and Google or the
NY Times or Facebook or Gawker etc. fails because it does not recognize the
many philosophical and practical differences between those sites and a
Wikimedia project.
___
Wikimedia-l mailing list
Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l

[Wikimedia-l] .wiki TLD

[Richard Symonds]

All,

Just to let you know that the .wiki TLD has been applied for by 'Mr Raymond
King' from 'Top level Design LLC'.  The company has successfully submitted
10 applications to ICANN for: .blog ,
.design ,
.style
, .art ,
.ink
, .wiki ,
.gay
, .llc ,
.group,
and .photography .

Little bit confused as to who this chap is... any ideas? More info at
http://newgtlds.icann.org/en/program-status/application-results/strings-1200utc-13jun12-en
 .


Richard Symonds
Wikimedia UK
0207 065 0992
Disclaimer viewable at
http://uk.wikimedia.org/wiki/Wikimedia:Email_disclaimer
Visit http://www.wikimedia.org.uk/ and @wikimediauk
___
Wikimedia-l mailing list
Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l

Re: [Wikimedia-l] Update on IPv6

[Risker]

On 13 June 2012 15:06, Nathan  wrote:




> I have to disagree for several reasons. First, while you are correct that
> no other top 10 website publishes IP information of users, that is in no
> small part a byproduct of how different Wikipedia is from the other 9.
>



I am struggling to think of any other website of any nature that I have
ever visited that publicly identifies editors/posters by their IP address,
except for a few other wikis.  I've seen "unregistered user" before, and
similar nomenclature. Can anyone think of another site (regardless of
purpose) that links the editor/poster publicly to their full IP address?

Risker
___
Wikimedia-l mailing list
Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l

Re: [Wikimedia-l] Update on IPv6

[Risker]

On 13 June 2012 15:06, Nathan  wrote:

> On Wed, Jun 13, 2012 at 2:42 PM, Risker  wrote:
>
> >
> > I think perhaps I was not clear in what I meant by "nefarious" purposes.
> > The IP addresses in our contribution logs have been used by others to
> > locate editors, to make allegations against individuals and organizations
> > because their IP address showed up in those logs, and so on. It is a key
> > reason why "accidentally editing logged out" is one of the top reasons
> for
> > suppression requests, because it can provide a non-negligible amount of
> > information about the user.
> >
>
> I think I understood what you meant by nefarious, but regardless of the
> definition, the point remains: unless you restrict any IP-related data to
> administrators and/or CUs, the type of masking FT2 described is ineffective
> at improving privacy.
>
> I would put to you that, actually, our publishing of full IP addresses of
> > our logged-out contributors is a very significant privacy issue. There is
> > no other top-10 website that publishes this information; in fact, the
> > number of websites that attributes contributions to specific (often
> > traceable) IP addresses is minuscule.  The only rationale that has ever
> > been given for publishing of IP addresses is for the purpose of edit
> > attribution.  That can be done any number of other ways.
> >
> > Risker
> >
> >
> I have to disagree for several reasons. First, while you are correct that
> no other top 10 website publishes IP information of users, that is in no
> small part a byproduct of how different Wikipedia is from the other 9.
> Without belaboring the point too much, search engines and passive viewing
> sites don't publish user information at all in any format, and commercial
> social networks have a wholly different set of interests than do Wikimedia
> projects.  Second, more complete anonymity is and has always been available
> to any editor; while the primary and original purpose of an IP address in
> edit history is attribution, it has long been put to many other beneficial
> uses. Given that we've had a stable approach to IP addresses for 10 years,
> and no rush of demand to change the paradigm, it makes sense to balance the
> public benefit nature of the projects against the reasonable privacy needs
> (on which we all generally agree). We should discuss that balance rather
> than just assume that more perfect privacy is worth significantly less
> transparency.
>

The original Wikipedia platform (lo those long years ago) published only
partial IP addresses.  Today, "significantly less transparency" seems to
mean "create an acccount" to many people. However, that is antithetical to
the "anyone can edit" principle on which our projects are based.  "Anyone
can edit, as long as they don't mind that everyone in the world will know
where they're from, what ISP they use, and possibly even the physical
location from which they are editing and what equipment they're using to do
so,  unless they create an account" is what it has become.

We want the edits. We don't need to know the rest, and never have. If we
needed to know that information, we would have decided not to permit
account-based editing in the first place.  There's no template at the
bottom of the talk pages of editors with accounts that allows
identification and geolocation of their IP.  If it's useful for logged-out
editors, it is just as useful for logged-in ones, according to the
"transparency" logic.

One of the reasons that many of us were taken by surprise with the sudden
appearance of the IPv6 change was that this very discussion could have
taken place beforehand, and would have guided the Engineering team in their
progress.  I for one have long been concerned about the use of IP addresses
to attribute edits, but that may be because I'm one of the few people who
winds up suppressing those that happen accidentally to account holders.
It's a discussion we need to have, though.

Risker
___
Wikimedia-l mailing list
Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l

Re: [Wikimedia-l] Update on IPv6

[Nathan]

On Wed, Jun 13, 2012 at 2:42 PM, Risker  wrote:

>
> I think perhaps I was not clear in what I meant by "nefarious" purposes.
> The IP addresses in our contribution logs have been used by others to
> locate editors, to make allegations against individuals and organizations
> because their IP address showed up in those logs, and so on. It is a key
> reason why "accidentally editing logged out" is one of the top reasons for
> suppression requests, because it can provide a non-negligible amount of
> information about the user.
>

I think I understood what you meant by nefarious, but regardless of the
definition, the point remains: unless you restrict any IP-related data to
administrators and/or CUs, the type of masking FT2 described is ineffective
at improving privacy.

I would put to you that, actually, our publishing of full IP addresses of
> our logged-out contributors is a very significant privacy issue. There is
> no other top-10 website that publishes this information; in fact, the
> number of websites that attributes contributions to specific (often
> traceable) IP addresses is minuscule.  The only rationale that has ever
> been given for publishing of IP addresses is for the purpose of edit
> attribution.  That can be done any number of other ways.
>
> Risker
>
>
I have to disagree for several reasons. First, while you are correct that
no other top 10 website publishes IP information of users, that is in no
small part a byproduct of how different Wikipedia is from the other 9.
Without belaboring the point too much, search engines and passive viewing
sites don't publish user information at all in any format, and commercial
social networks have a wholly different set of interests than do Wikimedia
projects.  Second, more complete anonymity is and has always been available
to any editor; while the primary and original purpose of an IP address in
edit history is attribution, it has long been put to many other beneficial
uses. Given that we've had a stable approach to IP addresses for 10 years,
and no rush of demand to change the paradigm, it makes sense to balance the
public benefit nature of the projects against the reasonable privacy needs
(on which we all generally agree). We should discuss that balance rather
than just assume that more perfect privacy is worth significantly less
transparency.
___
Wikimedia-l mailing list
Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l

Re: [Wikimedia-l] Update on IPv6

[FT2]

Yes. Risker has understood.

Her word "masking" means for me, that we would like to make it hard or
create a high hurdle, for third parties wanting to find or prove a link
between the public displayed ID of non-logged in users and other off-site
ID such as their IP address that can be used to externally correlate or
identify a real-world individual.   (Which is not really any more than we
do for logged in users)

What exact label is publicly displayed is secondary.  Otherwise
pseudonymity wouldn't work either.  Its functions are (1) attribution, (2)
a convenient shorthand for "the unknown real world individual responsible
for this edit" in wiki-discussions, and (3) some minimal consistency of
identification.

FT2

On Wed, Jun 13, 2012 at 7:21 PM, Risker  wrote:

> On 13 June 2012 14:09, Nathan  wrote:
> (more snipping)



> I believe that FT2 is saying that we should seriously consider masking the
> *publicly viewable* IPv6 addresses.  The only reason that we publish the IP
> addresses of any logged-out user is for attribution purposes, although some
> use it for other reasons (both positive and nefarious).  Quite honestly, it
> doesn't matter what information is put in place in the publicly viewable
> logs, provided it's consistent.
>
> Risker
>
>
___
Wikimedia-l mailing list
Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l

Re: [Wikimedia-l] Update on IPv6

[Risker]

On 13 June 2012 14:29, Nathan  wrote:

> On Wed, Jun 13, 2012 at 2:21 PM, Risker  wrote:
>
> > On 13 June 2012 14:09, Nathan  wrote:
> >
> > I believe that FT2 is saying that we should seriously consider masking
> the
> > *publicly viewable* IPv6 addresses.  The only reason that we publish the
> IP
> > addresses of any logged-out user is for attribution purposes, although
> some
> > use it for other reasons (both positive and nefarious).  Quite honestly,
> it
> > doesn't matter what information is put in place in the publicly viewable
> > logs, provided it's consistent.
> >
> > Risker
> >
> >
> Sure, that's the assertion, but it leaves unanswered a lot of "why"
> questions. Why should we make publicly viewable attributions less
> identifiable than they have been for a decade? Is that step valuable at
> all, given the reality that anyone likely to use the IP address for
> "nefarious" reasons would simply register an account?
>

I think perhaps I was not clear in what I meant by "nefarious" purposes.
The IP addresses in our contribution logs have been used by others to
locate editors, to make allegations against individuals and organizations
because their IP address showed up in those logs, and so on. It is a key
reason why "accidentally editing logged out" is one of the top reasons for
suppression requests, because it can provide a non-negligible amount of
information about the user.



>
> I think a stable, predictable privacy regime that doesn't discourage users
> is a perfectly good goal which Wikimedia has largely achieved. I'm not sure
> there is a lot of value in FT2's suggestion from a privacy perspective (it
> would make far more sense to make the mask applicable to everyone but CUs
> or admins), let alone whether a significantly more anonymous method for
> contributing is either necessary or desirable.
>
>
I would put to you that, actually, our publishing of full IP addresses of
our logged-out contributors is a very significant privacy issue. There is
no other top-10 website that publishes this information; in fact, the
number of websites that attributes contributions to specific (often
traceable) IP addresses is minuscule.  The only rationale that has ever
been given for publishing of IP addresses is for the purpose of edit
attribution.  That can be done any number of other ways.

Risker
___
Wikimedia-l mailing list
Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l

Re: [Wikimedia-l] Update on IPv6

[Nathan]

On Wed, Jun 13, 2012 at 2:29 PM, Brandon Harris wrote:

>
> On Jun 13, 2012, at 11:21 AM, Risker wrote:
>
> > I believe that FT2 is saying that we should seriously consider masking
> the
> > *publicly viewable* IPv6 addresses.  The only reason that we publish the
> IP
> > addresses of any logged-out user is for attribution purposes, although
> some
> > use it for other reasons (both positive and nefarious).  Quite honestly,
> it
> > doesn't matter what information is put in place in the publicly viewable
> > logs, provided it's consistent.
>
>
> A couple of weeks ago, Brion Vibber and I started walking through
> a series of thoughts about eliminating publicly viewable IP addresses
> altogether, creating "Proto Accounts".  That is, to completely anonymize
> anonymous users (by calling them "Anonymous XX") and at the same time
> creating system whereby Anonymous users might be encouraged to become
> registered users (and retain the edits they did anonymously).
>
>This would work by "back-loading" the account creation process:
>
>1) User makes anonymous edit (as "Anonymous 1234").  Edit
> is logged as "Anonymous 1234").
>2) User is given call-to-action to convert to a registered
> account.
>3) User fills out account form (username, password, email)
> (let's call them "AwesomeSauce89")
>4) Proto account gets renamed to "AwesomeSauce89"; the
> edits that were under "Anonymous 1234" are now listed as being by
> "AwesomeSauce89"
>
>I also spoke with Tim Starling about this in Berlin and he agreed
> that it was a good idea.  However, this would be no small feat.  A big part
> of the problems involved in this type of anonymizing involve how we deal
> with range blocks.
>
>Would this be something people might like to see happen?
>
>
>
In my view, no. I think we need to balance the "risk" argument for
anonymity (dissidents, whistleblowers, people editing topics they wouldn't
want to be publicly associated with, etc.) with the benefits of partial
anonymity. Among these benefits I'd cite the many news items regarding the
discovery of fishy editing patterns from Congressional offices, corporate
offices, government agencies, political candidates, etc.  We're an
organization with competing aims: we'd like to be as transparent as
possible, and by and large believe in the value of radical transparency,
but we also want to protect our users from undue harm. I think we can
maintain that balance by having a very stable and predictable approach to
privacy, and by being abundantly clear with our disclosures and user
education with respect to privacy. The above approach wipes out any
transparency in favor of complete privacy, without (to my mind)
establishing the particular benefits of that outcome.

~Nathan
___
Wikimedia-l mailing list
Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l

Re: [Wikimedia-l] Update on IPv6

[FT2]

Wikipedia has held since the start, a philosophy that some aspects of
neutral accessible editing are enhanced by pseudonymity.  One only need
look at early policies and current policies to see they started with strong
strict views on this, and retain strong strict views.  Reasons where it
matters are codified in policies themselves - freedom to edit without fear
of social backlash, freedom to edit unpopular views and topics or those
which would be professionally harmful, freedom to edit from places and
regimes where uninhibited authorship would be dangerous, freedom to be
judged by the edits one makes and not the person one is.

Obviously there are negatives too - ease of abuse, reduced ease of
detecting bad behavior, and so on.  None the less over time the view has
stuck, pseudonymity is a cornerstone of the environment we offer users and
that users may rely upon.  In that context, improving pseudonymity is a
valid goal. That an area established 10 years ago has not yet been fully
revised or brought into the 2010-2020 era is not salient. The same could be
said of many Mediawiki functions. Pseudonymity is "de facto" in the
culture, and part of our multi-branched attempt to facilitate neutral open
editing. It is an area of interest and an area where improvemenet and
advancement are worthwhile to seek. It is odd to rationalize that a user
with an account has safeguards which users without accounts should not
"deserve".

Most of the rest of your questiopns are technical - how would this or that
be done?  Those technical questions need technical consideration, but the
basic question is a non technicval one, as is my comment.  This is a
desirable area to dovetail.  How that works and to what extent cost v
benefit means we do some things but accept limitations on others, are
questions that technical people will need to consider.

FT2

On Wed, Jun 13, 2012 at 7:09 PM, Nathan  wrote:

> On Wed, Jun 13, 2012 at 1:36 PM, FT2  wrote:
>
> (snip)
>
>


> Why is "improving anonymity" a goal? Our privacy policy governs the
> disclosure of non-public information, but the IP addresses of editors
> without an account have always been effectively public. Are IP editors
> clamoring for more privacy? Is masking IPv6 addresses more important than
> the uses to which IP addresses are currently put? Is masking a better way
> to solve the problem of potentially more identifiable information in IPv6
> than, say, a more prominent disclosure and disclaimer? Would masking the IP
> addresses only for logged-out users be a worthwhile change, given the ease
> of registering an account? Would they remain masked in the histories of
> project dumps? There are a lot of questions to answer here before it's
> reasonable to start suggesting changes be made, and these are only some.
>
>
___
Wikimedia-l mailing list
Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l

Re: [Wikimedia-l] Update on IPv6

[Brandon Harris]

On Jun 13, 2012, at 11:21 AM, Risker wrote:

> I believe that FT2 is saying that we should seriously consider masking the
> *publicly viewable* IPv6 addresses.  The only reason that we publish the IP
> addresses of any logged-out user is for attribution purposes, although some
> use it for other reasons (both positive and nefarious).  Quite honestly, it
> doesn't matter what information is put in place in the publicly viewable
> logs, provided it's consistent.


A couple of weeks ago, Brion Vibber and I started walking through a 
series of thoughts about eliminating publicly viewable IP addresses altogether, 
creating "Proto Accounts".  That is, to completely anonymize anonymous users 
(by calling them "Anonymous XX") and at the same time creating system 
whereby Anonymous users might be encouraged to become registered users (and 
retain the edits they did anonymously).

This would work by "back-loading" the account creation process:

1) User makes anonymous edit (as "Anonymous 1234").  Edit is 
logged as "Anonymous 1234").
2) User is given call-to-action to convert to a registered 
account.
3) User fills out account form (username, password, email) 
(let's call them "AwesomeSauce89")
4) Proto account gets renamed to "AwesomeSauce89"; the edits 
that were under "Anonymous 1234" are now listed as being by "AwesomeSauce89"

I also spoke with Tim Starling about this in Berlin and he agreed that 
it was a good idea.  However, this would be no small feat.  A big part of the 
problems involved in this type of anonymizing involve how we deal with range 
blocks.

Would this be something people might like to see happen?


---
Brandon Harris, Senior Designer, Wikimedia Foundation

Support Free Knowledge: http://wikimediafoundation.org/wiki/Donate


___
Wikimedia-l mailing list
Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l

Re: [Wikimedia-l] Update on IPv6

[Nathan]

On Wed, Jun 13, 2012 at 2:21 PM, Risker  wrote:

> On 13 June 2012 14:09, Nathan  wrote:
>
> I believe that FT2 is saying that we should seriously consider masking the
> *publicly viewable* IPv6 addresses.  The only reason that we publish the IP
> addresses of any logged-out user is for attribution purposes, although some
> use it for other reasons (both positive and nefarious).  Quite honestly, it
> doesn't matter what information is put in place in the publicly viewable
> logs, provided it's consistent.
>
> Risker
>
>
Sure, that's the assertion, but it leaves unanswered a lot of "why"
questions. Why should we make publicly viewable attributions less
identifiable than they have been for a decade? Is that step valuable at
all, given the reality that anyone likely to use the IP address for
"nefarious" reasons would simply register an account?

I think a stable, predictable privacy regime that doesn't discourage users
is a perfectly good goal which Wikimedia has largely achieved. I'm not sure
there is a lot of value in FT2's suggestion from a privacy perspective (it
would make far more sense to make the mask applicable to everyone but CUs
or admins), let alone whether a significantly more anonymous method for
contributing is either necessary or desirable.

~Nathan
___
Wikimedia-l mailing list
Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l

Re: [Wikimedia-l] Pro-active user privacy (Was: Update on IPv6)

[James Forrester]

On 13 June 2012 11:09, Nathan  wrote:
> Why is "improving anonymity" a goal? Our privacy policy governs the
> disclosure of non-public information, but the IP addresses of editors
> without an account have always been effectively public. Are IP editors
> clamoring for more privacy? Is masking IPv6 addresses more important than
> the uses to which IP addresses are currently put? Is masking a better way
> to solve the problem of potentially more identifiable information in IPv6
> than, say, a more prominent disclosure and disclaimer? Would masking the IP
> addresses only for logged-out users be a worthwhile change, given the ease
> of registering an account? Would they remain masked in the histories of
> project dumps? There are a lot of questions to answer here before it's
> reasonable to start suggesting changes be made, and these are only some.

Valuable questions.

There is certainly an argument that we should consider changing how we
doing things so that unregistered (mis-named "anonymous") editors are,
in fact, more rather than less anonymous, whichever IP version they
use to connect. We already take actions far beyond what most Internet
sites do to protect their privacy even though it's clear the vast
majority of the Web's users neither know nor care about such choices.

There are lots of things we could do - for instance, blocking all
edits except by logged-in editors would solve this (but is profoundly
against our general operating principles), auto-generating accounts by
cookie (messy, and would need the privacy policy changed), blurring
some arbitrary part of the IP (the last one octet for IP4 and four for
IP6, perhaps), etc. - but first we should have the discussion of what
we believe we want to achieve.

Can I suggest that we try to discuss this on-wiki (as it's more
inclusive of the community)? -
https://meta.wikimedia.org/wiki/Unregistered_user or something linked
from there would be the 'obvious' place to start.

Yours,
-- 
James D. Forrester
jdforres...@wikimedia.org | jdforres...@gmail.com
[[Wikipedia:User:Jdforrester|James F.]]
(Writing in a personal capacity)

___
Wikimedia-l mailing list
Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l

Re: [Wikimedia-l] Update on IPv6

[Risker]

On 13 June 2012 14:09, Nathan  wrote:

> 
>


> Why is "improving anonymity" a goal? Our privacy policy governs the
> disclosure of non-public information, but the IP addresses of editors
> without an account have always been effectively public. Are IP editors
> clamoring for more privacy? Is masking IPv6 addresses more important than
> the uses to which IP addresses are currently put? Is masking a better way
> to solve the problem of potentially more identifiable information in IPv6
> than, say, a more prominent disclosure and disclaimer? Would masking the IP
> addresses only for logged-out users be a worthwhile change, given the ease
> of registering an account? Would they remain masked in the histories of
> project dumps? There are a lot of questions to answer here before it's
> reasonable to start suggesting changes be made, and these are only some.
>
>
>
I believe that FT2 is saying that we should seriously consider masking the
*publicly viewable* IPv6 addresses.  The only reason that we publish the IP
addresses of any logged-out user is for attribution purposes, although some
use it for other reasons (both positive and nefarious).  Quite honestly, it
doesn't matter what information is put in place in the publicly viewable
logs, provided it's consistent.

Risker
___
Wikimedia-l mailing list
Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l

Re: [Wikimedia-l] Update on IPv6

[Nathan]

On Wed, Jun 13, 2012 at 1:36 PM, FT2  wrote:

> IPv6 is designed to operate on a "one IP = one device/connection" (non-NAT)
> basis, far more than IPv4.  Privacy policy coversd "personally identifiable
> information".  An IP becomes personally identifying when it broadly allows
> a person to be identified.  If IPv4 can be "personally identifying" then
> IPv6 is guaranteed to be more so, because of its design and intended usage.
>
> It looks like the switch to making the "UserID on public record" more
> anonymous for non-logged in users (hashing their IP for example) could
> usefully be brought in, simultaneous with or parallel to IPv6.  As Erik
> says, both are desirable verging on necessary at some point, and the one
> mitigates against the issues of the other.
>
> It serves a second purpose - a good system providing a more anonymous
> "UserID of public record" would also mean that IPv4 and IPv6 users would
> have similar "names" in the public record and block lists, meaning that the
> same tools and interfaces would work equally with both.  This would
> simplify matters for future as well.
>
> Without second guessing a suitable method, I would like to see unlogged-in
> users represented by a "name" of the form "IP user XXX" or "Not logged
> in Y" or some such; there would be difficulties in that we want similar
> IPs to look similar without providing easy ways to identify the genuine
> underlying IP (eg by noticing other similar 's whose IPs are known).
> It's also going to have implications for vandalism and abuse related
> activities, where it is often helpful that action is easily identified as a
> similar IP.  It would be nice not to lose that sense of "similar IP" while
> not exposing the genuine IP.
>
> Choice of method is a technical matter, I'd suggest if we move on both,
> then hopefully IPv6 will mark a step where anonymity improves and is
> available to logged in and not logged in users.   But either way, IPv6 does
> have privacy implications for non-logged in users. IPv4 did too, but
> historically we let it alone and it was less severe. With IPv6 it may not
> be, and action would be much more important.
>
> FT2
>
>
Why is "improving anonymity" a goal? Our privacy policy governs the
disclosure of non-public information, but the IP addresses of editors
without an account have always been effectively public. Are IP editors
clamoring for more privacy? Is masking IPv6 addresses more important than
the uses to which IP addresses are currently put? Is masking a better way
to solve the problem of potentially more identifiable information in IPv6
than, say, a more prominent disclosure and disclaimer? Would masking the IP
addresses only for logged-out users be a worthwhile change, given the ease
of registering an account? Would they remain masked in the histories of
project dumps? There are a lot of questions to answer here before it's
reasonable to start suggesting changes be made, and these are only some.
___
Wikimedia-l mailing list
Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l

Re: [Wikimedia-l] Update on IPv6

[FT2]

IPv6 is designed to operate on a "one IP = one device/connection" (non-NAT)
basis, far more than IPv4.  Privacy policy coversd "personally identifiable
information".  An IP becomes personally identifying when it broadly allows
a person to be identified.  If IPv4 can be "personally identifying" then
IPv6 is guaranteed to be more so, because of its design and intended usage.

It looks like the switch to making the "UserID on public record" more
anonymous for non-logged in users (hashing their IP for example) could
usefully be brought in, simultaneous with or parallel to IPv6.  As Erik
says, both are desirable verging on necessary at some point, and the one
mitigates against the issues of the other.

It serves a second purpose - a good system providing a more anonymous
"UserID of public record" would also mean that IPv4 and IPv6 users would
have similar "names" in the public record and block lists, meaning that the
same tools and interfaces would work equally with both.  This would
simplify matters for future as well.

Without second guessing a suitable method, I would like to see unlogged-in
users represented by a "name" of the form "IP user XXX" or "Not logged
in Y" or some such; there would be difficulties in that we want similar
IPs to look similar without providing easy ways to identify the genuine
underlying IP (eg by noticing other similar 's whose IPs are known).
It's also going to have implications for vandalism and abuse related
activities, where it is often helpful that action is easily identified as a
similar IP.  It would be nice not to lose that sense of "similar IP" while
not exposing the genuine IP.

Choice of method is a technical matter, I'd suggest if we move on both,
then hopefully IPv6 will mark a step where anonymity improves and is
available to logged in and not logged in users.   But either way, IPv6 does
have privacy implications for non-logged in users. IPv4 did too, but
historically we let it alone and it was less severe. With IPv6 it may not
be, and action would be much more important.

FT2




On Wed, Jun 13, 2012 at 4:34 PM, Deryck Chan wrote:

> On a separate note about IPv6: I just saw the first IPv6 anon entry
> appearing on my watchlist. It's exciting!
> Deryck
>
> On 13 June 2012 13:43, Anthony  wrote:
>
> > On Tue, Jun 12, 2012 at 6:39 PM, Kim Bruning 
> > wrote:
> > > I noticed that my current IPv6 address appears to be assigned
> > > dynamically by XS4ALL. I can probably get static if I choose it. But
> the
> > > dynamic assignment option does alleviate some people's privacy
> > > concerns, right?
> >
> > One particular concern, which isn't really much different from IPv4.
> >
> > And in something like 90% of browser configurations, you're already
> > giving out a semi-static unique string with every request anyway.
> > (see https://panopticlick.eff.org/)
> >
> > The bigger concern for WMF is the possibility for increased privacy.
> >
> > > ps. We all know that everyone needs to switch to IPv6 eventually.
> >
> > Unless IPv7 or IPv8 comes out first.
> >
> > ___
> > Wikimedia-l mailing list
> > Wikimedia-l@lists.wikimedia.org
> > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
> >
> ___
> Wikimedia-l mailing list
> Wikimedia-l@lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
>
___
Wikimedia-l mailing list
Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l

Re: [Wikimedia-l] speedydeletion.wika.com lauched

[Mike Dupont]

ok kim,
thanks again for your constructive feedback, and thanks to everyone who has
given input. It is great to have a supportive group of people like you to
talk to.

now i have upgraded the code, including templates and full history. It gets
all new articles not seen before every 10 minutes.
Also the uploading to the wikia is working but without the history. I think
this is a good deal. for the articles that we dont have the history for,
people can ask an admin for restoring the history if they really want it, I
dont have it for the old articles.
Here is an example new dump :
http://archive.org/download/wikipedia-delete-2012-06/wtarchive130612111041.zip

code is here github.com/h4ck3rm1k3/pywikipediabot and
github.com/h4ck3rm1k3/wikiteam

mike

On Wed, Jun 13, 2012 at 5:45 AM, Mike Dupont  wrote:

> yes, good point, and while checking this I found a problem.
>
> it turns out that up to now I dont have the full history, I have modified
> the extractor to pull the full version. For the other articles, I dont have
> the full history.
>
> mike
>
>
> On Tue, Jun 12, 2012 at 11:03 PM, Kim Bruning wrote:
>
>> On Mon, Jun 11, 2012 at 05:44:40AM +, Mike Dupont wrote:
>> > Hi,
>> >
>> > Again the full history is available on archive.org and i think that no
>> one
>> > is going to think that this data is from me, it is clearly marked as
>> being
>> > from wikipedia.
>>
>> ps. It occurs to me that if the full history is available on archive.org,
>> that
>> linking to the relevant archive.org data might be adequate.
>>
>>
>>
>> sincerely,
>>Kim Bruning
>>
>> ___
>> Wikimedia-l mailing list
>> Wikimedia-l@lists.wikimedia.org
>> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
>>
>
>
>
> --
> James Michael DuPont
> Member of Free Libre Open Source Software Kosova http://flossk.org
> Contributor FOSM, the CC-BY-SA map of the world http://fosm.org
> Mozilla Rep https://reps.mozilla.org/u/h4ck3rm1k3
>
>


-- 
James Michael DuPont
Member of Free Libre Open Source Software Kosova http://flossk.org
Contributor FOSM, the CC-BY-SA map of the world http://fosm.org
Mozilla Rep https://reps.mozilla.org/u/h4ck3rm1k3
___
Wikimedia-l mailing list
Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l

Re: [Wikimedia-l] Update on IPv6

[Deryck Chan]

On a separate note about IPv6: I just saw the first IPv6 anon entry
appearing on my watchlist. It's exciting!
Deryck

On 13 June 2012 13:43, Anthony  wrote:

> On Tue, Jun 12, 2012 at 6:39 PM, Kim Bruning 
> wrote:
> > I noticed that my current IPv6 address appears to be assigned
> > dynamically by XS4ALL. I can probably get static if I choose it. But the
> > dynamic assignment option does alleviate some people's privacy
> > concerns, right?
>
> One particular concern, which isn't really much different from IPv4.
>
> And in something like 90% of browser configurations, you're already
> giving out a semi-static unique string with every request anyway.
> (see https://panopticlick.eff.org/)
>
> The bigger concern for WMF is the possibility for increased privacy.
>
> > ps. We all know that everyone needs to switch to IPv6 eventually.
>
> Unless IPv7 or IPv8 comes out first.
>
> ___
> Wikimedia-l mailing list
> Wikimedia-l@lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
>
___
Wikimedia-l mailing list
Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l

[Wikimedia-l] [Wikimedia Announcements] Wikimedia engineering May 2012 report

[Guillaume Paumier]

Hi,

The report covering Wikimedia engineering activities in May 2012 is
now available.

Wiki version: 
https://www.mediawiki.org/wiki/Wikimedia_engineering_report/2012/May
Blog version: https://blog.wikimedia.org/2012/06/13/engineering-may-2012-report/

--
Guillaume Paumier
Technical Communications Manager — Wikimedia Foundation
https://donate.wikimedia.org

___
Please note: all replies sent to this mailing list will be immediately directed 
to Wikimedia-l, the public mailing list of the Wikimedia community. For more 
information about Wikimedia-l:
https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
___
WikimediaAnnounce-l mailing list
wikimediaannounc...@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikimediaannounce-l
___
Wikimedia-l mailing list
Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l

Re: [Wikimedia-l] Update on IPv6

[Anthony]

On Tue, Jun 12, 2012 at 6:39 PM, Kim Bruning  wrote:
> I noticed that my current IPv6 address appears to be assigned
> dynamically by XS4ALL. I can probably get static if I choose it. But the
> dynamic assignment option does alleviate some people's privacy
> concerns, right?

One particular concern, which isn't really much different from IPv4.

And in something like 90% of browser configurations, you're already
giving out a semi-static unique string with every request anyway.
(see https://panopticlick.eff.org/)

The bigger concern for WMF is the possibility for increased privacy.

> ps. We all know that everyone needs to switch to IPv6 eventually.

Unless IPv7 or IPv8 comes out first.

___
Wikimedia-l mailing list
Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l

Re: [Wikimedia-l] Update on IPv6

[Strainu]

2012/6/13 Kim Bruning :
> I noticed that my current IPv6 address appears to be assigned
> dynamically by XS4ALL. I can probably get static if I choose it. But the
> dynamic assignment option does alleviate some people's privacy
> concerns, right?

It depends on their OS. On Windows, OSX, iOS and Ubuntu (so over 95%
of all traffic considering an equal distribution of IPv6 addresses), I
would say yes, since they have enabled the privacy extension by
default. For the rest of the world, not really. Even if the first half
of the address is dynamic, the last part will be static and linked to
your Ethernet adapter.

Strainu

___
Wikimedia-l mailing list
Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l