I am writing to ask that the new privacy policy be stopped, pending briefings 
of and thorough consideration by the incoming executive director Lila Tretikov. 
The timing of this major policy change with all its implications, including 
great legal implications, is at minimum discourteous to Ms. Tretikov in this 
the second day of her tenure, and in my judgement should additionally be viewed 
as alarming. 

"Wikimedia is beholden to no one, yet accountable to each and every human 
being," she said day before last. Yet the new policy makes every effort to 
distance it from accountability, by attempting to force every editor to consent 
to the most privacy-invasive technologies known, which include, all quoted:

"You should be aware that specific data made public by you or aggregated data 
that is made public by us can be used by anyone for analysis and to infer 
information about users, such as which country a user is from, political 
affiliation, and gender." "Type of device you are using possibly including 
unique device identification numbers." "The type and version of your browser, 
your browser's language preference, the type and version of your device's 
operating system." "The name of your internet service provider or mobile 
carrier." "Which pages you request and visit, and the date and time of each 
request" (note: says "visit," not merely "edit"). "We actively collect 
information with tracking pixels, cookies, and local storage." "We use your 
email address." "We can use GPS and other technologies commonly used to 
determine location." "We may receive metadata." "IP address of the device (or 
your proxy server) you are using to access the Internet, which could be used to 
infer your geographical location." 

What is the heck is all this? Editors don't know they are signing up for this! 
But it gets even worse, because the WMF is not only providing this to its 
employees, but to hundreds of anonymous "administrators" to whom it grants 
access to this non-public, easily personally-identifying data. This means 
particularly, but not limited to: checkusers, arbitrators, stewards, UTRS 
users, and "community developers." Who are they? While Ms. Tretikov aspires to 
accountability, the new privacy policy flees to "exemptions" and "we know 
nothing." It specifically exempts these hundreds of people from the privacy 
policy. The WMF's Privacy Fellow Roshni Patel said two weeks ago "the 
Foundation can’t control the actions of community members such as 
administrative volunteers so we don’t include them under the privacy policy." 
Is this accountability? No. She further mystifyingly continues: "however, under 
the access policy, these volunteers must sign a confidentiality agreement." 
Mystifyingly, because it's *not* *true*. That part of the privacy policy 
"Requirements for Community Members Applying for Access to Nonpublic 
Information" requires only an email address and an assertion from an anonymous 
individual that he or she is 18 or over. Is there requirement there somewhere 
for a signature? No. Shall they sign for example under the nicknames of the 
prominent administrators like "Beeblebrox" and "Wizardman?" This is not 

How can the executive director be expected to assume responsibility for this 
stuff in 14 hours, on her third official day on the job? Out of simple courtesy 
to her, it needs to be delayed, while she is briefed on it by those who most 
understand it, like the general counsel Geoff Brigham.

Trillium Corsage


Wikimedia-l mailing list, guidelines at: 
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, 

Reply via email to