Last modified: 2012-10-12 12:35:35 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T42006, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 40006 - CentralAuth account autocreation may be violating WMF's privacy policy
CentralAuth account autocreation may be violating WMF's privacy policy
Status: RESOLVED INVALID
Product: MediaWiki extensions
Classification: Unclassified
CentralAuth (Other open bugs)
unspecified
All All
: Unprioritized normal (vote)
: ---
Assigned To: Nobody - You can work on this!
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2012-09-05 14:19 UTC by Liangent
Modified: 2012-10-12 12:35 UTC (History)
7 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Liangent 2012-09-05 14:19:58 UTC 
The policy says <http://wikimediafoundation.org/wiki/Privacy_policy#Reading_projects>: "page visits do not expose a visitor's identity publicly.", however the fact that a user registered on one project visited another site and the first time he/she did so are logged and viewable publicly by SUL account.
Comment 1 Félix M. (elfix) 2012-09-05 15:33:23 UTC 
They are free to ask that their global account be deleted.
Comment 2 Barras 2012-09-05 15:35:21 UTC 
I doubt that this is actually something for bugzilla (yet). That looks more like something that needs a discussion, which shouldn't happen here but on meta.
Comment 3 Snowolf 2012-09-05 15:41:03 UTC 
How is SUL autocreation exposing one's "identity" publicily?
Comment 4 Liangent 2012-09-05 15:43:29 UTC 
(In reply to comment #3)
> How is SUL autocreation exposing one's "identity" publicily?

I read it as my user name. For example I'm [[en:User:Liangent]] and is publicly known as this username on enwiki. You can find the time I visited simplewiki for the first time.
Comment 5 Tomasz W. Kozlowski 2012-09-05 18:53:45 UTC 
This is not a Bugzilla bug, but a legalese discussion. You'll need to define what "identity" is in the first place (and I very much doubt it's your nickname, as this is not a "personally identifiable information"). 

By the way, the information in the log is does not tell when you visited simplewiki for the first time; it only says when the account was created - which happens when you log-in into the wiki for the first time or visit it while logged-in on another project for the first time (so you might have visited it a long time before doing either of this things).

If you still have any doubts about that, please contact the Foundation's LCA team at <http://meta.wikimedia.org/wiki/Legal_and_Community_Advocacy/Team_responsibilities>.

Closing as RESOLVED INVALID.
Comment 6 Félix M. (elfix) 2012-09-05 21:52:03 UTC 
I think Liangent has a point, your first visit is logged if you're logged in, which is contradictory with what the privacy policy states (the gist of it being "visits aren't publicly logged"). I have passed it on to the WMF staff responsible for rectifying that.
Comment 7 Félix M. (elfix) 2012-10-12 12:35:35 UTC 
Just as a heads-up, the Deputy General Counsel thinks no changes are necessary in the privacy policy for the following reasons:
* Users can delete cookies or log out in order to prevent this from happening,
* the information disclosed is not identifiable (a simple username).
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links