Last modified: 2012-10-12 12:35:35 UTC
The policy says <http://wikimediafoundation.org/wiki/Privacy_policy#Reading_projects>: "page visits do not expose a visitor's identity publicly.", however the fact that a user registered on one project visited another site and the first time he/she did so are logged and viewable publicly by SUL account.
They are free to ask that their global account be deleted.
I doubt that this is actually something for bugzilla (yet). That looks more like something that needs a discussion, which shouldn't happen here but on meta.
How is SUL autocreation exposing one's "identity" publicily?
(In reply to comment #3) > How is SUL autocreation exposing one's "identity" publicily? I read it as my user name. For example I'm [[en:User:Liangent]] and is publicly known as this username on enwiki. You can find the time I visited simplewiki for the first time.
This is not a Bugzilla bug, but a legalese discussion. You'll need to define what "identity" is in the first place (and I very much doubt it's your nickname, as this is not a "personally identifiable information"). By the way, the information in the log is does not tell when you visited simplewiki for the first time; it only says when the account was created - which happens when you log-in into the wiki for the first time or visit it while logged-in on another project for the first time (so you might have visited it a long time before doing either of this things). If you still have any doubts about that, please contact the Foundation's LCA team at <http://meta.wikimedia.org/wiki/Legal_and_Community_Advocacy/Team_responsibilities>. Closing as RESOLVED INVALID.
I think Liangent has a point, your first visit is logged if you're logged in, which is contradictory with what the privacy policy states (the gist of it being "visits aren't publicly logged"). I have passed it on to the WMF staff responsible for rectifying that.
Just as a heads-up, the Deputy General Counsel thinks no changes are necessary in the privacy policy for the following reasons: * Users can delete cookies or log out in order to prevent this from happening, * the information disclosed is not identifiable (a simple username).