Jump to content

Talk:IP Editing: Privacy Enhancement and Abuse Mitigation/Archives/2021-08

Add topic
From Meta, a Wikimedia project coordination wiki

Let's get properly up to date - Lass uns endgültig auf den neuesten Stand kommen - Une vraie M-à-j, peut être?

[edit]
Deutsch

(Obwohl ich fast 100% zweisprachig bin, bin ich zu faul, um etwas anderes als eine mehr oder weniger maschinelle Übersetzung anzubieten - das erspart mir doch das Tippen. Entschuldigung!)

Privacy Enhancement and Abuse Mitigation (der Euphenismus der WMF für IP-Tarnung) wurde erstmals als Projekt mit dieser Version am 1. August 2019 angekündigt. Das war vor genau 2 Jahren. Die aktuelle Version ist jetzt viel länger und ist eine entmutigende Lektüre für jeden, der neu in diesen Diskussionen ist, und abgesehen von der Erwähnung von das portugiesische Experiment, bringt es nichts viel neues. Dabei ist auch zu berücksichtigen, dass die WMF nun derzeit scheinbar funktioniert mit eine flache Hierarchie ohne jemandem in eigentlischem Vorsitz.

Die erste Ankündigung hat einen ersten Diskussionsregen geschaffen, der leider schon lange ins Archiv verbannt wurde, die jedoch einige der wichtigsten Reaktionen enthalten. Leider sind viele der einst prominenten und erfahrenen Benutzer inzwischen im Ruhestand gegangen bzw einfach aufgehört beizutragen haben - zwei Jahre sind eine lange Zeit. Seitdem hat die Nutzung von WiFi (Heim und öffentliche Hotspots), Handys (Smartphones), dynamischen IPs und VPNs exponentiell zugenommen. Selbst hier in meinem kleinen abgelegenen Dorf in Thailand öffnet man seinen Laptop und hat ein Dutzend oder mehr WLAN-Verbindungen zur Auswahl, von denen nicht alle ein Passwort benötigen, um darauf zuzugreifen, was das Tracking und Blockieren von IP-Benutzern nahezu nutzlos macht. Die Tatsache, dass Warnungen an IP-Benutzer waren schon immer wirkungslos, weil sie fast nie gelesen werden da die meisten IP-Benutzer sind sich der Existenz von Benutzer-Diskussionseiten nicht einmal bewusst, und seit Wikipedias Erstellung warten wir immer noch darauf, dass die WMF eine richtige Startseite für Leser, die zu einer schnellen Bearbeitung motiviert sein könnten, entwickelt.

Nach der relativ geringen Anzahl aktueller Diskussionen hier zu urteilen, scheint dieses Projekt entweder nicht besonders prominent in der gesamten Wikipedia-Enzyklopädie veröffentlicht worden zu sein, oder das Interesse der früheren Teilnehmer hat sich nachgelassen.

Dies lässt vermuten, dass ein bestimmter Zeitpunkt erreicht wird, an dem die WMF plötzlich ohne nennenswerte Vorwarnung den Rollout der IP-Maskierung ankündigt, außer vielleicht den verschiedenen Projekten Zeit zu geben, ihre lokalen Kriterien für das Benutzerrecht 'IP-Adresssichter' zu erstellen bzw mit einem bestehenden Benutzerrecht einzubündeln.

Bevor dies geschieht, sollten die einzelnen Gemeinschaften ermutigt werden, aus diesen Szenarien (die Aufzählung ist nicht abschließend) über mögliche Lösungen selbst zu entscheiden:

  • Erstellung der Benutzergruppe für den 'IP-Adress-Viewer' und die Kriterien für das entsprechende Recht festlegen. Dies ist die komplizierteste Lösung. Es wird mehr Arbeit verursachen und/oder die Aufgaben von CU, COIN, SPI, AIV, und Adressierung anderer unangemessener und unzulässiger Inhaltsergänzungen erschweren.
  • IP-Beitragung ganz verbieten - die einfachste Lösung, radikal aber damit hat sich die Sache.
  • Alle Artikel standardmäßig auf Pending Changes Protection (gemäß dem en.Wiki-Modell) setzen , was bedeutet, dass alle Beitrage von IP-Benutzer und Angänger müssen zuerst überprüft werden, bevor Sie live veröffenlicht werden darfen.

{{tq | Übersetzung: Betrachtet man also die Arbeitsteilung zwischen den WMF und der Gemeinschaten, so betrifft dies beide Bereiche: die Gemeinden, die die Experten für Anti-Vandalismus sind, aber auch die Stiftung auf rechtlicher Seite.
Aber es geht nicht nur um Vandalismus. Es betrifft die unheimlichere bezahte Beiträge, Spam, heimliche Zensur, persönliche Meinung und absichtliche Fehlinformationen.

Vielleicht möchten diejenigen, die diese Diskussionsseite noch verfolgen, einen Kommentar abgeben. Kudpung (talk) 00:50, 5 August 2021 (UTC)Reply

Français

(Bien que je sois presque bilingue à 100 %, je suis trop paresseux pour offrir autre chose qu'une traduction plus ou moins automatique. Elle économise la frappe. Mille fois mes excuses!)

Privacy Enhancement and Abuse Mitigation (l'euphénisme du WMF pour le dissimulation IP) a été annoncé pour la première fois en tant que projet avec cette version il y a exactement 2 ans le 1er août 2019. La version actuelle est beaucoup plus longue et elle est devenu une lecture intimidante pour quiconque découvre aujourd'hui ces discussions. Sauf la mention de l'expérience Portugais, et à part les efforts inébranlables de Johan (WMF) afin de répondre aux questions et nous tenir au courant, il n'offre pas vraiment beaucoup plus. Une grande partie reste encore très vague - y compris qui est/sont réellement responsable, en tenant bien compte que le WMF semble actuellement avoir une hiérarchie plate sans un seul individu à la tête.

L'annonce initiale a créé une première vague de discussions qui a malheureusement été depuis longtemps relégué aux archives mais qui contiennent certaines des réactions les plus importantes. Malheureusement, un grand nombre de ces utilisateurs jadis importants et expérimentés ont depuis pris leur retraite ou ont simplement cessé de contribuer - deux ans, c'est long. Depuis lors, l'utilisation du WiFi (points d'accès domestiques et publics), des appareils mobiles (téléphones intelligents), des adresses IP dynamiques et des VPN a augmenté de façon exponentielle. Même ici, dans mon petit village reculé de Thaïlande, vous ouvrez votre ordinateur portable et vous avez le choix entre une douzaine ou plus de connexions WiFi, toutes n'ayant pas besoin d'un mot de passe pour y accéder, ce qui rend le suivi et le blocage des utilisateurs IP pratiquement inutiles - ainsi que le fait que les avertissements à l'adresse IP les éditeurs ont toujours été inefficaces car ils ne sont presque jamais lus ; la plupart des éditeurs IP ne sont même pas au courant de l'existence de pages de discussion d'utilisateurs. En plus, depuis sa création Wikipedia attend toujours que le WMF développe une page d'acceuil appropriée pour les lecteurs qui pourraient être motivés à faire une modification rapide.

À en juger donc par le nombre relativement faible de discussions actuellement en cours aujurd'hui, soit ce projet ne semble pas avoir été publié de manière particulièrement visible dans l'ensemble des encyclopédies de Wikipédia, soit l'intérêt a diminué parmi les premiers répondants.

Cela laisse supposer qu'un certain moment sera atteint lorsque le WMF annoncera soudainement le déploiement du masquage IP sans avertissement préalable significatif, sauf peut-être en laissant le temps aux différents projets de créer leurs critères locaux pour le droit d'utilisateur de 'IP address viewer' et/ou en l'associant à un droit d'utilisateur existant.

Avant que cela ne se produise, les communautés individuelles doivent être encouragées à décider elles-mêmes des solutions possibles à partir de ces scénarios (la liste n'est pas exhaustive) :

  • Créez le groupe d'utilisateurs pour le « visualiseur d'adresses IP » et établissez les critères d'attribution du droit. C'est la solution la plus complexe. Cela créera plus de travail et/ou rendra plus difficiles les tâches de CU, Noticeboard COIN, SPI, AIV, et traiter d'autres ajouts de contenu inappropriés et interdits .
  • Interdire complètement les contributions IP - soit radicale mais la solution la plus simple.
  • Mettez tous les articles par défaut sur Pending Changes Protection (selon le modèle en.Wiki), ce qui signifie que toutes les modifications apportées par les utilisateurs IP et les utilisateurs novices doivent d'abord être examinées avant d'être publiées.

Traduction :Donc, en regardant la répartition du travail entre la Fondation des communautés, cela concerne les deux domaines : les communautés, qui sont les experts de l'anti-vandalisme, mais aussi la Fondation, sur le plan juridique.
Mais il ne s'agit non seulement du vandalisme. Cela concerne le pire de promo payé, le spam, la censure sournoise, l'opinion personnelle et la désinformation expres.

Peut-être que ceux qui suivent encore cette page de discussion aimeraient commenter. Kudpung (talk) 00:50, 5 August 2021 (UTC)Reply

Privacy Enhancement and Abuse Mitigation (the WMF's euphenism for IP cloaking) was first announced as a project with this version on 1 August 2019. That was exactly 2 years ago. The current version is now a lot longer and is a daunting read to anyone new to these discussions and apart from the mention of the successful Portuguese experiment and Johan (WMF)'s unwavering efforts to answer questions and keep us informed, it does not really offer much more and much of it is still very vague - including who is/are actually responsible for it, bearing in mind that the WMF currently seems to have a flat hierarchy with no single individual in the chair.

The initial announcement created a first flurry of discussion which unfortunately has long since been relegated to the archives but which contain some of the most important reactions. Sadly, a large number of those once prominent and experienced users have since retired or simply stopped editing - two years is a long time. Since then, the use of WiFi (domestic, and public hotspots), mobile devices (smart phones), dynamic IPs, and VPNs has increased exponentially; even here in my remote small village in Thailand, you open your laptop and there are a dozen or more WiFi connections to choose from, not all of them needing a password for access. This makes the tracking and blocking of IP users all but useless - plus the fact that Warnings to IP editors have always been ineffective because they are almost never read; most IP editors are not even aware of the existence of user talk pages and since its creation, Wikipedia is still waiting for the WMF to develop a proper landing page for readers who might be motivated into making a quick edit.

Judging therefore from the relative small amount of current discussion here, either this project would not appear to have been particularly prominently published throughout the entire Wikipedia encyclopedias, or interest has waned among those earlier respondents.

This leads one to assume that a certain moment will be reached when the WMF suddenly announces the roll out of IP masking without significant advance warning, except perhaps allowing the various projects time to create their local criteria for the user right of 'IP address viewer' and/or bundling it with an existing user right.

Before this happens, the individual communities should be encouraged to decide for themselves on possible solutions from these scenarios (the list is not exhaustive):

  • Create the user group for the 'IP address viewer' and establish the criteria for according the right. This is most complex solution. It will create more work and/or render more difficult the tasks of CU, COIN, SPI, AIV, and addressing other inappropriate and disallowed content additions.
  • Ban IP editing altogether - radical, but the simplest solution per the successful Portguese statistques.
  • Put all articles by default on Pending Changes Protection (per the en.Wiki model), which means that all edits by IP-cloaked users and non auto confirmed users must first be reviewed before going live. User right and group exists but means more work. (7644 reviewers, not including admins, but just how many are still around and really active?) Currently no backlog, but only 0.06% (4,071‎) of en.Wiki's 6mio articles under Pending Changes. Originally developed at the urging of the community, the idea of having edits be reviewed prior to going “live” has been around the English Wikipedia since at least 2008, was trialled in 2010 and was implemented 10 years ago in 2012. There are no set minimum requirements for obtaining this right and the first ones for the trial were selected by a bot on some basic criteria. Theoretically it calls for more knowledge/experience than does Rollbacker for clear cases of vandalism only, for which a recommended minimum experience at a very low threshold is required.

So looking at the division of work between the Foundation of the communities, this comes into both areas: the communities, who are the experts on anti-vandalism, but also the Foundation, on the legal side.
But it's not only vandalism, Johan (WMF). It concerns the more sinister UPE, spam, sneak censorship, personal opionion, and growing deliberate misinformation.

Perhaps those who are still following this talk page would like to comment. Kudpung (talk) 00:50, 5 August 2021 (UTC)Reply

Hey, thanks for the multilingual post, always nice to see. We're publishing a short version for non-native speakers of English who haven't got a translation very soon (STei (WMF) would know more about exactly when), to give more people a chance at the basics, at least. Once we have a more tangible proposal for how unmasking would work than my last update, with wireframes, we're planning on messaging every admin on every single Wikimedia project, so I wouldn't worry about this being the most active this conversation is going to be. (There are many people who fight vandalism – and spam, disinformation, POV pushing et cetera – who are not admins. But it should be a good way to spread the information among the communities. We want to reach all other interested parties, as well, of course, and are not relying on this as our only tool of outreach.) Also, soon we'll publish our next steps in regards to continuing the research based on the results from the ban on unregistered editing on Portuguese Wikipedia – which did not have quite the negative impact we expected based on previous research on non-Wikimedia wikis taking the same step – which I think will be interesting to those who might consider that a viable way forward. In short, there are plenty of discussions that need to happen before this is implemented, I really do think the communities would benefit from having the information that is coming in front of them when they plan for the future. /Johan (WMF) (talk) 10:01, 5 August 2021 (UTC)Reply
Johan (WMF) The ban on unregistered editing on Portuguese Wikipedia (I also read Portuguese fluently) actually had a very positive result. Admins, at least on the larger projects, such as en.Wiki, are the least likely to be pro-actively looking for vandalism, spam, disinformation, POV pushing et cetera. Those who do anything at all (probably less than 20 - 25% of users with admin rights) already have their hands full with everything else they have to do with their special tools. There are even backlogs where they are required for admin action on the cases that are reported to the respective noticeboards, AIV, SPI, COIN, etc. The en.Wiki issues a monthly admin newsletter. Kudpung (talk) 10:25, 5 August 2021 (UTC)Reply
Yes, we're interested in investigating this further, to give the communities as much information as possible about the effects. /Johan (WMF) (talk) 15:00, 6 August 2021 (UTC)Reply
BTW I'll just add that IMHO anyone who uses 'infringement of a founding principle: The encyclopedia anyone can edit ' as an excuse against any of the possible measures, as did some of the posters on the many Pending Changes RFC, is using a red herring, a logical fallacy. Anyone can edit - whether they are 2 or 102 years old, or have never been to school or have a raft of PhD degrees. If they can read, use a screenreader, type with one finger, dictate into a computer, all they would need to do is take 30 seconds to register. And that would put an end to this 2 years of panic-making, time wasting, and WMF salaries to the so-called legal team. Kudpung (talk) 10:45, 5 August 2021 (UTC)Reply
In my opinion, pending changes needs to be undeployed if anything, not spread further. See this. ProcrastinatingReader (talk) 12:21, 6 August 2021 (UTC)Reply
Pending changes, auf gut Deutsch Ungesichtete Versionen, is a very good tool against vandals, if the enWP doesn't like it, so be it, but that is just one project of many, it simply doesn't count much. Grüße vom Sänger ♫(Reden) 13:18, 6 August 2021 (UTC)Reply
It's not about liking it. The concept of the idea of reviewing edits is great. However, the FlaggedRevs extension has no maintainer, it has no prospect for a maintainer, and it constantly runs into mysterious inexplicable bugs to the point that new deployments have been halted. ProcrastinatingReader (talk) 16:50, 6 August 2021 (UTC)Reply
But ain't maintaining existing software just exactly the job description for all those masses of devs, that are employed by our money, that is managed on trust for us by the service agency WMF? That's the main reason for the dev department to exist. Grüße vom Sänger ♫(Reden) 18:26, 6 August 2021 (UTC)Reply
I've read your sandbox draft, ProcrastinatingReader. You talk there as if en.Wiki is the only project to use the Flagged Revisions extension. Sänger makes an important observation. Kudpung (talk) 19:19, 6 August 2021 (UTC)Reply
@Kudpung: German Wikipedia uses it differently, if I remember correctly, and you were discussing the en.Wiki model. I can't speak for other communities, of course, but my sandbox draft is primarily about the bugs in the extension which affect all wikis, and the nature of the bugs is usually more of a problem on other projects than on enwiki.
Re Sanger: I agree in principle, however, it's been years and no WMF team wants to pick it up. We can't force them to, even though IMO someone needs to. If they won't we have a choice: do we continue using buggy, unstable and broken software (or even spread its usage further)? In my opinion we cannot use software that nobody understands and nobody wants to maintain, and definitely can't suggest proliferating its usage, which is impossible anyway due to the WMF moratorium on new installations of the extension. ProcrastinatingReader (talk) 19:25, 6 August 2021 (UTC)Reply
It's their duty to maintain existing and well-used software, that's were they get all our money for. Not useless junk like FLOW or rebranding. Grüße vom Sänger ♫(Reden) 19:33, 6 August 2021 (UTC)Reply
Yes, and one huge problem within the Wikiverse is the anglophone, and especially enWP, bias (hmm, that's quite euphemistic, it's far more then a bias, it's more like an obsession), the enWP is anything but the navel of the Wikiverse, and especially the often loud musings of this one lonely project are oftentimes quite annoying. If they for their project don't like it, it'as their, and only their, problem. But I suspect, that the sub-par meintenance level of this important part of software may be as well be rooted in the unwarranted anglophone bias. Grüße vom Sänger ♫(Reden) 19:31, 6 August 2021 (UTC)Reply
user:Sänger, Ich bin mir nicht ganz sicher, wohin Du darauf hinaus willst. Die englische Wikipedia ist in der Lingua Franca der Welt geschrieben und deckt damit eine große Vielfalt von Sprechern und Kulturen ab, von den USA bis zu den Philippinen in Richtung Osten, und alles dazwischen, insbesondere den Mittel Osten und den indischen Subkontinent. Da können wir dagegen nicht viel tun. Was die sämtliche Wikipedia Freiwillige tun können und sollten, ist, die WMF dazu zwingen, endlich zu erkennen, was sofort benötigt wird, und mit der Entwicklung einiger Lösungen zu beginnen, anstatt die WMFler sich dafür gegenseitig belohnen und gratulieren, Dinge wie UCOC zu entwickeln und 30-Jahres-Pläne auszuarbeiten, usw, und jeden Wikmania 65% zu squatten, um ihren 450 Arbeitsstellen zu rechtfertigen. Kudpung (talk) 22:45, 15 August 2021 (UTC)Reply
Nichts gegen Englisch als eione der Lingua Francas, neben mindestens Französisch, Spanisch, Chinesisch und noch ein paar, aber definitiv gegen die enWP als Nebel des Wikiversums, und gegen hohles englisches Marketinggelaber, dass dann aber als Waffe gegen die Communities benutzt werden wird (Framban).Wie ich weiter oben schon schrieb: Ich erwarte, dass von den 450 Angestellten mindestens 200 sich um die Instandhaltuung der bestehenden Software kümmern, weitere 100 um Neuerungen etc., und der Rest, der kann dann unser Geld treuhänderisch verwalten, unsere Marken schützen, ggf. auf Anforderung der Communities auch über MB/RfC was neues einführen, aber die WMF ist nicht der Boss des Wikiversums, nur der oberste Diebner der Communities. Das Wikiversum ist eine Graswurzelbewegung, und das ist gut so.
Wenn schon Englisch, dann aber höchstens Simple English, alles, was nicht so ausgedrückt werden kann ist exklusiv für die unwichtigen monolingualen Anglophonen. Grüße vom Sänger ♫(Reden) 04:20, 16 August 2021 (UTC)Reply

An RFC has been opened on EnWiki

[edit]

EN:Wikipedia:Village pump (WMF)#IP editing and Masked edits

This is in part to keep the WMF informed, partly to invite any EnWiki editors to comment, and partly a suggestion to anyone interested in opening a similar RFC on other wikis. Alsee (talk) 03:40, 6 August 2021 (UTC)Reply

Hi Alsee, thanks for the link! I'm afraid there are a couple of misunderstandings in the RfC. We will not require age verification – no more than communities who want their admins to be of age do, for example. We will definitely not require communities to have anything near the English Wikipedia RfA process. And while it certainly would make our lives easier on this talk page if English Wikipedia decided they wouldn't have to worry about this because they've already come to a decision about how to handle the situation, I think that not only will the Wikimedia Foundation make better product decisions if as many communities as possible keep being engaged in the process to point out the problems they see, but the communities will also make more informed decisions if they make up their minds around what this will mean for them when it's possible to figure out what IP masking will look like in practice. Isn't this too important a decision for English Wikipedia to make based on assumptions about the implementation of tools and practices we're still developing together with the communities? /Johan (WMF) (talk) 13:31, 6 August 2021 (UTC)Reply
At the risk of splitting discussion, I have to agree with you @Johan (WMF):. As well as being pre-mature, the forum and RfC summary inaccuracies make it procedurally incorrect by en-wiki standards.
There absolutely must be a full-blown en-wiki RfC on whether to go with masking or block IP-editing. Bigger than ACTRIAL, it will be one of the most critical discussions we'll ever hold. But that necessitates making damn sure we do it right, and at the right time Nosebagbear (talk) 14:45, 6 August 2021 (UTC)Reply
  • On reflection, Alsee, while the the RFC is full of very good (IMO) intentions, it might well indeed be premature and withdrawing it might not be such a bad idea. In any case, although I've commented there in support of some of its suggestions, I wouldn't have launched it just yet.
It's clear that the Portuguese Wiki appears to have done the right thing and it's undeniable that en.Wiki is fast losing its reputation for accuracy and its battle against all the things that should not be included or re-edited in articles. As Nosebagbear states, this will be even bigger than ACTRIAL (which took 6 years to get done during which I was very much instrumental in bringing about, so I certainly know what's involved). The RFC needs to be very carefully crafted. This would need to be the effort of a work group made up of people who are as much against change as for it, but who can nevertheless leave their emotions aside and collaborate to producing an RFC proposal that provides the facts fully and correctly, even if the Portuguese experience is going to be a major element of it.
What the WMF is doing here is more or less 2 years of waffle about what they perceive might be required. The WMF falls very short of offering a direct solution for what really needs to be done; the WMF fails to recognise and address the real and urgent issues, but at least Johan (WMF)'s project has stimulated some renewed comment about them. Kudpung (talk) 20:24, 6 August 2021 (UTC)Reply
I have to disagree with your first sentence in every respect, Kudpung. It's not clear that pt-wiki has done the right thing, as one of the principle negatives will only really be noticeable on a year+ timescale. It could also be correct for pt-wiki without being good for en-wiki (one example would be that we already struggle to find sufficient qualified and active CUs even on the current demand level). Thirdly, I would not say that it's clear we're losing our reputation for accuracy as opposed to, say, a year ago - and would be interested what undeniable evidence you could provide to support that.
The remainder of your comment is reasonable, but your framing sentence is not sufficiently supported, at best, and flat out wrong, at worst. Nosebagbear (talk) 22:02, 6 August 2021 (UTC)Reply
Nosebagbear I can't see what is wrong with the first sentence. I don't deny that I'm in the 'ban IP editing altogether' camp - I was deeply involved in cleaning up the encyclopedia content long enough. Wikipedia is sustaining huge damage from IP editing of the kind that goes largely undetected or unreported at the noticeboards. It attracts even greater damage to its credibility from broader quarters. There is an extraordinary huge amount of criticism about the accuracy and manipulation of Wikipedia content, even very publicly again by one of its founders which has rippled through more than the English speaking world. I'm not talking about idle and immature chit-chat on blogs or social media, I'm talking about serious established mainstream media, newspapers, and TV news roundups on the serious and respected channels (and by 'serious' I don't mean Fox and CNN but they do have very, very big audiences), and written into the scripts and plots of many pieces first-class TV drama, and popular soaps, that attract millions of viewers, and even by MPs in the real House of Commons of the UK Parliament, on the casual lines of ' If you believe Wikipedia, you'll believe anything' . Kudpung (talk) 23:44, 6 August 2021 (UTC)Reply
If it were "clear" then there would functionally indisputable evidence that no GF editor contested, and that clearly isn't the case. Larry Sangar's comments are functionally meaningless - but even to the level that they might have impacted our reputation with those not with knowledge of him, I don't see any indication his comments wouldn't have been the same but for the absence of IP editing. The scale of negative criticism in reliable publications of Wikipedia is far less than it was - and again, I don't see anything that suggests that if we let everyone register rather than edit as an IP, those problems would be non-existent. Nosebagbear (talk) 00:19, 7 August 2021 (UTC)Reply

Discussion at Wikimania

[edit]
Gnom's Wikimania 2021 presentation slides

Hi, I would like to offer and discuss my (legal) perspective at the Wikimania unconference. Please declare your interest here: wikimania:2021:Unconference/IP masking. --Gnom (talk) 13:57, 6 August 2021 (UTC)Reply

@Gnom: It'd be nice if you recorded it, for all those who don't attend live events and conferences. ProcrastinatingReader (talk) 16:51, 6 August 2021 (UTC)Reply
Just posting here to confirm that I will host a Q&A on my personal views on the project on Sunday, 15 August 2021, 17.30 UTC. --Gnom (talk) 22:25, 14 August 2021 (UTC)Reply
[edit]

I'm going to send a similar question directly to WMF Legal, but since Johan (WMF) is more responsive perhaps he could also clarify... What Article 6 (GDPR) legal basis is used for processing IP addresses of non-registered users (i.e. the ones available in contribution history)? The privacy policy is not clear but I am presuming consent. ProcrastinatingReader (talk) 18:03, 6 August 2021 (UTC)Reply

I'd have to assume Legitimate Interest - the revocability rights for consent are too large for it to be viable Nosebagbear (talk) 18:07, 6 August 2021 (UTC)Reply
What legitimate interest? ProcrastinatingReader (talk) 18:09, 6 August 2021 (UTC)Reply
Today, you mean? Far outside my area of expertise, I'm afraid, but the question has been noted. /Johan (WMF) (talk) 18:17, 6 August 2021 (UTC)Reply
@Johan (WMF): Yeah, just want to understand the present circumstances. As far as I can see, Article 13 and Article 14 require the WMF to articulate, at or before the time of processing (which it does not appear to do), the purposes of the processing for which the personal data are intended as well as the legal basis for the processing, so I feel this is a question which the WMF should provide a prompt answer to. ProcrastinatingReader (talk) 18:21, 6 August 2021 (UTC)Reply
Johan (WMF), ... implementation of tools and practices we're still developing together with the communities? I don't see much collaboration with the comunities. All I see is constant evasion to answering their questions. It's a bit like how the award winning British sitcom Yes Minister depicted very accurately how politicians handle such situations: talk a lot but say nothing. The difference is that Congress, Parliaments, and the Bundestag are voted mainly on the charisma of the individual candidates, but of charisma, the self-appointed/self-employed WMF will have none, and has always been a suspect body that appears to misuse a lot of the money it holds in trust for the volunteers whose work generates the funds. Their plutocracy is overseen by a token, toothless, rubber-stamping Board of Trustees and Wikipedia's own article about the WMF paints a pretty dismal picture of the entire set up.
At the end of the day, what the WMF is doing here is pointless scaremongering about unconfirmed legal requirements. What is important is that it's time for Wikipedia to get real and do something to repair its reputation as a knowledge base that can be reasonably well trusted. Kudpung (talk) 20:02, 6 August 2021 (UTC)Reply
ProcrastinatingReader, FWIW, the GDPR doesn't mention specifically IP addresses but Article 4 sections (1) through (5) need to be taken in context and although GDPR is no longer anything new, perhaps this is what is scaring the WMF. Many websites, even those who are not bound by EU law, are using a GDPR statement and required acceptance on their start/home pages and maybe that covers it, but are the WMF's legal council experts in European law? On en.Wiki there is at least one German lawyer who is an admin and current Arbcom member, maybe he knows something we don't, and the de.Wiki (namely Germany, Austria, Schweiz) must have dozens of jurists among the volunteers in its chapters, regular editors, CUs and admins. I would like to hear their opinions because in those language regions law and legalities feature prominently in their everyday culture, especially personal data protection even way back in the 70s and 80s when I lived there, well before the age of the Internet and personal computers.
Perhaps the current legalities are adequately covered for GDPR by:
  • You are not logged in. Your IP address will be publicly visible if you make any edits
  • You are not logged in. Publishing will record your IP address in this page's edit history
  • Du bist nicht angemeldet. Deine IP-Adresse wird bei Bearbeitungen öffentlich sichtbar,
and the far more prominently displayed fr.Wiki warning:
  • Attention :Vous modifiez actuellement cette page en tant qu’utilisateur non enregistré. Si vous publiez vos modifications, votre adresse IP sera conservée dans l’historique public de cette page.
Kudpung (talk) 21:57, 6 August 2021 (UTC)Reply
To process (and continue processing) personal information there needs to be an Article 6 legal basis for the processing. IP addresses were intended by legislators to be personal information (see Recital 30). Articles 13 and 14 require the WMF to provide to data subjects the legal basis for processing personal information. For now, I'd just like to ask the WMF what the legal basis they're relying on is. (I believe it should be provided in the privacy policy, but that's a separate issue.) My follow-up questions will vary depending on the response. ProcrastinatingReader (talk) 23:51, 6 August 2021 (UTC)Reply
ProcrastinatingReader I'm a co-developer of many GDPR compliant international websites - particularly ones that address residents of the EU, and ones (such as for example e-commerce sites) that record a lot more very personal and identifiable data than just a couple of cookies. Let's hope that those who matter in the WMF (who are they, exactly?) are hearing you, but don't hold your breath. Anyway, the the tone of some of the comments (not yours) on this talk page are now resorting to an unfortunate colour, so be it as it may, I'm out of here and I'll come out of my en.Wiki retirement again to comment on a new RFC when it takes place. You already have my email address if you want to ask my opinion by email again on anything or wish to point out any GDPR things I may have missed. Kudpung (talk) 00:24, 7 August 2021 (UTC)Reply
Hi ProcrastinatingReader and Kudpung, from my perspective as a European privacy lawyer specialising in online tracking, the legal basis for processing IP addresses could be either the anonymous users' consent (arts. 6(1)(a) and 7) or the WMF's legitimate interest in fighting vandalism, PR edits, and other forms of abuse (art. 6(1)(f) GDPR). I'd say that I lean more towards legitimate interest as the suitable legal basis for a number of reasons, one of them being that obtaining valid consent under the GDPR is quite tricky.
Also, you are correct in bringing up art. 13(1)(c) GDPR, but this rule is currently not interpreted to mean that the privacy policy must name the legal basis for each and every processing activity individually (although I need to point out that the courts have not had a say on this question so far). --Gnom (talk) 09:17, 8 August 2021 (UTC)Reply
@Gnom: Performance of a contract (the TOU) also seems viable, perhaps?
Is there really a valid 'legitimate interest' justification to make IPs public forever (rather than some masks)? The UK DPA's interpretation is that legitimate interests is a test that must show that the processing is necessary to achieve [the legitimate interest]; and balance [the legitimate interest] against the individual’s interests, rights and freedoms. & The processing must be necessary. If you can reasonably achieve the same result in another less intrusive way, legitimate interests will not apply. Given that for user accounts, which have 'masks' in the form of usernames, (supposedly) the IP data is only stored for 90 days, it seems dubious to me whether the permanent publication of IPs is really necessary for the prevention of vandalism. There's also the question of whether the WMF will delete IP contribution history if an Art. 17 or 21 request is made? ProcrastinatingReader (talk) 11:25, 8 August 2021 (UTC)Reply
@ProcrastinatingReader: I thought about performance of contract (art. 6(1)(b) GDPR) as well, but I didn't come up with a good argument for that route: Just because "it's in the terms of use" does not make it necessary for its performance.
Your second point regarding necessity under art. 6(1)(f), however, is exactly why we should be masking IPs (together with art. 5(1)(c) GDPR, which basically says the same thing)!
And yes, the WMF must in fact honour requests under arts. 17 and 21 GDPR, unless exceptions apply (which may be the case). --Gnom (talk) 11:31, 8 August 2021 (UTC)Reply

The legitimate interest to make the processing necessary is our need to have wide monitoring of manipulative editing. Masking IPs would make it much more difficult for the community to spot conflict of interest editing and/or sockpuppet editing. Onceinawhile (talk) 01:08, 13 August 2021 (UTC)Reply

Cookies

[edit]

User:WereSpielChequers and User:Kudpung raised a good point: Can we, by default, ask editors without an account if we could store a cookie on their browser when they try to save a page without logging in? My guess is most vandals are not as sophisticated as to clear their cookies and change IPs every time they vandalise a wiki page, but it is now very common for ISPs to keep rotating IPs around. If the person accepts the cookie and then edits another page using the same device, the next edit can be linked to the same "anonymous username" even if the IP has changed, which both helps the detection of casual vandals and helps well-meaning editors who don't want to bother choosing a username to maintain a conversation with editors if desired. Deryck C. 20:06, 15 August 2021 (UTC)Reply

User:Deryck Chan, User:WereSpielChequers,
Deutsch
User:Deryck Chan, User:WereSpielChequers, ich vermute, dass die meisten Vandalen entweder Smartphones (weil jeder eines hat) entweder an einem WLAN-Hotspot oder mobile Daten oder einen öffentlichen Desktop in der Schule oder eine Bibliothekverwenden. Ein Cookie könnte für Smartphones hilfreich sein, da sie persönlich sind, aber im Fall von gemeinsam genutzten Desktop-Computern ist ein Cookie nicht hilfreich, da es nur den Computer und den Useragent aber nicht den Benutzer identifiziert. Mit oder ohne IP-Maskierung sind wir also zurück zum Anfang. ISPs wechseln wohl in der Tat ständig ihren IPs. Hier zu Hause habe ich zwei verschiedene Breitbandanbieter (mit Loadbalancing, so dass wenn einer ausfällt oder zu langsam ist, der andere übernimmt). Sie sind immer eingeschaltet und alle Computer und Tablets usw. sind immer eingeschaltet. Obwohl wir hier im ländlichen Thailand bessere und schnellere Verbindungen haben als sogar in vielen europäischen Länder, kommt es häufig zu Stromausfällen - weit häufiger als in voll entwickelten Ländern. Das bedeutet, dass sich die Modems beim Strom-Wiedereinschalten wieder verbinden und sich dann die IP-Nummern ändern. Hier ist jetzt Regenzeit, und obwohl die Stromausfälle meist nur ein paar Minuten dauern, bei jedem täglichen Gewitter erreignet sich ein Stromausfall. Ein Cookie kann helfen, da es immer noch vorhanden ist, wenn die Desktop-Computer automatisch neu starten (die Laptops laufen mit ihren Batterien weiter).
In den letzten zwei Monaten, seit ich dieser Diskussionsseite beigetreten bin, experimentiere ich mit dem en.Wiki, indem ich nur edit, ohne mich einzuloggen (Änderungen sind nur geringfügig, da mache heutzutage sowieso kaum ernsthafte Bearbeitungen im en.Wiki mache). Jedes Mal, wenn der Strom zurückkehrt und die Modems neu starten, erhalte ich eine andere IP. Wenn meine Bearbeitungen also keinen Verdacht erregen, gibt es keinen Grund anzunehmen, dass meine IP-Bearbeitungen von derselben Person stammen - jeder, der neugierig ist, wird sehen, dass die IP s alle geolokalisieren nach Udon Thani (es sei denn, ich reise), so dass die meisten Leute vermuten können, dass ich es bin.
Ich glaube nicht (aktuelle Statistiken wären genauer), dass viele IP-Änderungen von {{tq|'wohlmeinenden Redakteuren vorgenommen werden, die sich nicht die Mühe machen wollen, einen Benutzernamen zu wählen, um eine Unterhaltung mit Redakteuren zu führen, falls gewünscht'} }. Es mag einige Eingefleischte geben, die sich weigern, ein Konto zu erstellen, aber doch ernsthafte Änderungen vornehmen, aber ihre IPs ändern sich auch gelegentlich, es sei denn, sie haben eine feste IP, die heutzutage selten wird. Wenn ein IP-Verbot Realität würde, würden sie sich höchstwahrscheinlich registrieren.
Jetzt kommen wir zu den IT-Leute, die ernsthaften Schaden anrichten: nicht deklarierte bezahlte Redakteure, politische Wahlkampfmanipulatoren, Firmen-Spammer, Zensoren und Revisionisten; und in jüngerer Zeit die vielen COVID-19-Fehlinformationen. Wie gesagt, ich bearbeite das en.Wiki heutzutage nicht viel, aber ich konsultiere es aus sehr vielseitigen Gründen Dutzende Male am Tag und stoße auf Dutzende von Vandalismus und / oder Inhalten, die völlig falsch oder sogar absichtlich irreführend sind. Ich sollte wirklich inne halten was ich tue, und es entweder korrigieren oder an einer entsprechenden Noticeboard melden, aber meistens mache ich mir die Mühe nicht, weil es ungefähr 7.000 Benutzer gibt, die (angeblich) für so etwas patrouillieren und weitere 700 New Page Patroller - zumindest wollten sie dafür angeblich die zusätzlichen Benutzerrechte.
français
User:Deryck Chan, User:WereSpielChequers, j'imagine que la plupart des vandales utilisent soit des téléphones intelligents (parce que tout le monde en a un), soit sur un point d'accès Wi-Fi ou des données mobiles, soit sur un lieu public à l'école ou une bibliothèque. Un cookie peut être utile pour les téléphones intelligents car ils sont personnels, mais dans le cas des ordinateurs desktop partagés, un cookie n'est pas utile car il identifiera uniquement la machine et le navigateur mais non pas l'utilisateur, donc avec ou sans masquage IP, nous sommes retour à la case départ. Les FAI continuent en effet à faire tourner les adresses IP. Ici, chez moi, j'ai deux fournisseurs de haut débit différents (avec un équilibrage de charge de sorte que si l'un est en panne ou trop lent, l'autre prend le relais). Ils sont toujours allumés et tous les ordinateurs et tablettes, etc. sont toujours allumés. Cependant, bien qu'ici, dans la Thaïlande rurale, nous ayons des connexions meilleures et plus rapides que certains pays européens, nous subissons des coupures de courant fréquentes - bien plus souvent que dans les pays pleinement développés. Cela signifie que les modems se reconnectent lorsque le courant revient, puis le numéro IP change. C'est maintenant la saison des pluies ici, et bien que les coupures de courant ne durent généralement que quelques minutes, il y en a généralement une à chaque fois qu'il y a un orage quotidien. Un cookie peut aider car il est toujours là lorsque les ordinateurs de bureau redémarrent automatiquement (les ordinateurs portables continuent de fonctionner sur leurs batteries)
Au cours des deux derniers mois environ depuis que j'ai rejoint cette page de discussion, j'ai expérimenté sur le Wiki anglais oùmje fais rarement des interventins sérieuses sur le en.Wiki ces jours-ci de toute façon). Chaque fois que le courant revient et que les modems redémarrent, j'obtiens une adresse IP différente, donc à moins que mes modifications ne soulèvent des soupçons, il n'y a aucune raison pour que quiconque suppose que mes modifications IP proviennent de la même personne - quiconque est curieux verra que le Les adresses IP sont toutes géolocalisées à Udon Thani (sauf si je voyage), donc la plupart des gens devineraient que c'est moi.
Je ne crois pas (des statistiques à jour le diraient) que de nombreuses modifications d'adresses IP sont effectuées par {{tq|'des éditeurs bien intentionnés qui ne veulent pas prendre la peine de choisir un nom d'utilisateur pour maintenir une conversation avec les éditeurs si ils le souhaitent'} }. Il peut bien y avoir quelques irréductibles qui refusent de créer un compte mais qui font de sérieuses modifications, mais leurs IP changeront aussi de temps en temps à moins qu'ils n'aient une IP fixe qui de nos jours devient une rareté. Si une interdiction des utilisateurs IP devenait une réalité, ils enregistreraient très probablement.
Nous arrivons maintenant aux informaticiens qui causent de graves dommages: les rédacteurs rémunérés non déclarés, les manipulateurs de campagnes politiques, les spammeurs d'entreprise, les censeurs et les révisionnistes, et ceux qui font les contributions carrément faux ou même délibérément trompeur, et plus récemment, les nombreux désinformationnistes du COVID-19. Comme je l'ai dit, je n'édite plus beaucoup le Wiki anglais. Je devrais quand même vraiment arrêter ce que je fais et soit le corriger, soit le signaler à un endroit approprié, mais la plupart du temps, je ne fais pas la peine de faire l'effort pas car il y a supposément environ 7 000 utilisateurs qui sont censés de patrouiller pour ce genre de chose et en plus les 700 New Page Patrollers - du moins c'est pour cela qu'ils voulaient ostensiblement obtenir les droits d'utilisateur supplémentaires. Kudpung (talk) 22:14, 15 August 2021 (UTC)Reply
it's my guess that most vandals use either smart phones (because everyone has one) either on a WiFi hotspot or mobile data, or a public desktop in a school or a library. A cookie might help for smart phones because they are personal, but in the case of shared desktop machines a cookie is not helpful because it will only identify the machine and user agent and not the user, so with or without IP masking, we're back to square one. ISPs do indeed keep rotating IPs around. Here at home I have two different broadband providers (with load balancing so that if one is down or too slow, the other takes over). They are always on and all the the computers and tablets, etc. are always on. However, although here in rural Thailand we have better and faster connections than some European countries, we do get frequent power cuts - far more often than in fully developed countries. This means that the modems reconnect when the power comes back on, and then the IP number changes. It's now the rainy season here, and although the power cuts usually only last for a couple of minutes, there is usually one every time there is the daily thunderstorm. A cookie might help because it's still there when the desktop computers automatically restart (the laptops continue running on their batteries)
For the last two months or so since I joined this talk page, I've been experimenting on the en.Wiki by only editing without logging in (edits are only minor such as correcting a small error on-the-fly, otherwise I rarely do any serious editing on the en.Wiki these days anyway). Each time the power returns and the modems restart, I get a different IP so unless my edits were to raise suspicion, there is no reason for anyone to assume that my IP edits are from the same person - anyone who is curious will see that the IP s all geolocate to Udon Thani (unless I'm travelling), so most people would guess it's me.
I don't believe (up to date stats would tell) that many IP edits are made by 'well-meaning editors who don't want to bother choosing a username to maintain a conversation with editors if desired'. There may be some diehards who refuse to create an account but who do make serious edits; however, their IPs will also change occasionally unless they have a fixed IP which these days is becoming a rarity. If an IP ban became a reality, they would most likely register.
Now we come to the IT guys who do serious damage, undeclared paid editors, political campaign manipulators, corporate spammers, censors and revisionists; and more recently, the many COVID-19 misinformationists. As I said, I don't edit the en.Wiki much these days, but I do consult it dozens of times a day for very eclectic reasons and I come across dozens of bits of vandalism and/or content that is flat-out wrong or even deliberately deceptive. I really should stop what I'm doing and either correct it or report it to an appropriate noticeboard, but most times I don't bother because there are around 7,000 users who are (supposed to be) patrolling for this kind of thing and a further 700 New Page Patrollers - at lest that's what they ostensibly wanted the additional user rights for. Kudpung (talk) 22:14, 15 August 2021 (UTC)Reply
@Kudpung: The counter-argument to a complete ban on IP editing is presented as a statistic on the project page itself: on the Japanese Wikipedia, only 9% of IP edits are reverted, i.e. 91% of all IP edits are deemed productive. Maybe those who want a conversation will create an account if we force them, but I think there will still be a significant net loss of participation if we just technologically banned editing without registering an account. Deryck C. 00:37, 16 August 2021 (UTC)Reply
On shared devices, you're right that cookies don't help with or without IP masking. I guess philosophically we can say thus this particular sub-case shouldn't affect our design decisions on IP masking. But also, we typically forbid editing without creating an account for this kind of shared IPs (w:Template:Schoolblock) so I can see cookies helping us to hand out more granular restrictions to these situations. Deryck C. 00:40, 16 August 2021 (UTC)\Reply
Use of Wikipedia by language 2021. Red = English
User:Deryck Chan, there aren't many schoolblocks (perhaps you can find away to to count them), but in this day and age evert child over the age of 6, even here in Thailand, has a smart phone, and they knoew how to use them, so those kinds of blocks are an anachronism. It's also a an error to assume that IP users only make vadalism edits, more sinister are the other kinds of edits we have been mentioning, and these are the most worrying kind on the English Wikipedia.
Comparing the Japanese Wiki is comparing apples with oranges - not only is there a really huge cultural difference between Japan and Western societies, but the Japanese Wiki has a vastly different set of rules, and is also almost entirely centred on, and within Japan. Even in Europe there are significant cutural differences between, for example, Sweden and England, or in the Western world, Germany and the USA. Perhaps even Hong Kong culture differs from the UK and the US despite having been a British colony for 150 years. Far more appropriate would be to take into account the result of IP baning on the Portuguese Wikipedia in 2020. Probably the vast majority of its readers and users are in Brazil where the population is a huge 210mio against Portugal's 10mio. Also not widely known is that in late 2008, a JavaScript was added that forced all unregistered users to preview their edit before saving it. What we 'think' is not so important - far more authoritive are stats (and I keep calling for them), but only when they are used strictly in context, something that Wikipedians are not very good at. Kudpung (talk) 02:19, 16 August 2021 (UTC)Reply
The w:Template:Schoolblock created 2006,‎ is currently used on 27,694 pages. I wonder by how much the vandalism would increase if as a trial, we were to temporarily disactivate it. Some of them have probably been in use so long that some schools might since have been demolished!
The w:Template:Anonblock created 2006 is currently used on 46,901 pages.
The w:Template:Rangeblock created 2006 is currently used on 156 pages.
The w:Template:Public Wi-Fi block created March, 2020‎ by user:MrClog has been used once. Kudpung (talk) 08:12, 16 August 2021 (UTC)Reply

Experiment on requiring registration edit

[edit]

Hi all -- I want to share a quick update on the project page. We have published the ptwiki data officially. We have also launched a separate project page to run an experiment on two projects where we restrict editing to registered users only for a limited time period and collect data to observe impact. More detail here. I will appreciate if we can keep all discussions pertaining to ptwiki or requiring registrations or banning IP edits to that talk page.

Thank you. -- NKohli (WMF) (talk) 22:54, 30 August 2021 (UTC)Reply

WMF-allocated override powers, Risks, and Things That Are Not Risks

[edit]

In very specific areas, where the continued basic functioning of the wikis is at stake, and the relevant expertise necessary to make an optimal decision is held by a very specific group of staff, we allow that group to make high-impact decisions that can even affect the wikis and their basic functions. These tend to be in situations like, "if we don't change this software, we're going to have a giant security/technical problem that will completely bring down the sites", or "unless we do X, the legal problems are going to obliterate the WMF and thus completely bring down the sites". In these cases, we should not second-guess WMF decisions in their specific areas of expertise. Even if they can't tell us what exactly the risk is.

However, if WMF Tech one day showed up and said, "We're killing all the history pages, because the CTO doesn't like the color of radio buttons, and it's annoying, and also maybe mumble mumble something about security risk but also maybe not, but if there were we wouldn't tell you", I would be really hesitant to say, "Welp, security is security, nothing we can do!"

A quote, from the IP Editing: Privacy Enhancement and Abuse Mitigation page:

"We who are working on this are doing this because the legal and public policy teams advised us that we should evolve the projects’ handling of IP addresses in order to keep up with current privacy standards, laws, and user expectations. That’s really the main reason."

User expectations, website norms, and ethics of privacy rules are all, quite frankly, none of WMF Legal's business. They are certainly not part of Legal's "override everything" powers. Acting as though it is within that scope is dangerous.

A general rule that the WMF needs to follow more closely: If you're given an override system for when critical problems directly in your area of expertise show up, don't try to use it outside those problems. We can't just take it away, so now we need to second-guess everything Legal says. (Cf. the 2019 Crisis, since which we can't really trust T&S.)

We shouldn't have situations where arguing with Legal or Technology teams about such decisions are part of our activities. We should not have situations where we would strongly consider acting against or undoing their decisions made under such conditions. If Legal or Technology tell us that the continued function of the sites depends on something, that should be the end of the discussion. But that is being pushed further out of reach.

(The most ironic part is that Legal's push will likely turn out to have been counterproductive even on the issue of IP-hiding itself. I'm pretty sure that if the WMF had said, "this is a thing we think would be good, and we'll keep improving the tech until everyone agrees that the change would be positive", people would eventually agree (especially since the likely resolution to IP masking will likely solve the ongoing WP:THEYCANTHEARYOU fiasco). But that's besides the point.)

In summary: When you're entrusted with The Big Button, don't press it just because it's convenient.

--Yair rand (talk) 06:53, 2 September 2021 (UTC)Reply

  • I did, and do, share the "what are user expectations and similar being mentioned for" concern - at best they should have been raised as a separate point of secondary reasoning, at middling they're distracting from the actual reasoning that is the only valid one for the Legal team to enforce a huge change on the communities (not to mention obliterating 6 months of community/team discussion from abysmal communication without an apology), and at worst it's as Yair notes - a non-suitable basis for overriding action. Nosebagbear (talk) 13:39, 7 September 2021 (UTC)Reply
Just so I'm sure I take the right things away from this, Yair rand, your key points are that Legal has a mandate to make legal decisions (which is the case here), but mentioning other factors is confusing and takes away from the main message, i.e. into areas outside of their expertise, and if we make a decision for legal reasons, then we should bundling this together with other reasons one might want to go in this direction, or at least keep them clearly separate from the reason that shows that this is a decision for Legal? /Johan (WMF) (talk) 11:40, 9 September 2021 (UTC)Reply
@Johan (WMF): that's one of the relevant takeaways, another key note is that the changing reasoning (I re-read the entire archives yesterday, and even when it moved from being a joke that the WMF would do this regardless of the "consultation" outcome to Legal actually stating it would be - it took 8 weeks for a single non-clear reasoning to be provided. We ran through multiple team members, two Board members, Legal, Wikimania in-person discussions, until it got clarified). That's not merely a takeaway for "Legal need to get their comms in order" but a "Legal have made it impossible not to second-guess whether they have a pure legal-risk requirement reason, because of all the past contradictions".
Even now that continues. For just three examples, we still don't have either answers or confirmed "we won't answer this, for X reason" to the following questions:
  1. Why did Legal initially claim legal privilege was what was stopping them from providing the reasoning
  2. If not showing IP addresses to the general public was a legal requirement, why was this only stated as such after the community clearly opposed this proposal?
  3. What is the highest level this has been signed-off at
Nosebagbear (talk) 12:29, 9 September 2021 (UTC)Reply
Noted. For #2, this was an misunderstanding between the Product team working on this and Legal: we didn't initially understand it was something Legal stated had to happen, but as a strong desire, as can happen when non-lawyers are involved in legal discussions. This was unfortunate, and we've made rather big changes to our internal communication around this to avoid something similar in the future. /Johan (WMF) (talk) 12:45, 9 September 2021 (UTC)Reply
Or, to sound less corporate: I'm really sorry the confusion, and I do understand the costs involved. Not just in trust and the Foundation's ability to do its work, but also in editor time spent on this instead of editing. /Johan (WMF) (talk) 12:49, 9 September 2021 (UTC)Reply