User talk:Mpaulson (WMF)
Add topicWelcome to Meta!
[edit]Hello, Mpaulson (WMF). Welcome to the Wikimedia Meta-Wiki! This website is for coordinating and discussing all Wikimedia projects. You may find it useful to read our policy page. If you are interested in doing translations, visit Meta:Babylon. You can also leave a note on Meta:Babel or Wikimedia Forum (please read the instructions at the top of the page before posting there). Happy editing!
-- Meta-Wiki Welcome (talk) 19:25, 11 April 2012 (UTC)
IP post
[edit]Michelle, was this post done by you? https://meta.wikimedia.org/w/index.php?title=User_talk%3AGeoffbrigham&diff=4956674&oldid=4935077. The diff shows that it was done by an IP but whoever it was signed in your name. --Pine✉ 19:34, 2 January 2013 (UTC)
- Hi Pine! Yes, it was. Sorry, I just realized that I must have done that before signing in this morning. Michelle Paulson (WMF) (talk)
Global ban policy
[edit]Michelle, could you also respond to my questions at https://meta.wikimedia.org/wiki/User_talk:Geoffbrigham#Global_ban_policy? Thanks. --Pine✉ 02:14, 9 January 2013 (UTC)
I've left you a message
[edit]Hi,
Just to tell you, I left you a message on your fr.wikipedia talk page fr:Discussion utilisateur:Mpaulson (WMF). Thanks in advance for your answer. Letartean (talk) 01:02, 5 April 2013 (UTC)
- Michelle - that's a great update. Thank you. –SJ talk 04:34, 6 April 2013 (UTC)
Hi, I have sent you a mail. Matanya (talk) 20:52, 15 December 2013 (UTC)
I did an appx
[edit]there https://meta.wikimedia.org/wiki/Talk:Privacy_policy. Wanted to make u aware that this is a real problem concerning European data laws: http://ec.europa.eu/justice/data-protection/. Some courts have already decided that anonymizised data too are to be erased after a certain amount of time, cause its possible to find out, who the real person behind an IP or a nick is...--Angel54 5 (talk) 01:56, 15 March 2014 (UTC) Heres also a factsheet available in the right row as a pdf-download.--Angel54 5 (talk) 02:05, 15 March 2014 (UTC) And to be clear: This tool isnt in accordance with any data protection laws at all: https://toolserver.org/~overlordq/cgi-bin/whois.cgi?lookup=84.142.121.209 (not mine, but as a sample). The main use is to get information about a user, who doesnt agree to collecting it...--Angel54 5 (talk) 23:00, 15 March 2014 (UTC)
- Hi Angel54 5. Thank you for your comment. We are looking into your concerns and will get back to you with a response soon! RPatel (WMF) (talk) 00:04, 25 March 2014 (UTC)
- Hi, when - at midnight?--Angel54 5 (talk) 20:17, 28 March 2014 (UTC) PS.: Would u be so kind to pass those explanatary notes to User:Geoffbrigham? He should know me from a former discussion https://meta.wikimedia.org/wiki/Talk:Terms_of_use. --Angel54 5 (talk) 20:25, 28 March 2014 (UTC)
- I apologize for the delay in responding, Angel54 5. We are aware of the European Data Directive and the possibility of reform. I understand your concern as having two parts: (1) the legality of retaining anonymized data indefinitely; and (2) tools that collect data without first obtaining user consent. To address your first concern, I’d like to point you to our data retention guidelines where we commit to making our best effort to anonymize and aggregate data to the point that an individual cannot be identified. I looked around for the court decisions that you referenced where it was held that even anonymized data must be deleted and was not able to find anything. Can you please provide a link or citation? As an organization that is based in the US, we are not governed by European law, although we seek to incorporate global privacy values whenever possible.
- To address your second concern, I’d like to clarify that Toolserver/Labs tools are subject to a separate privacy policy that is in the process of being revised. Currently, our policy states that developers must obtain explicit authorization before collecting personal information. If you feel that this tool violates the Terms of Use, that is something that should be brought up with the community. This can be done by sending a message to the Labs mailing list. As for tools that collect user information without the user’s consent, during the privacy policy consultation, we suggested a per-project opt-in for Labs, and proposed clarifying language for the new Labs Terms of Use. When a draft of the revised Labs Terms of Use is ready for review, we will provide notification through the mailing list. RPatel (WMF) (talk) 17:19, 31 March 2014 (UTC)
- Ok. U wish some decisions: Here u find a summary.
http://www.it-recht-kanzlei.de/IP-Adressen-LG-Berlin-Datenschutz.html. I try to translate some of that:
Rechtsprechung, welche IP-Adressen als personenbezogenes Datum qualifiziert hatten:
LG Darmstadt, Urteil vom 07.12.2005, Az.: 25 S 118/2005 LG Berlin, Urteil vom 06.09.2007, Az.: 23 S 3/07 LG Köln, Urteil vom 12.09.2007, Az.: 28 O 339/07 BGH, Beschluss vom 26.10.2006, Az.: III ZR 40/06 (wobei sich der BGH nicht ausdrücklich mit der Frage beschäftigt hatte)
Auch hatte der EUGH in einem Urteil (vom 24.11.2011, Az.: C-70/10) – ohne eine inhaltliche Einschränkung – festgestellt, dass es sich bei IP-Adressen in jedem Fall um personenbezogene Daten handeln soll.
Courts, who qualified IP-Adresses as individual-related data:
all three LGs (second block) in Germany are second highest courts - there are 16 in Germany, u can find the judgements under that Az.: which means a number under which it is accessible. Means: The first one is from 2005. BGH is the highest court in Germany, representing the union of those 16 united states. EUGH is the highest European Court and judged in 2011 concerning that manner. Means europeanwide - concerning de.wp, fr.wp, en.wp, sp.wp, it.wp and so on... And if IP-Adresses are to be handled like personnel data, they are not to be presented permanently on any site. Means to me: It might be, that u get some trouble with European legislation, if so. tries to push that through. European Laws say, that Internet based Organizations have to respect European Data Protection, if they dont, I dont know what will be possible restrictions...Im not a judge, but there is much more at stake, not simply German Laws and courts...--Angel54 5 (talk) 20:38, 2 April 2014 (UTC)
- Hi Angel54 5, Thank you for the link to the case. The German court's holding aligns with our definition of personal information, which includes IP addresses. We appreciate your concern that these cases will impact European legislation and will keep an eye on it. Although we are not governed by European law, we try to respect it if possible. RPatel (WMF) (talk) 23:39, 2 April 2014 (UTC)
- Hi, if anything is in line, how do I have to understand the word "temporarily" in that document of urs, that u cite: "Your IP address is also automatically submitted to us, and we record it temporarily to help prevent abuse." Is that to understand as infinitively? Like those lists I appended in my remarks? U try to diffuse the problem...normally I would understand. But I dont understand, why it should be allowed to list such things https://de.wikipedia.org/w/index.php?title=Benutzer:Seewolf/Liste_der_Schurken_im_Wikipedia-Universum&diff=121652431&oldid=121648831#Angel54 over several years. I wrote emails to Pavel Richter (WMDE), Sebastian Moleski (former chair of the club), Harald Krichel (that Admin, responsible for those entries). The same procedure than everywhere. Those informations have nothing to do with de.wikimedia wrote Pavel Richter, because the sites of wikipedia are hosted in the US - means: de.wikipedia.org, the two others didnt even answer. So if u mean, what I cited above, it should be in ur own interest, that such lists should be erased after an amount of time, at least to be invisible for normal internet users, perhaps for admins only. But this is pilloring. Cause it is public and permanently visible. Everybody can use that history to identify the user behind...--Angel54 5 (talk) 04:28, 5 April 2014 (UTC) PS.: Look at the problem this way: Each newspaper has to publish a counter statement, if someones reputation is at stake, Im not even allowed to do that under that section dealing with my IP-adresses. Means even Press Law is abused with this procedure.--Angel54 5 (talk) 04:45, 5 April 2014 (UTC)
- Angel54 5, the information that has been posted by you, specifically your IP addresses, username, and descriptions of your posting activity, is publicly available information that was made public by your actions. Although we appreciate your concerns, we do not feel that laws have been violated because this information is based off of publicly available information. However, if you believe that there has been a violation of your privacy against one of our policies, you can contact the Ombudsman Commission. RPatel (WMF) (talk) 08:41, 10 April 2014 (UTC)
- Hi, Mrs. Patel. And this fact, that Im delivering my IP-adress under my free will gives so. the obnoxious right to misinterpret my person or my opinions? And the added right, to show this permanently on a site of the internet? And this should be in line with data protection? U cant be serious...no I will fight until this is history...and perhaps wait for European laws to forbid such a system. Do u really think, that an obmudsman commission is the right platform to be interested in my concerns, when two of them are from the German community and know their master? Why should I even try to launch a complain?--Angel54 5 (talk) 18:05, 11 April 2014 (UTC) Better I write an email to one of the representatives of the EU concerning that case, they should be more interested than any ombudsman commission about what American enterprises think what personnel rights are.--Angel54 5 (talk) 18:11, 11 April 2014 (UTC) Made an inquiry for clarification. --Angel54 5 (talk) 18:24, 11 April 2014 (UTC) Here u are: I will not translate that paper anymore: http://www.gruene-europa.de/eugh-kippt-vorratsdatenspeicherung-12207.html Angel54 5 (talk) 20:47, 11 April 2014 (UTC) Full text in English:
- Angel54 5, the information that has been posted by you, specifically your IP addresses, username, and descriptions of your posting activity, is publicly available information that was made public by your actions. Although we appreciate your concerns, we do not feel that laws have been violated because this information is based off of publicly available information. However, if you believe that there has been a violation of your privacy against one of our policies, you can contact the Ombudsman Commission. RPatel (WMF) (talk) 08:41, 10 April 2014 (UTC)
- Hi, if anything is in line, how do I have to understand the word "temporarily" in that document of urs, that u cite: "Your IP address is also automatically submitted to us, and we record it temporarily to help prevent abuse." Is that to understand as infinitively? Like those lists I appended in my remarks? U try to diffuse the problem...normally I would understand. But I dont understand, why it should be allowed to list such things https://de.wikipedia.org/w/index.php?title=Benutzer:Seewolf/Liste_der_Schurken_im_Wikipedia-Universum&diff=121652431&oldid=121648831#Angel54 over several years. I wrote emails to Pavel Richter (WMDE), Sebastian Moleski (former chair of the club), Harald Krichel (that Admin, responsible for those entries). The same procedure than everywhere. Those informations have nothing to do with de.wikimedia wrote Pavel Richter, because the sites of wikipedia are hosted in the US - means: de.wikipedia.org, the two others didnt even answer. So if u mean, what I cited above, it should be in ur own interest, that such lists should be erased after an amount of time, at least to be invisible for normal internet users, perhaps for admins only. But this is pilloring. Cause it is public and permanently visible. Everybody can use that history to identify the user behind...--Angel54 5 (talk) 04:28, 5 April 2014 (UTC) PS.: Look at the problem this way: Each newspaper has to publish a counter statement, if someones reputation is at stake, Im not even allowed to do that under that section dealing with my IP-adresses. Means even Press Law is abused with this procedure.--Angel54 5 (talk) 04:45, 5 April 2014 (UTC)
http://curia.europa.eu/juris/document/document.jsf?doclang=EN&text=&pageIndex=0&part=1&mode=DOC&docid=150642&occ=first&dir=&cid=750515 --Angel54 5 (talk) 21:16, 11 April 2014 (UTC)
- Hi Angel54 5. I'm sorry that you disagree with our assessment, but both Michelle Paulson and I have reviewed your concern and do not feel that there is a violation of privacy rights here. We appreciate you bringing your concern to us, but I'm afraid there is nothing more we can do. RPatel (WMF) (talk) 22:49, 18 April 2014 (UTC)
- Thx for ur answer, Mrs. Patel, at the moment I try to get some clarity as well, wrote some emails to EU-Politicans about what that means, and if this practise is in line with EU-right. I would propose not. But lets see in a while. There are elections to the European Parliament in the row and I think some of them will answer...--Angel54 5 (talk) 16:58, 20 April 2014 (UTC)
- Hi Angel54 5. I'm sorry that you disagree with our assessment, but both Michelle Paulson and I have reviewed your concern and do not feel that there is a violation of privacy rights here. We appreciate you bringing your concern to us, but I'm afraid there is nothing more we can do. RPatel (WMF) (talk) 22:49, 18 April 2014 (UTC)
The IP-adresses are published by the user deliberatedly, the warning is pretty clear and obvious. The cited German rulings refer to IP-adresses which are collected while reading a website. My above mentioned page collects IP-adresses from disruptive editors temporarily, only while the disruption ist going on to have means to prevent damage for Wikipedia. The disruption by the complaining user comtinues, so there is no reason to delete his IP-adresses from the page. --Harald Krichel (talk) 16:43, 5 April 2014 (UTC)
- There was more than one try to come to an agreement. U never answered. I offered never ever to visit de.wp again - u make a fight oudda that, not me. So there is no reason to keep those IP-adresses. And btw. u collect IPs out of other reasons. It seems to me, u like to make a counterstrike game out of that. What the hell is hindering u - if im permanently disturbing ur circles, to get this side hidden? This is for admin use only, why show it permanently. This is abuse of each German Data Protection right. Ur filtering is on, so u could each and every time check, if I was on that site, so why this way? Cause ur a hardliner and have to push things through? I dont grasp the underlying motives. Try to elaborate...--Angel54 5 (talk) 00:15, 6 April 2014 (UTC) PS.: And dont even try to argue with "temporarily", the first entrance is from 2010, meanwhile 4 (!) yrs old: https://de.wikipedia.org/wiki/Wikipedia:Schiedsgericht/Anfragen/Auskunftsersuchen_Sperrender_Admin_S1_zu_Angel54. And if u would only collect IPs, that would be enough, but the commentaries about my person and my opinions - that I would think "antisemite" are deeply disrespectful and defamatory. So I come back again - cause this is not tolerable - this is banana republic.--Angel54 5 (talk) 01:58, 6 April 2014 (UTC)
- At the moment, Im trying to make aware of this misuse of personal data:
- http://www.zeit.de/digital/datenschutz/2014-04/vorratsdatenspeicherung-europaeischer-gerichtshof-eugh?commentstart=73#cid-3559528. I will take that one step further, if nothing happens concerning that case.--Angel54 5 (talk) 20:58, 17 April 2014 (UTC)
In a community role
[edit]In Talk:Terms of use/Paid contributions amendment/Archives/2014-02-26#*more* bias, please!, you wrote "you might be interested in reading more about our Legal Fees Assistance Program".
- I asked
- What is "in a community ... role" exactly? Can users "in a community role" ignore Biographies of living people? Are they allowed to threaten family members of "unwelcome" editors?
- Could you please answer those questions? --80.114.178.7 00:05, 15 April 2014 (UTC)
Thanks for pointing out those outstanding questions to me. My apologies for the delay in responding on that thread. I did not see that anyone had responded. I have answered them in the original thread. Mpaulson (WMF) (talk) 14:34, 15 April 2014 (UTC)
- Considering the speed with which I usually answer, there's no need to apologize: thank you for answering. However, you didn't clearly answer "Are they allowed to threaten family members of unwelcome editors?", so I asked it again (diff=8464680)
- I answered in the original thread again. Thanks for pinging me on my talk page to let me know! Mpaulson (WMF) (talk) 23:44, 9 May 2014 (UTC)
- I answered there again, too. --80.114.178.7 01:16, 10 May 2014 (UTC)
- You don't need to thank me as long as you don't threaten to hang my father. Nowadays, to hang him isn't much of a threat anyway (the ashes would just drop through the noose). I wonder what the pseudonyms "in a community role" will threaten next. --80.114.178.7 01:16, 10 May 2014 (UTC)
- FYI - answered in the original thread again. Mpaulson (WMF) (talk) 16:50, 12 May 2014 (UTC)
- I answered in the original thread again. Thanks for pinging me on my talk page to let me know! Mpaulson (WMF) (talk) 23:44, 9 May 2014 (UTC)
Wikimania 15 presentation
[edit]Thank you for your wonderful presentation at Wikimania 15. I have a few follow-up questions: --Taweethaも (talk) 19:47, 17 July 2015 (UTC)
- Do you normally inform users affected by requests for user data? If so, what is the time-frame to inform affected users? Does it depend if the request is granted or not?
Generally, we do inform users affected by requests for user data. As our privacy policy states: "...we are committed to notifying you via email at least ten (10) calendar days, when possible, before we disclose your personal information in response to a legal demand. However, we may only provide notice if we are not legally restrained from contacting you, there is no credible threat to life or limb that is created or increased by disclosing the request, and you have provided us with an email address."
- Though WMF does not grant most of the requests, a number of volunteers e.g. CheckUsers may have access to such information. Does WMF monitor system logs to see that the user data are not revealed by volunteers after WMF denied the requests?
The legal team does not actively monitor system logs, but the access to nonpublic information policy does require notice to WMF if a user with access to nonpublic information discloses that information under the limited circumstances disclosure is permitted. Philippe Beaudette's team would have more information about community policies and the checks that are in place for these kinds of trusted roles.
- According transparency.wikimedia.org, most of the requests come from the US. Do these really originate from the US? or some of them are really requests from foreign governments or other agencies but US government does the requests on their behalf?
Yes, they really come from the US. If the request originates from a foreign government, we list that request as a request coming from the originating country rather than from the US (even if the request is being pursued by the US government). I should note that it's exceedingly rare for us to receive a request where the US government is pursuing the request on behalf of a foreign government.
- Hi Taweethaも -- Thanks for coming to the talk and for the questions! Please see in-line above. Mpaulson (WMF) (talk) 20:18, 17 July 2015 (UTC)
- Thanks so much for your crystal clear answer to my questions. It's helpful and reassuring. --Taweethaも (talk) 21:54, 17 July 2015 (UTC)
- Thanks for this interesting conversation. Mpaulson (WMF) when you say that the requests are coming from the US, can you provide finer detail to the percentage of those requests coming from Federal government requests, private organizations that operate or are based in the US, and non-Federal government requests such as state and local agencies? --Pine✉ 06:25, 18 July 2015 (UTC)
- Pine - Yes, actually! It's all available in our transparency report. Hope that helps! Mpaulson (WMF) (talk) 15:48, 18 July 2015 (UTC)
- Thanks. Am I correct in understanding that from January to June of 2015, WMF received 1 criminal subpoena and 1 court order, and was successful in having them both quashed by contesting them in court? I don't know what the process is for contesting a subpoena or a court order. I believe that Facebook just lost a case in which they resisted disclosing user data when they received a warrant, and it would be helpful to know if in the future WMF's ability to intervene against defective warrants will be compromised by that court decision. --Pine✉ 05:13, 24 July 2015 (UTC)
- Pine - Yes, WMF received 1 criminal subpoena and 1 court order between January and June of 2015 and the processing of those requests did not result the release of nonpublic information of Wikimedia users. I unfortunately cannot go into detail about the processes we use to contest specific requests. We are aware of the NY case against Facebook and are disappointed in the outcome of that case. However, that case is still of limited precedential value in that it does not represent how companies' rights are interpreted throughout the US and around the world. Furthermore, the users whose information is subject to such requests still have the right oppose such requests directly (where there is not an additional legal restraint upon the company requiring it to refrain from disclosing the existence of the request to the affected users) and may apply to our Legal Fees Assistance Program or Defense of Contributors Program for assistance if they would like help opposing the request. The bottom line is that we will continue to do we can to defend our users from unconstitutional or otherwise illegal requests for their data. Mpaulson (WMF) (talk) 00:41, 25 July 2015 (UTC)
- Thank you. --Pine✉ 04:47, 25 July 2015 (UTC)
- Pine - Yes, WMF received 1 criminal subpoena and 1 court order between January and June of 2015 and the processing of those requests did not result the release of nonpublic information of Wikimedia users. I unfortunately cannot go into detail about the processes we use to contest specific requests. We are aware of the NY case against Facebook and are disappointed in the outcome of that case. However, that case is still of limited precedential value in that it does not represent how companies' rights are interpreted throughout the US and around the world. Furthermore, the users whose information is subject to such requests still have the right oppose such requests directly (where there is not an additional legal restraint upon the company requiring it to refrain from disclosing the existence of the request to the affected users) and may apply to our Legal Fees Assistance Program or Defense of Contributors Program for assistance if they would like help opposing the request. The bottom line is that we will continue to do we can to defend our users from unconstitutional or otherwise illegal requests for their data. Mpaulson (WMF) (talk) 00:41, 25 July 2015 (UTC)
- Pine - Yes, actually! It's all available in our transparency report. Hope that helps! Mpaulson (WMF) (talk) 15:48, 18 July 2015 (UTC)
- Thanks for this interesting conversation. Mpaulson (WMF) when you say that the requests are coming from the US, can you provide finer detail to the percentage of those requests coming from Federal government requests, private organizations that operate or are based in the US, and non-Federal government requests such as state and local agencies? --Pine✉ 06:25, 18 July 2015 (UTC)
- Thanks so much for your crystal clear answer to my questions. It's helpful and reassuring. --Taweethaも (talk) 21:54, 17 July 2015 (UTC)
Questions about WMF legal job positions
[edit]Please see User talk:LilaTretikov (WMF)#Questions about open WMF positions and respond there, or forward to Geoff if that seems best. Thanks, --Pine✉ 23:04, 28 August 2015 (UTC)