Wikipedia:Village pump (policy)/Archive 25

From Wikipedia, the free encyclopedia

Village pumps: PolicyTechnicalProposals (persistent)AssistanceMiscellaneous

Contents

[edit] Dumb external link of the day

A sanity check, please.

Being reluctant to remove mediocre external links from worse articles, but yet unable to pretend that everybody thinks it's hunky-dory to be fed braindead pleas to install plugins that will increase their subjection to advertising, I perpetrated this edit. I believe I acted in accordance with this; but, bearing in mind the awestruck tone of the WP articles written about "luxury brands" (e.g. Cartier SA is a famous [sic] jeweller and watch manufacturer that is a subsidiary of Compagnie Financière Richemont SA. The maison [sic] is known for numerous celebrated [sic] pieces blah blah blah), I'm wondering if there's some obligation to be undeservedly polite about them in the external links department. Nobody's complained yet (it's only a few minutes ago), but did I do wrong? -- Hoary (talk) 09:02, 19 January 2008 (UTC) ... PS I later performed surgery on the Cartier article. It's still bad, but it's not malodorously bad. -- Hoary (talk) 10:03, 19 January 2008 (UTC)

I think it would have been better to remove the link. The added comments aren't particularly appropriate. At most, you might have included (requires Flash) next to the link. Karanacs (talk) 17:52, 21 January 2008 (UTC)
Ah, but people won't need Flash if they use my suggested workaround. -- Hoary (talk) 11:11, 22 January 2008 (UTC)

[edit] Wikipedia:Avoid instruction creep is marked as a guideline

Wikipedia:Avoid instruction creep (edit|talk|history|links|watch|logs) has recently been marked as a guideline. This is an automated notice of the change. -- VeblenBot (talk) 17:22, 19 January 2008 (UTC)

Oh, the irony. Kaid100 (talk) 08:20, 20 January 2008 (UTC)
If you ask me it should be a policy. MilesAgain (talk) 10:27, 22 January 2008 (UTC)

[edit] Do we accept sources that cannot be publicly accessed (and thus verified)?

Resolved.

(Notice by Aexus (talk) 07:54, 22 January 2008 (UTC): I've found this discussion very fruitful, I've gathered all information it produced and declare this issue resolved. See bottom of this section for more details.)

In the article EVE Online an editor added a source to a topic in a forum that didn't allow public viewing. Readers had to register an account to access the source. However, the forum didn't allow new registrations. That prevented readers that didn't already have an account in that particular forum from accessing and verifying the source. I've found one guide that touches the topic of sites requiring registration, namely the guide Wikipedia:External links. It has an appropriate paragraph. But since this guide is about the External links section at the bottom of some articles it doesn't apply to sources.
Therefore my question is: Do we accept sources that cannot be publicly accessed (and thus verified)? How should we other editors of the article proceed in this case?
-- Aexus (talk) 02:42, 20 January 2008 (UTC)

Well, if a source is "unverifiable" it fails verifiability, so I'd imagine yes. But a forum is not a reliable source anyway, see reliable sources, partially because it's pretty much a self-publishing source, a forum post. x42bn6 Talk Mess 02:47, 20 January 2008 (UTC)
As is often pointed out, we allow sources that can't be accessed online, like offline books, journals and newspapers. So references will sometimes be to sources you can't just load up in your web browser. A closed forum is a bit different though... you can't really access such a thing for free through a library, which is how you'd typically find an offline source if you wanted to. I don't think forums are particularly good sources in the first place... they used to be flatly barred from being acceptable sources in WP:RS. --W.marsh 02:48, 20 January 2008 (UTC)
Its not a valid source, but it has NOTHING to do with accessability. As had been said, sources don't need to be instantly accessable, just accessable. This source should not be included as forum posts and blogs are inherantly unreliable. --Jayron32.talk.contribs 02:51, 20 January 2008 (UTC)
Forum posts however can contain material that is no longer available online from the original source Eg various interviews with actors on sites like E or TV Guide .I know in the case of Sarah Michelle Gellar that some of her early interviews are only available on fan websites and forum posts now .Garda40 (talk) 03:29, 20 January 2008 (UTC)
If Gellar's interviews actually appeared in a paper edition of TV Guide, then they are citable. If they only appeared on the tvguide.com web site, and have since been taken down, it's in a grey area but I suggest that we not bother to cite them. Something that is not de facto accessible can hardly serve as a reference. I have seen people try to cite formerly-web-hosted material to a forum posting, but that could never serve to verify factual claims, since it could have been tampered with. EdJohnston (talk) 05:39, 20 January 2008 (UTC)
If the website has been taken down, you may be able to find an old copy on the Internet Archive. There is a huge difference between "unverifiable" and "hard to verify." A citation to a one of a kind historical book not available online, while not desirable, is still verifiable. Unverifiable generally means something like unpublished "personal speculation." Mr.Z-man 07:13, 20 January 2008 (UTC)
We reference a lot of papers that are only available online with paid registration - and books that you can only get by paying money. If it's impossible to verify a fact without paying $500, that's one thing, but many sources will have some reasonable cost to access. The question is more where the cutoff point is. Dcoetzee 11:28, 20 January 2008 (UTC)
  • Just to state very firmly that "universal accessibility" is not the standard for citing information. Most information in the world is not universally accessible -- access may be barred by cost, literacy, language, physical ability, presentation, intellectual property, etc. The limitation that Wikipedia cares about is "publicly available" or "published" -- available to the public, but not necessarily available to the public for free. The question of reliability of forums is quite properly addressed on WP:RS as several posters note. One person gave an example of sources that are no longer available except on fan forums. If they were originally published offline, then cite to that, but you can link to wherever you find the best available copy -- online at a fan site might be okay. If it was only ever published in a fansite or forum, then the question is whether that source met reliable sources to begin with. I would say the presumption is typically no, but that's just a presumption -- some sources may be better than others. --Lquilter (talk) 15:57, 20 January 2008 (UTC)
    • Even so, I wouldn't link to the fan site. There is no assurance, due to the unreliability of the site, that the site in question faithfully reproduces the document, and to link to it would imply that the copy was somehow reliable or official. I don't understand the preoccupation with linking references. If it is online, sure, link it. However, the accademic world worked just fine on print references for MANY years before the invention of the internet. That does not stop being true now that websites exist. Just cite the issue of TV guide or whatever in proper bibliograhpic format and leave it at that. There is no compelling reason to provide a link. --Jayron32.talk.contribs 19:59, 20 January 2008 (UTC)
I am puzzled as to the belief especially to items that were online a long time ago , or it's unclear what print issue they were in , as to the belief that they are not faithfully reproduced.People copied and pasted material either fully or in part . I can't think of a case where people deleted individual words to change the meaning of an article .The purpose of putting the item on their website or forum after all was to bring the "news" to their viewers or members and altering it rather defeats that purpose .Garda40 (talk) 20:32, 20 January 2008 (UTC)
  • If an editor uses the version posted at the fan site to make a contribution, that should be noted as the source. It is not much different from avoiding the use of "pass-through" citations. If there is any question of reliability in the quality how the fan site transcribed the interview, that should be made clear from the citation. It would be dishonest to claim the authority of the original source if that was not actually used. olderwiser 20:07, 20 January 2008 (UTC)

Note: Questions of this nature are more rightly directly to the reliable sources noticeboard so editors expert in that particular area can respond. For this specific question see citing sources which has examples of citing an underlying source through an overlaying source. Wjhonson (talk) 21:44, 20 January 2008 (UTC)

As to the question of verifiability, although we do not require universal verifiability, the extreme opposite standard would be unverifiability. I.E. no new member of the public can ever access the data — period. That situation isn't acceptable either. In the middle we have some people can access the data some times, and by some people, any randomly selected person must be able to access it by some means would be one standard. On the issue of newspapers, while it is true that some require registration, there is *always* an option, without paying the website, to access the same data. You could order a microfilm through inter-library loan for example, you could call the library in that town and ask them to photocopy the page and pay them a small fee. While there may not be a "completly free" option, we should not have a system set-up which allows only a *single* option to get access if that option is not free. We are not here to allow any company to forcibly profit off our links, each link to a convenience site should as well point at the underlying non-corporate fee-free method of accessing the same information.Wjhonson (talk) 21:53, 20 January 2008 (UTC)

Thank you very much for your opinions so far. It's great to read what you think about the topic. I think I should highlight the source in question. It's a topic in the EVE Aurora forums. Aurora is a volunteer organisation that helps the developers and game masters of EVE Online organize in-game events. Technically everybody can access the topic in the Aurora forums. However, one had to apply for a position at Aurora first. To be accepted one had to play EVE Online and meet other requirements Aurora asked for.
Let's say I don't play the game; I'd just like to read the source. I can't. Only members of Aurora can. Yes, the source is accessible - even if it's not accessible for everybody. Does this make a difference in the source's acceptability?
When discussing this issue with a fellow editor of the EVE Online article he wrote (with public accessibility in mind): "It would not be unreasonable for a Hewlett-Packard employee to cite an internal forum, wiki or intranet site for some obscure technical detail of one of HP's products." Technically everybody could access and verify the source. One would have to apply for a job at Hewlett-Packard. But other than that - no problem. I can't wrap my mind around this yet. With this information in mind do you think it makes a difference in the Aurora forum topic's acceptability?
-- Aexus (talk) 01:52, 21 January 2008 (UTC)

Your unease is seconded. Consider another example. A member of the Masons cites to a phamplet created in-chapter and only viewable by High MooCows. Technically a person *could* spend 14 years becoming a High MooCow in order to verify it, but this bar is incredibly high. Verification by a random person should be straightforward, relatively simple and relatively free. Information that is internal is not *published*, that is, it is not available to the public. Being available to the *private* (if you will) does not satisfy our verification criteria. So your counterparts example, needing to be hired by HP, fails. This bar is too high. In your specific example of playing a game, your might want to take your question as well to the talk page of WP:V to get more input, vis a vis *how much effort* should a random person have to expend to verify a source that requires hoop-jumping? Have a great day. Wjhonson (talk) 02:09, 21 January 2008 (UTC)
I would also argue that an internal forum, wiki, or intranet site at a company is probably data not intended for the public and thus used illegally (or at the very least at the risk of the poster getting fired). Forums are not reliable sources. They are self-published, meaning anyone can write anything. They can be extremely useful for helping to identify potential sources, but then the burden is on the article editor to go find the actual source. Otherwise you are taking the word of the poster that the information is accurate and complete. Karanacs (talk) 18:03, 21 January 2008 (UTC)
Things are different when the forum IS the actual primary source. We're talking here about an online game and a forum used to run that game, not an internal random chat forum. There aren't going to be much if any paper sources. Online sources in these cases should be valid else you will never be able to say anything at all. In particular this is involving misconduct by that company that was exposed by an internal whistleblower using internal evidence. Publically published statements by the company over such an issue are naturally going to be of suspect bias. —Preceding unsigned comment added by Terlipressin (talk • contribs) 05:36, 22 January 2008 (UTC)
This particular thread however is talking about that those forums are not published because they are not "public" unless the user jumps through hoops. The discussion of how much effort a verifier has to expend to verify a source should be taken to the Talk page of WP:V. There's too much clutter here, and the people who monitor V are more expert in the specifics of the interpretation of that policy. Wjhonson (talk) 05:54, 22 January 2008 (UTC)

Thank you all very much for your input. I've gathered everything we've got so far. I declare this discussion closed and ask you to pursue the two aspects I've split it into. One is the reliability aspect that is now being discussed here on the Reliable Sources Noticeboard as suggested by Wjhonson on Sunday. The other is the verifiability aspect that is now being discussed here on the WP:V Talk page - also as suggested by Wjhonson. Again, thanks!
-- Aexus (talk) 07:54, 22 January 2008 (UTC)

[edit] Requests for checkusership

Due to problematic issues around the appointments of checkusers behind closed doors, I've proposed this. Please comment. Thanks, Majorly (talk) 23:59, 21 January 2008 (UTC)

Proposal appears to have been withdrawn following intense discussion, see Wikipedia talk:Requests for checkusership. Andrewa (talk) 09:30, 22 January 2008 (UTC)
Here's a better idea: Give everybody checkuser ability.   Zenwhat (talk) 09:52, 22 January 2008 (UTC)
See meta:Privacy policy: When using a pseudonym, your IP address will not be available to the public except in cases of abuse. Changing this should be discussed at the meta talk page, and I doubt it will happen. But have a go. Andrewa (talk) 10:26, 22 January 2008 (UTC)

[edit] Userspace and templates

Does anyone know what the policy is on userspace being used as a template? Or just transcluding in general? I assume that transcluding within a namespace is OK, but that there are restrictions on transcluding between namespaces? eg. Template namespace is designed to be transcluded everywhere. User namespace can be transcluded within user namespace (eg. to organise user pages and for userboxes). Discussions (the various talk namespaces) are sometimes transcluded to organise discussions. Portals have stuff transcluded on to them, and in effect this includes the Main Page. And so on. But is there anywhere that specifically says that transcluding userspace elsewhere (in this case from userspace to image namespace) is discouraged or forbidden? Carcharoth (talk) 13:07, 22 January 2008 (UTC)

It doesn't really matter. If they were more heavily used, moving them to the template namespace might make sense, but if they are only used by this user, then having them in user space is fine. — Carl (CBM · talk) 13:14, 22 January 2008 (UTC)
It does seem a bit strange though. Editing an image page and finding a user's name on the page in that way. An example is here. Also, with other users (not this one) you might get problems with what happens if the user leaves, or if the user decides to nominate their subpage for deletion, and arguments (silly ones) over whether the page should be discussed (if it ever needs to be) at TfD or MfD. Carcharoth (talk) 13:37, 22 January 2008 (UTC)

[edit] bot approval group

I have listed it at {{RFCpolicy}}, but I don't know how much traffic that gets, so, i'll mention it here too: WT:BAG#RFC. —Random832 18:31, 22 January 2008 (UTC)

[edit] Redirects from foreign languages

Clarification on part of the policy on redirects has been requested at Wikipedia:Redirects for discussion/Redirects from foreign languages. Please join the discussion at your convenience. Rossami (talk) 23:54, 22 January 2008 (UTC)

[edit] Releasing IP addresses of registered users: the Video Professor incident

According to the January 2, 2008 Wikipedia Signpost [1], a company called Video Professor did not appreciate criticisms in a Wikipedia article about it and demanded the IP addresses of registered Wikipedia editors via subpoenas delivered to Wikipedia along with two websites which criticized the company. The two other websites, infomercialscams.com and ripoffreport.com did not provide the subpoenaed info. Wikipedia did, “without a fight” according the article cited from ConsumerAffairs.Com of December 18, 2007 entitled “Video Professor Drops Subpoena, Goes After Wikipedia Users” [2]. This was discussed at Jimbo Wales talk page, User talk:Jimbo Wales/Archive 31#Wikipedia surrendering users' info without a fight with those complaining about it being told by administrators that that page was not an appropriate forum to discuss it and that their recourse was to write to the Wikimedia Foundation. Wales himself disputed the news report, saying ”It is false to say that we did not put up a fight.” without providing any details of the degree to which Wikipedia did put up a fight for the anonymity of registered users and their IP addresses. The buck was passed to Comcast to fight against revealing the subscriber info for the IP address. Sometimes the IP address itself provides too much identifying information. It appears that the other two sites did successfully avoid providing identifying info about those who posted there, but Wikipedia provided all the info they had, namely the IP addresses. This practice can only have a chilling effect on the willingness of Wikipedia editors to add even well-sourced information critical of organizations or companies who can afford to and who are willing to engage in litigation similar to S.L.A.P.P. tactics to prevent negative information being posted in Wikipedia. S.L.A.P.P. more specifically refers to comments made in reference to public policy issues, and is defined as litigation “frequently filed by organizations or individuals to intimidate and silence critics or opponents by burdening them with the cost of a legal defense so that they abandon their criticism or opposition.” The discussion was then archived at Wales’ talk page, so that appears not to be the appropriate forum to discuss it. I feel that this is an important policy area for discussion, and this seems like an appropriate forum. How hard did and should the Wikipedia legal staff fight to avoid turning over all the identifying information they have about registered editors (i.e., their IP address) when persons or companies do not like the information posted about them in Wikipedia articles? The article cited from consumeraffairs.com says “It's unclear why Wikipedia forfeited the IP addresses. A Wikipedia spokesman returned ConsumerAffairs.com's call but did not have the information requested. The individual with specific information regarding the subpoena did not return a phone call and e-mail.” It is time for the powers-that-be at Wikipedia to fully address this important issue, and for us to discuss the degree to which the secrecy of our IP addresses should be defended by the foundation in such cases.. Edison (talk) 14:55, 11 January 2008 (UTC)

I agree it is disgusting, but when those "law gents" use their lawyer charms it takes alot to say no to any of their questions. I have a few users who I would like to know the address maybe I should just treaten leagal action and get it. But what is more disgusting is a company going after non-profiting private citizens cause they don't like what they say. Well I guess I could be in the sights so just to cover myself, I think the people at Video Proffesor are a fine group of fellows.--AresAndEnyo (talk) 15:10, 11 January 2008 (UTC)
Thanks for starting this thread and reviving this topic. I do think that Wikipedia behaved in a rather cowardly and unprincipled manner in this case. I also found Jimbo's explanations to be disingenuous when he wrote: "And we were successful in pushing the company to seek identifying data not from us but from the cable broadband provider, which is protected under the Cable Act from complying with a mere subpoena". It is clear to me that the responsibility for making the First Amendment argument in court lies primarily with the content provider (in this case Wikipedia) rather than the internet service provider. Wikipedia simply decided to pass the buck in the quickest way possible. I also find it outrageous that Wikipedia, apparently, did not notify the WP users affected that their IP addressed have been released.
I do think that these kind of actions by Wikipedia will have, or at least have a potential to have, a substantial chilling effect on editors of WP articles in the future, even when (which was not the case here) undisputably reliable sources are available for a particular bit of critical information. Also, if and when other companies find out about this Wikipedia practice, they will be encouraged to follow VP's example. Regards, Nsk92 (talk) 16:14, 11 January 2008 (UTC)

Were the users/IP editors/whomever notified by the WMF that their information was released? Lawrence Cohen 16:37, 11 January 2008 (UTC)

Apparently not. At least nobody notified me of anything, and I assume that my IP info was among the data that was released. Regards, Nsk92 (talk) 16:43, 11 January 2008 (UTC)

I've been invited to comment here because of a post I made to Jimbo's talk page about this incident. More Wikipedians need to volunteer to resolve conflict of interest issues. This lawsuit is an example of what happens when the community fails. DurovaCharge! 19:14, 11 January 2008 (UTC)

Sorry, but what are you talking about? The best I can tell, the WP community did not fail here. You should really look up the archived "talk" page for Video Professor. There was a dispute, followed by an involvement of an experienced WP editor (Barneca) in late August. There was an active discussion by all sides after that, and a clean consensus NPOV version of the article was written by Barneca in early September. This is exactly how the dispute resolution process is supposed to work in Wikipedia, isn't it? The lawsuit in question originally primarily targeted two other "customer reviews" websites. But those sites fought back. The company dropped its subpoena against them and went after the "weakest link", namely Wikipedia. Regards, Nsk92 (talk) 19:32, 11 January 2008 (UTC)
Y'know what would make COI-monitoring easier? IP Addresses.
If we're willing to release them to anyone who get a subpoena, we might as well let our own admins see them. It would make checkuser moot, reduce bureaucracy, virtually eliminate abusive sockpuppetry, and increasing transparency. I think it's time we revisit this. If we're willing to say (as said below) that Tor is the only assurance of privacy on Wikipedia, let's at least do something useful with it. Cool Hand Luke 05:52, 13 January 2008 (UTC)

This is why, A: if you want privacy, you should use Tor, and B:Why wikipedia must not blanket ban all traffic from Tor nodes. --Kim Bruning (talk) 05:15, 12 January 2008 (UTC)

I have seen no response to the issue of why Wikipeda reportedly a) failed to respond in any way to the initial subpoena, and then later b)coughed up the IP address demanded by the aggrieved article's subject, unlike the other two websites who never did. Is this what we should expect of Wikipedia? Did other communications or legal processes take place behind the scenes? Should we expect that Wikipedia will fold like a house of cards if any person, company or group takes offense at any editing and tell them all they know about the real world identity of the editor who has in some way offended the aggrieved party? Does Wikipedeia have legal representation, and what are the policies for defending the privacy of editors? Edison (talk) 03:43, 13 January 2008 (UTC)

There was some discussion of this issue in Talk:Criticism of Wikipedia. Here is a quote from JzG's post there: "A subpoena as part of a court proceeding would have been passed to our general counsel, Mike Godwin. I don't imagine he'd have handed anything over unless he thought it was necessary". You can also read my response there. Regards, Nsk92 (talk) 04:30, 13 January 2008 (UTC)
You seem to refer to Talk:Criticism of Wikipedia#Wikipedia surrendering users' info without a fight. The question is why Wikipedia apparently did not "put up a fight" while two other identified websites DID put up a fight and did not reveal the IP addresses of the posters in question. It appears that with a minimal legal effort, the identities of editor might have been protected. The implication is that editors should NEVER post anything which might offend anyone willing to hire a lawyer and demand to know the editor's identity. Edison (talk) 04:54, 13 January 2008 (UTC)
Yes, unfortunately, that seems to be the current state of affairs. As I said, in my opinion, Wikipedia behaved in a cowardly and unprincipled fashion here and has set a terrible precedent for the future. Regards, Nsk92 (talk) 05:02, 13 January 2008 (UTC)

Oh wow, this is really screwed up. -- Ned Scott 05:57, 13 January 2008 (UTC)

Still screwed up, but I can only assume that, given Wikipedia's limited legal resources, they honestly did not believe they had any other reasonable choice in this situation. It's a situation that seems to be unfair to both the users and the Foundation. The action seems to be legal, even with the Foundation's privacy policy (however, I am in no way an expert on such things, and could be completely wrong about that). Wikipedia might be a giant of a website, but as an organization, it's pretty small. There isn't much to shield us from the outside world, unlike those other companies that did not give out IP addresses. I believe Jimbo when he says that they did put up a fight. I suspect the only real way for us to improve such a situation would be to better support the Foundation's legal resources, either with more volunteer lawyers, or monetary donations specifically intended for legal resources. -- Ned Scott 06:32, 13 January 2008 (UTC)
As I have explained privately to a number of individuals, the consumeraffairs writer was eager to rush a story out, and did not wait until I was able to respond to him regarding our compliance with the Video Professor case. The short answer is that we did not initially comply -- we resisted -- and the Video Professor people then proceeded to start a potentially expensive contempt-of-court process in Florida against us. We retained an outside law firm to represent us. We investigated how we might narrow their demand for compliance (we did narrow it), how much private information we'd then be disclosing (very little) and how to get the Video Professor people to realize that we don't maintain a lot of private data about, well, anyone. This is what we did, and then the Video Professor people were forced to seek private subscriber data from Internet providers (which do have subscriber data but also greater legal protections against producing it). So far as I know, the actual facts in our response have never been reported anywhere, and for various policy reasons, including our continuing ability to keep private information as safe as possible under the framework of legal protections we have, I simply cannot spell out everything we did in a public forum. Now, if the price of maintaining good legal practice on keeping confidential matters confidential is that we get the occasional critical blog entry or face imaginative assume-the-worst threads on the Village Pump, I'm okay with that. But I can pretty much assure you that just about every criticism offered here is factually wrong. Every single one. We paid money to outside counsel to respond to the Video Professor complaint, and it was well-spent, and the result was extremely limited in terms of WMF exposure or editor exposure. You may be believe it is appropriate for WMF to revise its privacy policy (which was created a year before I got here), and I can assure that the policy is under review. MikeGodwin (talk) 08:54, 13 January 2008 (UTC)
Sorry, but that is just not good enough.
1) First a technical point. What is the WP privacy policy that you refer to and where can it be found?
2) I simply cannot believe that WP has more limited financial resources than the two other much smaller websites that were targeted by this lawsuit. If that is actually true, this case brings to light a major structural problem with the way WP operates that still needs to be addressed for the sake of the future. To me this means that the WMF needs to set up a separate "legal defense" fund and actively solicit contributions to such a fund that can be used in future legal actions. Moreover, even acception the "we are too poor to fight" argument, you did not have to go it alone and you did not actually have hire a private law firm to handle this case. There are other non-profit and public advocacy groups whose legal help you could have requested (and I am sure that a more favorable financial arrangement could have been negotiated with them than with a provate law firm). These include, for example, the Electronic Frontier Foundation (which has a separate legal department for helping with internet freedom of speech cases) and the Public Citizen (which was used by the other two websites in the case).
3) I am not impressed with your contention that the WMF did "fight back" based on the fact that you managed to limit the scope of the data released to the IP addresses and that you did not comply with the subpoena immediately. In most cases an IP address is the only info that WP has on a user. You managed to explain this to the plantiff. Bravo! That is quite a legal victory. But, seriously, IP addresses was what you had to give up and that is what you gave up. The fact that you were threatened with a contempt motion is also not a good excuse. So were the other two websites. They chose to contest the underlying subpoena on the First Amendment grounds but you did not. Isn't that correct?
4) Neither am I impressed by your argument that you passed the hot potato to the cable company which "has greater legal protection". This was your hot potato to hold and to deal with. In my view, it is self-evident that the primary responsibility for making the First Amendement freedom of speech argument in court lies with the content provider (in this case WP) rather than with the internet service provider (the cable company). It was your case to make, not the cable company's.
5) The stakes and potential consequences of this case are much greater for Wikipedia, which has millions of users, than for the two other websites targeted by the lawsuit, and they are greater than you would have us believe. This is not just a matter of geting "the occasional critical blog entry or face imaginative assume-the-worst threads on the Village Pump". The editorial independence and freedom of editors from intimidation are at stake here. This is an important basic principle which is at the core of what Wikipedia is and what it stands for. I am sure you are hoping that this matter will just go away. And maybe it will. But don't you realize what could happen if the info about this case spreads around, both to WP users and to the various companies which will be encouraged to follow the plantiff's example in this case. Just knowing what happened here has the potential of having a strong chilling self-cencorship effect on the future WP editors. I don't know about the others, but I sure as hell learned my lesson here to completely stay away from touching the WP articles dealing with any kinds of current commercial entities.
6) For the above reasons I think that it is important for WP to present its side of the story more fully.
7) You did not notify the WP users whose IP info was released correct? Would it have been to much to expect from you to leave brief messages at the affected WP users' talk pages asking them to contact the WMF foundation directly?
I don't know about others, but I feel personally betrayed and disgusted by the Wikipedia actions in this case. I was expecting better from the supposed beacon of free dissemination of knowledge. Regards, Nsk92 (talk) 15:34, 13 January 2008 (UTC)
"imaginative assume-the-worst threads on the Village Pump"?? The facts reported were that someone took offense at the contents of an article or its talk page, then demanded and got the IP address of the registered editor in question. It was posited that this sequence of events encourages other subjects of articles to similarly exercise a chilling effect on Wikipedia editors in their willingness to add content that someone willing and able to go to court might take offense at. Is it the fact that the other two websites, which successfully fought the subpoena actually have greater financial resources that we do? The Alexa ranking of infomercialscams.com is 115,497. That of ripoffreport.com is 13,127. The Alexa ranking of Wikipedia.org is 9. What is the cost of allowing litigious subjects of articles to stifle criticism in Wikipedia articles? Did we enlist the aid of Public Citizen [3] [4] ? Edison (talk) 14:51, 13 January 2008 (UTC)
Besides the Public Citizen, how about the EFF? Presumably Mike is still on "good" terms with them. Lawrence Cohen 15:39, 13 January 2008 (UTC)

Was the IP address given up to the cable company without contesting the supoenae because the cable company would also then have to be challenged to release their own client personal data? What if the IP address itself had personally identifying information, which is not uncommon? Would the challenge have been made to keep it in then? Lawrence Cohen 15:38, 13 January 2008 (UTC)

Would it be possible for the WMF counsel to clarify if this has ever happened before, with information being released? When, and how many times? Lawrence Cohen 15:42, 13 January 2008 (UTC)

I'm sorry you don't find my answer satisfactory. That said, these responses strike me as driven by a lack of awareness of the realities of the sheer volume of legal threats facing Wikimedia Foundation on a weekly basis. For example, a big deal is made out of how smaller websites responded -- conveniently ignoring the fact that Wikimedia Foundation is a larger website that has only the legal resources of a smaller website. We deal with many legal threats every week -- sometimes more than once a day -- and you never hear about them because they're handled quietly and efficiently in ways that are consistent with our values. We have to respond in volume to legal threats in ways that smaller websites don't have to. My view is that so long as my friends and former colleagues at EFF and Public Citizen are satisfied with my keeping them informed (after all, we've worked together for longer than the Foundation has been in existence), then I'm satisfied. Wikimedia of course has a privacy policy, approved by the Board fully a year prior to my being hired. That policy can be found by searching for "Privacy Policy" on Wikimedia.org. (If that's too hard, try <http://wikimediafoundation.org/wiki/Privacy_policy>.) If you believe that WMF's privacy policy is wrong or needs to be improved, I'm happy to listen. So's the Board. I certainly have some ideas about how to improve it. I'm especially interested in hearing your feedback if you're an attorney or otherwise legally trained. Brick-hurling and personal attacks will be less welcome, naturally. MikeGodwin (talk) 20:24, 13 January 2008 (UTC)
No disrespect nor attack was intended, Mike, I was just asking a couple of extra questions. I'm just myself primarily curious if, when such information is released, what steps are taken to notify individuals that their private information (IPs) was released, and are they notified to whom they were released? Lawrence Cohen 20:30, 13 January 2008 (UTC)
The privacy policy states that the IP address of a registered user may be released "In response to a valid subpoena or other compulsory request from law enforcement." The other websites challenged the validity of the subpoena. It is unfortunate if we are unable to dispute the validity of a subpoena as other websites did. Sorry if the questions or concerns expressed have seemed to you to be "Brick-hurling and personal attacks." It is great that daily legal problems are handled efficiently. I hope that the turning over of IP addresses is not a frequent occurrence; we still have not heard how often this happens. The suggestion above was a good one about seeking funding for the legal defense of the intellectual freedom of the foundation in preserving the right to anonymously add referenced, non-libellous content. Perhaps the balance of funding is tipped too far towards servers and not far enough toward the legal expenses. Edison (talk) 21:06, 13 January 2008 (UTC)
Do you have a recommedation about how to notify those who've edited anonymously, whose IP address may be shared by many other individual users? Also, is there a recommendation about how to notify those whose listed contact information may be deliberately incorrect? MikeGodwin (talk) 21:09, 13 January 2008 (UTC)
In the case of IP-only editors, there is no practical way to do it, beyond leaving a note on the IP page directing the user to contact the Foundation I would imagine, and then the Foundation (who is responsible for the safekeeping of IP info) would need to vet to make sure the person contacting them did indeed make the edits in question. For the logged-in users, it would be as simple as mailing them via their Username, if they have email enabled. If not, leave a note asking them to contact the Foundation with urgency. Lawrence Cohen 21:15, 13 January 2008 (UTC)
Exactly right. If a user has an e-mail address as a part of their WP profile, you can send an e-mail to the user at that address asking to contact WMF and, possibly, containing some kind of a key phrase or word that can be used for authentication purposes when that user does call WMF. Or you can simply include the information about the IP addresses disclosure in the e-mail message.
If a WP user does not have an e-mail address on file, you could leave a message at that user's talk page asking them to contact WMF, or perhaps asking them to update their profile and include an e-mail address there. Even if a user is unwilling to provide an e-mail address as a part of their WP profile, there are other ways of devising an authentication protocol. E.g., off the top of my head: when the user calls WMF, you can ask him/her to make a specific edit somewhere on Wikipedia, using their username, and then immediately call back. Or something like that. Regards, Nsk92 (talk) 22:07, 13 January 2008 (UTC)

<undent> It might be good to canvas editors and particularly legally trained editors for their ideas. I also think this highlights the potential value of a separate legal warchest, and fundraising to meet legal threats and challenges. I personally might be more inclined to donate to a legal warchest than a general Wikimedia Foundation fund. This is a good thread to get people thinking about this kind of thing. Comments?--Filll (talk) 21:51, 13 January 2008 (UTC)

While I am not legally trained, I do have a few thoughts about this. I have just read the WMF privacy policy and it looks pretty wimpy. First, there is no requirement there for notification of registered WP users when their identifying info (IP addresses and possibly e-mail addresses) are being subpoenaed by third parties. In my view such a notification is absolutely necessary. Moreover, I think that such notification must occur at the moment when a subpoena is received, rather than after the identifying data is released. This way the users in question will have time to retain their own legal counsel and possibly contest the release of their data directly with the court involved. Second, some kind of higher bar needs to be set for releasing the data. As the privacy policy reads now, WMF can, if it so chooses, release the user's data simply upon receiving a subpoena. Simply having a valid subpoena from some civil suit (which is usually pretty easy to obtain) seems to be a rather low bar for releasing some user's info. Admittedly, I don't have a specific alternative suggestion at the moment but I believe it is possible to come up with one. Third, the policy is somewhat fuzzy on exactly what kind of identifying info may be released. E.g. it does not mention explicitly an e-mail address that a WP user may have on file as a part of their WP profile. Regards, Nsk92 (talk) 22:34, 13 January 2008 (UTC)
And, oh yes, I certainly think that setting up a permanent legal defense fund for WMF is a good idea. Nsk92 (talk) 22:38, 13 January 2008 (UTC)
As someone who also edited the Video Professor page during the timeframe being discussed, I’ve two concerns here, one personal, one general.
First, the personal. I would like to know if my IP address was provided to anyone. I would hope that if it was, someone would have felt a responsibility to try to contact me to tell me so (I’m pretty easy to reach). But if not, I’m directly requesting that they do so now. If this isn’t the place to make this request, please let me know what is; Mike Godwin’s email? info-en-o@wikimedia.org? Somewhere else?
More generally, whether I’m directly affected or not, I’m still unclear (possibly my fault for not being able to parse legalese) whether the IP addresses that were released were provided to Video Professor, or whether they were provided to the corresponding ISP’s, who have more protection against this kind of fishing expedition. Was any of the other information that a Checkuser could provide, or (as Nsk92 asks above), email addresses, also provided to anyone?
Mr. Goodwin, I understand the privacy policy I agreed to when I got an account here, but surely you understand the concerns of the affected people here? Is it really fair to characterize them as "imaginative assume-the-worst threads"? Volunteer organization or not, cash-strapped or not, whether you followed the letter of the privacy policy or not, if you did not fight hard against a fishing-expedition type subpoena, I’m very disappointed (for whatever that’s worth). If you did fight hard, then thank you. We're volunteers too, we're (many of us) cash strapped too, and we deserve all the fight you can muster, and deserve not to be dismissed as Chicken Little when we ask questions about how our privacy was treated by the WMF. --barneca (talk) 22:51, 13 January 2008 (UTC)
I don't know who Mr. Goodwin is. barneca, when you ask 'Is it really fair to characterize them as "imaginative assume-the-worst threads', my only question can be -- did you read the personal attacks started off in this thread? Did you pass over the words "cowardly" and "unprincipled" and "disingenuous"? Some people insist on denigrating those whose actions they disagree with. It seems to me to have happened here, early on, and, being a human being, I cannot help but be struck by it. If I was name-calling or personally attacking you, especially when you knew you had taken steps to protect everyone (and still are taking steps), would you take it well? This is not to say there is no room for constructive criticism -- obviously, there's plenty of room. But I think the culture of personal attack is unhelpful at solving any problems or improving anything. That's just my opinion. MikeGodwin (talk) 02:07, 14 January 2008 (UTC)
Apologies for mispelling your name. Yes, one person has been criticising WMF much heavier than others, and if they asked my advice I'd suggest they tone it down if they want to get information out of you and achieve anything more than just pissing you off. But (a) they didn't start the thread, (b) as they are probably one of the targets of the subpoena, I can see why they're upset, even if they're handling it poorly, and (c) unless you've provided them with info you haven't provided me, they haven't been given much to go on. There are others discussing this here that have been polite, and (I think) have reasonable questions. I will note that I haven't made any personal attacks, and I still have two questions that remain unanswered. --barneca (talk) 02:58, 14 January 2008 (UTC)
barneca, I accept your apology. Without going into detail that I can't make public, I can say that I believe the recent dropping of the Video Professor lawsuit derives at least in part from our demonstration that, even though we complied (narrowly) with a lawful subpoena, the information we provided could not be usefully employed to identify mass defendants. (I would also say that it wasn't just one person doing the attacking -- it's just that one person did it less gracefully than another.) I believe my friend Paul Levy did a great job of promoting the defense of this case at Public Citizen, and I'm very grateful for his help in resolving this. See <http://www.citizen.org/pressroom/release.cfm?ID=2580>. (Paul of course knew to call me before making pronouncements about Wikipedia's response on this issue.) MikeGodwin (talk) 03:18, 14 January 2008 (UTC)
We just need to accept the fact that anonymity on the internet is a myth. I have worked on cases which required discovery of the true identities of posters of information on the internet (although not on Wikipedia). I can assure every one of you that none of us has an individual right to be anonymous on the internet; at least, not a right that a court will recognize. Granted, ISPs may keep such information close to the vest, but in a serious enough case, the information will end up in the hands of the party seeking it. The best solution to this problem is simple: be familiar where the line lies between conduct that is permissible and conduct which will subject you to legal sanction. In other words, don't defame, invade privacy, or infringe copyrights. This is not advice to go to the opposite extreme of legal paranoia - it is permissible to say bad, mean things about people if those bad, mean things are true. It is, moreover, permissible to report that party "X" has said specific bad, mean things about party "Y", so long as you can cite your sources, which is something we should be doing anyway, and particularly with respect to living persons and other active interests. It is equally permissible to repeat personal details that are elsewhere in the public domain. And it is equally permissible to make a fair use of copyrighted material. Let's stop living under the illusion that we can say whatever we want without our identity being known, and act so that what we say can not be used against us even if our identity is known. bd2412 T 03:41, 14 January 2008 (UTC)
BD2412, up to a point, I agree with your comments. But the key phrase here is "serious enough case". As a matter of policy, I think it is necessary for Wikipedia to set a more precise standard and more clearly define the circumstances under which the user info may be released. E.g., perhaps the policy could give a list of principles that will be applied in deciding which cases to contest and which not to contest. At the moment, in my opinion, the bar seems to be set pretty low: having a valid subpoena. If that is all it takes to have one's personal info released, than I don't see the position of extreme legal paranoya as being particularly unreasonable. Also, there is the question of notification of the affected users, which is not required by the current WMF privacy policy. I that that basic fairness considerations require that WP notify the users whose identifying info is being subpoenaed. Regards, Nsk92 (talk) 04:22, 14 January 2008 (UTC)
Oh, I'm not saying that "in a serious enough case" Wikipedia should give up the information; I'm saying that in a serious enough case the court will make Wikipedia give up the information. Wikipedia simply can not financially stand up against the typical thousand dollar per day contempt fine. A court could quite realistically order Wikipedia to turn over all records of all edits made (including the IP addresses behind all the users making those edits), and could send the local sheriff to wherever the servers are with a warrant and hard drive on which to copy all that info, to be turned over to the party who is suing. In fact, a new set of discovery rules was recently enacted (they came into effect in Dec. 2007) which makes it much easier for parties to get electronic database-type info from parties. The WMF can't provide a list of circumstances under which it will or will not turn over information, because there is no way to predict when an opposing party will be able to convince a court to force such a turnover. bd2412 T 04:32, 14 January 2008 (UTC)
It is interesting news about the new discovery rules. Could you please provide a reference? I would certainly like to look this up. Regards, Nsk92 (talk) 04:38, 14 January 2008 (UTC)
The Yale Law Journal has an excellent article on the topic posted at this location. bd2412 T 05:19, 14 January 2008 (UTC)
OK, thanks! Nsk92 (talk) 12:02, 14 January 2008 (UTC)
There are a lot of persons who might find fault with what is said about them in Wikipedia, and a lot of judges in this country who might issue subpoenas which are overly broad or which would not survive legal challenges. Mr. Godwin, you said the consumeraffairs reporter did not wait for your reply. Did Wikipedia's legal representatives initially file any court papers challenging the validity of the subpoena? Mr. Levy did, and his are available for inspection. Did Wikipedia respond to the initial filing, or only to the later contempt threat? Did Wikipedia contact the registered user before the release, so that he/she might contest the subpoena? Did Wikipedia notify them after the fact of the information release? We must comply with legal subpoenas, but we should contest the validity of any overly broad fishing expeditions or subpoenas which do not conform to the applicable laws and precedents. I quote the recent memorial tribute from Jimbo Wales for a blogger in China who was beaten to death by government officials [5]: "Stop censoring the Internet. Change laws to give strong protections to people who are speaking the truth." That "strong protection" should include fighting hard against releasing personaly identifying information of registered editors, to avoid a blameless editor having to bear the cost of proving in court that what he published was true, not defamatory, and not a trademark infringement. Such a "victory" would in the end be a pyrric one, and would have a chilling effect on the completeness and accuracy of Wikipedia. Edison (talk) 05:37, 14 January 2008 (UTC)
Edison, there are a number of hidden assumptions in your questions here, especially about what normal response to subpoenas is. For various attorney/client confidence reasons, I can't answer them at all. I will say that I don't believe we won a "Pyrrhic" victory at any point -- that what we succeeded in doing was more important, in that we demonstrated that compliance with the kind of laundry-list subpoena originally offered by Video Professor was something we are not going to do, and that compliance with a narrower subpoena is not going to be helpful for litigants fishing for information. I would go into more detail if you were a party bound by legal rules regarding confidential information, but unfortunately I cannot. If your view is that we might have handled things differently, I cannot help but agree with you, but if your view is that we did anything that did not ultimately serve the rights of anonymous contributors to Wikipedia, there I must disagree. And this is an answer I can't really elaborate on without violating professional ethics. MikeGodwin (talk) 09:17, 14 January 2008 (UTC)

3

If there are "hidden assumptions" then identify them. I have not seen much willingness to respond to polite and reasonable questions. "Stonewalling" went out with Nixon. Somewhere there should be a clear account of what Wikipedia did in response to the subpoenas, in addition to vague claims that lots of effort was exerted. Edison (talk) 03:08, 15 January 2008 (UTC)
Note that when I referred to a "pyrrhic victory, I did not suggest that Wikipedia had attained one. I said that a pyrric victory is what an individual editor would have if a website delivered his personal information to the person who objected to a posting or edit, when the editor won in court after spending say tens of thousands of dollars to prove that his editing was true and not an libel or infringement of the plaintiffs rights. I still endorse the idea of a legal "warchest" to avoid the "S.L.A.P.P."ing of internet posters. In the end, perhaps what is needed (and may have been done) on the part of you and the foundation is a "lessons learned" session, even if we, the editors, administrators and controibutors get only the summary version, in accord with legal ethics, to see what was done right (such as narrowing the scope of the demand), what could have been done better (despite repeated requests you have never stated whether the Wikipedia editor was notified at any time that his info had been demanded or had been turned over) and how the public perception of the events could have been shaped better(despite a request above, you have not provided the information that the consumeraffairs reporter requiested and which you say he did not give you a chance to provide). Surely Wikipedia has some friendly contacts in the news communbity who would publish our side of the story. Did consumeraffairs refuse to publish your side of the legal battle after you responded to his request? Instead the impression is one of stonewalling in the face of widespread media criticism, with vague assertions of having put up a fight. Edison (talk) 13:59, 14 January 2008 (UTC)
I can answer, at least partially, one of the above questions. My IP data was released by WMF, as was confirmed yesterday by Mike Godwin in his e-mail to me. I had sent him an e-mail yesterday from an e-mail associated with my WP profile asking if my IP data had been released, and he responded. And, no, I was not notified by WMF at the time the release occurred, or at the time it was being sought. To be be fair to WMF, I should say that until recently I did not have an e-mail address associated with my WP profile. However, I think it was possible, and from my point of view, very desirable, for WMF to attempt to contact me at the time by leaving a brief message at my talk page and asking me to contact them directly; I believe that a reasonable authentication protocol could have been established. I don't know if, at the time, WMF tried to notify by e-mail those users who did have e-mail addresses associated with their WP profiles. I suspect that they did not, but if I am wrong, I'd like to be corrected. Speaking about lessons learned, I certainly think that the WMF privacy policy needs to be modified to include the notification requirement of the WP users whose identifying info is being sought by third parties. Basic fairness considerations require this. Regards, Nsk92 (talk) 14:35, 14 January 2008 (UTC)
A few thoughts..... from someone who has done much business on the North American side of the pond. (1) One of the reasons I choose to live in what could be termed a damp and dull part of the world in winter, is because I love the history of Europe - one of the reasons I edit here. America offers much great opportunity, but the key issue for me has always been the constitutional dilemma between the right to free speech, and the right to carry arms - or in modern days, the right to fully fund a lawyer. I don't think anyone or any corporation has enough monies to stop a fully funded party who is determined enough, and even slowing them is expensive (2) With the right of free speech, comes the need for understanding the others point of view - you need not agree with it, but you must understand it. That way, much as though you have the right to say whatever you want about them, sometimes it is not wise to do so (3) As someone, like others here, who has worked in the IT/telecoms and internet industry for a while, there seems to be a view by some users that its the last bastion of being able to get away with whatever you want to. Wake up, it is not - much like any other open access space, the power of the law is absolute and because of technology does not separate it from the other parts of the real world. Screw up here or do something wrong, and the local lawyers office will be more than happy to prove the point, should an individual or the authorities choose to pursue you. At present, this area of law is still developing greatly, so coming up with hard and fast "rules" would presently be an unproductive waste of time. (4) It seems from reading the above debate, that some parties who took part in the editing of the article still don't know whether their details have been released. Can the board confirm the current status of informing each of those who edited between the key dates, whether their details have been released? (5) It does seem to me that one of the learning lessons from this incident is a need for re-drafting of the privacy guidelines here, and the associated need for some form of legal fighting fund if the project is to move forward along its current aims. Perhaps that fund is best created by some form of insurance levy, contributed by editors annually on an individual opt-in/opt-out basis - it wouldn't mean you get more protection from the rules/guidelines/laws BUT it would fund your defence if called on in the interests of the individual and the project. Setting certain legal precedents would be detrimental to the long term aims of Wikipedia as an encyclopaedia, and not defending correctly (fully?) would mean a degradation in capability and delivery. (6) Having looked through the editing history of the Video Professor article, it seems to me that in light of us being able to apply for the new rollback tool, there is a need to defend the project through the creation of a new automatic "article locking" tool. In September, the number of edits across a number of editors was extraordinary - around the 21st September, at least six editors (half anon's) added various pieces which were reverted/replaced by registered users. My credit card company recently chopped my card for an hour after I tried to put a 51p PayPal confirmation fee through it, due to security concerns - we should look at similar rules for creating a tool which, on certain criteria being met, allows trusted registered users (outside the administrator community?) the ability to lock an article quickly - or even automatically undertaken by the system. The edit record on Video Professor alone during the period in question should have said to someone on the admin team that "all was not well" and taken action to protect the project. Rgds, - Trident13 (talk) 14:45, 14 January 2008 (UTC)

Here are a few interesting bits of information from the Dec 24 Public Citizen's motion opposing the extension of time [6]. First, it appears that the IP addresses of sixteen WP users were released. See page 10 of the motion: "in late November it apparently obtained IP information with respect to the sixteen Doe defendants whose pseudonyms are set forth in the subpoena to Wikipedia". Here is a quote from pages 5-6 of the motion: "Upon checking the docket, however, Leonard discovered that on December 17, VP had filed a motion to extension of “time to serve the defendants.” DN 10, proposed order. The motion recited that VP had obtained identifying IP information from Wikipedia after filing a motion to hold Wikipedia in contempt for failure to respond to its original subpoena, apparently without any notice to the posters." Admittedly, this comes from a somewhat indirect source, but the text does seem to indicate that at the time no notice was given by WMF to any of the WP users whose info was released. Another interesting quote, from pages 4-5 of the motion: "The record does not reflect it, but it is our understanding that the proprietor of ripoffreport.com similarly objected to disclosure. For reasons that do not appear of record, it appears that the Wikipedia Foundation failed to respond to its subpoena in any way." Regards, Nsk92 (talk) 17:44, 14 January 2008 (UTC)

  • Why are we keeping these records in the first place, if doing so has the potential to place Wikipedia users in legal jeopardy? Is Checkuser really that important? Keep no IP records and there will be nothing to subpoena. Alternatively, get rid of the idiotic ban on open proxies (which violates foundation issue #2, incidentally) and let people use the effective tools that are already available to protect their own privacy. Sure, Willy on Wheels might come back if we do that, but I'd rather deal with Willy than with rich, amoral corporate lawyers. *** Crotalus *** 01:08, 15 January 2008 (UTC)
It looks like the fortunate among the 16 exposed editors are those who did their editing from an internet cafe, at a library, or via a neighbor's wireless internet portal. Woe betide the neighbor who did not password protect the access to his wireless router, and who gets a summmons which properly should go the unknown borrower of bandwidth. All hail the Wikipedia 16! Long may they edit. Has the foundation notified any of the other 15 yet? Edison (talk) 03:04, 15 January 2008 (UTC)

Would somebody from WMF (Mike Godwin?) PLEASE comment here on the notification issue? Specifically, a) why the affected WP users were, apparently, not notified by WMF at the time the release of their IP data was being sought, and b) what you think about changing the WMF privacy policy to include some kind of notification requirement for these kind of situations. Regards, Nsk92 (talk) 05:08, 15 January 2008 (UTC)

There is no "attorney-client" type privilege between you and Wikipedia. In other words, even if Wikipedia does not have to give up your ip address, if Wikipedia sends you a notification that it has been requested, that communication will be subject to discovery by the opposing party. bd2412 T 18:18, 15 January 2008 (UTC)
Hmmm, that is certainly something to consider. A few quick thoughts. First, for those WP users who do have an e-mail address associated with their WP profile, a notification could be sent to that e-mail. Presumably, the e-mail addresses in question would by subject to discovery by the opposing party anyway (along with the IP addresses), so sending a notification e-mail would not lead to revealing any additional identifying info, that would not have been revealed otherwise. Second, even if there is no e-mail address in the WP profile, there should be a way of devising a notification method that does not result in recording of any extra identifying info about the user (and thus no additional identifying info would be revealed to the third party even if the fact that the notification has occurred becomes known to it). E.g., something like this: WMF leaves a brief message at the affected user's talk page asking to call WMF from a public phone to discuss a legal matter. After receiving such a phone call, WMF would need to authenticate that the person calling is indeed the WP user in question. This could be done in a variety of ways. For example, the user may be asked to make a particular edit somewhere in Wikipedia or perhaps make a prescribed small change in that user's profile, and then call back at a particular time, at which point the user would be notified about the legal action in question. Perhaps there are other and simpler ways of achieving the same result. This way WMF will have no additional identifying information about the user to disclose, that WMF did not have already. Of course, the actual fact that a notification has occurred may have to be disclosed, but that does not seem to me to be a problem... I think that the WP users whose info is being sought by a third party deserve a chance to contest in court the release of their identifying info before such release actually occurs. Speaking for myself, I would have certainly liked to have that chance before my info was released. Regards, Nsk92 (talk) 21:43, 15 January 2008 (UTC)

These are serious questions raised by both sides. I'd suggest that they be raised directly with Jimbo at Talk:Jimbo Wales.--Onlyjusthisonetime (talk) 20:16, 15 January 2008 (UTC)

It appears that was attempted first. IIRC, User:Edison was told that was not the proper forum (assuming you meant User talk:Jimbo Wales. --barneca (talk) 21:28, 15 January 2008 (UTC)
I was not actually in on that exchange at Jimbo's talk page. I only found out about this when it was written up later in the "Signpost." Edison (talk) 01:03, 16 January 2008 (UTC)
As usual, I'm close to being right, but just off enough to look dumb. Substitute User:Nsk92 for User:Edison in my comment above, and apologies to both. I may have to try to find out more about this "preview" button I keep hearing about --barneca (talk) 01:07, 16 January 2008 (UTC)

The individuals who know they were affected should probably contact the Foundation directly, by phone or mail:

This isn't a Jimbo thing, this is a legal counsel/Board of Trustees thing perhaps. That still leaves a lot of questions, though, of these other 15 IPs that were released, and if the Foundation knows which users were associated with them. Lawrence Cohen 21:33, 15 January 2008 (UTC)

[edit] Arbitrary section break for VP thread

Thread was getting pretty long, so I've thrown in a section break for easier editing.

Addressing BD2412's comment above: Notification of affected users, without potentially risking their privacy further, would be easy:

  • If the only requested information is the IP address, then:
    • IP editors aren't affected
    • Accounts can have a message put on their talk page, either with a notification that their IP address has been requested by subpoena, or just a message to contact the WMF via email. The editor can create a new throw-away email account at yahoo, hotmail, gmail, etc. to correspond. At that time, the WMF can inform them what information was requested; if they just list the type of information requested, but don't specify the user-specific info, discovery is useless anyway. It's easy to confirm an email is from an account (for example, in the email you write "I will type "qwerty" on my user page 5 minutes after I send this email", and then you do so).
  • If the requested information also includes checkuser-type info (not clear what that is, exactly, but from seeing WP:RFCU in action, the software is definitely collecting something besides just an IP address):
    • Accounts can be handled the same as before
    • IP editors can't be contacted by email (no way to confirm it's the same person). However, a simple message on the IP's talk page is better than nothing.

Since two people have emailed me, asking if I knew whether I was one of the 16 people, I've been told I am not. --barneca (talk) 22:00, 15 January 2008 (UTC)

Sorry, I somehow missed the fact that Nsk92 covered this in a posting 15 minutes before mine. --barneca (talk) 22:02, 15 January 2008 (UTC)
I like the above suggestion of an "open notification model". Indeed, WMF could simply leave a message at the affected user's talk page saying that that user's identifying info is being sought by such and such party in relation to such and such lawsuit. Sure, other people would be able to see this message if they come across that user's talk page, but I don't really see a problem with that, provided that this notification protocol is included in the WMF privacy policy. Speaking about the privacy policy, I have a modest technical suggestion. When a person is creating a new WP account, at the very bottom of the account creation page there is a small link to the WMF privacy policy. But this link is not exactly conspicuous, and it is probably a good idea for it to be more prominently displayed on the account creation page (perhaps somewhere in the center rather than at the bottom, and in larger font). Regards, Nsk92 (talk) 23:30, 15 January 2008 (UTC)

A slightly different topic, also related to whether the Wikimedia Foundation will or will not effectively contest subpoenas demanding user information: Per its privacy policy [7], Wikipedia keeps for a time the IP addresses of all those who even look at each page of Wikipedia. If someone files a subpoena with Wikipedia, as Sheriff Joe Arpaio did with Village Voice Media and the Phoenix New Times website in 2007, per Joe Arpaio#Media Raids, demanding the IP addresses of everyone who reads something as well as (per cookies) what websites they had previously visited, would the Foundation meekly turn over whatever of that information it still had in its posession, as they did the 16 IP addresses of editors of the Village Professor article, or would they spend the money to fight it in court, as those two publication successfully did. The privacy policy says the info is kept "about 2 weeks" and is useful in checkuser investigations and in developing the secret statistics of the number of views of each page. Many subpoenas ultimately do not succeed if the recipient chooses to contest their validity. In the case in question, the subpoenas were thrown out when the recipients went to court and challenged their validity: "Judge Baca ruled that the subpoenas in this case were not validly issued." If that information were promptly deleted, perhaps in 24 hours, the question would be moot. This sort of fishing expedition would be the information age equivalent of the Nixon administration prelude to recent Patriot Act excesses in which the Justice Department demanded that libraries keep a list of who checked out books on Communism or radicalism, for possible investigation. If Wikipedia would turn over the info such as Arpaio sought, without a fight, that presents yet another chilling effect. Edison (talk) 14:44, 16 January 2008 (UTC)

To the best of my knowlege, Wikipedia does not keep any sort of page-view logs, because at two billion pageviews a day, they just don't have the server resources to do so. --Carnildo (talk) 02:16, 17 January 2008 (UTC)
To improve your knowledge, please read the privacy policy I cited where it says that info for each page visit is retained, such as the IP address of the person reading the page, along with the date and time and the operating system they use. No indication that the info on previous pages visited is retained (via cookies or some such). Would Wikipedia contest a subponea such as that from Arpaio. or would they meekly turn over the info in response to a subpoena to save the cost of litigation? Answers have not been forthcoming, just complaints that the attorney for Wikipedia feels attacked. Please answer the questions. Also, is it true that the only thing needed for something to be subpoenaed is that there be a law suit filed and that an attorney write up the subponea, without any need for a judge to find that it is valid (not excessively broad, compliant with laws and precedents?) It sounds like that many subpoenas should in fact be contested, to avoid them being used as a scare tactic to stifle free speech. Edison (talk) 05:37, 17 January 2008 (UTC)

This thread will soon apparently be archived, and no further response from the Wikimedia Foundation's legal counsel Mike Godwin or from Jimbo Wales appears to be forthcoming. Godwin expressed indignation that "bricks and insults" were being hurled by the questions above being asked, but still did not answer the questions. There were vague statements by Wales and Godwin that we fought hard and even hired outside counsel, but any details of what the legal team did have been withheld, apparently on grounds of attorney client priviledge, which the client (Wikimedia Foundation) should certaainly be free to waive. The attorneys for other parties in the incident have released certain legal briefs and motions they filed. We have seen no timeline of when Wikipedia or the Foundation received subpoenas and what response was made. The facts of the incident, and the defacto policy regarding release of identifying information of editors then appear to be that if a subject of a Wikipedia article chooses to hire a lawyer and to file a lawsuit over some claim of libel or some other legal theory that the postings were from a competitor, then the Wikimedia Foundation may or may not respond initially to the subpoenas filed by the plaintiff's attorney, while other websites successfully dispute their legitimacy. Then if the plaintiff moves for a contempt judgement, Wikipedia turns over all information they have, in this case the IP address, and leaves any further legal defense of the privacy of the editor to the internet provider. The editor might not be informed that his information has been subpoenaed or even that it has been released until after the fact. If there are any false or misleading statements in this summary I welcome their correction. Were these actions fully compliant with the published policies of Wikipedia regarding privacy, and if so should those policies be tightned? How can a legal defense fund be established to aid Wikipedia in defending the privacy of its editors to reduce the chilling effect of such incidents on the accuracy and completeness of Wikipedia and associated projects? Edison (talk) 14:03, 23 January 2008 (UTC)