Wikimedia blog

News from the Wikimedia Foundation and about the Wikimedia movement

Posts Tagged ‘privacy’

Handling our user data – an appeal and a response

(Today we are posting an English translation of a blog post from German Wikipedians outlining concerns about the handling of Wikipedia user data, or metadata. Above that post you will find the Foundation’s response to those concerns). 

Response to user appeal

In June this year, the Wikimedia Foundation (WMF) started to solicit community input on our privacy policy, and since September we have been inviting participation in a discussion of the draft for a new privacy policy. The purpose of this discussion has been to review and improve our privacy policy, and ensure that all members of the Wikimedia community have an opportunity to be heard and contribute.

This discussion has already helped us to understand the diverse range of views in our large, international community (each month, more than 75,000 users contribute to Wikimedia projects in more than 200 languages). As part of this discussion, about 120 German Wikipedia contributors who advocate for more stringent privacy rules have made a statement and published it on the German chapter’s blog (English translation below). We welcome the contribution of these editors, and hope that the resulting discussion will strengthen the policy. However, while we hear and respect these concerns, the WMF was not invited to explain its position during the drafting of the statement, and so we’d like to do so here.

Existing practices

As the authors of the statement mention, the past year has seen increased global concern about privacy and the activities of intelligence agencies in both the US and Europe. The Wikimedia Foundation is extremely sensitive to those concerns, and we have taken several steps to address them, including joining activism here in the US, encrypting more traffic to and from the Wikimedia sites, and assuring readers that we have not been contacted under the surveillance programs at issue.

The Wikimedia Foundation also protects its readers by collecting very little information, particularly relative to most major websites. Editors who create an account do not have to connect their account to a real-world identity unless they choose to do so. It is possible to read and use the Wikimedia sites without providing your real name, home address, email address, gender, credit card or financial information. In all but a few cases (related to abuse prevention), we delete IP addresses of logged-in editors after 90 days. All in all, there is small incentive for governments to contact WMF and request information about Wikimedia users.


Tor configuration changes, and IP block exemption rollout

Hi all,

Just a quick note to let everybody know that in a few days I’ll be changing the TorBlock configuration to require explicit block exemption rather than merely being logged in.

While we would rather this weren’t necessary, it seems that the edits coming through tor are mostly unconstructive; and we’ve had all kinds of nasty harassment come through that way — the community feedback we asked for was overwhelmingly that the ideological benefits of allowing truly anonymous editing are outweighed by the pragmatic concerns of
harassment and vandalism.

To facilitate this, I will also be activating explicit IP block exemption on all wikis. Like on English Wikipedia and many other wikis, administrators will be able to add users to an “IP block exempt” group, which exempts its holder from IP blocks, range blocks and autoblocks, but not explicit user blocks. This is a helpful, albeit inaccessible way to defray some of the problems associated with
blocking Tor users carte blanche.

Please let me know if you have any questions, comments, concerns or suggestions about these changes!

Andrew Garrett
Contract Developer
Wikimedia Foundation

Wikimedia Foundation opting out of Phorm

After some internal discussion on whether opting out of the Phorm user-profiling system in the UK would legitimize it, we’re going ahead and requesting an opt-out for all the domains under the Wikimedia Foundation’s control:

Subject: Phorm opt-out for and related domains
Date: Thu, 16 Apr 2009 14:28:11 -0700
From: Brion Vibber <>

To whom it may concern --

The Wikimedia Foundation requests that our web sites including and all related domains be excluded from scanning by the
Phorm / BT Webwise system, as we consider the scanning and profiling of
our visitors' behavior by a third party to be an infringement on their

Here is a list of our domains which should be excluded (please exclude
any and all subdomains as well):

Thank you for your time.

-- brion vibber (brion @
CTO, Wikimedia Foundation
San Francisco
+1 (415) 839-6885

Received autoreply:

Subject: 	Publisher Exclusion Request Autoreply
Date: 	Thu, 16 Apr 2009 14:28:30 -0700
From: 	website-exclusion 
To: 	Brion Vibber 

Thank you for your submission to the Phorm website exclusion list. If
there are no obvious grounds to doubt the legitimacy of the request the
URL will be blocked as soon as possible, usually within 48 hours.

Requests must be made by the legitimate owner of the domain. If we have
questions regarding your domain Phorm may take a number of steps,
including attempting to contact the domain administrator by email for
confirmation of this request. If the request remains questionable and is
not confirmed within 10 days, the URL will be removed from the exclusion
list and an email will be sent informing you of this decision.

Where applicable, please ensure that the Administrative Contact details
for this domain are up to date. If you need to update them, please
resubmit your request when the amended details are visible in the WhoIs
database - (use a public whois service such as
_ if you are unsure it has been