Talk:Wikimedia Labs/Agreement to disclosure of personally identifiable information

Clarification please
If I create an account in Gerrit, will my IP address be exposed too? Because this page seems to make no exceptions while this other says that it'll only apply to End-Users. I'd like a clarification on this. Thanks. --Marco Aurelio (talk &bull; meta) 20:19, 1 February 2013 (UTC)


 * If you're just using Gerrit, there isn't any place where your IP would be exposed to other users. ^demon (talk) 20:41, 1 February 2013 (UTC)


 * could you detail what you then mean with "ip address will be made _publically_ available"? --ThurnerRupert (talk) 14:28, 22 June 2013 (UTC)


 * This does look like a critical page to be in draft status. There really needs to be a link to additional information, and explanation of scope and responsibility of parties involved.
 * For example suppose a volunteer leaks my password to a cyber-criminal who abuses it, is the foundation responsible for any subsequent loss?
 * Why is it necessary to make user's IP addresses public? We already have too many people looking at this data on the projects.

Rich Farmbrough 09:47, 11 July 2013 (UTC).


 * When will this policy be enacted? Is it possible to delete ones personal data? 69.125.134.86 22:54, 19 August 2013 (UTC)
 * I <3 that this was posted by an IP.--Ryan lane (talk) 01:34, 7 September 2013 (UTC)

please clarify this policy. Where are user IPs available? I'd like my wmflabs account deleted please, if its IP is publicly visible. πr2 (t • c) 19:25, 4 September 2013 (UTC)


 * They are accessible to project admins of the tools project, and project admins or possibly project members of other projects. No project should be making your IP address publicly available. The policy simply states that if you make an account on any labs project (other than tools.wmflabs.org) that your IP address will be accessible to the people who manage that project's infrastructure. WMF does not manage the individual projects. They are community maintained (and hence the policy), so to have an account deleted on one, you'll need to request to have it deleted there. If you can not reach anyone at the project, please contact us with the specifics and we'll find someone who can handle it.


 * Note that a wmflabs account isn't a singular thing. When you sign up for gerrit/wikitech, that's an account that lets you manage wmflabs services and that account's information is always kept private.--Ryan lane (talk) 01:32, 7 September 2013 (UTC)

Request to re-word
Based on Ryan's clarification above, the Agreement seems poorly phrased. I suggest the following two changes:
 * 1) Ryan states above "No project should be making your IP address publicly available" and yet the Agreement states "[You] agree your IP address will be made publicly available". If Ryan is correct, then the statement in the Agreement should be qualified as to who will have access to IP address records.
 * 2) I am currently in the process of setting up my labs account, according to the Agreement this seems to mean that I could rapidly get access to anyone's password without having any specific trusted role. Could this be changed to being limited to admins on this project or bureaucrats (or whatever the equivalent might be) of other projects?

PS I note this has been draft for nearly a year. While marked as draft, it cannot be considered in place, so referring to it in the account set-up process as if it were, is a mistake.

--Fæ (talk) 18:05, 17 November 2013 (UTC)

Access to passwords
No one needs access to passwords. I am mystified that we don't simply use SUL for that, but even if we are using a local system, passwords should never be stored or transmitted en clair, and the encrypted versions should be guarded to the utmost extent possible.

Rich Farmbrough 14:53, 11 August 2014 (UTC).