Trust and Safety Product/Temporary Accounts/Updates/Legal/pt-br
Em primeiro lugar, gostaríamos de agradecer a todos por participarem nessas discussões. Agradecemos a atenção aos detalhes, a consideração cuidadosa e o tempo dedicado ao envolvimento nesta conversa, levantando questões e preocupações e sugerindo maneiras pelas quais a introdução de IPs mascarados pode ser bem-sucedida. Hoje gostaríamos de explicar um pouco mais detalhadamente como surgiu este projeto e os riscos que inspiraram este trabalho, responder algumas das questões que foram levantadas até agora e falar brevemente sobre os próximos passos. We appreciate the attention to detail, the careful consideration, and the time spent on our project. We would like to explain in more detail how this project came about and the risks that inspired this work.
Please take into account that sometimes, we can't publicly share all of the details of our thinking; but we read your comments and perspectives, and they're very helpful for us in advising the Foundation.
Olá! Revise a nova página "Acesso a endereços IP de contas temporárias" para obter detalhes. A seção sobre uso de endereços IP será atualizada com detalhes sobre como e onde acessar os endereços IP, bem como o que é registrado quando os endereços IP são acessados. Por favor, revise também uma nova página relacionada com perguntas frequentes. Você notará que ambas as páginas usam o termo “contas de usuário temporárias”, que vem do MVP – mais informações sobre o MVP serão compartilhadas diretamente nesta página em breve. Se você tiver dúvidas ou preocupações, entre em contato na página de discussão. It explains how users can gain access to IP addresses. Later, we will update the section on using IP addresses. In it, we will add information on how and where to access the IP addresses, and what is logged when IP addresses are accessed. There is also a new page with frequently asked questions. Both pages use the term "temporary user accounts". This name comes from the first version of the software (MVP). Soon, we will share more information about it. We welcome your comments on the talk page.
Contexto
To explain how we arrived here, we'd like to look backwards. Wikipedia and its sibling projects were built to last. Sharing the sum of all knowledge is a long-term vision which can't be achieved in any of our lifetimes. But the technical and governance structures serving that vision were not long-term. Instead, they were of the time they were designed.
Many of these features have thrived. Wikimedia projects were ahead of the rest of the internet. Wikimedians have known that privacy and anonymity are key to share and consume free knowledge. The Foundation has collected little information about users. Email addresses have not been needed for registration. The Foundation has also recognized that IP addresses are personal data. (See, for example, the 2014–2018 version of our Privacy policy).
Over the last 20 years, a lot has evolved, though. Societies use and relate to the internet in new ways. Regulations and policies that impact how online platforms run have appeared. Users have different expectations for how a website will handle their data.
Nos últimos cinco anos, em particular, os utilizadores e os governos têm-se tornado cada vez mais preocupados com a privacidade online e com a recolha, armazenamento, tratamento e partilha de dados pessoais. Em muitos aspectos, os projetos estavam à frente do resto da internet: a privacidade e o anonimato são fundamentais para a capacidade dos utilizadores partilharem e consumirem conhecimento livre. Há muito tempo que a Fundação recolhe poucas informações sobre os utilizadores, não exige um endereço de e-mail para registo e reconhece que os endereços IP são dados pessoais (ver, por exemplo, a versão 2014–2018 da nossa [$1 Política de Privacidade]). Mais recentemente, a conversa sobre privacidade começou a mudar, inspirando novas leis e melhores práticas: o Regulamento Geral de Proteção de Dados da União Europeia, que entrou em vigor em maio de 2018, deu o tom para um diálogo global sobre dados pessoais e quais os direitos que os indivíduos devem ter para compreender e controlar a sua utilização. Nos últimos anos, as leis de proteção de dados em todo o mundo têm mudado – observe a variedade de conversas, projetos de lei e novas leis, por exemplo, no Brasil, na Índia, no Japão ou nos Estados Unidos.
The decision to hide IP addresses and the legal risks mitigated by it
A few years ago, as the Foundation's Privacy team, we assessed that publishing IP addresses of non-logged-in contributors should change. It creates risk to users whose information is published in this way.
Despite the notices on wikis explaining how attribution works, non-logged-in editors are surprised to see their IP address on the history page. Some of them are in locations where Wikimedia are controversial. They worry that the exposure of their IP address may allow their governments to target them. IP addresses can be associated with a single user or device. This way, they can be used to identify and locate non-logged-in users and link them with their on-wiki activity.
The impact on the communities
We understand that IP addresses play a major part in the protection of the wikis. They allow users to fight vandalism and abuse. We need to work on this project with the communities. Only by taking your observations and ideas into account we will be able to make this change.
Quero enfatizar que mesmo quando os endereços IP forem mascarados e novas ferramentas estiverem em vigor para apoiar o seu trabalho anti-vandalismo, este projeto não irá simplesmente terminar. Será um processo iterativo – queremos seu feedback sobre o que funciona e o que não funciona, para que as novas ferramentas possam ser melhoradas e adaptadas para atender às suas necessidades.
Perguntas
Q: I see that the team preparing these changes is proposing to create a new userright for users to have access to the IP addresses. Does access to the full IP address associated with a temporary account constitute nonpublic personal information as defined by the Confidentiality agreement for nonpublic information? Will users seeking this new userright be required to sign the Access to nonpublic personal data policy or some version of it?
- If yes, then will I as a checkuser be able to discuss relationships between registered accounts and their IP addresses with holders of this new userright, as I currently do with other signatories?
- If no, then why we are going to all this trouble for information that we don't consider nonpublic?
- In either case, will a checkuser be permitted to disclose connections between registered accounts and unregistered username masks?
A: Partially yes. First, yes, anyone who has access to the right will need to acknowledge in some way that they are accessing this information for the purposes of fighting vandalism and abuse on the wikis. We are working on how this acknowledgement will be made. The process to gain access is likely to be something less complex than signing the access to non-public personal data agreement.
As to how this would impact CUs, right now, the access to non-public personal data policy allows users with access to non-public personal data to share that data with other users who are also able to view it. So a CU can share data with other CUs to carry out their work. We are maintaining a distinction between logged-in and logged-out users. So a CU would not be able to share IP addresses of logged-in users with users who have this new right, because users with the new right would not have access to such information.
Presuming that the CU also opts in to see IP addresses of non-logged-in users, under the current scheme, that CU would be able to share IP address information demonstrating connections between logged-in users and non-logged-in users who had been masked with other CUs who had also opted in. They could also indicate to users with the new right that they detected connections between logged-in and non-logged-in users. However, the CU could not directly share IP addresses of the logged-in users with non-CU users who only have the new right.
Please let us know if this sounds unworkable. As mentioned above, we are figuring out the details, and want to get your feedback to make sure it works.
Esta declaração do departamento jurídico da Fundação Wikimedia foi escrita a pedido da página de discussão. Para maior visibilidade, queríamos que você pudesse lê-lo aqui também.
Em algumas ocasiões, precisamos de manter confidenciais as especificidades do nosso trabalho ou os nossos conselhos à organização, devido às regras de ética jurídica que controlam a forma como os advogados devem lidar com as informações sobre o trabalho que realizam. Percebemos que a nossa incapacidade de explicar com precisão o que estamos pensando e por que podemos ou não fazer algo pode ser frustrante em alguns casos, incluindo este. Embora nem sempre possamos divulgar os detalhes, podemos confirmar que os nossos objetivos gerais são fazer o melhor que pudermos para proteger os projetos e as comunidades, ao mesmo tempo que garantimos que a Fundação cumpre a lei aplicável.
Within the Legal Affairs team, the privacy group focuses on ensuring that the Foundation-hosted sites and our data collection and handling practices are in line with relevant law, with our own privacy-related policies, and with our privacy values. We believe that individual privacy for contributors and readers is necessary to enable the creation, sharing, and consumption of free knowledge worldwide. As part of that work, we look first at applicable law, further informed by a mosaic of user questions, concerns, and requests, public policy concerns, organizational policies, and industry best practices to help steer privacy-related work at the Foundation. We take these inputs, and we design a legal strategy for the Foundation that guides our approach to privacy and related issues. In this particular case, careful consideration of these factors has led us to this effort to mask IPs of non-logged-in editors from exposure to all visitors to the Wikimedia projects. We can't spell out the precise details of our deliberations, or the internal discussions and analyses that lay behind this decision, for the reasons discussed above regarding legal ethics and privilege.
We want to emphasize that the specifics of how we do this are flexible; we are looking for the best way to achieve this goal in line with supporting community needs. There are several potential options on the table, and we want to make sure that we find the implementation in partnership with you. We realize that you may have more questions, and we want to be clear upfront that in this dialogue we may not be able to answer the ones that have legal aspects. Thank you to everyone who has taken the time to consider this work and provide your opinions, concerns, and ideas.