Wikimedia Privacy & You

Privacy

photo: SparkCBC, creative commons license

What is privacy in an era of NSA mega-sweeps, email hacking, and rampant security breaches? Sure, companies all have privacy policies, full of boilerplate, but what do they mean in practice?  The recent Wikimedia Foundation transparency report shines a light on one tiny piece of our potentially massive digital persona. If you use Wikimedia often, as I do, you may realize that it keeps some non-public user-identifiable information. Law enforcement and security agencies may be interested in those data.

Sometimes I joke about this, because, as a writer of crime thrillers, my history of searches would be highly suspicious. It has happened to writers, and  here’s a case where a Long Island family’s Google searches got them into trouble. UK’s Daily Mail has published a looooong list of search keywords and phrases of supposed interest to the Department of Homeland Security. Examples of suspect words: exercise (which I use mainly in the context of “I should get more”), prevention, organized crime (oops! a biggie for me), sick, smart. With such a “broad, vague, and ambiguous list,” as the Electronic Privacy Information Center termed it, adding Wikimedia searches to the data would generate a bazillion hits.

Wikimedia’s Privacy Practices

Wikimedia’s transparency report for the six-month period July to December 2015 is therefore a welcome peek behind the privacy curtain. It receives requests for user data from government, individuals, and corporations, but doesn’t collect much non-public data or retain it for long, so often does not even have what people want. Case closed. But when it does, it will notify you before disclosing any information and may even assist you in fighting “invalid requests.”

Between July and December 2015, Wikimedia received 25 user data requests, 14 of which were from non-government entities. It produced the requested information for only one of them—in response to a court order from France, affecting one user account. This is of course a vanishingly small number of requests compared to what Facebook or Google receive.

Wikimedia also sometimes discloses information to the authorities on its own initiative. That happened a dozen times in the same six-month time period. For example, it alerted authorities to a bomb threat originating from an IP address physically near the target site (an arrest and confession followed);  reported a detailed threat against President Obama; and disclosed a credible suicide threat, with another positive outcome.

The Internet Never (?) Forgets

Also in that period, Wikimedia received 220 legal requests to alter content or remove information, granting none of them. It encourages complainers to work with the community to rectify what they perceive as errors or inaccuracies.

You may know about “Right To Be Forgotten” (RTBF) efforts, authorized under a 2014 European court decision involving Google Spain. Wikimedia opposes this movement, and tends not to grant RTBF requests, though people may do a workaround, by having Wikipedia links removed from search engines. (Here’s an example.)

Dig Deeper

Although Wikimedia’s efforts are a tiny finger in the dike, its commitment to privacy and to letting users know it, is laudable. Read more on this topic:

privacy

graphic: Bernard Goldbach, creative commons license