This is an essay.
It contains the advice or opinions of one or more Wikipedia contributors. This page is not an encyclopedia article, nor is it one of Wikipedia's policies or guidelines, as it has not been thoroughly vetted by the community. Some essays represent widespread norms; others only represent minority viewpoints.
|This page in a nutshell: Be careful about revealing and handling personal and/or private information, as your rights to privacy may not extend as far as you believe.|
As Wikipedia has grown from a tiny website visited mainly by its editors to one of the most popular websites on the internet accessed daily by millions, numerous attempts have been made to develop a consistent way of protecting the private personal information of those who create and develop its content, while at the same time protecting the encyclopedia from abusive editing practices. The processes that have been developed over time are, in part, contradictory, because of the inherent tension between protecting the individual and protecting the institution. External pressures have resulted in paradoxical reactions within the English Wikipedia community.
The Wikimedia Foundation (owner of Wikipedia) is largely uninvolved in internal community decisions, and has therefore remained largely silent on project-specific privacy and confidentiality issues beyond its own privacy policies that are mandatory on all hosted projects.
Wikipedia and the Wikimedia Foundation do not require that editors identify themselves by their legal names or by providing private information to confirm their identity. Editors may establish accounts in any of the following ways (in order of likelihood that the Wikipedia account will be linked to other activities):
The opportunity to edit without linking to a person's real world identity provides a degree of confidentiality to those who could be placed at risk if they edited using their legal names. This confidentiality is not guaranteed, however, and is largely dependent on editors withholding personal information about themselves.
See also: Wikipedia is in the real world
Nonetheless, many editors have come to expect that Wikipedia will take steps to assist them in managing inadvertent revelations of personal information. The range of expectations can include deleting or even oversighting of edits, removal of links to external sites that link editing pseudonyms to private personal information including names, and disallowing references to prior accounts that may have had personal information associated with them. The on-site processes governing such actions are contradictory, in part because of the conflict between protecting individual editors and protecting the encyclopedia as an independent entity. Access to this assistance is inconsistent.
Any editor can revert an edit; however, it is still available in the history for other readers or editors to view. Editors who come across private personal information about another editor that has been added by someone other than that editor should be encouraged to revert the information, and to contact an administrator for deletion of the edit. Serious privacy breaches can be oversighted by using an extreme form of deletion that removes the edit from the view of all but a few users; it is often better to have the edit deleted first while contacting the Oversight team. Any administrator can delete individual revisions or log entries, subject to the revision deletion policy. This hides the edit from the view of all but other administrators. Many privacy breaches can be addressed sufficiently with simple deletion. Deletion is appropriate for certain personal attacks and may be an appropriate step in removing a serious privacy breach from the database before an editor with oversight privileges can be reached.
Oversight is intended to address only very serious breaches in editor privacy: non-public personal information, such as phone numbers, home addresses, workplaces or identities of pseudonymous or anonymous individuals who have not made their identity public. It is also used to address libellous information and copyright violations, and some lower-level privacy issues. There is both a Wikipedia policy on oversight, and also an overriding Wikimedia Foundation policy. Editors with oversight privileges continue to have access to the removed information via the oversight or suppression log. Since late January 2009, the former extreme "oversight" process has been replaced with a less drastic measure referred to as "suppression". While the privacy-violating information is removed (whether it is the full edit, the edit summary, and/or the username), it is noted in the history of the page as having been redacted. This process is also used for editing logs that contain personal private information.
External links are used throughout the encyclopedia for various reasons, mostly in the mainspace to support content or in content discussions on talk pages. Occasionally, external links are used elsewhere, again frequently with relation to discussions about content, but sometimes in innocuous messages between editors. Only rarely are external links problematic in relation to editors: when an external link is used to create a personal attack against an editor, and when an external link in article space leads directly to private information or an external personal attack about a specific editor. Generally speaking, our guidelines on external links will determine whether or not a link is suitable for article space; high-value links will usually be kept despite an allegation that there is a personal attack directed at a specific editor. Further guidance can also be found at Wikipedia:Linking to external harassment, which includes a link assessment table, and some general information for editors who feel harassed by the presence of certain external links.
CheckUser is a feature designed to protect the project from disruptive editing activities. Individuals with CheckUser privileges have access to technical information about accounts, such as a list of IP addresses from which an account has edited within a certain period, and data about the computer(s) used in editing sessions. Access to this feature is logged, and the log is available for review by other CheckUsers or the Ombudsmen. The primary purpose for which CheckUser is run is to identify additional accounts that have been used, or could be used, disruptively by a single person. On rare occasions, a CheckUser may be run to identify an editor who has made threats, in order to provide information to police; this kind of check is most commonly performed by specifically-authorized WMF staff.
The use of the CheckUser feature can be controversial, in part because its use is not transparent. On English Wikipedia, administrators and editors may request checks through private channels (email, IRC, or other messaging), and CheckUsers may run queries without a specific request when they themselves identify suspicious accounts. Some other Wikimedia projects require that all CheckUser requests be made on-wiki. English Wikipedia CheckUsers routinely participate in cross-wiki checks to identify and block spambots and cross-project vandals. It should be noted that English Wikipedia is the largest project and is the main target of several virulent serial vandals using multiple accounts, often causing large-scale disruption over a very short period; advance identification of such accounts prior to their being used for disruption, without alerting the vandal, is a net gain for the project. Many disruptive editors using multiple accounts have been identified and neutralised by non-public checks in conjunction with other investigative processes. Some editors and administrators may make a non-public request for CheckUser in order to prevent reputational harm to an account that may be incorrectly suspected of sockpuppetry. It is in this setting, and with this history, that the current CheckUser practices have developed.
CheckUser is a double-edged sword. It is useful, in many cases, for identifying problematic accounts and ferreting out behaviour that is harmful to the encyclopedia (in the broad sense); however, many editors find the concept of "checking" to hold significant potential for unwarranted invasion of privacy, especially when viewed in the light of the level of discretion granted to users of the CheckUser tool in its application. Editors working in an area where there is a history of abusive use of alternate accounts should be aware that their account may be CheckUsered.
Information about editors who are not the target of a CheckUser will sometimes be brought up during a legitimate check being performed on another account, particularly when the editor shares a highly dynamic ISP or a narrow IP range with the target account. Editors will generally not be informed that a CheckUser has been performed on their account, or that their account came up during a CheckUser.
The results of requests publicly posted on the sockpuppet investigations (SPI) pages are normally made publicly, and can link usernames (including those based on an editor's real name) with IP addresses. CheckUser requests made publicly on the talk page of an individual checkuser may or may not be responded to at the same location. CheckUser requests made via email other direct contact with a CheckUser, or those made through the Arbitration Committee or Functionaries mailing lists, are often not disclosed publicly at all, except with the identification of a ((checkuser)) template on any relevant blocks. In some cases where a private checkuser request has resulted in significant findings, the checkuser may ask that the requesting party post a SPI request so that the results can be publicly documented.
At the same time, CheckUsers may also be involved in discussions in other internal forums, such as various Administrator's noticeboards, and may provide CheckUser results, including some details to assist administrators and others in understanding how the decision on likelihood of abuse of alternative accounts has been made. Release of this information is at the discretion of the CheckUser; only in exceptional circumstances will there be a direct link to a real-life identity that is not also the user's account name.
There has been no significant discussion on-wiki as to whether or not individuals whose accounts have been subject to CheckUser review should be permitted to authorize disclosure of the CheckUser findings. This form of voluntary disclosure of private or possibly personally-identifying information does not appear to be out of line with the accepted practices of editors using their legal names as usernames, or of editors providing other personal or even private information on their user pages or in on-wiki postings. It is not clear what harm would be caused with revelation of CheckUser data provided it is limited to data specific to the subject of the check, and is posted with the full agreement of the holder of the checked account; however, it may be difficult to separate data specific to one account if information relating to multiple accounts is revealed during the CheckUser process.
Editors may choose to share personal information that does not meet the threshold of private information with other editors, most frequently in personal conversation on user talk pages, or in an off-wiki process such as email, IRC or other messaging process. Most people presume that information shared off-wiki is confidential; however, sometimes that presumption of confidentiality is unrealistic. People should be mindful of the following factors:
The Arbitration Committee accepts confidential information in its cases in limited circumstances, as noted in the Arbitration policy. Because of current technical limitations of the Arbitration Committee mailing lists, any private information is likely to remain in its archives for the foreseeable future and will not be deleted.
Attempts to develop Wikipedia policy with respect to private correspondence and confidential information have been unsuccessful, for several reasons. See related rejected proposals Wikipedia:Private correspondence, Wikipedia:Correspondence off-wiki and Wikipedia:Confidential evidence.
Many editors will establish off-wiki relationships with their peers, whether it be the occasional exchange of email, chatting in IRC, or in some cases meeting up at Wikipedia-related events. Personal information is often exchanged; in the cases of meet-ups, photos or videos may be taken.
All editors are reminded that there can be serious consequences to sharing this personal information on-wiki, even when done in the best of faith. It's important to obtain permission from the subject before posting images, for example, because any free content posted to a Wikimedia site can be redistributed and reused elsewhere. Individuals whose discretion is found wanting by their peers may find themselves ostracised or even removed from the project. While the primary objective of Wikipedia is to collaboratively build an encyclopedia, collaboration is dependent to a certain degree on interpersonal trust and confidence in each other's judgment.