Page MenuHomeMiraheze

Make a Privacy policy/Copyright/TOS/Content policy for Miraheze
Closed, ResolvedPublic

Description

  • ToS
  • Privacy Policy
  • Copyright Policy
  • Content Policy

Event Timeline

You need ToS and Meta:Copyright too.

Reception123 renamed this task from Make a Privacy policy for Miraheze to Make a Privacy policy/Copyright/TOS for Miraheze.Jul 17 2016, 14:23
Reception123 raised the priority of this task from Low to Normal.Jul 22 2016, 08:37

Considering the fact that Miraheze's licensed under CC BY SA 3.0, Basically it would just say your material is licensed under CC BY SA 3.0, and some basic blah blahs. We don't have to have complicated copyright notices.

I think these things should be mentioned:

 * You own the copyright.
* By clicking (replace here with int: message used with save button) you agree to license your work under CC BY SA 3.0 Unported. This is permanent and cannot be revoked. You agree that linking to the original work is sufficient for your attribution. (blah blah)

For other wikis, they are not Meta, so they can have their own Copyright pages. We don't have to consider them anyway.

Samtar added a subscriber: Samtar.

I've put together some basics at Meta:Copyrights, mainly basing it off of WMF/CC notices.
One thing we will have to deal with is copyrighted content being used on a Miraheze hosted Wiki, and any takedown notices this will attract. Failure to deal with those correctly will likely violate our hosting's ToS (knowingly hosting copyrighted material)

I propose the use of a system similar to WMF's takedown form, which involves a notice on Meta:Copyrights to the affect of:

==If you are the owner of Miraheze-hosted content being used without your permission==

If you are the owner of content that is being used on Miraheze without your permission, then you may request the page be immediately removed from Miraheze by contacting [takedown@miraheze.org?]

A privacy policy will be straightforward, as it's likely you'll want to abide by anything a boilerplace policy states anyway. - Meta:Privacy Policy

I'll work on some basic ToS, but that will need some input from @John and @Southparkfan - obviously input is welcomed from all :)

Meta:Copyright is specific to Meta - if you want something to be globally effective, I think main ns is better use, imo. (Same for Privacy Policy imo)

This comment was removed by Samtar.

Meta:Copyright was added just because it was red, and it's local page just for meta. Our stance on copyright of hosted wiki is stated here. I wanted a page denoting about copyright for meta contents (and ofc while I can copypaste from wp or somewhere else, original sutff is the best stuff imho). Anyway, I only insist on Privacy Page being on Main ns, and don't much care about Copyright.

(conflicted with your above comment)

@revi is moving to my userspace (where I realise I should have worked on this before moving anywhere anyway -_-)

Reception123 renamed this task from Make a Privacy policy/Copyright/TOS for Miraheze to Make a Privacy policy/Copyright/TOS/Content policy for Miraheze.Aug 11 2016, 12:07

A content policy would also be useful, for example what content we don't allow (as there was a big debate last year about right.miraheze.org a policy would make everything more clear, and it is needed). A draft is already existent: https://meta.miraheze.org/wiki/User:Labster/Content_policy

So I asked Philip about the LocalWiki privacy policy, and he released it as CC0 for us to use however we wanted, which was pretty nice. So here's what it looks like in Miraheze form:

https://meta.miraheze.org/wiki/User:Labster/Privacy_policy_alternate

This has the advantage of being written by an IRL lawyer, with a few alterations by me.

Section 3 in particular: is this even a thing we want to give wikis the authority to do? Or is analytics gathering and user information something we want to keep solely to ourselves (though we can grant access to piwik under §7.5 natch).

After reading the FTC rule on how COPPA enforcement works, I rewrote the section on Children to be less... lame. We'd just need to not have wikis that are targeted at children for now, which is pretty easy. And I don't think that really changes our scope.

Also I took @Samtar's text on the Data Protection Act which is pretty relevant since we have data in Europe lol. I don't think the rest of the text needed to change, so it's just in the retention section.

And I realize that we could mention CheckUser or external links or Oversight... but why? Those are implementation details, and this is legal code.

Anyway, does anyone have a comment on this, or is this something we can adopt?

@labster @John I've commented on the talk page for the most recent policy. I feel it's something that should be mentioned because it's not clear (iirc) that your email is released when you use Special:EmailUser. Otherwise it looks pretty good. Checkuser is basically covered by the retention policy, I don't feel we need to mention the specifics of who can access the information or how aside from "staff and volunteers" as for Oversightt, anyone can request it but the current text indicates it's at our discretion unless we receive a valid order from a government agency. Again, I think this is acceptable as we shouldn't have to get into the specifics of how we permanently remove data or otherwise make it inaccessible.

I think @labster 's policy is good and agree to PuppyKun's comment.

Samtar removed Samtar as the assignee of this task.Sep 30 2016, 07:12

The privacy policy and linked above content police seem fine.

With two months before the goal 'expires' we need to decide how to progress this to a finish.

Did not seem like it would be done by the end of this year

The privacy policy is done. We have drafts for the rest.

And this isn't a thing we can flex around. It has to be done before December 31st. Otherwise we've decided they're not important to have.

Made a draft of labsters policy here.

With https://meta.miraheze.org/wiki/Meta:Privacy_policy/Draft now some what in a place, I'm proposing we adopt this and therefore finally have a privacy policy. There seems to be some agreement through out with the policy so if there are no objections raised by Friday December 9th, I'll move it to the correct name and it will enacted as Miraheze's privacy policy.

With https://meta.miraheze.org/wiki/Meta:Privacy_policy/Draft now some what in a place, I'm proposing we adopt this and therefore finally have a privacy policy. There seems to be some agreement through out with the policy so if there are no objections raised by Friday December 9th, I'll move it to the correct name and it will enacted as Miraheze's privacy policy.

Ahem, there is nothing in the draft about CheckUser. This is an issue on WMF projects that has raised some controversy - users are told that registering hides their IP address, when in truth it doesn't completely. Ideally, users should have to agree to at least the privacy policy if not the CheckUser policy before being allowed to register.

That is a good point. I agree with @Amanda that CU should be included in the Privacy Policy.

2.4 and 7.1 sufficiently cover the collection and usage of information such as IPs. CheckUser isn't the only way we can access information and exhaustive lists are ineffectively honestly.

More so Miraheze makes no claim that "registering hides [your] IP address" and that is a wholly Wikimedia issue with the way Wikipedia advertises accounts to people.

Still, users should be required to agree to allow CheckUser and other tools access to their information. If they do not agree, account creation should be disallowed. I must note that the draft does state that "no personal information is collected", where an IP address can be used to trace your physical location.

I agree with the account creation requiring acceptance of a privacy policy. A CheckUser policy is something that binds users of the tool, not users whom will experience the use of the tool though.

Note to everyone that I have opened an RFC regarding CU and OS usage. I would like to see a consensus there before any privacy policy becomes official.

The privacy policy only describes Miraheze's technical handling of potentially personal information.

CheckUser is a technical tool that utilises it and thus isn't necessary to be formalised before a privacy policy is applied as there are clauses detailing data usage.

Oversight is irrelevant as that is just the remove of personally identifiable information.

Updated so we can see what has been done and what hasn't.

I think we're pretty close on both the Content Policy and Terms of Use:
https://meta.miraheze.org/wiki/User:Labster/Content_policy
https://meta.miraheze.org/wiki/User:Samtar/ToS

Go ahead and review those. In terms of Content policy, I've really envisioned that as only applying to wiki sysops/crats. There's really not much to say to normal users than "no spam" and "follow copyrights and other laws". That can be folded into ToU instead of having a separate policy.

Also: We'll need to put something in https://meta.miraheze.org/wiki/Meta:General_disclaimer

https://wikimediafoundation.org/wiki/Terms_of_Use#4._Refraining_from_Certain_Activities

This stuff is 95% "don't do this illegal thing, don't do that illegal thing, don't do yon illegal thing", followed by "also no paid editors". I'm not feeling the need to mention the entire social contract, but let me know if you disagree.

Both Tos and Content policy seem satisfactory for me.

I am going to strongly suggest that as part of the Terms of Service, a policy be added that requires Miraheze Staff (sysadmins, stewards, etc.) to gain community and/or founder approval before taking any configuration change whatsoever on a wiki other than Meta. I know that there hasn't been a serious problem like this yet, but because the two highest groups have the technical ability to perform such actions, we should find a way to prevent them from using it improperly and evading local community desires, just because they are "in charge".

A proposal similar to this failed to be included in the final results of the Steward RFC, but it needs to go somewhere. I think that this would be the best spot for it.

A ToS is an agreement for the usage of a service. That isn't an appropriate inclusion.

What your suggesting is a community policy decision [which you pointed out actually failed at this hurdle] and should be put to the community because it's place is in the appropriate policies governing usage of the groups.

Exactly. Note that the "approval of actions" policy at the Steward RFC only had one strong support vote, so technically it should have been included as "Approved because initial vote was unopposed and unchallenged". That's what I mean by "failed".

Though in scale, 1 support in favour of a proposal was extremely inadequate to call a consensus based on the community when the average supported statement had 8/9.

labster mentioned this in Unknown Object (Diffusion Commit).Dec 29 2016, 22:39

All policies are written and will be deployed on January 1, 2017. All pages have been moved to the correct places. The core task of this ticket is done, we just need to close all of the subtasks and make sure that people are notified that the new policies have taken effect on New Year's Day. And swap out the {{Draft}} templates then.

We can continue to get modifications until then, so get them last minute bugs in now.

labster mentioned this in Unknown Object (Diffusion Commit).Dec 29 2016, 22:51
labster mentioned this in Unknown Object (Diffusion Commit).Dec 30 2016, 02:39

@labster where in LocalSettings.php would the configuration for special pages be? Or would it be in a different file?

The configuration for Special pages are scattered across hundreds of PHP files in mediawiki core and extensions. Each introduces its own configuration. Some can be modified with settings in LocalSettings.php, some can't.

Also this is completely off-topic for this ticket, so this is not the appropriate forum for getting help. Ask on-wiki next time.

Sorry, I meant to ask specifically where the settings for Special:CreateAccount would be.

@DeltaQuad That confusing mess would be located here. However, if you wish to change the text visible to users, I recommend changing the system messages visible here. (Each item in parenthesis is a system message).

No, what I wanted to do was make a PR for the requested link to the new polices. That's why I was asking where the configuration was located. BTW, @Void that second page you linked doesn't have an "edit" option, so no changes can be made to it via that interface.

@DeltaQuad The second link tells you what system messages are used where on each page. The idea is that you now know which system message(s) you would want to edit to include the text.

Please open a new ticket or go to wiki, as your question is unrelated to implementing TOS/Privacy Policy/Contents Policy/...

Reception123 claimed this task.

Adopted and added to Special:CreateAccount