Project page Discussion Edit this page Leave message History

search talk:Privacy

Contents 1 Defining the Privacy policy 1.1 Requirements of the Privacy policy 1.2 What is Privacy? 1.2.1 Aspects of privacy 1.2.2 Information concerned 1.2.3 Levels of privacy 1.3 Relationships to other principles 1.4 Wishlist 1.5 How do others view privacy?

[edit] Defining the Privacy policy

In the interest of transparency, Wikia Search needs an explicit privacy policy. This section should host the discussion that defines the privacy policy.

[edit] Requirements of the Privacy policy

The policy should

• define what privacy means in the context of Wikia Search,
• explicitly state which information is deliberately kept private, and how,
• explicitly state the limitations of privacy, what is not private, and how.

[edit] What is Privacy?

Wikipedia article: privacy

Wikipedia defines privacy as the ability of an individual or group to seclude themselves or information about themselves and thereby reveal themselves selectively.

The main page says:

Must be protected, do not store or transmit any identifying data.

The above sentence is in contradiction to a discussion about privacy- and transparency-related questions on page Forum:Advertising supported?.

[edit] Aspects of privacy

• What is privacy?

• Information items concerned
• Parties concerned
• Systems concerned

• Benefits - What do we get from privacy? Why would anyone want privacy?
• Costs - What does privacy cost? What are its disadvantages?

[edit] Information concerned

• Identity of the person doing the query
• Identity of the ISP account which is used
• Client IP-address used
• Client system properties (browser, operating system)
• Cookies on the client system
• Identity of the search engine user account
• Identity of the Search wiki user account
• A search query
• The set of all search queries made by a pricipal (an IP-Address or a user account)
• Associations between the above

[edit] Levels of privacy

• Info is not visible / Association is not possible
• Info is not retrieved / Association is not done
• Info is not used / Association is not used
• Info is not directly stored / Association is not directly stored
• Info is not reconstructible later / Association can not be reconstructed later

[edit] Relationships to other principles

• Privacy facilitates community involvement. The more privacy requirements are met, the more users will be able to participate.

• Privacy sometimes conflicts with Transparency. These conflict by definition. Privacy is about hiding information, transparency is about exposing it.

• Privacy sometimes conflicts with Community. See search_talk:Community#Relationships_with_other_principles.

• Privacy sometimes conflicts with Quality. For example, measuring click-throughs can be used as a means to increase and control quality. However, doing so exposes more private information about the search user.

[edit] Wishlist

How do you see privacy? What are your concerns? What level of privacy are you looking for? Add your requirements and wishes here.

• Keep separate logins for search engine and wiki. Currently, it is possible to search "anonymously" (not being logged into the search engine's social network aka. "People Matching"), while at the same time being logged into the wiki. This is a good thing. Rainer 09:26, 12 February 2008 (UTC)
• Search engine options (see below) should be selected via the URL used (instead of via cookies). Rainer 09:26, 12 February 2008 (UTC)
• Make "People Matching" opt-in (or provide it on a separate site - or remove it altogether). Currently, even "anonymous" search users get the "People Matching" box on their results pages. It should be possible to use the search engine without receiving "People Matching" at all. This should even be the default. It keeps things simpler, cleaner, lets Wikia Search focus more. In my view, Wikia Search's core competencies (pardon the buzzword here) should be the wiki and an open search engine. The social network makes things more complicated. At the implementation level, the complexity draws resources away from search and the wiki and the skin (and the skin could really use some attention, to put it mildly), both during development and at run-time. At the user interface level, the feature requires screen space, time until the page has fully loaded, bandwidth and may be considered distracting by some. Prefer to have users opt-in to such more complicated, less privacy-preserving features. Rainer 09:26, 12 February 2008 (UTC)
• It should be documented how the "People Matching" feature works, from a search engine user's point of view. How are the "matching people" associated with a search query? I assume that some information about the queries made by a logged-in user is stored. How? How much? Where? How long? Rainer 09:26, 12 February 2008 (UTC)

[edit] How do others view privacy?

• Here's a blog discussing the policies of the major search engines, http://bits.blogs.nytimes.com/2007/07/23/the-most-privacy-friendly-search-engine-on-the-web-is/ Fred 18:11, 1 February 2008 (UTC)

• Press release announcing AskEraser. Fred 18:20, 1 February 2008 (UTC)

• A core value of the library and information field is the protection of patron privacy. Here is some info from the American Library Association's web site: http://www.ala.org/ala/washoff/woissues/civilliberties/privacy/privacy.cfm Scarney 16:34, 8 February 2008 (UTC)

• For Wikipedia, the effective privacy policy is that of the Wikimedia foundation.

Which is frequently violated by "respected" Wikipedians. -- Thekohser 12:48, 31 March 2008 (UTC)

Is this due to an inappropriate policy, or due to a conflict of interests? I imagine that violations happen when goals conflict with each other. Sometimes, goals need to be weighed against each other. (As an aside, when this happens, it should be made transparent.) Our goal here is to design a good privacy policy. In general, the other principles, T, C and Q, all compete with the privacy goal. Do you have any suggestion on how to minimize these conflicts? --Rainer 08:09, 1 April 2008 (UTC)