Today I received an e-mail from NicholasBarry regarding the SacWiki meetup. Now, to be clear, I am interested in the new software and the meetup, and I certainly don't mind an e-mail from Nicholas or anyone else. If I did, I wouldn't have posted my e-mail address. What concerns me is that the e-mail went to the address I used to sign up for the wiki, not to the one I put on my user page or even the one I used for LocalWiki donations. While I don't mind receiving e-mail there (it all gets forwarded to the same place), I'm concerned with the methodology here. In an era when people are up in arms about privacy concerns on Facebook, Google, and elsewhere, the Wiki should be responsible with its users' privacy and its own internal policies.
How did the e-mail list for that e-mail get compiled? Who has access to it? Who can gain access to it, and how? What are the policies regarding its use? I don't recall any privacy notice when signing up for the wiki (or when making a certain troll account (*cough*)). Something about this just feels off to me.
Again, this isn't a complaint about Nicholas e-mailing me, or about the meetup. I'm concerned with the way user information is being handled.
A quick update... the User Settings page on WikiSpot where you signup has apparently been changed quite a bit behind the scenes. I could have sworn it used to say your e-mail won't be used for anything except to retrieve your password at one point. Now, the Info for that page shows 4 versions. Those versions don't include the current version, or the previous version which (I thought) said something about not using your e-mail address. Changes have been made and apparently memory holed. Philip, can you fill us in on what's going on?
Scratch all that. It looks like it retrieves a form from wikispot when signing up for a new account. Not a memory hole, just a behind the scenes change to the form. Still wondering what's going on.
And one other concern which multiple have mentioned in off-wiki conversations, and which JW alluded to below: what does this mean for people who are using pseudonyms on the wiki? If they signed up using a non-anonymous e-mail address, are they still anonymous? Who has access to the information, since it looks like it's not just people with database access?
I'm sure Daubert isn't the only one who thinks this is trivial, and I'm not personally affected by it in any negative way. What I'm concerned about is the way in which people's personal information is being used.
-
Heh. Just asking questions; the email addresses were promised never to be used at some point, so it's odd to see them used, and it's reasonable to be concerned who has them now that they are out there. Questions aren't a bad thing. Honestly, my concern is the signup statement (probably not really answerable) and making sure that nobody's anonymity was potentially compromised (which is probably important to answer). Your mileage may vary. -jw
-
It's spam. When I signed up, I never agreed to have my email address added to any mailing list. It doesn't cease to be spam just because it was done once. Also, my information was turned over to a THIRD PARTY who then entered it into government-owned-and-controlled computers. Somebody has some serious explaining to do. —WilliamLewis
it's a conspiracy to keep you informed, you had better get to the bottom of this Daubert
For me, it went to a unique email address I have only ever used for signing up to Davis Wiki (I use a different email for each site to track spam sources), so it was clearly a database dump. Normally, if it is used for spam, I ditch the site. Also it seems that the old notice promising never to use your email for anything but password recovery seems to have been removed and is not visible in the history of the current page. I clearly remember such a notice. (See above - it was code, not content, so changed by a developer at some point)
I'm also concerned because people who signed up under anonymous names seem to have been emailed. In addition to the above questions, how many people got emailed? —Evan 'JabberWokky' Edwards
The reason why some DavisWiki editors got an email is because DavisWiki 'accounts' are actually global wikispot.org accounts. So when we migrated the Sacramento Wiki database information into the new LocalWiki system we picked which users to migrate over based on a simple heuristic: has this user edited Sacramento Wiki? If so, migrate them over. A bit wonky, I'll admit.
The SacWiki user information is hosted on our servers (and always has been). Nicholas (the current SacWiki administrator) has access to the list of email addresses associated with editors via the new administrative interface. He was given access to this interface by me with full authorization.
It'd be good to clarify this stuff to avoid issues like this in the future. Anyone want to take a stab at writing a Privacy policy? We've tried a few times before but never got anywhere. It would also be good to clarify, during signup, whether or not people want to receive occasional emails about the projects.
I've told Nick to refrain from any more emails until we have a better policy and plan for this sort of thing. —PhilipNeustrom
-
Unsolicited mass email is the definition of spam. This was unsolicited. It was a mass email. Nick is a spammer. —wl
-
While people didn't opt-in to getting emails about Sacramento Wiki events, and I agree that it sucks, that doesn't make a relevant email spam. Also, I'm not sure why you are being so antagonist here. —PhilipNeustrom
-
Spam: the unsolicited transmission mass transmission of email. Spammer: One who sends spam. The message was a mass mailing and it was unsolicited. Therefore, it was spam. Nick sent this spam. Therefore, Nick is a spammer. You're wrong. —WilliamLewis
-
While you're obviously upset about getting an email from Nick, I think it'd be good to realize that we're trying to improve things here. Nick's intentions — to make SacWiki better — are good. And I think good faith should be assumed here. Calling Nick a spammer doesn't help and makes it look like you're just trying to start a fight. —PhilipNeustrom
-
I get emails from people trying to buy the books that publishers send me. A lot of faculty like this "service", so one could say that the people who send these emails are well-intentioned. Their good intentions don't change the fact that it's spam. It was wrong for him to have been given the emails, and it was wrong for him to use them in that way. —CovertProfessor
-
The road to hell is paved with good intentions. You created a thread on hacker news a few months ago about how wrong it was that a certain yc funded startup was engaging in spam. I'm sure they had good intentions, too. Save people money. Make money themselves. Give students jobs. It doesn't change the fact that there and here, nobody consented to receive these mass mailings. Relevance is irrelevant. I'm not trying to start a fight here. I just want this remedied. You are not taking this seriously and that's discouraging. There is also the issue of disclosure of this information to third parties. I don't care that Nick is an admin. It was the case that unless an admin also had database access, they had no access to email addresses. Things changed and we had no say in that. He then proceeded to export email addresses en mass to another third party, in this case the State of California. I specified what needs to be done above. 1. The mailing lists used to send these messages must be deleted. 2. All traces of these email addresses must be removed from the government systems used to send this email blast. 3. Admins, and Nick in particular, need to no longer have access to any email address that users did not choose to share with administrators of local wikis. —WilliamLewis
-
I am taking this seriously — that's why I'm discussing it and wrote up a proposal at the bottom of the page here. I disagree that this was spam, though. Relevance and relationship is actually not irrelevant to whether or not something is spam — it's literally the thing that defines whether or not something is spam. In the case of that one spammer I was upset with a few months back, they were scraping @ucdavis.edu emails from sites and sending out emails indiscriminately. In this case, a single email was sent to users of a site who provided their email address about that site.
That said, it sucks we don't have an opt-in at signup. I've asked Nick to delete the mailing list he created, as you requested. And unless anyone objects I'll follow through with the proposal at the bottom of this page. —PhilipNeustrom
This is unacceptable. Nick needs to purge this list from any legislative computers he may have used to send out the emails and destroy any mailing lists he created. Then, his access to email addresses needs to be revoked. When we signed up, we never agreed to be emailed for any reasons other than a password reset. He should have never had access to these email addresses. He should not have abused his ill-gotten access to spam people. —WilliamLewis
Nick isn't some random viagra company we sold email addresses to — he was put in charge of the SacWiki initiative. Also, he didn't spam people — he told them about a relevant event (the first in years!) in a project they participated with in the past. People didn't ask to be emailed, and that kind of sucks. But we don't have any way of knowing that right now — so let's fix that problem and talk about solutions so this sort of confusion / situation doesn't happen again. I've written up a proposal at the bottom of this page. —PhilipNeustrom
Spam is defined by consent. This "relationship" and "relevance" stuff is made up by people who spam and want to rationalize their spamming. Virtually every AUP prohibits UNSOLICITED email, not irrelevant email or email from someone you don't have a relationship with. This blast would have been prohibited by all reputable ESPs. Until you stop rationalizing this spam as not spam and apologize for enabling this spamming and breach of privacy, you are not taking this seriously. —WilliamLewis
I agree. And I don't see the justification for moving the email addresses to SacWiki in the first place. We never agreed to that. A message could have gone out on Davis Wiki and SacWiki, asking interested parties to opt-in. —CovertProfessor
Proposal
-
Draft up a Privacy policy for DavisWiki / other local wiki projects to explain how user data is used. (We've never had one before)
-
When signing up, ask if someone wants to receive very occasional emails about the project. If they don't opt-in, don't email them for anything except password reset and user notifications.
-
Send an opt-in email to users when they are migrated to a new system asking them if they'd like to receive said emails.Have a dialog at some point temporarily appear that asks people (once) if they'd like to opt-in for emails, or have some kind of user setting for this.
I don't think new users should be migrated to a new system without their permission. When I signed up for DW, I thought I was signing up for DW only. I later found out that I could edit other wikis, but I never thought I had any association with them. It boggles my mind to think my email could be migrated to any wikispot wiki. I'm glad I didn't edit more of them. —CovertProfessor
Seconded. Anyone who did not explicitly consent to have their information transferred to the new system (and thus accessible to third parties, such as local admins) should have their email addresses purged from the new system. —WilliamLewis
If we didn't import user information then: 1) users wouldn't be able to log in 2) edit history wouldn't be preserved. —PhilipNeustrom
Again, you could post information to various relevant wikis, asking users if they wanted their user info to be transferred. I don't see how edit history is affected. —CovertProfessor
When you make edits, they are associated with a specific account. If the account is missing, the software gets confused. But just because the user accounts need to be migrated doesn't mean the emails have to (unless the database design is seriously flawed). And if the emails are to be migrated, that doesn't mean admins have to have access to them. —WilliamLewis
Unfortunately, the only thing we have that allows a user to authenticate is their email address. We could do an import of users without email addresses but then it'd be practically impossible to claim your account or log in. But it seems like the real issue here is admins' access to email addresses (which I've commented on below). —PhilipNeustrom
That is only one of the issues here. I do not want my email address spread to other wikis. I did not agree to have my email address spread to other wikis. The fact that there was no privacy policy does not justify your actions; you've been around the Internet long enough to know better. I don't care about Sac Wiki. You see "wiki spot" users, but I am just a Davis Wiki user. You seem to refuse to admit that you might have done anything wrong, and seem to be judging by what's best for the Sac Wiki and other wikis, rather than listen to those of us who are upset. And justifiably so, imo. —CovertProfessor
Hate to break it to you good professor, but This is a Wiki Spot wiki. Wiki Spot is a 501(c)3 non-profit organization that helps communities collaborate via wikis. Furthermore, you should come to the wikiBBQ I for one am very interested in the issues at hand but find I find myself irresolute to continue this discussion in such a flat, drawn out format (online text). —Daubert
The problem is that the way the user system on wikispot.org is structured everything is global. For instance, if you look at the User Statistics page on a given wiki it will list all users who've edited the wiki. So when we decide what accounts to import into an instance that's the logic we use.
I am listening to your concerns. I'm not sure why you don't think I am. I've been on here for the past several hours responding to every query that's been made, I've formulated a proposal to alleviate this problem in the future and I'm planning to explore possible technical solutions to the admin "viewing email addresess" issue. However, if you can't continue to discuss this in a civil manner then I'm not interested in continuing dialog with you. —PhilipNeustrom
You've continued to defend, and not apologized for, transferring the emails to Sac Wiki. You've continued to defend, and not apologized for, your role in the subsequent emails that were sent out, namely, making the emails available to NB. You've even defended his sending out the emails. Under these circumstances, I don't see any point in continuing to dialogue with you, either. I also have completely lost confidence in this wiki's commitment to user privacy and ethical practice. Let me be clear that this is not about my own privacy. The email address I used isn't one I care about. This is about an organization that claims to be one of the good guys while acting like the bad guys. At this point, I am feeling as though I can no longer be associated with such an organization. I'm going to give it a day or so; if I still feel then the way I do today, I will delete my account. —CovertProfessor
Speaking for myself, it's hard to take you seriously when you deny that Nick spammed us, coming up with some bullshit definition of spam that uses lack of a relationship instead of lack of consent. It's also hard to take you seriously when you refuse to acknowledge how screwed up it is that Nick was able to take our information and transfer it to a third party. —WilliamLewis
I don't deny Nick sent an email without an explicit opt-in (because we never had one). But it was not spam.
As far as transfering information to a third party, that's where I think writing up a privacy policy would be helpful. For instance, would you consider importing email addresses into ![[WWW]](http://wikispot.org/wiki/eggheadbeta/img/sycamore-www.png){kind=small}
mailchimp a third party? Or a google apps contact list? Because that's basically what was done here: he imported them into a mailing list system (or probably just used iContact or something, I have no idea). These are good questions and that's why I think writing a privacy policy would be smart. —PhilipNeustrom
It's spam. I'm sorry you disagree, but it is spam. In the absence of agreement on what constitutes spam, could you agree to the following? Sending mass email without an explicit opt-in is wrong no matter the circumstances and no matter the intentions and wiki spot will never do it nor enable anyone to do it again.
As for the third parties, yes, google apps contact list counts. Mailchimp counts. iContact counts. The user email database should have never been copied off of wiki spot servers. Consent to be added to a mailing list can reasonably imply consent to use third party mail service providers. Consent to use email addresses for password resets and the like can't. —WilliamLewis
I think #1 and #2 are a good start. I don't like #3. Add a checkbox for User Settings so people can opt in on existing accounts. Possibly, add a notification on-screen for the first time someone logs in that gives a heads up. "Big things are afoot! Do you want to occasional e-mail alerts about changes to your wiki community? Click here and check the notifications box to opt in!" Don't send more unsolicited e-mails to see if people want further unsolicited e-mails. Regarding the privacy policy, it's not something I'll have time to work on in the next week and a half, but if it's still untouched then I'll try to take a stab at it. —TomGarberson
Okay, that makes sense. So let's axe #3 and go with something along the lines of what you mentioned (a notice on-site for opt-in of existing users). —PhilipNeustrom
Do administrators for all wikispot wikis have access to user information (e-mails and whatever else may be stored) for all users that edit those wikis? Or is it something that was done specifically for SacWiki? —TomGarberson
No. Only administrators of wiki spot wikis that have been migrated over to local wiki (sf, sac, a few others) have access to this information. If the wiki is still running on sycamore (what dwiki is using), they do not have access to any user information the public does not. —WilliamLewis
William is correct. I'm going to chat with Mike tomorrow about possible technical changes here. We may be able to make it so if someone's an admin they can't necessarily see email addresses, though there are advantages to admins being able to see email addresses. —PhilipNeustrom
Tom was probably right to bring this up. Some people were not expecting emails. The proposal sounds like a decent solution though, and I would think it should clear up the problem. Other than that, I personally didn't have much issue with the email. Nick was just trying to generate more editing on a wiki that's probably been needing more attention. We've done wiki awareness in the past, (tabling at farmers market , sticker campaigns, etc), and I thought this was just another way to get more people involved with sacwiki. I'm personally not sticking the spam label on it, but that's just me. —JT
This is a troubling turn of events, I for one would like to laud Phillip for rapidly responding to the concerns voiced and look forward to hearing the results of his discussion with Mike on the technical aspects of what allowed this to occur Daubert
Agreed. Nobody is perfect and Nick made a mistake with the email, but Phillip is making a solid effort to fix it here. Lets give him some space. —JT
-
I've met Philip in person, I love the wiki concept, and overall I know there's good intentions all around. I agree that he's looking to improve a future slip, but I feel like we're glazing over the real issue which occurred in the past sometime. Part 1: I signup where it says "your email address will never be used for anything, ever." Sometime later, part 2, it is used. Period. The questions raised in the first few comments are very accurate: how, why, by who, etc. Those have been somewhat answered (but not the ones on how anonymous are people who used a non-anonymous email, or JW's comment on how many people were emailed). But I agree with William, that it is spam. To say it's not, Philip, is trivializing it. It's no less spam than a company website emailing me to tell them about their new product, because I was interested in their old one. It seems like semantics or nitpicking, but it's not. Because to think it's not spam comes across up above as "it shouldn't have happened, but it's not that bad." Or as Philip specifically said, it's not as if it's a "viagra company". But that's completely skipping the fundamental point: when most of us signed up, we were assured our email address never would be used for anything. It was. That's where the disconnect is. (By the way, I've been in LA for a few years now, so a 'come on over and hang out in Sacramento' email does seem pretty strange and not relevant at all to me). I also found it odd that it came from an 'official' .gov email address, but I won't touch on those points. To comment on Daubert's post, it's not entirely Nicholas's fault for sending the email; actually, if Nicholas hadn't emailed, we would never have known that our emails were accessible to others or would have been eligible for recieving email. The fault is ultimately Philip/Mike/whomever for the way the system changed, and for not informing anyone of this explicitly (or else the email wouldn't have gotten this surprised response). The email was simply what brought attention to it. Also, in the email he had written that these emails wouldn't be sent out "often" - that implied that the email list may/would be used again. I don't blame Nicholas for that, to him it was a useful tool to spread the word. But the fault lies with those who created the tool, when the DavisWiki foundation had started with "your email will never be used."
I know it was an accidental oversight, obviously not meant maliciously, but still. I'm seeing Philip address the future occurrences by starting a policy proposal, which is great. This should be done, absolutely. Let's all agree on how this tool should/shouldn't be used in the future. But what I don't see in the first series of comments (or really in the later) is him apologizing for or condemning the lapse in security/the broken promise. Instead, it's downplaying the impact of the email. This discounts concerns people raised, which is why CP seems irked, if he excuses me saying so. Or WL, in the 'spam or not' chain. It's like saying "at least the tool was used by a wiki admin, not a viagra company" when everyone else's concern is focused on this tool we were explicitly told would never exist. ES
-
I guess I was responding to the level of negativity that spilled out here last night. I understand people are upset, but a lot of it had become counterproductive. —JT
Hey, all - I'm sorry! I made a mistake, and I owe an apology. Even discussion of privacy/consent/etc. aside, it was clearly a mistake for me to send out the email given how much concern it has created. I should have discussed the idea of sending out an email with a few more people, who probably would have convinced me that sending it out was not a good idea.
I felt at the time of sending that an administrator sending an email to users of a site wouldn't constitute a breach of privacy - you sign up with an email address, which is inherently a way of being contacted, and that users should expect that administrators of a site would have access to that information. But I agree with the concerns of many that (1) the email was not consented to, and (2) some Daviswiki users were ported over to Sacwiki, and therefore didn't even expect that a Sacwiki editor would have access to their email address. So again, I apologize. I shouldn't have sent the email. I should have stuck to other methods of getting the word out about the edit party.
To clarify, I did not create a mailing list - I just copied the email addresses from the database into the BCC line of an email. I'll delete the Sent email from my computer at work. (I sent it from work because all my work on Sacwiki has been part of my job - I've taken it on as a project to improve the Sacwiki as a constituent service for Sacramentans.)
I agree that we should develop a privacy policy, and I should have waited until there was discussion about this before sending. One thing that I see as extremely useful about allowing admins to access email addresses is that frequently I'll see new users make mistakes that need to be corrected. Usually other editors will just jump in and correct them, but occasionally the new user gets into an edit war because they think other editors are malicious. Often the new editor doesn't understand how to view the page's history and doesn't view their own user page (or even know it exists), so they're not able to see the friendly messages other editors are leaving them about why the new editor's edits are being undone/changed. As an admin who is trying to encourage lots of people to get engaged with the wiki, I'd really like to be able to shoot an email to the new editor saying, "Hey, you should check out your user page, that's where people are going to leave you messages explaining why they're undoing your edits." So if we have a policy that bans mass emails except for those who have opted into receiving site emails (which, given the debate above, I'd now be in favor of), I will still lobby for the right of admins to message individuals under select circumstances, e.g. in the circumstances I've just described.
Again, my apologies. Drop me a line at my user page if you want to, though I'll also continue to follow things here. (Thanks for the call last night alerting me of all the discussion going on here, Daubert.)
First off, I want to apologize. It was a mistake that Nick sent out those emails and I apologize that circumstances allowed it. It shouldn't have happened and it won't happen again. After talking to Mike about this, here's what we've done and plan to do:
-
Draft up a Privacy policy for DavisWiki / other local wiki projects to explain how user data is used. We've never had one before. There's a lot of things that could be confusing or surprising to people. For instance, we publicly display IP addresses of editors, which might surprise people. Drafting this gives us an opportunity to nail this down.
-
We have removed the ability of admins to view email addresses in the administrative interface. This makes contacting editors harder, and makes fixing people's email addresses for them difficult, but we need to add a user notification system to alleviate this anyway.
-
When signing up on a new system, we'll ask if someone wants to receive very occasional emails about the project. If they don't opt-in, we won't email them for anything except password resets and user notifications (and we'll allow the notification emails to be turned off). For existing users, we'll allow them to set opt-in to Yes in their user settings, and maybe display a message the first time they visit a new system.
Thank you. —WilliamLewis
The current wikispot privacy policy entry is a good starting point.
Thank you both for acknowledging your roles in this incident and for your apologies. They are appreciated. I am glad to hear that an incident like this will not recur. —CovertProfessor
How come I didn't get an email? —MikeyCrews
Did you see where he subjectively selected people involved with Sac Wiki? —BruceHansen
