Archive 5Archive 7Archive 8Archive 9Archive 10Archive 11Archive 15

Hi all, we've recently seen a kerfuffle at AN/I regarding a possible OUTING. Some editors were suggesting that the line "Posting links to other accounts on other websites is allowable on a case-by-case basis" allows this to happen - it is noted that this line is "under discussion", however it seems no firm agreement or consensus was ever made. I would like to ask for a clarification on this line, and how it may relate to editors wishing to link an account to another account on another website in a COI investigation -- samtar talk or stalk 19:29, 27 June 2016 (UTC)

Samtar, the key words are "on a case-by-case basis." The case you mentioned involved linking to someone's Linked in account, which included a full real name and other personal details the person had not offered. That's the kind of example that will normally attract a block. In addition, there's obviously no point in showing the person concerned what his own Linked in account is, which is what happened here. SarahSV (talk) 19:46, 27 June 2016 (UTC)
In case it's helpful, that sentence was added in February 2015 as:

Posting links to other accounts on other websites may occasionally be allowed such as when those accounts are being used to transact paid editing. [1]

then changed to:

Posting links to other accounts on other websites is allowable on a case by case basis. [2]

The addition followed this RfC, during which it was agreed that words to this effect had consensus. SarahSV (talk) 19:56, 27 June 2016 (UTC)
Just remove the line. What a ridiculous loophole: "on a case-by-case basis". There's no reason person A should post a link to person B's account on another website, without their express consent, period. We have a privacy policy, oversighters and Arbcom, which should make it abundantly clear that posting such links is a bad idea.- MrX 19:59, 27 June 2016 (UTC)
Also the RfC to clarify what would be allowable did not produce any results either. That discussion can be found here[3]. --Kyohyi (talk) 20:04, 27 June 2016 (UTC)
Thank you for the reply SlimVirgin - I do need to echo what MrX states above, I don't personally understand a situation where this would be useful. Could this not just be removed, as the RfC Kyohyi kindly links to above did indeed end without any real solid clarifications -- samtar talk or stalk 20:07, 27 June 2016 (UTC)

As can be seen in earlier talk, I have been of the opinion for some time that the community is unclear about the boundaries of outing, especially with regard to COI investigations, and I have been planning to initiate a community RfC in order to get these issues clarified. Seeing today's events as soon as I logged in today, I feel very, very saddened that I have not gotten that going yet. (I've been swamped with the GMO RfC, and just have not had enough Wiki-time to give this policy page the attention that it needs. Sorry.) The one fact that I think is abundantly clear is that anyone who claims that everything is already crystal-clear and anyone with clue knows outing when they see it, has not read the discussions at ANI and elsewhere about this case. It's readily apparent that experienced, good-faith editors are saying opposite things about whether what happened was block-worthy or not. (Myself, I honestly don't know!) The community is going to have to pin this down. --Tryptofish (talk) 20:11, 27 June 2016 (UTC)

Couldn't agree more Tryptofish - kind of the reason why I wanted to kick off this discussion. It seems no one really knows what is and isn't acceptable (sure, I have my own ideas but I'd at least like a policy I can disagree with rather one where I don't know if I'm right or wrong!). The range of opinions at the above linked ANI thread shows we're currently a community divided -- samtar talk or stalk 20:13, 27 June 2016 (UTC)
Exactly, thanks. --Tryptofish (talk) 20:15, 27 June 2016 (UTC)
  • Samtar, this sentence has had consensus whenever it has been discussed. Bear in mind that this policy isn't about COI. It has to cover lots of other situations.
One example would be when an editor, User:Blah (where Blah is an unusual name, but not a real name) makes edits that could arguably be racist. It goes to AN/I, where we discover that someone named Blah has a blog that shows he's a member of the Ku Klux Klan. The "case-by-case basis" sentence would allow editors to point out that connection.
That sentence would not extend to the Linked in situation that just occurred; that is a clear case of posting a real name without the person's consent, and also unnecessarily because the COI issue could have been handled without it. SarahSV (talk) 20:28, 27 June 2016 (UTC)
SarahSV: very true, and I agree that it should be allowable in that situation - I guess it's somewhat difficult for a lot of editors to draw the line. Do you think the "case-by-case" aspect could be clarified slightly more? -- samtar talk or stalk 20:32, 27 June 2016 (UTC)
Samtar, the "case-by-case" issue has allowed admins to use judgment depending on whether the posting was necessary and done in good faith, how much information it revealed, and so on. I believe that that admin discretion is important, but of course it means editors are expected to be extremely careful when invoking that clause.
I think instead of focusing on that sentence we should have a discussion about what steps editors are expected to take when suspicions of COI editing necessarily involve a real name. I posted a suggestion on 26 June at WT:COI that we try to write a section on that, but it might be better in a policy than in a guideline.
Once we have those steps in place, we can adjust the "case-by-case" sentence accordingly. SarahSV (talk) 20:39, 27 June 2016 (UTC)
(edit conflict) I don't understand why we would allow random, anonymous Wikipedia editors to do amateur detective work outside of Wikipedia, and then post the results of it on Wikipedia. Does it occur to anyone that usernames are not always unique, and that anyone can create an account with anyone's username on virtually any other website? - MrX 20:44, 27 June 2016 (UTC)
It occurred to all of us. "amateur...work" is what we have, for all our work in writing, enhancing, defending, and protecting the Wikipedia. This is probably not the best project to gain popularity by denigrating amateur work.

We ought to put back in the clause such as when those accounts are being used to transact paid editing (except that "paid" should be replaced with "commercial" since it is more precise and for other reasons which I'll skip now but can explain if asked). Because this best reflects consensus. Looking over the discussions, here's one way to think of the issue:

  1. A large percentage of people believe that linking to another account is never OK, period.
  2. A large percentage of people believe that linking to another account is OK, but if and only if there's good reason to suspect and point out undisclosed commercial editing, since this is a special situation and a special problem for a volunteer organization.
  3. A large percentage of people believe that linking to another is OK, if there's good reason to suspect undisclosed commercial editing but also perhaps for other reasons, such as maybe to show undisclosed non-commercial COI editing, or to show that the person has an account on a neo-Nazi site, or perhaps other situations of that type.

Well, suppose for the purposes of argument that each "large percentage" is 33% (it's not that neat of course, but bear with me). Well then you can combine the #2 and #3 people and get 66% in favor of #2. Even though the #3 people will believe it doesn't go far enough, it ought to be acceptable to them. You can't combine the #1 and #2 people (or the the #1 and #3 people) in the same way to get any meaningful agreement.

Note that while I have an opinion on the matter I haven't expressed it, and there's no need to, What we have here is an exercise in political logic. Political logic demands that, in order to be acceptable, the exception needs to be narrowly defined. Herostratus (talk) 21:08, 27 June 2016 (UTC)

I think that, approximately, you are correct about those three categories of editor opinion. The recurrent problem arises when an experienced editor, acting in good faith, is in one of those groups, and the administrator or oversighter acting on the case is in a different group. The administrator or oversighter may believe that it is clear in that they know it when they see it, and that it should have been equally clear to the experienced, good-faith editor. But it isn't. And the idea that we have to keep blocking good editors so that we can come to an agreement privately before unblocking them, only to find later that someone else was not in on the agreement, is not working. --Tryptofish (talk) 21:15, 27 June 2016 (UTC)
Our purpose here is to build an encyclopedia, not comb the entire internet to try to connect accounts. Amateur writers—good; amateur detectives—not so good. NE Ent nailed in when he said "Support addition due to inability to actually know authorship of off-wiki content" in the RfC. We should be making decisions based on the quality of content, not based on suspicions of what people do outside of Wikipedia. If the WMF wants a no paid editing policy, let them enforce it.- MrX 22:01, 27 June 2016 (UTC)
I've thought some more about what I said just above about how some things are not working. I'll ping @GorillaWarfare:, because what I'm going to say relates in some ways to her oversighting and blocking in this case. Having a policy against outing, it should really be our top priority to protect the privacy of the users who might have been victimized. And, when there is a block of an experienced editor, it occurs to me that we often end up with a Streisand effect that ends up undermining exactly that top priority. Here, we had an IP open an ANI thread instead of contacting the oversight email list privately. The discussion that followed, that was significantly prolonged by editors discussing the block, contains enough information that, as I read it (after the discussion was already closed when I logged in), I can reconstruct pretty much exactly what the private information was, and if I were so inclined, could probably rediscover it on my own. And that is on a high-visibility noticeboard. I think that's exactly what should not happen, if we care about protecting privacy. We can't prevent IPs or anyone else from starting threads on noticeboards, but we should probably do more in the way of oversighting discussions about material that was itself oversighted. (I do see that GW blanked the ANI section, but then self-reverted.) Moreover, blocking an experienced editor also draws attention by virtue of the block itself. We really need to weigh the relative benefit of blocking presumably clueful editors just to be sure that they won't repeat the mistake, against the downside of creating Streisand effects. It makes real good sense to me to have oversighted the edit that was oversighted. But I'm not convinced that the subsequent block is really the most enlightened way to protect privacy. I have the blocked editor's talk page on my watchlist, so all of this was the first thing I saw when I logged in today. And as I said, I'm concerned that I can see too much that is still easily found onsite. If instead the edit were oversighted as it was, and then the editor was given a strong warning (with a block following if anything were repeated), it all would have passed with much less fanfare. I think that the privacy of the possibly outed user might actually have been better served. --Tryptofish (talk) 23:30, 27 June 2016 (UTC)
Thanks for the ping, Tryptofish. I wholeheartedly agree with you that "it should really be our top priority to protect the privacy of the users who might have been victimized." I felt that removing the content that breached an editor's privacy was necessary, as well as blocking the editor who added it. I generally do blank posts on ANI or other noticeboards when someone is requesting removal of oversightable content, because though they are generally in good faith, they draw attention to the issue. In this case I self-reverted because the post was just a few sentences and beyond the link to the (now-oversighted) diff, did not contain any information that was concerning. Unfortunately I was just leaving my apartment as this issue came to my attention; had I been around I would have shut down the following ANI discussion much sooner, as ANI is quite obviously not the place for such things.
I guess the tl;dr here is: people should not discuss oversight-blocks/etc. on public and high-visibility fora such as ANI. The notice on Wikipedia:Oversight mentions this, and Wikipedia:Oversight/FAQ goes into more detail. I would love for the various oversighters/admins/editors who see such posts to shut them down quickly when they see them, and thank you to Mike V for doing so.
I disagree, however, that experienced editors should not be blocked when they breach these policies. While I agree that there are instances in which an editor should be warned instead of blocked for the first time they've brushed up against the outing line, I do not see this as one of those cases. In general I also worry about the repercussions of applying different block criteria to experienced vs. less experienced editors. GorillaWarfare (talk) 23:45, 27 June 2016 (UTC)
About your last point (and without getting into the specifics of individual editors), I think that this goes in part to WP:NOTPUNITIVE and in part to placing a higher priority on avoiding the drawing of attention than on enforcement. I worry that sometimes we get so far into the desire to draw a clear line under the unacceptability of attempted outing that we treat blocking as more important than avoiding Streisand effects. --Tryptofish (talk) 00:03, 28 June 2016 (UTC)
Whoa, hold on -- I'm sorry, I'm don't follow this stuff that closely, but on what planet could a person be blocked for posting a link to an off-site account? The policy -- and this page is a policy, not an essay or guideline -- says pretty clearly "Posting links to other accounts on other websites is allowable. Right? Isn't that what the policy says? Looks like plain English to me.
Granted, it then follows with "on a case-by-case basis", which is strictly indeterminate and meaningless hand-waving -- and anyone who understands policies and rules knows this, or should. It's like the preamble part of a law or something. It wouldn't be admissible in any court as having any meaning, generally. Which cases? Who decides which cases are covered? It doesn't say. Since it doesn't say, we don't know what the person writing it meant or intended. If I were judging it, I'd say the person making the link is best positioned to judge if this is an appropriate "case" of the larger set of instances described as "case-by-case" -- subject probably to what a reasonable person would consider at least arguably appropriate, to rule out obvious trolling or blackguardery.
I'm not saying its a good policy or bad policy. I'm just saying its the policy. You can't block people for closely following the letter and spirit of an important policy -- can you? If you can, what good are policies at all??? Herostratus (talk) 00:06, 28 June 2016 (UTC)
@Herostratus: I wouldn't call it "meaningless hand-waving" or "indeterminate," not if I am an experienced editor who is working in this "paid editing" area. Which I do. I have never, ever outed anyone nor even come close. I have never been accused of doing so. Nor do I believe that outing is a necessary byproduct of working in this area. It doesn't take enormous experience in this area to know that "outing" is o-u-t. If I wish to push against the boundaries of outing I am of course free to do so, but I risk getting blocked until the end of life on earth. Coretheapple (talk) 22:45, 28 June 2016 (UTC)
And what you just said goes exactly to why I feel that the community currently lacks consensus about what is or is not outing. I know for a fact that users are blocked for posting such links, or even mentioning that such links exist, without actually posting the link itself, quite regularly. In fairness, though, I think that the answer to your question is that the link reveals personal information about the other user, that the user never chose to make available on Wikipedia. --Tryptofish (talk) 00:13, 28 June 2016 (UTC)
Herostratus makes a good point about the letter of policy, though I disagree with his conclusion that the outcome of this point should be not oversighting/blocking as needed in cases like this: as a result of the circa-early-2015 RfC, we have a policy that basically says "don't do this thing, except sometimes you can do it, maybe, who knows, we'll find out afterward" - with the waffling added because community members said they needed to be able to post outing information sometimes, Arbcom refused to handle such information instead, and an RfC closure to the effect of "sure, add that wording" was made, despite the protestations of at least one oversighter (me) to the effect of "all that's going to do is confuse people while oversighters continue to apply policy according to their judgment, as both the previous and revised wording basically state".

As a result of that change, we now have people who read the policy, take it at its word, and proceed to post off-wiki information and then are shocked to find that "case-by-case basis" doesn't actually mean "this type of information will never, or even mostly never, be oversighted" or "your judgment overrides global privacy policy regarding personally identifiable information". It's confusion for no gain: it doesn't stop privacy policy applying, nor does it stop oversighters from suppressing private information. All it does is make it unclear whether this type of thing is going to get one in trouble or not.

I advocated at the time, and I advocate now, for a policy that clearly states that posting off-wiki information about someone else publicly on Wikipedia when the user has not placed that information on Wikipedia themselves is not ok. The fact is that in probably 90%+ of cases of such information that I can think of, that's bluntly true: it's private information, it should not be out there for public consumption, and it's well within the dictates of oversight policy, both global and local. If a case needs attention because of something like COI but involves off-wiki information, it should be passed to the venues that already exist to handle cases related to private information: arbcom-l (if Arbcom has changed its mind about not doing the job, and I don't know the answer to that) or oversight-l (Arbcom recently passed a motion mandating that the list be opened to accept emails from non-oversighters, and the list is attended to by, at the very least, at least one oversighter who is willing to look at such cases: me).

For the remaining 10% of cases where mayyyybe the info would be ok to post, there is zero harm in still directing it to private venues for handling. Is it possible there will someday be an edge case where that doesn't work and a user is forced to post something publicly after trying and failing with the private venues? I guess, maybe. But even in such a case, I'm of the opinion that it's better to have a policy that says "don't do X" and have someone be pleasantly surprised when their unique case is allowed to pass through, than to have a policy that says "hey, who knows? try X-ing!" and have users repeatedly forced to the unpleasant realization that the answer to "who knows" is "not you, and mostly really no one, as it turns out". A fluffernutter is a sandwich! (talk) 00:47, 28 June 2016 (UTC)

Yes, I very much agree with you about the ambiguity problem. I think that we need the policy to say this, this, and this are prohibited, and this, this, and this are permitted and we should do away with "case-by-case". I also think that any changes to this policy need to be discussed with input from oversighters, because it would be a lousy outcome if the community decides something, and then the oversighters say that it contradicts meta policy. --Tryptofish (talk) 00:58, 28 June 2016 (UTC)
The reason it says "case by case basis" is because one has to use common sense. If someone says to me "hey are you Coretheapple at www.coretheapple.com" then it hardly a reason to throw them off Wikipedia. However, if a diligent probe on the Internet indicates that there is indeed a Corey Apple on LinkedIn who works for Company X and is writing about Company X, then yes, it is outing. It's not complicated. If I am clearly digging up dirt on someone then yes it is outing and I should be kicked out. Coretheapple (talk) 22:31, 28 June 2016 (UTC)
Well, but that is, from an kind of of adjucational standpoint, insane -- and I mean, in all seriousness, literally insane. What you are saying is that there is a rule "Posting links to other accounts on other websites is allowable on a case-by-case basis", and what that means is:
  • Sometimes you can post links to other accounts.
  • But then someone else (not you) will come along and decide if that is an appropriate case under the "case-by-case" clause
  • And you don't know who it will be (except that it will be an admin)
  • And you have to guess whether that person will agree with you that if that is an appropriate case under the "case-by-case" clause
  • And if you guess wrong you are terminated with extreme prejudice.
This IS what you are saying. You also say "It's not complicated" but it is in fact quite complicated, so you are being overly simple-minded on the matter, and please stop. It's not helpful. You say that all a person needs is "common sense" -- which is, sorry to be harsh, but just terrible arguing. To say "All you need to do is follow common sense, and we will decide what is common sense, and if you guess wrong what we will decide you will be terminated" is egregiously authoritarian thinking. We need a written rule that people can follow or else we should just replace ALL our rules with "Do whatever you like, and if an admin doesn't like it, you will know because you will you be indeffed". We can't function like that. No effective project can. Herostratus (talk) 23:04, 28 June 2016 (UTC)
(edit conflict) I disagree very strongly with that (responding to Coretheapple). Of course, there are obvious cases where it's just a matter of common sense. But just look at how editors disagree about the meaning of "case-by-case" for the less obvious cases. It's not because half the community has common sense and the other half does not. And by the way, do you realize that you just gave a map for anyone who wants to find out the private information of the user who was the victim in this case? So, let's say that someone has been blocked and their edit oversighted for posting that "name" is the same person who is shown as "name" at LinkedIn. Then Coretheapple posts that "example name" is the same person listed at LinkedIn as "example name", by way of illustrating an example that directly follows the oversighting incident. Should Coretheapple be blocked? My common sense tells me, after all, that I can see an obvious parallel between "name" and "example name" in this context. And you did make it simpler for your example. What happens if the question put to User:C.Apple is: "are you the same C.Apple listed at LinkedIn?" --Tryptofish (talk) 23:12, 28 June 2016 (UTC)
(ec)Herostratus, I don't think that editors are so clueless that there can't be "case by case" language in policies, including this one. I'm not opposed to necessarily adding more detail to this policy. I actually indicated on the COI guideline page[4] that I agreed that there should be greater detail overall on what to do in COI situations. I guess I just have a higher opinion of the intelligence of editors than you do, as well as a greater regard for their ability to distinguish between an innocent inquiry (or whatever Tryptofish is saying above) and outing someone. Coretheapple (talk) 23:19, 28 June 2016 (UTC)
I think that what I said was obvious to anyone with common sense. But, in any case, so long as you don't oppose adding more detail, then I think we have something where we can find agreement. (By the way, I really am not trying to give you a hard time. And I certainly don't really think that you should be blocked, of course. I'm just pointing out how, even for those who have plenty of common sense, the existing policy is unacceptably ambiguous. It's just not right to say that those who don't interpret the policy as you do, or who consider "case-by-case" to be less clear than you consider it to be, are lacking in common sense. I have a pretty good opinion of the intelligence of most editors, too. But I also recognize that these intelligent people disagree about what "case-by-case" means.) --Tryptofish (talk) 00:21, 29 June 2016 (UTC)
In that case we'd have to rewrite a lot of policies. By the way I wasn't ignoring your example above, or whatever it was, I just didn't understand it. But if I grasp your general point correctly: I agree that there are bad admins who will block over nothing, but, just to hesitantly opine on the case that gave rise to this discussion, I don't think that happened in this case at all. Coretheapple (talk) 00:27, 29 June 2016 (UTC)
I'm really not talking at all about "bad" admins. Just below, Fluffernutter says it better than I did. --Tryptofish (talk) 01:01, 29 June 2016 (UTC)
(edit conflict) But we know that the "case by case" thing draws lines (well, lack of lines) that are neither plain nor clear to a lot of people to people who aren't clueless, Coretheapple. We're sitting here talking about this today because of a situation in which someone believed quite strongly that they were posting content that was common-sense reasonable and found that they were mistaken in the eyes of the admins/functionaries who reviewed it. The people discussing this specific case's content and block in post-mortem are also not unanimous about whether it was across the line or not (see the ANI), and no one in these conversations is someone who I would describe as inexperienced with Wikipedia, poorly versed in policy, or lacking in common sense.

The fact is that a policy that says "it might be ok on a case-by-case basis" makes it impossible to be sure whether you're violating the policy or not, because the policy doesn't say which types cases are on which side of the line, it just inserts the concept of there being a random, unknowable line. It doesn't add any extra protection for the poster of the off-wiki information, because if an admin/oversighter reviews the edit, they're not going to go "Oh, well this gives away a person's home address, shoe size, and dog's mother's maiden name, but hey, policy says 'case-by-case,' so I can't do anything to remove that personal information from public view!" They're going to review the edit and suppress the content or not based on whether it violates the privacy of the person in question, which has nothing to do with whether the words "case by case" exist in WP:HARASS or not - because even if we are performing a case by case analysis, the deciding factor in separating "case" from "other case" is still going to be whether that individual edit violates our obligation to protect the privacy of our users.

The "case by case" wording as it stands is like handing someone a button and saying "if you press this button, you are definitely either going to not burst into flames, or else you'll burst into flames". It's meaningless to the process of deciding because the two options cancel each other out, and all it might do is make people who tune out after "not burst into flames" and mash the button a little more surprised when they self-ignite, which is a bit of a mean thing to set someone up for. - A fluffernutter is a sandwich! (talk) 00:46, 29 June 2016 (UTC)

Very well-said, thanks! --Tryptofish (talk) 01:01, 29 June 2016 (UTC)
We're sitting here talking about this today because of a situation in which someone believed quite strongly that they were posting content that was common-sense reasonable and found that they were mistaken in the eyes of the admins/functionaries....' A)That's mind-reading; B) This user was blocked for similar conduct before. I followed that ANI while the links were still alive, and all this hand-wringing strikes me as utterly inappropriate. Not saying that one can't make the policy and the COI guideline more specific. I have specifically advocated that on the COI guideline talk page, and frankly I'm not all that crazy about the "case by case" language here if it is giving people hives. But I just think the "sky is falling" rhetoric here is ridiculous given what actually happened. Coretheapple (talk) 13:42, 29 June 2016 (UTC)

We shouldn't have ambiguous language in important policies. If there are a few exceptions, and I'm not sure there should be, they should be sufficiently specific so that there is never any question about when a line is about be crossed. This nonsense of "we'll let you know if you broke the law" is pushed by the same users who complain about WP:CREEP and WP:NOTBURO whenever an effort is made to clarify the rules.- MrX 14:07, 29 June 2016 (UTC)

Replying to Coretheapple, I don't think that it's mind-reading, any more than it is mind-reading to imply, based on your opinion of past events, that the alleged outing was done intentionally. I don't think that the sky is falling, but I also do not think that the sky would fall if we were to identify a consensus-based way to replace "case-by-case" with more unambiguous language. And the fact that you disagree with other editors over what you see as hand-wringing demonstrates that you and other editors have differing views. So in fact, I am correct in saying that the community has differing views about what should be permitted and what should be prohibited. --Tryptofish (talk) 19:25, 29 June 2016 (UTC)
OK, I would just suggest perusing the RfC that was previously created on this and then perhaps formulating a new one. I do recall you might be acquainted with that one. I'm not dead set against changing the language in the policy, just that the rhetoric had escaped earth's gravity and was going into orbit. Coretheapple (talk) 22:21, 29 June 2016 (UTC)

Break

  • I'll put this very simply. Such links are oversighted routinely. Unless the editor has provided the information him/herself, it is not okay, ever, for other editors to do this for any reason. Any editor who does so is in violation of the global privacy policy and is liable to be sanctioned, all the way up to indefinite oversighter blocks that may never be revoked. The line in the current policy needs to be removed because it is in direct conflict with the privacy policy. Oversighters have seen countless examples of editors being harassed with fake LinkedIn, Facebook and other internet information purporting to link to their real identities; indeed, many functionaries have been on the receiving end of such fake accounts. The evidence of advocacy editing - paid or unpaid - is in the edits; it cuts both ways, too, since "advocacy" can be both favourable or unfavourable. It is wrong to have a line in this policy that advocates an action that is likely to get an editor blocked. Risker (talk) 03:21, 30 June 2016 (UTC)
    • I'm with Risker here. The line should be removed. I'll also note that there are, for instance, plenty of "Doug Weller"s out there, one whose email I routinely get. Doug Weller talk 12:59, 30 June 2016 (UTC)
    • I also agree that it should not be in the policy. It is not in line with global policy, it is not in line with Oversight policy or practice, it is not mentioned in the RfC, nor is it justified by the subsequent discussion. Thank you, MrX, for taking the bold step of removing it. ​—DoRD (talk)​ 13:44, 30 June 2016 (UTC)
    • I concur with Risker and MrX's removal from the policy page. Mike VTalk 14:30, 30 June 2016 (UTC)
    • I also agree with the removal. Furthermore, if anyone has any bright ideas about reinstating it, IMO they need to describe the exact circumstances under which linking is acceptable, show community consensus for such a change, and demonstrate how it complies with both WMF policy and the TOU.  Roger Davies talk 14:38, 30 June 2016 (UTC)
    • I too agree with the removal from the policy page, and would have removed it myself in a few minutes time had MrX not got there first. In addition to Roger's comments (which I endorse) any proposal must explicitly state what the objective of the linking is and demonstrate that posting such information is necessary to achieve that objective. Thryduulf (talk) 16:37, 30 June 2016 (UTC)
    • I also oppose having the case-by-case sentence on the page, and I'm not wild about the edit warring over it. I kinda wonder why it suddenly became an emergency that required its removal, as opposed to the opening of talk here, advocating its removal. I'm also observing with no small amount of irony who some of the users above are, in that they seem to have suddenly discovered that the ambiguity of the language here is misleading (they will know what I mean). --Tryptofish (talk) 21:05, 30 June 2016 (UTC)
    • I disagree with its removal and therefore have restored it. I would suggest people try a RfC. It is interested that people saying paid editing details should be handed over to functionaries. Which group of functionaries exactly? Arbcom has stated that they have no intention in being involved with the enforcement of our terms of use. Legal at the WMF states rightfully that they do not have the number of people required to enforce our TOU and believes the community should do it. Therefore what we have is the community doing the best they can with a difficult situation. In this case we have an editors whose user name is their real name and whose only edits are to promote a mid sized company. We do not need to pretend we live in a vacuum to figure out what has occurred. But what if we see a job post on Elance for someone offering money for the creation of an article? We post a note to COIN and that this is about to occur with the link to the job. What someone takes this job and than creates a new user name to create the article are we going to claim that this is pre "outing"? Do we really need to try to enforce the turns of use and trying to maintain the quality and reputation of Wikipedia blindfolded and with both hands tied behind our backs? Our goal is get human knowledge out to the largest number of people possible. Not to create some utopian anonymous movement. Doc James (talk · contribs · email) 16:56, 30 June 2016 (UTC)
      • Doc: "arbcom has state they are simply not interested in enforcing our terms of use"--come on. And if it were true that neither the WMF or ArbCom couldn't or wouldn't uphold our terms of use, why should COI investigations come at the expense of our harassment policy? Drmies (talk) 01:08, 1 July 2016 (UTC)
      • The WMF does not have enough people to enforce one of their policies so we should enforce it by by violating one of their other policies. Really? - MrX 17:04, 30 June 2016 (UTC)
That is an excellent point. I will ask legal at the WMF if they feel that this case violated one of their policies and ask them to comment here. Doc James (talk · contribs · email) 17:11, 30 June 2016 (UTC)
Two questions for you, if I may: Would you please explain how an RfC asking if a policy should be changed, then closed as "no" (in other words, status quo), is perceived by you as a mandate to add new language to the policy? How exactly did you expect "case-by-case basis" to work?- MrX 17:14, 30 June 2016 (UTC)
The question was "RfC: should the policy extend harassment to include posting ANY other accounts on ANY other websites" to which the conclusion was "Consensus and practice say No." What this means is that posting links to other accounts on other websites is allowed able on a case by case basis. Doc James (talk · contribs · email) 17:22, 30 June 2016 (UTC)
I can't tell if you are being deliberately evasive or you didn't understand the straightforward question posed in the RfC. It asks, should the words "including any other accounts on any other web sites" be added to the policy, thus expanding its scope. The result was "no". Again, how do you see that as a mandate or permission to add something completely different to the policy, and continue to defend it against the considerable objections above?- MrX 17:41, 30 June 2016 (UTC)
Because that is what that conclusion equals. To keep this conversation civil I would request that no one involved make comments on others states of mind. You are free to start another balanced RfC to try to clarify the situation. There was no consensus to disallow linking to other accounts on other sites at the prior point in time. Doc James (talk · contribs · email) 17:48, 30 June 2016 (UTC)
(edit conflict) You took the results of the RfC (don't change anything) and rather than leave the policy alone, you amplified an otherwise implicit exception. It's quite possible that because of the conflicting language that you added to the policy, a productive editor has been indefinitely blocked and can't even respond on his own talk page. You are free to start an RfC if you wish for the sentence in dispute to be retained. - MrX 18:04, 30 June 2016 (UTC)
  • I have undone the reinsertion of the phrase. The RfC did not establish consensus for such a change, and even if it had, it would not be in line with current practice or global policy. ​—DoRD (talk)​ 17:53, 30 June 2016 (UTC)
@Doc James: you are the last editor on this website who should be reverting the removal of that sentence. You added it, you use it as a weapon, you have a conflict of interest in keeping it in. Keegan (talk) 18:08, 30 June 2016 (UTC)
  1. Support leaving it in On wikipedia, we pretty much decide things by consensus, that consensus is decided by what evidence is presented. The best way to prove a COI is to prove a poster is associated to their article (employee of an organization , a paid editor ...etc...). How can you prove that without providing enough information to identify the user? How about a system whereby proof is presented to a trusted user (i.e: Oversight, arbcom, .etc.) first and if and only if that trusted user decided that the proof is valid, that user can state that proof exists, but that it has been privately submitted. Similar to how it's done presently with Arbcom, Checkuser and Oversight. In that way, proof is provided , but it's not publicly posted on Wikipedia. Just my .02. 17:31, 30 June 2016 (UTC) KoshVorlon 19:16, 30 June 2016 (UTC)
I agree reporting it to a group of functionaries is a good idea; however, arbcom has state they are simply not interested in enforcing our terms of use. I have previously proposed the creation of a new group of functionaries who could address these issues. Now might be a good time to move forwards with this groups creation. Doc James (talk · contribs · email) 17:35, 30 June 2016 (UTC)
I disagree that we should business of proving anything. What we should do is determine if content meets our fundamental inclusion guidelines like NOTABILITY, and reject it it's NOT the kind of material that should be included in the encyclopedia. - MrX 17:47, 30 June 2016 (UTC)
So what you are arguing is that we get ride of the terms of use that requires disclosure of paid editing? Doc James (talk · contribs · email) 17:50, 30 June 2016 (UTC)
I actually don't care one way or the other about the WMF's paid editing policy because it's turned into a golden hammer. I don't believe we need to connect accounts across the internet to deal with promotional editing. To be crystal clear, the potential for harm to real people outweighs the concerns about a few promotional editors slipping through our grasp.- MrX 18:19, 30 June 2016 (UTC)
"To be crystal clear, the potential for harm to real people outweighs the concerns about a few promotional editors slipping through our grasp." So much this, a million times over. Some of you are losing your way, and very badly. It's not hard to go from hero to villain when you lose sight of the principles you had to begin with. Assaulting a new editor with external links about them because they were editing promotionally? Shame. On. You.Keegan (talk) 18:26, 30 June 2016 (UTC)
Keegan speaks for me as well. Some of you here know I have been an advocate for no paid editing under any circumstances. But as Core notes above, the editor that rightfully got the block had been blocked for similar behavior in late 2015. That now-blocked editor is also currently topic banned, as well as admonished for uncivil editing habits by ArbCom. There is an established pattern of what I will term needlessly mean-spirited editing by the blocked editor, and despite the previous warnings they continue to offend. We need to be vigilant regarding COI, but there is a right way, and a wrong way. The wrong way leaves me flat-out disgusted. Policy here has been correctly enforced in this instance. Jusdafax 20:32, 30 June 2016 (UTC)
  • As I see it, the previous RfC indicated that the policy of making no exceptions did not have consensus; it also indicated nothing else really had consensus either. In such a situation we need to come up with a policy that might have consensus. I personally do not want to retain the line as is, but I also do not want us to say absolutely never. The alternative is to find some way of dealing with coi, which will sometimes involve confidential information and possibly disclosing a link. (there have been no or very few examples this far because the people at coi are almost always very cautious, and simply do not pursue those cases that would require it)
I will mention that I have said to some of my colleagues at arb/oversight that in my personal opinion no one should themselves remove the line without consensus. I still hold to that. This is major policy,and should not be played around with. As you can see above, some seem to think the change is so obvious that one person can do it. I think prior discussions have said otherwise. If it really is in conflict with the TOU, the foundation should be asked for its interpretation. I do not consider us able to predict what they would say.
But we do have to change the line at the very least. It's much too permissive. I agree to that extent with those who want to remove it.
It's unclear to me the extent to which dealing with confidential information about coi can be left to arb com. Last years arbcom positively refused by a large majority to take responsibility for enforcing the TOU, I hope that year's arbcom is willing to, but so far we've not said it. If we do spontaneously, or if the community explicitly says that we have the responsibility to, this could solve the situation. I do not think it would be good having yet a third set of functionaries. We have enough people as it is do do the work without adding more layers. DGG ( talk ) 17:55, 30 June 2016 (UTC)
  • A very rigid stance on privacy increases rather than decreases harassment as it provides anonymity to those doing the harrassing. User:Keegan appear to feel that the heads of marketing of a multi billion dollar company should be able to email 300 of a physician's fellow physicians without that person being able to respond in either the popular press or on Wikipedia itself. We need to be able to address concerning actions head on and yes some of these concerns do involve details and events that have occurred outside of our websites. Doc James (talk · contribs · email) 18:33, 30 June 2016 (UTC)
    Don't put words in my mouth. You have a bad habit of doing that to other editors to make a point using a hyperbole. It doesn't work. Keegan (talk) 18:40, 30 June 2016 (UTC)
    Okay I will quote what you said "As an oversighter for nearly seven years now, I've grown increasingly concerned by the attitudes of a few users that think it's okay to out editors as a "gotcha" against COI, in the name of defending the wiki against promotion, up to and including outing editors in The Atlantic." I assume you are referring to me with respect to the Atlantic mention and I am just filling in a few more details. Doc James (talk · contribs · email) 18:49, 30 June 2016 (UTC)
    Right. Now please highlight where I said anything about the heads of marketing companies, please, or how anything that I said was false in any way. Two wrongs don't make a right. For a third time. Keegan (talk) 18:57, 30 June 2016 (UTC)
    Yes that is what your sentence "two wrongs don't make a right" implies. You do not feel that people who are harassed by the heads of marketing of a multi billion dollar company in manner that could potentially affect their employment have the right to defend themselves in the Atlantic. If I misinterpreted what you said happy to have you clarify Doc James (talk · contribs · email) 19:12, 30 June 2016 (UTC)
    You can absolutely defend yourself. However, your method of defense - outing people that you interacted with on Wikipedia, thus exposing them to retribution harassment for no reason other than "they started it" - is absolutely reprehensible to me and I feel goes against our morals and ethics as Wikipedians. You could have assisted the reporter with the piece without naming names, but it's clear you had a score to settle. As a then-sitting board member of the Wikimedia Foundation, a highly educated professional, and a trusted community member, I find your poor judgement in this circumstance to be beyond the pale. I respect and appreciate your contributions to the project, movement, and medicine as a whole, but I think what you did was wrong and you need to back away from this topic. I know I am not alone. Keegan (talk) 02:03, 1 July 2016 (UTC)
    Ah so once someone interacts with you on Wikipedia the rest of their past and future actions both on and off Wikipedia are now protected from disclosure for life? They can now attack an editor in any manner they see fit in real life, for example by sending false statements to their colleagues and business partners or launching legal assaults and that editor and that editor is supposed to keep it secret? Sorry we do indeed disagree.
    While you do not appear to think off wiki evidence should be allowable in issue of undisclosed paid editing you do appear to think functionaries should be enforcing “outing” that occurs “off Wikipedia”. Secrecy often does not prevent harassment it increases it. Transparency is critically important for our movement to function and while I disagree with what you say I do defend your right to say it.Doc James (talk · contribs · email) 21:20, 12 July 2016 (UTC)
  • The sentence under discussion should not be in the policy for the following reasons:
    • It had no consensus for addition (the RfC did not discuss this wording or anything similar to it)
    • It has clear support on this page for removal
    • It contradicts global policy
    • It contradicts actual practice - the majority of functionaries have commented (publicly and privately) and, with the possible exception of DGG, all are agree that there is no case in which posting links would not be outing. Remember that policy on the English Wikipedia is descriptive not prescriptive.
    • No suggested possible case has ever received consensus that it would be acceptable - several have received explicit consensus that they are not.
    • No suggested possible case has ever received consensus that it would even be necessary - several have received explicit consensus that they are not. (I will expand on this in a new section below)
    Accordingly, I will remove it again and strongly suggest that before anyone tries to restore it that they demonstrate that the above are incorrect. Thryduulf (talk) 18:42, 30 June 2016 (UTC)
Hold on and let the discussion here occur. Doc James (talk · contribs · email) 18:49, 30 June 2016 (UTC)
  • (edit conflict)x multiple - Huh? You sound like you're referencing a very specific case here, Doc James, so maybe I'm missing some information, but I don't understand what person A contacting persons C-Z off-wiki has to do with person C responding in the press (??), nor what either of those has to do with outing any of A-Z on-wiki. That situation is so completely apart from what we're talking about here - which is Person A posting a link on-wiki to person B's personal, private, off-wiki information, usually because they think B is profiting from Wikipedia - that I feel like you're carrying on an entirely different argument than most of us, and it's confusing everything more. Similarly, we don't handle harassment by outing the harassers on-wiki (even in cases of truly vicious, damaging harassment), and I don't think I've ever seen anyone argue that we should (even in those very worst of cases). And even if that were an active debate, what would it have to do with the COI investigation angle people initially argued the "case by case" clause is necessary for? A fluffernutter is a sandwich! (talk) 18:43, 30 June 2016 (UTC)
Clarified above. Doc James (talk · contribs · email) 18:54, 30 June 2016 (UTC)
Thryduulf, I can think of two possible cases that might be allowed by the community:
  • Posting a link to a webpage in which the owner of the webpage claims to be User:Example. This might come in the form of note that says "Someone at this other website is claiming to be you".
  • Posting a link in the form of a question, e.g., "Welcome to Wikipedia! I see that your username is the same as the owner of the business[link that gives the owner's name] whose article you were just editing. If you're just a fan, then you'll have to change your username, because we have rules against impersonating people. And if you are the owner, then let me know, and I'll be happy to help you figure the rules about 'paid' editing."
It might be preferable in both cases to contact the affected editor via e-mail if that's possible, but not everyone has registered an e-mail address. WhatamIdoing (talk) 00:01, 3 July 2016 (UTC)

Necessity

Leaving aside for one moment whether outing another user is ever acceptable (although it is not), there has never been a case presented that it is ever necessary. Indeed, I believe I can demonstrate that it is not:

Assuming user:Example has a conflict of interest, there are three possible actions they can take:

Edit non-neutrally
This is a problem for Wikipedia in that the quality of the edited pages goes down. The solution is to deal with the edits by making them neutral and/or reverting them, and to discuss the matter at user talk:Example and or relevant talk or project pages. If this leads to user:Example starting to edit neutrally then the encyclopaedia has gained a productive editor and everybody has won (if you out them before this point then you prevent it from happening) . If user:Example continues to edit non-neutrally then they can be (topic) banned or made subject to other sanctions as required. It is entirely irrelevant whether they are paid, unpaid or some mixture of the two.
Edit neutrally
This is not a problem for Wikipedia as the encyclopaedia is being improved, but if you out them then you prevent this from happening and harm the encyclopaedia. It is entirely irrelevant whether they are paid, unpaid or some mixture of the two.
Not edit
This is not a problem for Wikipedia as the encyclopaedia is not affected. It is entirely irrelevant whether they are paid, unpaid or some mixture of the two.

If they abuse any other tool or process (e.g. email) then they can be sanctioned and/or blocked in exactly the same way that an editor without a conflict of interest can be - it is entirely irrelevant whether they are paid, unpaid or some mixture of the two. Thryduulf (talk) 18:57, 30 June 2016 (UTC)

I would argue that there's a fourth option here, Thryduulf, which is "edit in a manner that appears neutral unless you are aware the person has a COI, in which case it becomes clear that they are subtly biasing the content." We've seen this in past cases where, for instance, it's only in aggregate that you would notice that an editor mysteriously never adds important negative content about the party they represent, even though each individual edit is well-sourced and otherwise acceptable. However, even in such a case, no more information need be revealed publicly than "Person X has a COI that biases them toward $topic". A need to doxx someone by linking onwiki to their linkedin, or their profile on their employer's website, or pretty much anything else isn't needed even in cases where, as Doc James is arguing, we need to discuss the existence of COI to be able to handle problem editing. A fluffernutter is a sandwich! (talk) 19:10, 30 June 2016 (UTC)
There are ways of doing this without sleuthing into someone's life. I will point out that True Believers™ and other cranks do this more than paid editors --In actu (Guerillero) | My Talk 19:24, 30 June 2016 (UTC)
There is a huge problem with the policy, as it has been worded for the last year or so, being very unclear as to what "cases" are OK, and what are not. What is needed is a carefully constructed community RfC about when, if ever, such on-Wiki posting is justified (and the RfC below is not that carefully constructed one). Thryduulf is right that there are numerous ways to deal with COI or undisclosed paid editing, without needing to identify the user personally. (Indeed, it is generally possible to edit against POV-pushing without saying out loud that other editors are POV-pushers. It's enough to note that the edits are POV.) --Tryptofish (talk) 21:13, 30 June 2016 (UTC)
I've been thinking about the situation that Fluffernutter just described, where the pattern of COI only emerges gradually as one examines multiple edits. I agree with her, that it is enough to observe that the edits have a COI. I'm trying to think of a situation where one would also need to know the editor's identity, where seeing the editing pattern would not be enough, and I'm just not coming up with anything. Based on earlier discussions here, I'm reminded of other examples, where the editor has posted hateful or bigoted material at external sites. Some editors have argued that we need to be able to point out that the editor has posted that stuff elsewhere, in order to deal with POV or objectionable edits they make here. There is an emotional dimension to that argument: that person is a racist, so we need to expose him! But I think that, even there, the personal information really is not necessary. If they are making POV posts here, oppose the edits per the NPOV policy. And if they hypothetically make very good, neutral edits here, it is irrelevant if they act otherwise elsewhere. --Tryptofish (talk) 23:01, 30 June 2016 (UTC)

Community attitudes about enforcement

I feel very strongly about some issues related to these discussions, and I posted something about it the other day on an editor's talk page. It was shortly later (for good reasons) archived, so I want to reproduce it here:

It's abundantly obvious that the community is far from having a consensus as to what is, and what is not, outing. And this is an unacceptable ambiguity. The fact that the way that Wikipedia deals with this is to block clueful editors so that there can be a private discussion in which the editor is "re-educated" before unblocking is, pardon me, stupid. It's stupid because the policy remains unclear, and no one else gets to "learn" from the private discussion with the blocked editor, so it's just a matter of time until someone else misunderstand the policy and has to be blocked, too. Rinse and repeat. And it's stupid because the ensuing discussions, here and at ANI, end up creating a Streisand effect that makes many more observers see what was supposed to be private information. At this point, anyone who looks at what has been posted can figure out the approximate real name of the possibly outed user, and can find the other webpage that apparently has the private information. Great job of protecting that person's privacy, right?

And there's another aspect that concerns me. We are dealing with two kinds of really important problems: outing and privacy, and COI and undisclosed paid editing. I think that all of us, whatever else we disagree about, can agree that all of those things are big deals, important threats to what Wikipedia ought to be. We have editors who step up to do the important volunteer work of searching out and fixing COI and paid editing. And we have oversighters and arbs who step up to do the important volunteer work of protecting editors' privacy. I think we can agree that it's a good thing when someone takes seriously the tasks of enforcing these community norms. But I think we can also see that there have been differing opinions about how much editor "enforcement" is too much, how much becomes heavy-handed or counter-productive. Maybe we need to be less strict, maybe less "self-righteous", about enforcing COI. But maybe we also need to be less "self-righteous", and more practical, about enforcing the outing policy.

--Tryptofish (talk) 21:18, 30 June 2016 (UTC)

Revert

[5] Risker, then I suggest that phrase be reworded in such a way that it doesn't make every BLP including a name, date of birth or picture of the subject a violation of WP:Harassment by the letter of the policy. ;) --Andreas JN466 17:19, 17 July 2016 (UTC)

See below. I actually laughed out loud when I saw it was you making such an edit; are you now suggesting it's okay to publish exact street addresses, telephone numbers and social security numbers of television actors? Let's work on the wording to include at least some limited "no-go" information for them too. Risker (talk) 17:25, 17 July 2016 (UTC)
The height of Brad Pitt is personal information. If one was to post a link to a source that states his height would one have just posted personal information about a "non-editor" (maybe Pitt edits so it could also be about an editor)? Doc James (talk · contribs · email) 01:38, 18 July 2016 (UTC)
When considering what's personal information, we should use the definition provided by the Wikimedia Foundation in their privacy policy. It states:

... we consider at least the following to be “personal information” if it is otherwise nonpublic and can be used to identify you:
(a) your real name, address, phone number, email address, password, identification number on government-issued ID, IP address, user-agent information, credit card number;
(b) when associated with one of the items in subsection (a), any sensitive data such as date of birth, gender, sexual orientation, racial or ethnic origins, marital or familial status, medical conditions or disabilities, political affiliation, and religion; and
(c) any of the items in subsections (a) or (b) when associated with your user account.

The examples provided (name, date of birth, picture of the subject, and subject height) don't meet this definition of personal information. Mike VTalk 03:37, 18 July 2016 (UTC)
Ah but that policy says "if it is otherwise nonpublic". Linkedin, Elance, and Fiverr are public and thus would be okay by that definition. Doc James (talk · contribs · email) 03:48, 18 July 2016 (UTC)
None of the users have associated their Linkedin, Elance, and/or Fiverr profiles with their username. Thus, this connection has not been made public. Making a connection to one of these social media accounts would run afoul of part c where a username is connected to personal information listed in part a. Mike VTalk 03:56, 18 July 2016 (UTC)
That is not what the word "non-public" means. And legal at the WMF has already made this very clear. Doc James (talk · contribs · email) 15:11, 18 July 2016 (UTC)
What is the status of the images of dog tags that include the subject's service number, which in many cases is also the Social Security Number, and even if it not an SSN, is a government-issued identification number? And they almost universally contain religion and blood type of the bearer. - Brianhe (talk) 03:59, 18 July 2016 (UTC)

Why is there a rule against posting personal information, specifically against pointing to other accounts?

I ask, not as a leading question, but as the basis for people to think (and maybe re-examine their thoughts) and discuss thoughtfully, the question "WHY is there a rule against posting personal information, specifically against pointing to other accounts?"

Looking at first principles, it seems to be that these statements are true:

  1. Our rules exist to enhance, defend, and protect the Wikipedia.
  2. For the Wikipedia to thrive, the community of editors must thrive.
  3. Regardless of any other considerations, we must not do or countenance things that are morally repugnant.

Most of the material here in Wikipedia:Harassment is supported by all three statements. As a general rule, hounding and threatening someone (or allowing it) is harmful to the project and also immoral.

However, the question of personal identity are more complicated.

There are some websites that require you to have to identify yourself in order to post. Few people believe that such sites are inherently evil. Some people believe that we ought to require people to establish their identities to post here; I think that'd be stupid, counter-productive, and harmful to the project, but not evil.

We provide anonymity not because it'd be immoral not to, but because it is a more effective way to run the project.

However, morality comes into play once we have promised anonymity. We have to honor that, for practical reasons (the editor community must be able to trust our promised protections) and moral reasons (breaking that promise causes distress to humans, for starters).

Usually.

But there's a big gaping hole in the class of people who have been promised anonymity for whom we need to honor that promise, and that's people who are here to damage, degrade, and destroy the Wikipedia.

There's no practical reason to specifically protect the class "people who are incontrovertibly here to damage, degrade, and destroy the Wikipedia". It does not enhance, defend, and protect the Wikipedia to nurture that subset of editors. (There is the objection "Yes but as a matter of technical ability we cannot usually clearly discern the class of people who are incontrovertibly here to damage, degrade, and destroy the Wikipedia". This is cogent and I'll discuss it presently.)

On the moral point I'd make two assertions:

First, people who are incontrovertibly here to damage, degrade, and destroy the Wikipedia have forfeited their moral right to our protection. They are still eligible to be projected in other spheres of their life, but not here. (We see this in real life for instance when the class "people whom it is immoral to shoot" starts off at "all people" as a baseline but is then drawn to exclude the subclasses "enemy soldiers, convicted murders [maybe], and people who are currently stabbing us".)

Second, although to this point I've been accepting the primacy of moral reasoning and will continue to do so for my personal part, we have to acknowledge that many, perhaps most, Wikipedians do not. See Wikipedia:AMORAL. I've been here long enough to hear very many Wikipedians state "we do not make moral judgements here". It'd be a bit rich for the community to make the argument "we don't judge against showing schoolchildren detailed images of of women enjoying being sexually abused, but when you talk about OUR ANONYMITY we are suddenly more Catholic than the Pope".

So for all those reasons I'd say that people who are incontrovertibly here to damage, degrade, and destroy the Wikipedia are not protected from outing at the margins.

By "at the margins" I mean we have to be careful -- only delve into personal information when the person is incontrovertibly here to damage, degrade, and destroy the Wikipedia, and then only the minimum extent required to enhance, defend, and protect the Wikipedia. This is just prudent acknowledgement of our human inability to be perfect in knowing things. If someone is incontrovertibly here to damage, degrade, and destroy the Wikipedia but revealing any of her personal information will not help to enhance, defend, and protect the Wikipedia, then doing so would be egregious, and we shouldn't. If revealing only some personal information (such as a link to another account) is called for, then only that amount should be revealed. Prudence.

So how to do we know who is incontrovertibly here to damage, degrade, and destroy the Wikipedia? Again, we want to cast that net narrowly, but certainly first in the net would be commercial public relations operatives. They are playing us and using our graciousness, good will, and rules designed for a community of altruistic public-spirited volunteers to line their pockets and attack our articles. Linking their node accounts can help reveal their noxious webs and thereby enhance, defend, and protect the Wikipedia.

(I grant that by "commercial public relations operatives" I am really saying "people who, using the intelligence and sense that has been granted us, we believe are commercial public relations operatives", and I know that there's no way to be 100% sure of that -- but there's no way to be 100% sure of anything and if that's our standards let's close the project and stay in bed.)

You know, reporters hold the anonymity of people speaking on background to be sacrosanct. But the if they lie to you on background? Burn 'em. You have to, if you're going to have any self-respect, and uphold the integrity of the whole process. Same deal for us.

Posting links to other accounts on other websites is allowable on a case-by-case basis. It's not just a good idea. It's the rule. (Although IMO it ought to be more narrowly cast as "Posting links to other accounts on other websites is allowable if the editor in question is doing commercial public relations work (or giving a reasonable person cause to believe this, and such link would be helpful in investigating or demonstrating this" or something, as a matter of better expressing community consensus). Herostratus (talk) 16:14, 1 July 2016 (UTC)

+1 to this User:Herostratus
The original wording was "Posting links to other accounts on other websites may occasionally be allowed such as when those accounts are being used to transact paid editing."[6]
Also happy with your proposed wording. Doc James (talk · contribs · email) 16:56, 1 July 2016 (UTC)
I think that it is very helpful to examine underlying principles like this, so thank you for starting the discussion. Please see also what I said above, at #Community attitudes about enforcement. I'm interested in this issue of a moral position, from another angle. As I look at these discussions, I'm seeing both moral and emotional arguments, from both "sides". Part of what happens in COI investigations is that the investigators feel moral outrage at the onslaught of people who try to use Wikipedia as free advertising, and who may be sneaky about it. Likewise, it gets pretty hard to feel sorry for persons who try to use Wikipedia for child abuse or for hate speech. On the other hand, I think the reason for privacy is that editors should have the right to edit in good faith without having to look over their shoulders, worrying about harassment in real life. And it's a valid concern, a valid reason for an outing policy. Doxing can be a horrible thing. But I see some moral emotionality on the side of those (including a lot of functionaries who have commented here) who argue that any editor who violates the outing policy must likewise be punished. I think that some of it gets mixed up with revulsion over doxing, and some of it with revulsion over online abuse of women. It goes so far as to see the blocking process as a venue for a sort of forced "re-education", and so far as being willing to create a Streisand effect that actually hurts the outed user further, so long as the block makes a point. What I'm saying is that it would be better if both "sides" were to set aside the moral outrage, recognize that both oversighters and COI fighters want what's best for Wikipedia, and seek practical rather than retributive solutions. --Tryptofish (talk) 19:43, 1 July 2016 (UTC)
No, a lot of functionaries are not arguing that people who out people must likewise be punished. What we are saying is that outing should not be and is not permitted, and repeated violations may result in punishment just like violating any other Wikipedia policy. The question of the RfC is: should external links to information about another person, not provided by that person, ever be allowed? We are saying no, it should not, because there are other ways to handle the situation. The yes's are saying "but we really want to so we can prove ToU violations," which again, isn't necessary to enforce policy as has been explained over and over and over and over. And no, I will not set aside my moral, ethics, and obligations as a Wikipedian to compromise on outing people "just a little bit." It's wrong. Keegan (talk) 21:52, 1 July 2016 (UTC)
Well, I think that some functionaries may believe that they are doing it that way, but I think I understand human nature pretty well, and maybe some people are not as self-aware as they think they are. Perhaps it would be a good idea to set aside one's indignation, as opposed to setting aside one's moral compass. --Tryptofish (talk) 22:03, 1 July 2016 (UTC)
I'm not going to set aside my disgust and indignation, no, not when such unethical and immoral standards to our projects are attempting to have their way. I never claimed to mask it, I'm very aware- I'm saying it. There will be no pretending this is okay. Edit: Because this is not just about a difference of opinions here, which can be hammered out and compromised. This is about the right to open up someone on-wiki to their life off-wiki for any reason, with callous disregard to the repercussions. Seriously, "the asked for it" will not be tolerated. Keegan (talk) 22:22, 1 July 2016 (UTC)
You just proved my point. --Tryptofish (talk) 00:27, 2 July 2016 (UTC)
Tryptofish, I would point out that 1) no one is required to perform commercial public relations work here -- they choose to, and 2) if they do choose to, they are supposed to reveal themselves as PR operatives. You are saying that even if a person chooses to perform commercial public relations work here and declines to reveal herself, we still have a moral obligation to hold her well-being sacrosanct. I submit that that's highly idiosyncratic, I don't agree, and I'd like to delve deeper into the "why" of that.
As a thought experiment, suppose someone were physically damaging the project, in that they were firing mortar shells into the building housing the main servers. (Leave aside the question of human law (which is peripheral to this thought experiment) and assume this was done to a building empty of people.) Would we still be required to valorize that person's privacy and well-being above the project? Why? What's the difference? Herostratus (talk) 01:15, 2 July 2016 (UTC)
Those are very good questions. I'm actually much less decided about these things than you make me out to be. You see, I actually am very uncomfortable with saying that anything should be "sacrosanct". I would tend to come down on the side of saying that a good-faith editor (not necessarily one that is "correct" according to policies and guidelines, but rather, one that believes that they are helping to make Wikipedia better) has more of a right to privacy than does one who comes here with a deliberate intention to be harmful. We also have to keep in mind that one editor may regard a user as being disruptive while another editor may regard the same conduct as OK, and we should not harm the user's privacy over an ambiguous case – and that means that our policies should err on the side of not harming the privacy of good-faith users. But my most important (to me) point in this discussion thread is that I want everyone here to step back from arguing that anything is "sacrosanct". As much as I care about privacy – and I care about it a lot! – I also think it's really bad policy to block an editor accused of outing in such a fashion that it creates a Streisand effect for the private information. That's the kind of poor practice that arises from seeing things as a battle between good and evil. I don't think that COI-fighters should prioritize the fighting of COI over everything else, and I don't think that functionaries should prioritize prevention of outing over everything else. Better that both "sides" recognize that we all want what's best for Wikipedia, and stop treating this discussion like a war between two camps. --Tryptofish (talk) 02:12, 2 July 2016 (UTC)
Functionaries do not prioritize prevention of outing over everything else. If there's no outing, there is no problem. Prevent, cleanup, and administrate bad editing! Please! Just don't post links to someone's external site/profile/blog. Comment on the content, not the contributor. When you work in a collaborative environment whose contents are freely available for download, distribution, modification, and any other reuse you should have an expectation of privacy. Without it, discussion and debate cannot flourish. In addition, it's harassing and intimidating to the unassuming victim who was not asking for such a link out there. With outing allow "case-by-case" or with any other wording, that shield is gone as the policy becomes completely toothless. No one is asking for the moon, and no one's hands are being tied behind their back. Block people and move on, email whomever if you feel someone is violating the ToU. At the end of the day the result is the same: a block, a cessation of the disruption of editing. Keegan (talk) 02:59, 2 July 2016 (UTC)
Late reply to User:Herostratus's comment: The problem with comparing spammy article creation to physically destroying the servers is that the latter prevents everyone from doing anything, but the former has no such harm. If you create an article on "WhatamIdoing's Grub and Gas", it may be pointless and spammy, but it's not going to have any effect at all on the students reading about history or the patients reading about their latest diagnosis. Also, you are specifically invited to create articles (subject to certain basic rules). By contrast, if you destroy the servers, this immediately and severely hurts everyone, not just the rare person (if any) who stumbles across your pointless spam. (Maybe we should add information about the median non-bot pageviews per month to the WP:BFAQ... and the number of vandalisms in the same time period. "Nobody's going to read this, but someone might vandalize it" might make would-be self-promoters think twice.) WhatamIdoing (talk) (sans timestamp to avoid further delaying the archive bot, as it's now 47 days after the previous comment from Keegan).
+1 to Herostratus' writing here, it's the most coherent thinking on this topic I've seen lately. Getting this right is of vital importance to the project. Also endorsing xyr proposed wording: the reasonable person test is as close as we're going to get to defining when off-wiki info can be posted. Brianhe (talk) 03:53, 2 July 2016 (UTC)
  • So how to do we know who is incontrovertibly here to damage, degrade, and destroy the Wikipedia? The same way we do with vandals and trolls. We review their contributions and act accordingly. One of the reasons that I'm so adamantly against exceptional outing as some of you propose is the image conjured in my mind when ideas like "Burn 'em" are suggested as a consequence of for lying (presumably referring to undisclosed paid editing). If I have misread the implied intent there, please do correct me.- MrX 13:19, 2 July 2016 (UTC)
Well, lying is a moral fault too. If moral faults are not policed, you end up with a degraded society. I wouldn't get too hung up on imagery. "Burning your sources" is just an American colloquialism for revealing the names of anonymous sources. Reporters will fight like tigers, even go to jail, to protect their sources. Although framed morally, and with legitimate moral reasons, this is actually practical code which enhances the ability of all future journalists to get sources, and this benefits society.
But the honor code of anonymous sourcing has an explicit quid pro quo: you will describe them as "an unnamed source" and they will tell you the truth. If they don't, they've broken the honor code and you are justified in revealing your sources (or "burning" them, in sporty journalist lingo). (This is actually debatable; different journalists will handle this in different ways, depending on various circumstances.)
If journalists aren't willing to ever burn their sources, then sources will suss that there's no penalty for lying, and they will eventually degrade background interviews into just another opportunity to spin the media for their own ends -- enough, anyway, so that background interviews lose their assumed veracity and become much less useful. An so society suffers, from a decreased ability to learn the truth about important stuff.
IMO this translates well to our situation vis-a-vis commercial public relations operatives lying to us about being innocent editors. Remember that we are not just your personal hobby here, but one of the major world sources for information. Our articles on corporations are a main source of information about those entities for millions of people and for society as a whole. To the extent that we allow our delicate sensibilities to be played so that commercial public relations operatives can pollute the well, we are ourselves entering into moral fault. Herostratus (talk) 14:30, 2 July 2016 (UTC)
To expand on that last part... the National Society of Professional Engineers First Ethical Canon is "Hold paramount the safety, health, and welfare of the public.". There's nothing in there about "Well, our first job is to look out for each other and to hell with the public good". I don't see anything about "If an engineer uses false credentials to get his hands on a bridge-design project, our first duty is project that engineer from harm". Right?
Well Wikipedia is a public good. The Wikipedia database is, at this point, an international public treasure of great worth. Letting people use deception to pollute its database is similar to letting people put up misleading highway signs or any number of other bad things. It's mediocre and cowardly -- and unethical -- to look to defend ourselves (particularly when we are really defending just a few bad apples among ourselves) rather than holding paramount the welfare of the public. Herostratus (talk) 20:30, 2 July 2016 (UTC)
It seems to me that protecting what our readers read from COI and paid editing, and protecting the privacy of editors, need not be mutually exclusive goals. I would hope that we could do both simultaneously. --Tryptofish (talk) 21:26, 2 July 2016 (UTC)
On second thought, it's also an interesting point that prioritizing editor privacy above the quality of content (as the quality is damaged by COI etc.) can be considered sort of selfish or self-centered. Our non-editor readers might well prioritize it the other way around. (That does not change what I said about treating both as not mutually exclusive.) --Tryptofish (talk) 21:42, 2 July 2016 (UTC)
I think all that is true. It's good to avoid binary thinking, if you can (you can't always, sometimes you have to take a stand). I think it is selfish to over-valorize editor privacy. I think some of the the editors who are doing so are reacting viscerally to how much they would dislike being outed.
I do understand about privacy -- I'd be upset if my identity was revealed (but then, I take care to protect it, although I know it's impossible to be 100% effective in that). On the other hand, a lot of people give their real identities here, and I haven't seen a huge difference in how happy and effective they seem to be compared to anonymous editors. I do remember one editor who got some doxed and threatened and left, but that was one editor something like eight years ago. And he left, problem solved. Maybe he made a new account. Stressful, though, granted.
I'd be upset if my identity was revealed, but I'd be a lot more upset if I was indeff'd for posting a link to an editor's commercial account, which IMO is probably actually commendable, and at worst a trout-slapper. Herostratus (talk) 01:59, 6 July 2016 (UTC)
There's a lot more than "one editor eight years ago" who have been outed, doxxed, or harassed as a result of their Wikipedia participation. Admittedly it can be hard to get an intuitive sense of frequency, because people tend not to be public about it. I didn't fully appreciate this problem pre-arbcom. That is probably why there is so much feedback from functionaries on this page, saying that outing someone is not "probably actually commendable" even if that person is misbehaving somehow. Opabinia regalis (talk) 06:56, 6 July 2016 (UTC)
@Opabinia regalis: That's very interesting, that your perception changed when you became personally involved in what the rest of us do not see. Perhaps that's a reason for some of the differences in opinion between functionaries and the rest of us in these discussions. I can imagine that my own opinion might change if I were to see stuff that I haven't yet seen. Please let me suggest that you and other Arbs and Oversighters try to find ways to tell the rest of us in these discussions the kinds of things that we don't see, without revealing the private stuff. It would really be helpful if the community could see things from functionaries' perspective, as opposed to hearing opinions without the underlying experiences. --Tryptofish (talk) 22:28, 6 July 2016 (UTC)
That's not really something we can do, Tryptofish, at least not in enough detail to do anything to change the minds of the more skeptical among us. We volunteer to be oversighters/arbs because we're concerned about users' safety, and though I can't speak for my colleagues, I doubt I'm the only one of us who is constantly very aware that we are one of the few protective barriers between users' private details and every Wikipedia mirror in existence and who takes that responsibility very seriously, seriously enough to not use other people's stories as evidence in a situation like this. That all said, though, I understand your point and why you're asking. Let me offer you my own story - well, one of my stories - about being outed, and maybe that will help explain why something like an employer name is a potential issue. I tell you this story not because it's somehow shocking and unusual and affecting my thought processes particularly, but because it's not - nothing that happened to me in this story is something I haven't also seen done to some other Wikipedian. The personal details change, the implied threats might be implied in another way, but the intimidation, and the sudden dulling of enjoyment of a hobby they previously loved, and the fear, for livelihood or safety or loved ones or even just ability to do something they love, are always the same.
Collapsing, since this got long
Before I worked at the Wikimedia Foundation, I worked at IBM, on one of its best-known research projects. There was a media frenzy at the time the project was announced publicly, and though it wasn't my job to do so (my position had less than nothing to do with PR or paid editing), as an active Wikipedian, I couldn't resist contributing to the resulting Wikipedia article. Cognizant of COI issues but also wary of outing too much information about myself or my employment, I accompanied my edits to the article with a disclosure that said "Please note that I have a COI on this topic and welcome all extra eyes to ensure neutrality". That seemed adequate for editors of the article at the time - nobody that I can recall objected to my edits as being non-neutral or anything - but remember, this is a wiki. Once something's there, it's there forever.

A few years later, I had attracted the general attention of some Wikipedia critics who were unhappy with me. They were able to put together bits and pieces of scattered information about me - my name, which had been leaked on Encyclopedia Dramatica; my work/employer, which I myself had alluded to (but not identified); and the various types of information about me you could obtain by googling the combination of those things - and come up with what I guess you could call a dossier. And then they started theorizing and extrapolating.

By the time that theorizing was done, there was a front-page blog post on Wikipediocracy identifying me by name, naming my employer and the work I did with them, and alleging that (summarizing this from memory, since - as you can imagine - it's a bit unpleasant to go back and read those words again; my heart is pounding reflexively just from telling this story here in the first place) I was an agent of corporate espionage, sent by IBM to infiltrate the Wikipedia administrator corps. People even started coming back from that blog post to Wikipedia, adding banners to the article about my project to make sure my Wikipedia username was identified as being "connected" to it. Now, what I was was essentially a research assistant. I wasn't a corporate spy; I wasn't even on a permanent employment contract. And I, in that position, had to go to my manager and my manager's manager and tell them that there was this blog post alleging these things about me and about IBM, and that it was being shared by the people who had helped write it on places like Reddit as well, and that there was a possibility (there's always a possibility) that this potentially-extremely-damaging-to-my-employer's-reputation blog post could go viral.

I expected to be fired; IBM had no obligation to either protect me personally or back me up if I got them in hot water. I got lucky and I wasn't fired - the benefit of working for a corporate behemoth, perhaps, is that there's an entire cadre of publicists and lawyers prepared for eventualities like this one, and able to judge the likelihood of something to be an actual threat - but I was lucky. Had I worked for a smaller company, had my manager been short-tempered that day, had I not otherwise had a solid history at IBM, had that blog post mentioned any red-alert reputation words that caused the lawyers to jump to attention...had any of those things happened, I could have been out the door and without a way to pay my rent, and I wouldn't have blamed my employer for doing it.

I hadn't murdered anyone, or spoken ill of my employer, or even violated the TOU. My only offense was to have drawn attention to myself in a situation where I had disclosed a COI and had been outed previously in a way that let interested parties link the two. I want to stress "link the two", because that's the most relevant part to this discussion, today. I wasn't outed in one fell swoop by a single evil-doer. Instead, what allowed that horrible blog post to be written about me boiled down to two things: first, I was a bog-standard internet user who didn't run in locked-down mode. I had a Facebook profile, I had a LinkedIn, I had the occasional college paper searchable under my name, and I had no reason to know the singular focus that a dedicated person can apply to "opposition research" googling and what a threat that was to the "security through obscurity" that protects most internet users by default. And second, other people, usually for "lulz" or for petty revenge, had published enough other "dots" related to my personal situation without my consent - some on Wikipedia, some on IRC, and none so over-the-line that they were likely to endanger me when taken alone - that the blog writers were able to connect them, add 2+2, and get 12.
And that is an example of why yes, something like an employer name, or a location, or a LinkedIn profile link can, indeed, be a significant threat to someone's privacy and safety. Let me stress again something I said at the beginning of this wall o' text, because it's important: I tell you this story about my personal experience not because it's somehow shocking and unusual and affecting my thought processes particularly, but because it's not those things - nothing that happened to me in this story is something I haven't also seen done to some other Wikipedian. A fluffernutter is a sandwich! (talk) 23:47, 6 July 2016 (UTC)
Thank you for that extremely thoughtful reply. Although you began with a disclaimer that you wouldn't be able to answer my question exactly, you actually provided a very helpful answer indeed. Before I get into some comments about your experience, let me suggest that, while I thoroughly understand why you all cannot tell details for obvious reasons, I think that you can in fact provide the needed information. (And don't worry about convincing the most resistant editors. It's enough to persuade the editors who have open minds.) But surely oversighters can do things like saying there have been cases where nasty blog pieces were constructed about editors based on seemingly minor and unconnected clues, and that editors have been put in positions where they could get fired because an employer does not want to deal with bad PR. That kind of post does not violate any confidences. And, believe me, it would help. Just hearing about how some employers might fire an editor because something goes out online is persuasive.
And I think that it would be a service to get the message out that this kind of stuff is all too usual. I think that what you said is the best answer to the question in this talk section header, that has been given so far in this talk section. At the same time, I also think that it would be a service for COI-concerned editors to get the message out about the kinds of things that are visible at Upwork. I was appalled enough by what I saw yesterday, when an editor posted links to the ads for disrupting Wikipedia, that I changed my !vote in this RfC. Setting aside the rigid "true believers" on both "sides", there are far more good-faith users in these discussions who just don't get what the other "side" is saying, but are open to listening to information.
You talk about how such experiences can damage one's enjoyment of editing, and how it is unpleasant even to recount it. I hear you. But I've seen it from the other side of the oversighter/editor divide. Take a look at my block log. I won't go into details, but I came close to quitting Wikipedia, and to this day, my enthusiasm is less than it was before. And that's important too. I think functionaries can lose track of how editors respond to blocks (I'm talking about editors who care, not trolls), even as they understand the plight of editors whose privacy was violated. And look at how some blocks end up creating Streisand effects that are doubtless welcomed by the doxers. I am convinced that there are "true believers" on both "sides" of the debates on this talk page. Thanks again. --Tryptofish (talk) 00:21, 7 July 2016 (UTC)

I've been thinking some more about what you said about adding up 2+2, about how the doxers are prone to picking up on and connecting multiple small bits of personal information, and how the result can be much larger and more harmful than what one might expect from seeing just one of those bits of information. It's a good point, and there's an important implication for Streisand effects. In the current block, there has been an awful amount of subsequent discussion, here and on other pages. Lots of editors have said that the oversighted material involved a specific kind of online profile. And it is not too difficult to trace back to the user who was apparently victimized, and to comments that the username led to the profile. Really, that's all anyone needs to recreate the personal information that was oversighted. And I'm not in any way revealing that in my comment here: it's already all over the place. So isn't that just the kind of fodder that doxers feed on?

And that goes to how current practice deals with oversight blocks and their aftermaths. We oversight edits and make blocks for the primary purpose of protecting the personal information of the user who was the attempted outing victim. That's the primary purpose. And yet, when the block leads to post-block discussion, we completely undo the intended good. It's almost as if the administrator is saying to the victim: "You just need to take one for the team. What's important is that we blocked the editor who outed you." I know that's a caricature, but it makes the point. And it's a bad system. --Tryptofish (talk) 01:09, 9 July 2016 (UTC)

@Tryptofish: Sorry it took so long for me to reply. I was frankly burned out on this topic and struggling through the discussion it spawned, and needed a little (ok, a lot) recharge time before I could continue thinking about it. To respond to your thoughts:

  • Though you began with a disclaimer that you wouldn't be able to answer my question exactly, you actually provided a very helpful answer indeed. Yeah, sorry, I wasn't clear when I said that. What I meant was that in almost all cases, the type of answer I gave you would not be something we could do, because we are obligated to protect the privacy of users who have been outed, and that includes even what you might think are general, not-detailed-enough-to-identify descriptions of what happened. Human curiosity is a powerful thing, and combined with the equal powers of Google and various Wikipedia mirrors, it's all too easy to say something like "A criticism site wrote a blog post alleging stuff about someone" and unhappily find someone showing up two hours later going "Oh, hey, I noticed the suppression was on a page this person edited, was it this blog post about that user?" The Wikipedia ecosytem and the set of places/people who do things like write critically about articles/editors is small enough that almost any case could be searched up with just a little bit of time and elbow grease. The only reason I was able to give you as good an answer as I did in this thread is because it was my own story, which I decided was worth sharing despite the embarrassment/risk. If the victim were anyone other than me, I could not and would not make that decision for them.
  • We oversight edits and make blocks for the primary purpose of protecting the personal information of the user who was the attempted outing victim. That's the primary purpose. And yet, when the block leads to post-block discussion, we completely undo the intended good. This is a valid concern, and one the OS team struggles with regularly. We do our best to direct objections or questions about oversight actions to private venues - a typical answer to "What? What'd he do to get oversight blocked? He's a good editor!" would be something more like "I can't discuss specifics of an OS on-wiki, if you have concerns about my actions, please send them to functionaries list or the Ombuds Commission for review".

    But while we can refuse to talk about it, and even potentially remove/suppress on-wiki discussion by other people about it, the Streisand Effect doesn't just vanish because we won't talk about it. And if we press too hard to remove any/all discussion about it, that comes with its own set of risks.

    • We could ignite civil war on-wiki. There have been cases where a faction of editors disliked seeing something being suppressed so much that they decided to play a game of chicken, tacitly forcing the OS team to choose between suppressing information that had been posted in four or five places and blocking five or ten editors in otherwise-good-standing, or giving up on maintaining the secrecy of the originally-suppressed information. The more noticeably aggressive we have to be to suppress in a situation like that, the more attention is drawn to the content and the more potential there is for the community to lose trust in an OS team that seems, on the surface, to be going way overboard.
    • We might exacerbate the situation by having to suppress so many revisions that it disrupts the functionality of the project or the page. Imagine, for instance, me noticing an ANI thread about an outing block an hour or two after it began. There's easily going to be 100+ intervening edits to the page that I'd have to suppress, and suppressing a couple hundred edits on ANI is basically pasting a big "look at me" sign on both myself and the thread I removed. Probably half of the editors who had an edit suppressed in a case like that will have had nothing to do with the thread in question (remember, to suppress something added in revision 1 and removed in revision 50, we need to suppress edits 1-50, no matter what content edits 2-29 were adding), and each of them is going to be alarmed and want to know what they did wrong.

Essentially, once the snowball picks up enough speed, it can do more damage to attempt to stop it (suppress the edit, then suppress the edit about the suppression, then suppress the edit that notes that the previous edit was suppressed and wants to know if it was because it contained a link to $thing, then suppress the edit where someone challenges the OS team's right to block someone who'd just asked a question, my god, what kind of jerks are you OSers, etc etc) than to just move people out of its path (suppress the initial content, explain the Streisand Effect to the victim, and refuse to feed the flames of discussion about it on-wiki). So while I sympathize with your point about discussions like this undoing some of the protection we claim to be offering victims (and believe me, we don't like having to watch a discussion like this spawn either - it means we've failed to completely protect the victim) the bottom line is that we are not omnipotent and we don't have the power (or the desire) to force a large number of active and powerful editors to stop something all at once. Especially in a case like this where there are genuine, wide-ranging policy issues that need resolving that were surfaced by the individual case. Sometimes you just have to grit your teeth and choose between "bad" and "worse". A fluffernutter is a sandwich! (talk) 15:38, 22 July 2016 (UTC)

Again, thank you, and again, you have given me a remarkably thoughtful and insightful answer. Yes, I understood how you were constrained in what you could reveal in your previous answer. And I am pleased to learn that Oversighters have already been aware of the Streisand/choice-between-"bad"-and-"worse" problem. I wasn't too confident that this was the case. That's actually a good example of what I think is helpful for the rest of us in the community to hear, because we normally do not hear your sides of the story. My impression is that the majority of outing cases are caused by trollish editors who mainly want to make trouble and who are rarely missed. The problems arise mostly in cases like the one that led to this talk page getting so filled up. That's where other editors end up asking "why the f--- was that editor blocked?" I encourage editors to look below at #Flowcharts, where I took what you started and tried to take it a step further. At the right, I suggested an approach for administrators and Oversighters. One part of that is to take WP:NOTPUNITIVE into account. Frankly, I believe that there has been a pervasive tendency to treat oversight blocks punitively, and that's where the Streisand effect problem really originates. There are times (speaking generally here, not about a particular editor) when an otherwise clueful editor will have outed someone, not out of malice, but out of the confusion that "case-by-case" and so many other ambiguities have engendered. Block such an editor, and you can expect a lot of discussion to erupt. Now I really do understand the argument that, no, we want to prevent another occurrence, so we need to block until we're sure that won't happen – but it seems to me that this is done both inconsistently (and thus, creating confusion) and (when it happens) too automatically (and thus, triggering Streisand effects indiscriminately). I also get how awful outing is, and how the Oversighters and Arbs who have to deal with the muck can get to the point of despising it. But a sober, thoughtful, and responsible examination of what works and what doesn't should lead to a consideration of whether an immediate block is the best option, per my flowchart. Often, a block just has to be what happens. But sometimes, a quick suppression followed by a final warning will get the situation under control, and will do so without triggering a brouhaha that ends up harming the victim of the outing. --Tryptofish (talk) 18:34, 22 July 2016 (UTC)

A question about what's fair

If I write in an edit summary "[Editor's] real name is [Name]," and that editor publicly posted his name on the Wikimedia mailing list numerous times, is that OUTING? How can it be outing if the whole world already knows or can easily find out? Thekosher dragon (talk) 02:27, 28 July 2016 (UTC)

How do you know that the person posting on a mailing list is the same as the editor they purport to be on Wikipedia? As far as I'm aware there is no check done to verify this.
As for whether something can be outing if the whole world can easily find out, our role is to not make that easier still by posting information on one of the world's largest websites. If other websites have unresolved privacy failures then privacy campaigners can work on those. We do not want to be competing for the title of lowest ethical standards. ϢereSpielChequers 11:37, 28 July 2016 (UTC)
I agree with WereSpielChequers. I'll add that, for me, the deciding factor is that the mailing list is not the same thing as the registered Wikipedia account. If the user voluntarily posted their name on their user page, as an edit under their account, then it's fine to refer to the name, but without proof that it's coming from the registered account, it's off-limits. --Tryptofish (talk) 18:52, 28 July 2016 (UTC)

Metrics this month

I don't know how many of you follow the monthly m:Wikimedia Foundation metrics and activities meetings, but the theme for the most recent was harassment, including effects on user retention and an algorithm for identifying personal attacks in text (currently 95% success).

If you're interested in this subject, then you can watch the video on YouTube or on Commons (supposedly in this category, but probably not uploaded yet). WhatamIdoing (talk) 12:55, 30 July 2016 (UTC)

Better example

Wiki-PR is back and rebranding their paid editing service. You may remember that the company, it's owners and anybody working for these folks are banned for using at least 300 socks in a paid editing scheme.

Yesterday, they effectively sent me a press release (through Google News) bragging about their paid editing service. I noticed something familiar and checked an obviously related page. Bingo, very clearly Wiki-PR. I put a notice at WP:AN, just to make clear that these folks were also banned by the terms of the original ban. See Wikipedia:Administrators'_noticeboard#Wiki-PR_.3D.3E_statuslabs_.3D.3EGetYourWiki.com. Now I put in some "old links" from a previous rebranding, but was careful not to put in any new links (because of this conversation - talk about chilling effects). I did mention enough that folks could search for, and probably easily find, two relevant webpages - it would be impossible to describe the situation without that.

So, I've put in "old links" and referred to "new webpages" about Wikipedia editors (no account names, but presumably paid editors edit). Does that constitute outing or harassment? I expect the answer is "of course not". Otherwise I wouldn't have posted it at WP:AN. It's a matter of common sense or even a case-by-case evaluation. But if anybody wants an example of how an absolute rule of "no links ever" would really mess things up, here it is. Smallbones(smalltalk) 20:20, 28 July 2016 (UTC)

Thanks for posting this, and I agree with you entirely. And you have astutely pointed out the problem with "no links ever". In fact, your example greatly diminishes the legitimacy of saying that there are no conditions under which editors should "investigate" other editors. The kind of "investigation" that you did here can certainly be considered to be an investigation, and yet it is obviously something that we should welcome and not sanction. --Tryptofish (talk) 21:16, 28 July 2016 (UTC)
Thanks. Does it count as an investigation if it only takes 15 seconds? I did read the press release, but that doesn't count - they sent it to me. On most things I read on the internet I click some link, or even copy/paste a search term. So I'm afraid that anything I see ever on the web might be considered "an investigation." Smallbones(smalltalk) 22:12, 28 July 2016 (UTC)
I'm reminded about the X-seconds rule about eating food that fell on the floor. I guess the real answer to your question is that it depends upon the administrator who decides whether or not to block you. Luck of the draw. --Tryptofish (talk) 23:24, 28 July 2016 (UTC)
Wiki-PR is a group, not a specific person. As far as I know rebranding groups generally don't enjoy privacy for their previous identity (as a group), either under privacy in general or our Wiki(p|m)edia policies.Jo-Jo Eumerus (talk, contributions) 14:15, 29 July 2016 (UTC)
Yes, that's obviously true. However, it could certainly be argued that linking to their website could reveal, at that website, identifying information about individual persons. It's similar to the situation with a group such as Elance/Upwork. I think that it is unreasonable to claim that identifying information about individuals at such websites should be cited as outing, given what those individuals are doing there (although I would agree with prohibiting the use of such information for purposes other than identifying undisclosed paid editing). And yet, it is clear from the discussions here that other editors would regard such information as absolutely sacrosanct, and this example goes to how we really do not have a consensus. --Tryptofish (talk) 21:18, 29 July 2016 (UTC)

That'd be a rather flimsy argument - I cannot find any personal information on these two URLs.Jo-Jo Eumerus (talk, contributions) 21:41, 29 July 2016 (UTC)

I agree with you, very much. But I definitely have seen many editors argue that there should absolutely be no "investigations" of other editors, and that consequently, even linking to such websites is harassment. I feel that such absolutism is unreasonable. --Tryptofish (talk) 21:48, 29 July 2016 (UTC)
I am seeing lots of "personal information" by the definition a number of people are trying to use in the above discussions. It lists someone's work phone number at the top. And it lists some names of advisor board members plus employees along with where they live. Likely these employees have bunches of accounts they edit Wikipedia with. Doc James (talk · contribs · email) 07:26, 30 July 2016 (UTC)
Yes, there is lots of personal information on the "team" page I visited and some in the press release they sent me (and thousands of other people). In the press release is the contact's e-mail and the town where she lives and works. BTW, I don't really know what made me think "this is Wiki-PR" when I read the press release but it was likely these 2 pieces of info - the e-mail contains the name of a firm. On the "Team" page which I clicked after I googled the name of the firm is included lots of personal info (which of course the firm included as a type of advertising) including the favorite drink of the contact. Smallbones(smalltalk) 11:27, 30 July 2016 (UTC)
 
Nuts
This is indeed a good example. The practical effect of the WP:Harassment policy, as currently written, is that the Signpost cannot report that "Jane Doe, the principal of the new Wikipedia editing consultancy 'Super PR for the Wiki' that has just sent out a major mailshot, actually works for John Doe, formerly head honcho at notorious Wikipedia editing firm 'Super Wiki Pages 4U'." Because in doing so, the Signpost would divulge the professional association of a non-editor and/or editor. It's completely nuts. The entire world is free to discuss these companies and PR writers, except Wikipedia, the project directly affected and not infrequently corrupted by them. Sending this info to functionaries is no substitute, because they're not going to do the work. You need an informed community to deal with the efforts of PR writers to manipulate the information this project presents to the public. In this very practical, not theoretical case, this policy is preventing the community from being informed. Pinging Risker. Andreas JN466 10:21, 31 July 2016 (UTC)
The effect of the harassment policy is an incentive to harass. I would like to write that an editor is an administrator of a page on a popular social networking site (i.e. Facebook), using the exact username and first name as his wikipedia account, for a controversial organisation they have disclosed themselves to be an active member of. I presume that the Wikipedia response will be to block me, and allow the COI editor to continue ongoing harassment of any editor who adds background to the controversy about that organisation. 124.126.27.132 (talk) 18:57, 31 July 2016 (UTC)

We need another RfC asking more specific questions

The RfC above suffers from the fact that people essentially agreeing with the view that linking to public offwiki sources should be allowed in some circumstances have ended up in both the Support and Oppose camps, depending on the weight they have given the "case-by-case" wording (which is criticised by both supporters and opposers).

To resolve the issue, and break the deadlock, we need to gauge community consensus on some specific scenarios. Here are some suggestions:

  1. Academic Jane Smith publishes a paper about Wikipedia in a scholarly journal. In her paper, she discloses that she started the Wikipedia article X. The edit history shows that the article X was started by User:JSmith.
    1. Should the Signpost's Research Report be permitted to include a link to the paper?
    2. Should the author of the Research Report be permitted to write, "Academic Jane Smith, who appears to be editing Wikipedia as User:JSmith, ..."?
  2. The LinkedIn profile of Jane Smith states that she works in the PR department of Acme Products. User:JSmith has made promotional edits to the article on the company and the biography of the founder of Acme Products, with little or no other Wikipedia activity. She has not made any on-wiki disclosure. Should onwiki links to her LinkedIn profile be permitted?
  3. On a publicly viewable website for freelance PR writers, a user has accepted a paid job to create an article about Acme Products. A week later, a new user appears on Wikipedia to create a promotional-sounding article on Acme Products. They have made no onwiki disclosure. Should onwiki links to the relevant page on the freelancer website be permitted?
  4. On a social media website, a user named JSmith356 mentions in passing that they work as a PR professional for Acme Products. On Wikipedia, a user named JSmith356 has long been editing the article on Acme Products, along with other, unrelated article work. Should onwiki links to the relevant post on the social media website be allowed?

For reference, I would answer:

1.1 Yes (public professional info)

1.2 Yes (public professional info)

2. Yes (public professional info)

3. Yes (public professional info)

4. No (info provided in a semi-private context)

How would you judge these scenarios?

Can you think of other scenarios that should be included in such an RfC? (Unless there is consensus to the contrary, this second RfC had perhaps best be run once the one above has been closed.) --Andreas JN466 16:53, 18 July 2016 (UTC)

  • Andreas, a suggestion for another one. JSmith used to edit as Blah9847 (a distinctive name, not a real one). The old user name is still in his history. JSmith has made questionable edits about Black Lives Matter, and someone has taken him to AN/I because they're not sure whether he's editing in bad faith or just inexperienced. Someone notices the Blah9847 connection and that a Blah9847 is making racist posts elsewhere on social media. Are we allowed to link to those off-wiki posts during the AN/I discussion? SarahSV (talk) 17:20, 18 July 2016 (UTC)
  • Andreas, another suggestion: User:X is editing a BLP. Everything is sourced, but the editing is noticeably aggressive. A Google search shows that an X is in a real-life dispute with the subject, which places X in violation of WP:BLPCOI. Questions:
  • (a) Are we allowed to say on talk: "X, you seem be in a real-life dispute with the subject and therefore must stop editing this article"?
  • (b) Are we allowed to supply a link showing the real-life dispute, regardless of whether it outs X or leads to other pages that out him?
  • (c) Is drawing attention to the real-life dispute, even without links, an OUTING violation because it might encourage someone to google X, and if they do, they might eventually find the real name? That is, if X were to complain that he was effectively outed by having that real-life dispute mentioned, would that complaint be taken seriously? SarahSV (talk) 23:58, 19 July 2016 (UTC)
  • I very much agree that we need such an RfC after this one is over with. Please see also Wikipedia talk:Harassment/Archive 8#Idea about 2 RfCs as well as User talk:Tryptofish#Outing. I think some careful thought and coordination should go into exactly how the RfC is constructed. --Tryptofish (talk) 22:50, 18 July 2016 (UTC)
  • Agree this looks like a good way forwards. I am of the same position as User:Jayen466. Doc James (talk · contribs · email) 00:05, 19 July 2016 (UTC)
  • I don't think a scholarly journal would allow an author to publish a note about starting a wikipedia page. EditorDownUnder (talk) 13:33, 19 July 2016 (UTC)
    • There have been actual examples of this, as mentioned by Piotrus on the recent op-ed's talk page. People may mention in passing in a research paper that they created an article, which was nominated for deletion, etc. --Andreas JN466 15:47, 19 July 2016 (UTC)
      • Indeed. This is not uncommon. There are dozens academic articles written by Wikipedians who have not disclosed that they are scholars on Wikipedia (or in the article), but whose statements in said papers like "I created article on X" or "I was the instructor of the class which created article Y" make identification quite easy for people who know how to use Wikiepdia article history tool. It would be good to have it confirmed that making such a connection is not outing. --Piotr Konieczny aka Prokonsul Piotrus| reply here 19:38, 19 July 2016 (UTC)
        • The example you provided wasn't an academic article. I am referring to published, peer-reviewed articles. Please provide an example of this. The example referenced above is essentially a blog post. EditorDownUnder (talk) 23:42, 20 July 2016 (UTC)
          • Catch-22: posting the article to discuss whether or not it is outing, could be outing and therefore blockable. - Brianhe (talk) 01:16, 21 July 2016 (UTC)
            • No, outing would be posting a link to connect a username to a person. If a person has published that they edited in Wikipedia but have not disclosed the username then it wouldn't be. What I am saying is no peer reviewed article would contain this statement. EditorDownUnder (talk) 21:49, 21 July 2016 (UTC)
  • Yes, a more specific RFC is a good way forward. I also agree with the various permissibility in Andreas' example above. There is a strong difference between information disclosed in a professional/commercial context and in a personal context. JbhTalk 14:43, 19 July 2016 (UTC)
    • I agree there is a key difference between information disclosed in a professional/commercial context and in a personal context. These cases should probably be treated differently. Andreas JN466 15:47, 19 July 2016 (UTC)
      • I disagree. The question has always been about connecting a private account on Wikipedia with personal information about a user that has not been disclosed here. Whether or not that personal information has been posted professionally or not is not the issue. Whether or not we can "out" an editor by linking their on-wiki account with off-wiki personal information is. - Bilby (talk) 00:05, 20 July 2016 (UTC)
        • The actual question is can we discuss business transactions that are occurring off of Wikipedia for undisclosed paid editing on Wikipedia. Doc James (talk · contribs · email) 00:09, 20 July 2016 (UTC)
          • Of course we can. What we can't do is publicly link to the editor's personal information as part of that discussion. - Bilby (talk) 00:19, 20 July 2016 (UTC)
            • Manys functionaries position appear to be that one cannot link to paid jobs on Elance/Fiverr/etc. as someone might add personal information to it after you have linked it. Doc James (talk · contribs · email) 00:34, 20 July 2016 (UTC)
              • Yes, but that doesn't stop discussion. In general, I haven't found much difficulty in saying that an article is the subject of a job request on Upwork or another site, and having that accepted without providing a link that might out personal details. When going after the few unblocked Upwork editors for socking, I've never had nay problems with mailing the private data to a CU. But I guess we're going a bit far off topic here, as this is what the RFC was meant to discuss. :) - Bilby (talk) 00:39, 20 July 2016 (UTC)
  • In constructing the RfC, I would want specifically to ask editors to answer in terms of what they, themselves, believe the policy ought to be, as opposed to their attempt to interpret what the current policy means. --Tryptofish (talk) 19:05, 19 July 2016 (UTC)
  • And, for whatever it is worth, here are my answers to the questions above. I personally agree with Jayen466/Andreas about all of his answers, while noting that the community is likely to be divided about examples 2 and 3 (and perhaps even 4). And let me throw another wrinkle into example 2: let's say the Wikipedia username is JSmith, but some edits by that user seem to suggest that he is male, as in John Smith instead of Jane Smith, but Jane Smith is the name of the PR person. There are a lot of potential complications, and it is important that the RfC should cover the grayest of the gray areas, because that's where the boundary will end up being. As for investigating something having to do with NPOV and content (as opposed to paid editing), as in SlimVirgin/Sarah's example, I would answer that such linking should be forbidden. It's too easy to use that kind of information to shame an opponent in a content dispute, rather than to protect the project against disruption. Whether the person is associated with the Ku Klux Klan or the Animal Liberation Front, if their edits are POV or disruptive, then the editing should be opposed on the basis of being POV or disruptive, and there is no need to add the identifying information to recognize that POV or disruption. It's too hard to draw the line: do we disqualify someone associated in real life with Black Lives Matter from editing the page about Strom Thurmond, or someone who is Jewish in real life from editing a page about the Palestinian people? There will always be an editor on the other side of any content dispute who will look for a way to get the upper hand if we permit it. --Tryptofish (talk) 19:23, 19 July 2016 (UTC)
    • I've been mulling this some more, and here is another example of the sort that treads close to the line. Let's say it's something like example 2, above, but with the added wrinkle that the Jane Smith whose LinkedIn profile says she works in the PR department may also be the Jane Smith who, on other websites, has been the victim of some very nasty digging into her personal life and posting of some nasty personal history. Connecting the Wikipedia user name JSmith (who has never revealed her or his real full name on-Wiki) to the LinkedIn Jane Smith might make it possible for doxers to also connect the Wikipedia user to the nasty personal stuff. That's a very real kind of situation. Obviously, we would not link to or mention the nasty websites, but is it still OK to link to the LinkedIn profile? --Tryptofish (talk) 23:01, 19 July 2016 (UTC)
If an editor finds such a situation then how to proceed is a personal ethical decision because there is no way to show they knew such additional material was out there nor should we be placing some undefinable due diligence requirement to search for second and third order effects from information squirreled away in the deep web or random sites, chats and blogs. All we can or should deal with are first order effects, anything else is requiring omniscience. JbhTalk 23:22, 19 July 2016 (UTC)
And yet, I am aware of an ArbCom block for something very much like what I described, very much based on the premise that the very possibility of second order effects, whether known or unknown, is sufficient reason to assume that second order effects always exist, and thus, every example above is forbidden as outing. Literally, an ArbCom block in which the blocked editor only found out about the second order effects via an email from an Arb after being blocked. --Tryptofish (talk) 23:28, 19 July 2016 (UTC)
  • Here is another scenario. A Wikipedia contributor gives a press interview, and the press article mentions their legal name. No one has disclosed having that name on Wikipedia. Should on-wiki links to the press article be allowed? Should it be allowed to repeat the name on Wikipedia? Andreas JN466 08:44, 5 August 2016 (UTC)
Yes, that's an interesting one. I think it depends to some extent upon the nature of the press report. If the report involves an investigation that revealed the user's identity without their cooperation, and the press interview appears to have been given without endorsing that revelation, then I would say that linking to or repeating it would be outing. Likewise if the report indicates that this real name corresponds to a Wikipedia editor, but does not specifically name the on-site username (in other words, it's outing if bread crumbs are followed to figure out which Wikipedia editor it is). But if the user voluntarily made public both (1) their real name, and (2) the fact that this name corresponds to a specific, named Wikipedia account, then I would say that it is public information, that can fairly be repeated on-site, even if the editor never mentions it on-site.
Also, I wonder whether the follow-up RfC discussed here might depend on the outcome of my planned proposal at User:Tryptofish/Drafts/COI List Draft. I'm not sure. Perhaps these are two separate questions, or perhaps one affects the other. --Tryptofish (talk) 17:13, 5 August 2016 (UTC)
This is actually something I've felt iffy about before. I would say that b) is a easy no but a) is a tougher situation. I think that the best in the situation (a) is to actually ask the user what they would like to do. Snowolf How can I help? 17:29, 5 August 2016 (UTC)
Sorry, but it's not clear to me to what you are referring to as "a" and "b"? --Tryptofish (talk) 17:37, 5 August 2016 (UTC)
My apologies for the lack of clarity, I am trying to refer to the first question ("Should on-wiki links to the press article be allowed?") as a and to the second question ("Should it be allowed to repeat the name on Wikipedia?") as b :) Snowolf How can I help? 21:28, 5 August 2016 (UTC)
Thanks! --Tryptofish (talk) 21:34, 5 August 2016 (UTC)
So Snowolf, if a reliable source – imagine VentureBeat, or the New York Times – writes that Jane Smith
(a) is a member of ArbCom or
(b) is leading a collaborative project with a GLAM institution or
(c) collaborated with an academic who published a study about Wikipedia or
(d) is a scholar who edited Wikipedia incognito for research purposes,
are you stating that it should not be allowed to repeat the name Jane Smith on Wikipedia? What if we want to cite Smith's study – do we then have to leave the "author" field in the citation template blank?
Furthermore – and this may also be of interest to Tryptofish – you may recall this article. It has actually for the past few years been cited in the relevant Wikipedia biography. Do you think that this should not have been allowed, and that Wikipedia should have censored any reference to the article's content? Andreas JN466 16:30, 6 August 2016 (UTC)
I really cannot imagine a situation in which the proper filling out of the "author" field in a citation template should be regarded as harassment, so long as the source is a proper source to cite for the content. My take on the a, b, c, d is that if the user account at Wikipedia has voluntarily posted that they are the same person as Jane Smith in the reliable news report, or if the news report says credibly that Jane Smith also says that she is "username", then it's public information – but if the news report does not explicitly connect the name Jane Smith to the particular Arb, GLAM editor, or scholar-editor, then it's outing to connect the dots. I looked back at the Qworty scandal, and it does indeed raise interesting questions about this policy. My opinion is that once reliable secondary sources start reporting that "notable person" is the same person as "Wikipedia username" in the context of a notable event about Wikipedia, it has become public information (albeit not necessarily by the editor's choice), and thus is not outing to include in an article. In a way, I feel like Qworty-type situations are governed by WP:BLPCRIME: if the information is permissible under BLPCRIME, then it isn't outing. --Tryptofish (talk) 18:23, 6 August 2016 (UTC)