Talk:Privacy policy

From Rodovid Engine

Jump to: navigation, search

--Security Ideas-- (picked up from conversation on the Wikimedia Meta project)


[edit] privacy checkmark

I would like to see an option to click my record and have it rendered private based upon my birth date. A stored procedure could search the database and process the records marked private. There are two thoughts about how to handle the records thus marked.

  1. Page displays with name only or the signature of the submitter
  2. Page does not display at all but only a marker that says "private or living".

This rule for handling the private tag could be that the tag is removed once the person's 80 birthday has passed, or a death date is entered on the person's record. I see no reason to keep persons who are desceased from being listed in a free genealogy wiki forum.

Otherwise I agree with the developers. If you dont want it listed dont enter the record. Almoustine 16:59, 17 February 2008 (EET)

  • I prefer display nothing but only a marker that says "private or living" with the signature of the submitter --Baya 00:18, 19 February 2008 (EET)

[edit] Gedcom Uploads

As I understand you are ready add to subj your gedcom but with some additional conditions or without private info that contains your gedcom? Please, describe it more precisely. For example, I can tune gedcom import script and user will can select fields that can be imported and deselect other. Can you look at project and give some comments?
sorry for my poor english, sincerely, --Baya 12:32, 23 February 2006 (UTC)

My #1 concern about adding content here is that I need to respect the privacy of living individuals that are currently in my own genealogical database. I can filter that out and perform extractions for people who are dead or have been born more than 110 years ago (the usual cut-off time to assume death of somebody without documentation of that event). I would recommend that you make this a policy here as well, at least for publication of the information, or to include some explicit checkbox that would show permission has been granted. This should by default through GEDCOM importation be set to not grant this permission.

I hope this makes sense. My wife, particularly, does not want information about her published in a public forum anywhere on the internet. She got mad at me when I put up a picture of myself on a web page and it included her hand on my shoulder. I respect that and it does affect what I do on-line.

You have as nice project here, and I do plan on adding some content in the near future. --Robert Horning 19:25, 23 February 2006 (EET)

  • Its really silly to be concerned about people getting your info because it already easily accessible to those that want to steal it. Is your number unlisted? If not just type it into gooble and you get a map to your house. 04:58, 22 March 2006 (EET)

Thank you very match for your harmfull words :) To deal: This privacy problem can be resolved by two ways:

  1. Private information can be accessed only by owner/contributor (with current database schema I can change only type of one field and couple sqls for this). But this case kill wiki idea - information must be open and free. So, imho, second way is more preferable.
  2. Do not submit unwanted/private data to open project. For this variant I redesign a Gedcom import script. Now user can select age of people or time from death. Or must check necessary box to submit to Rodovid data about "young" people. --Baya 22:18, 24 February 2006 (UTC)

[edit] My Policy Idea

Obviously we need to protect the privacy of living people, because they might not have any say in whether they get uploaded to this database or not . Therefore I think it is necessary to have some sort of blanket policy. However, as you say, hiding living people to everyone except the contributor would be wholly un-wiki.

My suggestion is that we restrict data on lving people to just names by default. So, in GEDCOM import all data (brith, place etc.) about living people would be removed and just names imported. The user would have no option on this. However, if they want to, they can be more stringent than the policy states and use a checkbox to not import any living people at all.

I feel that a names only policy would be a good comprimise as people's privacy does need to be protected, but having no data at all would stop people from being able to see their own, and their living relatives trees. Having names also allows people to find potential 'long-lost' relatives. The names would be enough for them to be fairly sure that they were related. If they wanted more data, they could contact the person who contributed those people.

The only possible issue with a names only policy is that of mothers maiden name. However, as an anon says above, personal data is fairly readily availible and I doubt that Rodovid will make much difference to identity fraud. In addition, as the database grows, there will be many people with the same name and without other data to find the one that you want, the information will be almost useless to identity fraudsters. They would have something like 100 or 1000 maiden names to choose from!

I would like to know what other people think of my suggestion. Please discuss, all comments are welcome.--Bjwebb 12:05, 19 April 2006 (EEST)

if by defult a living person's box merely said "currently living" or the like, with no more info, not even name, we could avoid more trouble. as long as there was an option to show more information for currently living people, this would be safest. aslo, the server would still know the names of people, as a result family connections would still be made, or at the very least it could concivably be set up this way. i have some other idea on my talk page. ----Mayhew18[1] 4:25, 29 May 2006 (EST)

I don't think there should be any restriction on the information about living people. There is simply no danger. I can't see how somebody can use some names and dates in any "bad" purposes. There are lots of places where there is more information about a person than on Rodovid. For instance the telephone book. There you can find not only people's names, but also their address and telephone number. And the government has so much information on all citizens. In Finland, in hospitals, at the police, etc., they ask me my security number and they can immediately see my name, address, phone number, all dates when I entered or left Finland, what visas I had, and so on. And talk about privacy!

Another point would be Wikipedia. There you can find lots of information about living people. Not only their birthday and birth place, but also quite many details on their lives, and also some things about relatives. You can say that it's because they are celebrities, but in any case, if there was such a big danger in displaying this information, those articles wouldn't exist.

Showing limited information on living people will not help the project at all. Imagine somebody wanted to find distant relatives. If only the name was shown, they couldn't be sure it is the person they're looking for, since many names are quite common and lots of people have the same name. To give a concrete example - I began searching for relatives with whom I hadn't talked for a long time on hi5. I searched by name, and I often had several results. The birthday always helped me to identify the person I was looking for. And yes, on hi5 most people give their birthday and their age, and most have lots of pictures of themselves (it's true that the name is not displayed, but if you search for a name, you find the people that have it).

So what I think is that there is no danger in putting here information about oneself or other persons, and if somebody doesn't want to appear here, they can just not put the information. -- Dumiac 22:08, 3 June 2006 (EEST)

Mothers' maiden name is useful information for identity theft via social engineering. Its usefulness in finding long-lost relatives doesn't change that fact. Davidlamb 01:58, 28 September 2006 (EEST)

I think that in order to help those out there looking for those they may be related to - it is important to allow living people to be put into this database. I also don't think you want to FORCE a policy on someone (as in, they are not allowed to put their exact birth information). According to a relative of mine that is familiar with standards now, I guess the general thought is to put either approximate birthdates for living people or to simply have a tag that says "private" - this is hopefully somewhat of a deterrent from identity theft. While I know, as others have stated, that if you look long enough, you can any information online, I think identity thefts are crimes of opportunity, so if they can't get someone's information easily, they will probably go after someone else. --Hipsterdoofus 20:10, 5 January 2007 (EET)

[edit] Alex Eagar's Suggestion

I would like to see Rodovid become as popular, if not more popular than Wikipedia. This is not going to happen without a good privacy policy because there will be controversies and lawsuits down the road that will shut Rodovid down. My suggestion is to implement real security so that people can confidently add personal information about living people which will only be seen and edited by users who have been authorized by the creator of the information. This will make Rodovid a wiki for our ancestors and a personal history recorder for ourselves. Rodovid should not be a wiki for living people because there is an authority. There is nothing to discuss because that person is alive and can tell you first hand how things happened. But there is still a need to record information because we don't want it to be lost when they die. When a living record is created it should by default only be visible by the creator. That user can then authorize specific other users to view or edit the record. By doing this, a person will be able to easily create and view his whole family tree, but when he logs out, all those living people disappear. Very few living records will be duplicates because real relatives have real relationships which allow them to authorize each other to see their living relatives. It will also increase Rodovid's user base because if I want my mother to see her own tree which I entered, she needs to create a user name and password.

I'm sure that there are many ways to implement and administer this kind of security. Here is how I recommend administering it. Each living record would have one administrator. The administrator can view and edit a page and can authorize or remove authorization to view that record. The administrator can also transfer administration rights to another user, but the original administrator would then loose administration rights to that record. There would also be users who can only view a record and users who can both see and edit a record. There would of course need to be a way to grant rights for whole branches as well as specific individuals.

Here's an example of how it would work. I discover Rodovid, so I create an account and start entering my genealogy. After I have a good sized tree that includes my ancestors and my living relatives, I decide that I want to share my tree with other family members so that they can contribute to it. First I show it to my brother and explain what Rodovid is and how it works. He is impressed, so he creates an account. I don't want him to have to re-enter all the information about our living relatives, so I grant him edit rights to all our living relatives except myself and my kids. I also transfer him administrative rights for the records of him and his kids. My fourth cousin, whom I have never met, then discovers Rodovid while searching for a common relative on the Internet. He creates an account and starts entering more relatives and also adds his own personal information as well information about living relatives. He then posts a message on my discuss page to thank me for entering information about our relatives. Most of my family don't know him, so I don't feel comfortable sharing my whole living tree with him. But I do give him rights to view me and my kids and he gives me rights to view him and his kids. In the mean time my brother has removed my rights to edit him and his children, but I can still view them. The next person to find out about Rodovid is my is my father who abused and abandoned my mother while she was pregnant. He doesn't dare ask to see my personal records, but he knows when I was born and the names of my kids, so he creates his own records of me and my kids. He then shares his living tree with his brother. And thus it continues with everyone entering all their information but with only trusted individuals seeing sensitive information. --Alexeagar 14:12, 13 May 2007 (EEST)

  • You describe my ideas :) But some notes. As you understand over some time We will need additional support to maintain the Rodovid. So my addition is: private records that you describe will be available only under chargeable account. It is just an idea, not a real way! What do you think about it? Maybe do you have other ideas about Rodovid maintanence? --Baya 18:09, 14 May 2007 (EEST)
    • I think that the most feasible way to be continue to maintain Rodovid is for the project to be adopted by the Wikimedia Foundation. Each localized front page should state that Rodovid's primary goals are to create the world's best genealogical wiki and become an official WikiMedia project. It should offer suggestions on how to contribute to Rodvid. A few suggestions could be for users to add ancestors to Rodovid, tell family and friends about Rodovid, sign the Wikimedia Rodovid project proposal, read about Wikimedia's new project policy, donate monetarily, report bugs and help develop Rodovid. I think that the biggest obstacle in becoming an official Wikimedia project is our lack of privacy. I think that each localized front page should also explain that our users' privacy is very important to us. It should then explain that we are currently planning how to implement privacy for living people and ask for users to joint the conversation. It should also warn that because there are no privacy policies implemented yet we suggest that people not add information about other living individuals and cautiously add information about themselves. --Alexeagar 08:53, 15 May 2007 (EEST)
  • The First Step Toward a Solution I like my idea above but I know it will take a long time to implement. For starters could you just implement a private attribute to each record? If checked then only the creator can see the record and only the creator can check or uncheck it. I would not expect this to be a final solution, but I think that it is a solution that everyone can agree to and which would be fairly easy to implement. I think that it is offensive to post information about living individuals. Yet if I could mark records as private, I would add more records to Rodovid. You could also make it so that if a private record is recorded to have been born more than 120 years ago, it becomes public. That way you get everyone to enter their private information, but in years to come the information is not lost, but is opened to the public. --Alexeagar 23:28, 21 June 2007 (EEST)
My idea: there will be some privacy levels. Important note: Names will never be private.
  1. noindex record marked with noindex tag to avoid search engine index them (these pesons will be shown in trees and lists only with names) (nearest future)
  2. private record from your proposition but these persons also will be shown in trees and lists only with names. Page about private and Family of private person will present only names to not record creator and can be edited only by creator. (more complicated due to require recoding of mediawiki cache mechanizm)
  3. group privacy. (....)
--Baya 10:14, 22 June 2007 (EEST)

[edit] Privacy

I must say I am very confused about this discussion.It is assumed that this is eventually going to be a Wikimedia project, correct? And the Wikimedia vision is: "Imagine a world in which every single human being can freely share in the sum of all knowledge. That's our commitment.". So, all that needs to be done is figure out the minimum necessary amount of privacy by law, meaning how much can Rodovid legally display without getting sued. Is it illegal for someone to post on the internet the names and birth dates of his kids? Can someone post how he's related to his 4th cousin without getting sued for privacy violation? It seems all this requires is a little research. As it is, the progress of this project is basically completely halted until this issue is resolved, because no one knows if they can put anything on. --Yair rand 00:30, 9 December 2009 (EET)

Personal tools
Джерельна довідка за населеним пунктом