in reply to Re: Re: Re^7: Increased number of downvotes at the Monastery? (violation)
in thread Increased number of downvotes at the Monastery?

This seems like a rather excessive reaction. Let's say the two ends of the continuum are (1) a site with no anonymity, and (2) a site with perfect anonymity. The biggest possible change can be from (2) to (1).

But the assumption of a continuum from zero anonymity to full anonymity is fundamentally flawed. Anonymity isn't something to be given or measured on a continuous scale. And, anonymity in and of itself isn't the issue here.

Perhaps tye's actions have caused you to suddenly realize that the anonymity here can be violated (using the word according to your definition),

No, that anonymity and privacy aren't guaranteed is made clear in This Node, which ultimately suggests it is a matter of trust. But, in my view, the policy "implied" (though admittedly not formally specified) in that post is one I would characterize as: "we really don't want to know, don't care, and won't look except when absolutely necessary" ... "we even use tools and have taken steps so we don't accidentally discover private information". I am a rather trusting person, and my take on policy from that post is that the powers behind perlmonks take privacy as seriously as I do. That does not appear to be the case. Everyone seems to want to measure the 'harm done' in terms of the individual involved (who professes no harm done), and the honest good intentions of tye. Yet it remains true that privacy was breached for very trivial reasons. That's the real issue, and the real harm done.

But your reaction says that it is a big deal; big enough to completely stop participating. This doesn't make sense to me.

Because as I mentioned, there isn't a continuum. An illusion that the integrity of private data will be maintained is far worse than no illusion at all. My leaving would have *nothing* to do with anonymity in and of itself.

  • Comment on Re: Re: Re: Re^7: Increased number of downvotes at the Monastery? (violation)

Replies are listed 'Best First'.
Re^11: Increased number of downvotes at the Monastery? (grey)
by Anonymous Monk on Mar 12, 2004 at 23:28 UTC
    Because as I mentioned, there isn't a continuum.

    I'd been meaning to reply noting that you appear to have a black-and-white mindset problem on this issue. Much easier when you just admit it. (:

    ...integrity of private data will be maintained...

    And I wanted to steer away from "anonymity" and toward private data, so I'm glad I won't have a fight there either.

    So are you concerned that a couple of gods might connect your non-anonymous monk name with some nodes that you posted anonymously and therefore you wish to no longer use the site? If so, then I'd appreciate some insight into why that is so strong a concern for you. If not, I'd appreciate some insight into the more extreme problem you are projecting from this incident.

    I note you side-stepped the attempts to get you to be concrete in your concerns.

    If you stated that you understand and agree with my position and consider anonymity to be inviolate except in extreme circumstances, and all the powers that be agreed to abide by such a policy, I would have no problem trusting in that policy (that had essentially been my tacit understanding all along).

    [line break added]

    If, on the other hand, you stated that you still felt that anonymity is something you or other gods are free to breach at your discretion and judgement on a case-by-case basis, then yes, I would regrettably cease participation.

    The only difference between the two proposals is the word "extreme". I'm pretty sure that the gods around here almost never have situations that they would call "extreme". They do try to administer the site even when there isn't currently an "extreme" problem to be fixed. In the course of administering the site, they will run into private data. They may even run into private data because they went looking for it in order to feed it into a further step in the process of administering the site (automating that step is nice, but administrative automation isn't the highest priority from what I've heard).

    So, if you persist in considering this a black-and-white issue and that you won't participate in sites on the 'black' side, then you need to unplug your modem because nearly every web site you might visit is logging your IP address and I doubt any of them have rules that prevent administrators from glancing at your IP address in the log without the excuse of an "extreme" situation. And if private data is either perfectly inviolate ('white') or isn't ('black'), then all of those sites are 'black'.

    - t        

[reply]
      The only difference between the two proposals is the word "extreme"

      That's a very shallow reading. There is a deep and fundamental difference in the two positions. If there was a stated policy that privacy breaching was something to be done only when absolutely necessary, I would trust the gods to follow that policy. Were that the case I do not think tye would have even considered peeking at private data in the present case because in upholding policy he would have asked himself "is this breach absolutely necessary?", and the answer can only be "no" for such a trivial situation. Instead, the gods have no such policy and so the question above doesn't get asked ... the question they might ask themselves is "what is the harm in this particular case". And *that* is a fundamentally different question, and the wrong question if you take privacy seriously. Using that (or similar) question as your guide makes *you* the judge of the value of *my* privacy.

      I am very far from being the black-or-white person you suggest. Some concepts just do not lend themselves to continuous scales. What sense does 30-percent or 80-percent anonymous have to you? And I do realize the nature of access involved in administration as I administer a small multi-user system/gateway myself. Seeing bits of priveledged information such as IP addresses is a *long* way from connecting the dots to isolate and identify users and/or user behavior.

[reply]
        I am very far from being the black-or-white person you suggest.

        Noone ever said you were a black-and-white person. You see this issue as black-and-white.

        Some concepts just do not lend themselves to continuous scales.

        You keep using this word 'continuous' but I don't think anyone else has. It isn't a continuous scale. It is a partially ordered set of discrete points (at least), some points quite clearly much worse than others.

        Seeing things as black-and-white is a conceptual block. Of course you think the concept can't be 'grey', that is the nature of such a conceptual block.

        What sense does 30-percent or 80-percent anonymous have to you?

        None. I can't assign a number to level of anonymity or privacy (else it would be a totally ordered set of points). Is some information more sensitive than other information (even though both are treated as private)? Of course. Is writing your home phone number on the wall of every public restroom I visit a worse breach of privacy than me glancing at your home phone number in a record in a database I administer? Absolutely.

        Seeing bits of priveledged information such as IP addresses is a *long* way from connecting the dots to isolate and identify users and/or user behavior. [emphasis added]

        Would you say that is 40% away from it or more like 80% away from it?

        If I were to follow your desired policy, then you said I mustn't violate privacy unless it is an extreme situation. You said there is no scale. You admit above that IP address is privileged information (on PerlMonks it is). You (I believe it was you) said earlier that even if it is only me temporarily breaching privacy, it is still a breach that is as unacceptable to you as any breach. Therefore, seeing your IP address must not be allowed unless there is an extreme situation.

        That is the only way I can interpret what you've said so far. However, you just said that seeing an IP address is "a *long* way" from other breaches. So you disagree with your own all-or-nothing policy.

        So you just implied that I'm allowed to see an IP address without the need of an extreme circumstance. What other breaches of private data can I make without invoking the zero-tollerance policy?

        Just to be clear, IP address *is* private data at PerlMonks. Only gods are allowed to see it. They never publish it (not even in any 'extreme situations' that I can think of). In some hypothetical, very extreme situation, I could see divulging an IP address to a single third party. It is taken quite seriously (and I've seen other gods take it quite seriously).

        But on the rare occasions when I do administrative tasks here, some of those tasks involve me looking at IP addresses. Sometimes I make connections between IP addresses in different records/logs. That is why web servers log IP addresses, because sometimes they are useful in administrative tasks. Sometimes I'm making those connections to try to reconstruct a user's behavior or to identify a user (perhaps so I can contact them). I don't think I've ever done this in what I would call an extreme situation.

        If that isn't total and blatant disregard for your desired policy, then please show me where I've misread your description of it.

        Do the actions I've described sound nefarious to anyone? I think some might think that they sound that way above. Several times I noticed some somewhat heavy load and investigated (not an extreme situation, though). Sometimes I find problems with PerlMonks. I've found misbehaving robots or poorly configured chat clients. I've found 'curious activity' of users. I don't feel nefarious about working such problems on occasion.

        I can understand you wanting to have a bright line to draw in the sand. But there is such a bright line, it is just that you want (I think) the bright line to prevent my original actions and I'm convinced that it can't.

        When I've worked with telephone companies (not even as an employee of them), I've listened to people's private conversations. Normally, doing that is both quite immoral and illegal. It didn't require an extreme situation. Oh, it wasn't commonplace (though it wasn't exceedingly rare either). It was just sometimes a result of the job. The several employees who said something about the situation, all were very clear in stating that it was just part of the job and that they had explicit legal protections related to it. (To be clear, we weren't eaves dropping. We usually didn't want to hear the verbal content of the conversation, but we did hear it while listening for other things.)

        In any case, the bright line is that we don't divulge private information. There are other things we don't do even though they fall on the in-bounds side of that bright line.

        I don't see how you can get a bright line where you appear to want it. I'm rather confident in this doubt because the massive regulation of the US phone companies is quite explicit in denying that position for a bright line.

        I'd kind of like a few more bright lines near here. I like bright lines when properly considered and well placed (when they are possible). Which reminds me that one such line is the "is a local admin" line. In some ways, it is more difficult and complicated for me that I currently occupy this side of that line. But I think it has its benefits for me and for the site still yet.

        But if you'd like to step back from your black-and-white stance, then we might still make progress in improving the clarity regarding issues of privacy or even the quality of policy. Though I suspect most monks have long since left this thread and some wish strongly that the thread had long since left. (:

        - tye        

[reply]

In Section Perl Monks Discussion