The only difference between the two proposals is the word "extreme"

That's a very shallow reading. There is a deep and fundamental difference in the two positions. If there was a stated policy that privacy breaching was something to be done only when absolutely necessary, I would trust the gods to follow that policy. Were that the case I do not think tye would have even considered peeking at private data in the present case because in upholding policy he would have asked himself "is this breach absolutely necessary?", and the answer can only be "no" for such a trivial situation. Instead, the gods have no such policy and so the question above doesn't get asked ... the question they might ask themselves is "what is the harm in this particular case". And *that* is a fundamentally different question, and the wrong question if you take privacy seriously. Using that (or similar) question as your guide makes *you* the judge of the value of *my* privacy.

I am very far from being the black-or-white person you suggest. Some concepts just do not lend themselves to continuous scales. What sense does 30-percent or 80-percent anonymous have to you? And I do realize the nature of access involved in administration as I administer a small multi-user system/gateway myself. Seeing bits of priveledged information such as IP addresses is a *long* way from connecting the dots to isolate and identify users and/or user behavior.

I am very far from being the black-or-white person you suggest.

Noone ever said you were a black-and-white person. You see this issue as black-and-white.

Some concepts just do not lend themselves to continuous scales.

You keep using this word 'continuous' but I don't think anyone else has. It isn't a continuous scale. It is a partially ordered set of discrete points (at least), some points quite clearly much worse than others.

Seeing things as black-and-white is a conceptual block. Of course you think the concept can't be 'grey', that is the nature of such a conceptual block.

What sense does 30-percent or 80-percent anonymous have to you?

None. I can't assign a number to level of anonymity or privacy (else it would be a totally ordered set of points). Is some information more sensitive than other information (even though both are treated as private)? Of course. Is writing your home phone number on the wall of every public restroom I visit a worse breach of privacy than me glancing at your home phone number in a record in a database I administer? Absolutely.

Seeing bits of priveledged information such as IP addresses is a *long* way from connecting the dots to isolate and identify users and/or user behavior. [emphasis added]

Would you say that is 40% away from it or more like 80% away from it?

If I were to follow your desired policy, then you said I mustn't violate privacy unless it is an extreme situation. You said there is no scale. You admit above that IP address is privileged information (on PerlMonks it is). You (I believe it was you) said earlier that even if it is only me temporarily breaching privacy, it is still a breach that is as unacceptable to you as any breach. Therefore, seeing your IP address must not be allowed unless there is an extreme situation.

That is the only way I can interpret what you've said so far. However, you just said that seeing an IP address is "a *long* way" from other breaches. So you disagree with your own all-or-nothing policy.

So you just implied that I'm allowed to see an IP address without the need of an extreme circumstance. What other breaches of private data can I make without invoking the zero-tollerance policy?

Just to be clear, IP address *is* private data at PerlMonks. Only gods are allowed to see it. They never publish it (not even in any 'extreme situations' that I can think of). In some hypothetical, very extreme situation, I could see divulging an IP address to a single third party. It is taken quite seriously (and I've seen other gods take it quite seriously).

But on the rare occasions when I do administrative tasks here, some of those tasks involve me looking at IP addresses. Sometimes I make connections between IP addresses in different records/logs. That is why web servers log IP addresses, because sometimes they are useful in administrative tasks. Sometimes I'm making those connections to try to reconstruct a user's behavior or to identify a user (perhaps so I can contact them). I don't think I've ever done this in what I would call an extreme situation.

If that isn't total and blatant disregard for your desired policy, then please show me where I've misread your description of it.

Do the actions I've described sound nefarious to anyone? I think some might think that they sound that way above. Several times I noticed some somewhat heavy load and investigated (not an extreme situation, though). Sometimes I find problems with PerlMonks. I've found misbehaving robots or poorly configured chat clients. I've found 'curious activity' of users. I don't feel nefarious about working such problems on occasion.

I can understand you wanting to have a bright line to draw in the sand. But there is such a bright line, it is just that you want (I think) the bright line to prevent my original actions and I'm convinced that it can't.

When I've worked with telephone companies (not even as an employee of them), I've listened to people's private conversations. Normally, doing that is both quite immoral and illegal. It didn't require an extreme situation. Oh, it wasn't commonplace (though it wasn't exceedingly rare either). It was just sometimes a result of the job. The several employees who said something about the situation, all were very clear in stating that it was just part of the job and that they had explicit legal protections related to it. (To be clear, we weren't eaves dropping. We usually didn't want to hear the verbal content of the conversation, but we did hear it while listening for other things.)

In any case, the bright line is that we don't divulge private information. There are other things we don't do even though they fall on the in-bounds side of that bright line.

I don't see how you can get a bright line where you appear to want it. I'm rather confident in this doubt because the massive regulation of the US phone companies is quite explicit in denying that position for a bright line.

I'd kind of like a few more bright lines near here. I like bright lines when properly considered and well placed (when they are possible). Which reminds me that one such line is the "is a local admin" line. In some ways, it is more difficult and complicated for me that I currently occupy this side of that line. But I think it has its benefits for me and for the site still yet.

But if you'd like to step back from your black-and-white stance, then we might still make progress in improving the clarity regarding issues of privacy or even the quality of policy. Though I suspect most monks have long since left this thread and some wish strongly that the thread had long since left. (:

- tye        

You keep using this word 'continuous' but I don't think anyone else has.

The continuum notion was brought up by another AM in this post earlier in the current subthread.

Would you say that is 40% away from it or more like 80% away from it?

:-), I'd say, on the "other side of the line" away.

Therefore, seeing your IP address must not be allowed unless there is an extreme situation.

So you just implied that I'm allowed to see an IP address without the need of an extreme circumstance. What other breaches of private data can I make without invoking the zero-tollerance policy?

I've said from the very beginning that I understand that you and other admins must have access to and see private data. That is a given by the nature of the required tasks.

Sometimes I'm making those connections to try to reconstruct a user's behavior or to identify a user (perhaps so I can contact them). I don't think I've ever done this in what I would call an extreme situation.

If that isn't total and blatant disregard for your desired policy, then please show me where I've misread your description of it.

Yes, the purposeful reconstruction of identity and behavior is absolutely on the other side of the line unless a case could be made that it was a necessary evil to prevent some significant abuse or some such thing that couldn't be handled in another manner.

I'd kind of like a few more bright lines near here. I like bright lines when properly considered and well placed (when they are possible).

I think the line I just painted in the previous paragraph is pretty bright and clearly delineated. Not in absolute terms of what precisely constitues a significant or extreme circumstance (I was never asking for absolutes) but that at least a case could be made that such conditions were present prior to any purposeful breach.

But if you'd like to step back from your black-and-white stance, then we might still make progress in improving the clarity regarding issues of privacy or even the quality of policy.

I do not see my stance as any more (or less) black and white than yours. You draw the line at divulging private information (and I'm pretty sure you don't consider that to be a grey area). I draw it at using your necessary power to recover indentity and habits of users without some seriously good cause to justify that action.