Doom Wiki:Privacy policy/draft

Participation on the Doom Wiki at DoomWiki.org, by design, rarely involves considerations of privacy. Neither this project nor its web host, MancuNET, are business organizations, nor do they conduct marketing activities of any sort. The features of MediaWiki are almost entirely disabled here, and users are neither required nor encouraged to provide personally identifying information.

We recognize, however, that any system sufficiently open to allow participation by the general public is also vulnerable to certain kinds of abuse and counterproductive behavior. This policy is one mechanism established to prevent or remedy such disruptions.

Scope
In general, this policy applies only to information derived from the browsing and editing of pages. DoomWiki.org collects and retains the least amount of personally identifiable information needed to fulfill its operational needs.

This project can have no influence over the interaction of users outside DoomWiki.org, e.g. via email, IRC or other chat, or independent websites (such as doomworld.com). Users should assess the risks involved, and their personal need for privacy, before using these methods of communication.

Visible information
Anyone with (and not otherwise restricted from doing so) may edit the publicly editable pages of this site, with or without logging in as a registered user. By doing this, editors create a published document, and a public record of all content added, subtracted, or changed. This is a public act, and an editor is identified publicly as the author of each revision. All contributions made to this project, and all publicly available information about those contributions, are irrevocably licensed and may be freely copied, quoted, reused, and adapted by third parties with few restrictions.

DoomWiki.org does not require editors to register with an account. Anyone can edit without logging in with a username, in which case they will be identified by network IP address. Users that do register are identified by their chosen username.

For editors who do not log in, the IP address used is publicly and permanently credited as the author of the edit. It may be possible for a third party to identify the author from this IP address in conjunction with other information available. Additionally, an IP address may be shared by multiple users, as at a school or business, or in a large ISP which assigns addresses dynamically. In such cases, the user may become associated with that organization or geographical area due to the activities of the other users. Logging in with a registered account therefore allows for better preservation of privacy.

Once created, user accounts will not be removed. It may be possible for a username to be changed, but there is no guarantee that a username will be changed on request (and substituted signatures are unaffected in any case).

Edits or other contributions to this project, on articles and non-article pages, are generally retained forever. Erasing text from a page does not permanently delete it. Normally, anyone can look at a previous version of an article and see what was there. Even if an article or an individual contribution is "deleted", a user entrusted with increased access may still see what was removed from public view. Information can be permanently deleted only by persons with access to the database backend. Aside from the rare circumstance when MancuNET is required to remove editing-history material in response to a or equivalent legal process, there is no expectation of any permanent deletion occurring.

Data on user contributions, such as the times at which users edited and the number of edits they have made, are publicly available via user contributions lists, and in aggregated forms such as Special:Statistics. It is conceivable that other users may independently collect and aggregate site revisions.

Hidden information
When a visitor requests or reads a page, no more information is collected than is typically collected by web sites. MancuNET may retain raw logs of such transactions, including the originating IP addresses, but these will not be published nor used to track legitimate users.

Registered users select a password, which is confidential and used to verify the integrity of their account. Although the Doom Wiki has supported since 2016, it is also recommended that each user choose a password unique to their DoomWiki.org account, and change it regularly.

MediaWiki sets a temporary session cookie on a visitor's computer whenever a page is visited. Readers who do not intend to log in or edit may deny this cookie; it will be deleted at the end of the browser session. More cookies may be set upon login, to maintain logged-in status. If one saves a user name or password in one's browser, that information will be saved for up to 30 days, and is re-sent to the server on every visit to the site. Contributors using public computers, who do not wish to show their usernames to future users of the machine, should clear these cookies after use.

Except insofar as it may be required by law, no person should disclose, or knowingly expose, user passwords and/or cookies generated to identify a user.

When a page is edited by a logged-in editor, the server confidentially stores related IP information for a limited time. This information is automatically deleted after a set period.

Access to hidden information
The Doom Wiki is operated entirely by volunteer contributors. A few dedicated users have been entrusted by the community with enhanced technical tools, in order to carry out necessary maintenance tasks. From time to time, this may allow them access to private user information. Such information is used only for certain specific activities intended to serve the well-being of the project as a whole, namely:


 * Server log data may be examined by the database maintainers in the course of solving technical problems, such as tracking down ill-behaved web spiders or spambots that overtax the site.
 * Large-scale vandalism or spamming may be addressed by range blocking of registered accounts, which requires temporarily associating usernames with IP addresses. This information is not made public, and only the resultant IP range is recorded in the block log.

It is the policy of the Doom Wiki to avoid distributing any personally identifying information outside this trusted group of users for any reason. Exceptions to this are possible only in the following cases:


 * In response to a valid or other compulsory request from law enforcement.
 * With the permission of the affected user.
 * If a user engages in persistently abusive behavior to such a degree as to create a site-wide disruption or a real-world legal concern, information may be released to the user's ISP in the course of resolving the issue.
 * If a technical issue is sufficiently severe as to endanger the existence of the project, the database maintainers may choose to consult an external vendor. This third party, in the course of their professional activity, would require access to server log data and related information.

Children's Online Privacy Protection Act
DoomWiki.org is not a site aimed at children, the primary topic of its material being a video game which is rated M by the ESRB, and therefore recommended only for people 17 and older. We do not solicit, collect, or store any personally identifiable information from persons under 13 years of age. Any such information willfully posted by such a user will be removed by the administrators. We additionally make no warranty or guarantee that the content on DoomWiki.org is appropriate for minors and recommend that parents and guardians utilize the full extent of their judgment before allowing minors access to this site.

Third-party content on-site
In order to make it possible for this site to operate efficiently and on-budget, and to provide access to external rich media sources, accesses may be made to third-party servers as a result of utilizing the site. Information transmitted to these third-party sites is limited to the minimum possible and is anonymized to the greatest extent possible. Currently the only third-party sites to which information may be transmitted, depending on your configuration, include the following:
 * www.google-analytics.com
 * www.paypalobjects.com (if using the Monaco skin only)
 * www.youtube.com and related domains (when visiting pages with embedded videos only)

Disclaimer
Breaches of privacy are a serious matter, with legal and ethical implications for both the involved editors and the project as a whole. Due to lack of participation and interest, however, the Doom Wiki has not constructed formalized procedures to handle such issues. Further, per the introductory paragraph, we have little or no empirical experience to inform best practices. The above text represents an educated guess as to what constitutes reasonable behavior by administrators and contributors. It has not been "ratified" by anyone, and individual administrators or database maintainers may disagree with some provisions. As in all cases of policy enforcement on DoomWiki.org, administrators are expected to use their common sense and good judgement to derive a workable solution.

Although MancuNET puts forth a committed effort to safeguard the security of the limited user information collected and retained on its servers, determined third parties may still develop data-mining and other methods to uncover such information and disclose it. For this reason, DoomWiki.org can make no guarantee against unauthorized access to information provided in the course of participating in this project.