[Imc-web] Re: [Imc] UCIMC and Anonymity

Wendy Edwards wedwards at uiuc.edu
Tue May 1 12:46:14 CDT 2007 

Actually, I was not going to respond to this at all, but Gordy Hulten at
IlliniPundit convinced me that it would be the right thing to do.  There
are some significant inaccuracies in your information. 

You claim that only administrators and editors can look up IP 
information on UCIMC.  This is false, and probably has been since 
October.  As it happens, the site is configured so that anyone who
registers as an user (requiring only a valid email address) can see all
the IP information associated with posts on UCIMC.

It's quite likely that my "editorial privileges" were temporarily 
restored after the crash.  But given that any registered user could look
up all IP address information anyhow, that didn't make much difference.

Yesterday, I saw that the UCIMC editors had hidden a particularly vile
post about an alleged sexual abuse victim that contained gratuitous
personal information and a "hos" joke.  I appreciated the show of
respect for her privacy, and decided to respect UCIMC's by redacting the
IP addresses from the posts on the other blog.

Wendy

On Mon, Apr 30, 2007 at 11:32:58AM -0500, Mike Lehman wrote:
> Posters to the IMC network must have the presumption that their
> anonymity will be respected.
> 
> The UC-IMC site has been running since October using a content
> management system called Drupal. We moved to Drupal because the previous
> site had become an enormous burden to maintain, owing to non-stop
> spambot attacks that Dada (the previous software) was not able to
> prevent; the editors were having to pull about a thousand spams a day, a
> new one showing up every minute and a half. The spam issue was central
> to the decision to move to a new software platform.
> 
> The Drupal software allows for the logging of IP addresses for comments.
> As a group, IMC-Web decided that we will perform a very limited logging
> of IP addresses under the following constraints:
> 
> (a) The log entries will only be visible to editors and administrators;
> 
> (b) The log entries will be used solely to spot spambots and determine
> the appropriate IP addresses to block, not to determine the identity of
> any anonymous poster;
> 
> (c) The log entries will be automatically deleted after 24 hours.
> 
> This, we felt, was the best balance between ensuring the anonymity of
> posters on one hand while being able to block spambots -- of which we've
> blocked several already -- before they render the site a nightmare
> to maintain again.
> 
> As part of the recent restoration after the hard disk failure last week,
> a former editor who no longer has editorial access had her editorial
> access temporarily returned. She used that access to harvest IP addresses
> of commenters on one particular thread before the log entries were
> auto-deleted in order to identify anonymous posters. She then posted
> what she found on another local blog (!).
> 
> We take this sort of thing very seriously. It represents the single most
> serious breach of anonymity policy in UC-IMC history. We apologize to
> those who have had their anonymity even partially violated by this act.
> And we have taken steps to ensure that she no longer has access to this
> data.
> 
> /s/
> The IMC-web working group
> 
> PS If there are any questions, please address them to IMC-web at ucimc.org.
> _______________________________________________
> IMC mailing list
> IMC at lists.ucimc.org
> http://lists.chambana.net/cgi-bin/listinfo/imc

More information about the IMC-Web mailing list