Explicitly state that revealing a user's identifying information is unwelcome behavior #4554
Conversation
Add an explicit prohibition against doxxing behaviors.
ZeLonewolf
changed the title
|
At least "against their wishes" or "without their permission" is missing, right now posting "I live in Poland" would be violation of that rule. |
|
All of the behaviors listed are "against their wishes", but I'd be happy to explicitly state this if it's felt necessary for this specific bullet item. |
"Bullying or systematic harassment" is inherently problematic, while
is more problematic as various form of that would be perfectly fine. For example in many cases it would be fine to mention that someone died (say, when removing maintainer from list), or mentioning someones region for context. In different situation revealing the same info (even the same sentence!) could be a wretched unacceptable attack. |
|
Maybe "threatening remarks" could actually cover this? |
|
Thanks for the feedback, I'd propose as alternate language:
|
|
Note that in some cases implicit consent or consent of someone else may be good enough, see
example |
|
And sorry, I have no better idea that would not have terrible problems or would be better |
|
Remember that the maintainers are the ones to adjudicate complaints, so the solution to obviously absurd interpretations is to not interpret the CoC in an absurd way. |
|
While i don't see any additional problems with the suggested change that do not already exist in the current content of the document (problems which i have discussed countless times so no need to reiterate once again here) i would like to point out clearly something that some people here seem to be unaware of. Attempting to use rule lawyering on the vague negative formulations in that document to try to impose your cultural behavior standards on people active on this project is not a good idea. This project is governed by consensus of the maintainers. And all the maintainers here are experienced people. My impression is that most of us subscribe to the principle that was coined here to appeal to morality rather than trying to instill it. We will make decisions here under this principle rather that bowing to people loudly shouting "Bob did foo and foo is forbidden by your rules so Bob needs go stand in corner for an hour and write a hundred times I shall not do foo". Like any other document in this repository And we want to keep it that way, we want people from all cultural backgrounds, who bring in a minimum amount of good will, tolerance, kindness and understanding, to be able to contribute here without constantly living in fear and preemptively censoring their comments to ensure they don't run into conflict with a rule document with vague rules that are likely interpreted to their disadvantage in the end. |
Having specific rules that directly forbid something not problematic is clearly worse than general rules subject to interpretation or lack of CoC. "this rule bans normal acceptable activity but usually we do not enforce it" is not a good method, so in the current form I am unhappy about this phrasing. |
|
How other projects dealt with banning such things? Are there cases of phrasing that bans doxxing without banning legitimate activity? |
|
Below the header is a list of mentions of doxxing that I found in other projects/platforms, in the order that I found them on Google. The most common text appears to be something close to:
ReferencesSource: https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx
Source: https://meta.wikimedia.org/wiki/Universal_Code_of_Conduct
Source: https://puppet.com/community/community-guidelines/
Source: https://inclusivenaming.org/code-of-conduct/
Source: https://etsy.github.io/codeofconduct.html
Source: https://www.elastic.co/community/codeofconduct
Source: https://www.mozilla.org/en-US/about/governance/policies/participation/
Source: https://www.islandora.ca/code-of-conduct
Source: https://escapeartists.net/code-of-conduct/
Source: https://deep.idrc.ocadu.ca/code-of-conduct/
Source: http://seattlecomposers.org/sca-code-of-conduct/
Source: https://playvalorant.com/en-us/news/announcements/valorant-community-code/
Source: https://www.freebsd.org/internal/code-of-conduct/
Source: https://www.mautic.org/code-of-conduct
|
I find it hard to believe there's cultural differences in what constants sharing of private information without someone's consent. Even if there was though, the particulars of things like that should and are bound to follow a "Western" definition of doxing since that's how this website and OpenStreetMap's etiquette guidelines define it. I image it would be extremely untenable in the long-term to have etiquette guidelines that aren't at least in some way in line with the rules of both projects. Otherwise, your just asking for potential problems down the line. In the meantime I'm sure people from other cultures will be given a chance to understand the rules and have any unclear parts explained to them before they are put in the corner or whatever. Just don't be an authoritarian about it, but that should be the case regardless of what culture someone who violates the guidelines comes from. |
Update to use most commonly-used language: Posting (or threatening to post) other people’s personally identifying information (“doxxing”)
|
In 40c2ed8, I changed the text to
...which appears to be the most common description from other codes of conduct. |
|
I suggest adding “except as necessary to protect other OSMer or other vulnerable people from intentional abuse” to cover the case where someone knows that someone else is a threat and warning others would “dox” the person. This is in: Geek Feminism CoC, lgbtq in technology slack group |
Not to be pedantic or discredit LGBTQ+ issues, but such wording seems like a slippery slope that would just encourage doxing as long as it's being done for the "right" reasons, and there really shouldn't be any "right" reasons to "dox" someone. If someone is a serious threat, they should be reported to authorities or at least it should be reported to a "safe" person in the OSM organization. Both of those options are really out of the scope of someone just "doxing" someone in a PR or issue though. In the meantime allowing for special exceptions to the rules just seems like a recipe for retaliation and needless drama. It shouldn't be on the maintainers to assess what constitutes "honest" doxing/threat versus one that isn't anyway. That said, I'd be interested to know how Geek Feminism CoC and lgbtq in technology slack group has dealt with such situations and how their maintainers determine what's a "legitimate" doxing in such cases and what isn't. |
|
In the past our Code of Conduct closely followed that at https://go.dev/conduct which itself is based on https://www.contributor-covenant.org/version/1/4/code-of-conduct.html [EDIT: actually it was not originally based on this, according to comments below) See #2289 which originally added it to this repository, and the update in #2503 The linked CoC examples above now include:
@ZeLonewolf are there any other changes to https://www.contributor-covenant.org/version/1/4/code-of-conduct/ which should be adopted here? [EDIT: based on following comment, it appears that it was intentional that our document did not include these examples] |
|
let's fix the other side of the problem, Now:
Proposal:
or just:
|
|
Thanks @jeisenbe for the history and links. The Contributor Covenant uses different language, but on review, points from that CoC that don't seem to be called out, but which we might consider including in some form are: Examples of unwanted behavior:
Examples of wanted behavior:
|
There was a problem hiding this comment.
See inline comments.
Additionally, I should note that the history of this document is that it was derived from the golang CoC in place when we adopted it. Golang has since completely changed their CoC to be based on the contributor covenant 1.4. I don't have access to my notes right now, but my recollection was the contributor covenant version that was most recent at the time was rejected for not addressing the problems we had, or having other issues.
|
On Wed, 01 Jun 2022 10:43 +02:00, Adamant36 ***@***.***> wrote:
If someone is a serious threat … it should be reported to a "safe" person in the OSM
organization.
That's doxxing. You're talking about doxxing.
Imagine you're aware a contributor has a track record of stealing money from other organisations, but is operating under a pseudonym in OSM. With my suggestion, you're allowed give the personal info of the person to a “safe person in OSM” (i.e. you can doxx them). Without, your task is much harder.
…--
Amanda
|
No, it isn't. A private/confidential report is not doxxing. Doxxing is a public disclosure of someone's private information. Please don't mix these up. |
Update doxxing line to language used in https://yahoo.github.io/oss-guide/docs/publishing/publishing-template/Code-of-Conduct.html
Remove extra text and clarify header
|
@pnorman any chance of this being included in v5.5.0? I know it's not critical to the style, but I'd hate to see it get put on the back burner until whenever the next release happens regardless of it is or not. |
This requires thought and reviews. Because this would go in effect when it gets merged, not needing to wait for a release, I'm not considering release schedules when looking at if it's ready to merge. |
Fixes #4552
This proposes to explicitly state that revealing identifying information about a user against their wishes is unwelcome behavior on the project.