Wikipedia talk:Harassment/Archive 23

Can we have a list of edge cases at this point? Thinking of adding the following text

Even when it is "obvious" that a user has identified themselves, unless they have explicitly provided info, err on the side of caution when posting on Wikipedia. Examples of outting include:

• Looking up a username and suggesting two profiles with same username are the same.
• Suggesting to Google any identifiable information.

Bluethricecreamman (talk) 05:58, 17 January 2025 (UTC)

Not needed, and the second one is unenforceable since it involves actions on another website. Risker (talk) 06:27, 17 January 2025 (UTC)

There is no situation where someone has "obviously outted themselves" unless they have explicitly voluntarily posted their own information -- for example User:HJ Mitchell who has provided his real name and photograph. Furthermore, we cannot simply infer a username = a real name, even if they are similar. For example User:Elonmusk95 ≠ Elon Musk, even though 1995 was apparently a significant year for the real Musk. So there is no "edge case" where we make an exception to the requirement that the editor, and only the editor can volunterily out themselves. TiggerJay (talk) 07:15, 17 January 2025 (UTC)

def needed. ran into a few of these edge cases at ani where even some admins were surprised. Bluethricecreamman (talk) 03:50, 18 January 2025 (UTC)

Perhaps a sentence on "connect-the-dots" outing, ie. connecting stuff that the editor has revealed in a way that exposes protected information that they haven't revealed - eg. in this case looking up a name, which they posted here, and using that to dig up their job title or address and posting that to Wikipedia. The key point is that an editor revealing one piece of information does not give people the right to out them with regards to other pieces of information, even (perhaps especially) if the information they revealed can turn up the other information off-site with a little digging. As an aside, I do think this policy could also provide a bit more information about what to do with personal information that you believe reveals policy violations (such as a WP:COI) - currently it vaguely says you can email them to individual administrators, functionaries, or arbitrators, or to the Wikimedia Foundation, but that is not very useful to an inexperienced user, who isn't likely to know who to email; and even experienced ones are likely to be left scratching their head a bit at such a vague instruction. --Aquillion (talk) 15:03, 17 January 2025 (UTC)

"Unless unintentional and non-malicious (for example, where Wikipedians know each other off-site and may inadvertently post personal information, such as using the other person's real name in discussions), attempted outing is sufficient grounds for an immediate block." If Wikipedians know each other off-site and posts their real name in discussions, is this a conflict of interest? Editrandom (talk) 18:24, 9 February 2025 (UTC)

I agree on you. Conflict of interest editing, whether in main page or talk page are both bad. If you don't want to be blocked for outing, say you have a COI with other editor. Randomeditsdaily (talk) 18:29, 9 February 2025 (UTC)

What is the conflict? The section of the policy refers to activity that is not directly related to content. Even if someone refers to me by my first (RL) name on-wiki or on the talk page of an article - the entire point of this section in the policy - there is no more of a conflict of interest than there would be if Editor A referred to Editor B by a nickname. And no, having met someone in real life is NOT an inherent conflict of interest. Risker (talk) 18:47, 9 February 2025 (UTC)

Psst, don't tell anyone, but those two accounts with similar usernames each made a single edit, the comments one sees here, and the comments were five minutes apart. --Tryptofish (talk) 20:45, 9 February 2025 (UTC)

I mean one did retire after that statement of yours and the other is globally blocked. 😁 TiggerJay (talk) 06:48, 10 February 2025 (UTC)

See Wikipedia:Sockpuppet investigations/Jumbe.

Tiggerjay, it gets a bit like a Dr Seuss rhyme, "locks on socks and blocks on whoever"... Anyhow, m:global locks and m:global blocks aren't the same. Locks are commonplace (in the meta: order of things) and global blocks rare. Cabayi (talk) 10:56, 10 February 2025 (UTC)

I guess they is know each other... --Tryptofish (talk) 23:48, 10 February 2025 (UTC)

If I have an account and an admin posts my ip address without good reason, does it count? 210.3.50.94 (talk) 02:55, 28 May 2025 (UTC)

If they connect it to your account in some way, generally yes but what counts as a "good reason" is not black-and-white. Thryduulf (talk) 13:21, 28 May 2025 (UTC)

If wanted, you could email User:Arbitration Committee with a link showing the issue and ask their opinion. Johnuniq (talk) 09:35, 29 May 2025 (UTC)

This edit request to Wikipedia:Harassment has been answered. Set the |answered= parameter to no to reactivate your request.

Remove "Unless unintentional and non-malicious (for example, where Wikipedians know each other off-site and may inadvertently post personal information, such as using the other person's real name in discussions)" because this makes editors not feel safe and want to leave after giving their Wikipedia account name to someone, even if they trust, know their real name. Also, this can make Wikipedia liable. 185.137.137.154 (talk) 21:05, 7 June 2025 (UTC)

Not to mention this essay 185.137.137.154 (talk) 21:07, 7 June 2025 (UTC)

This would seem to be a dynamic somewhat particular to yourself, if I can be frank. As a counterexample, I would feel awful if a friend of mine got into hot water because of such an accident, and that would in turn make me less comfortable onwiki and offwiki with other editors. This is an expression of community discretion, and it would continue to be exercised regardless of whether it's explicated here in this instance. Remsense 🌈 论 21:11, 7 June 2025 (UTC)

@Remsense are these eligible for oversight. The unintentional real name. 185.137.137.154 (talk) 21:12, 7 June 2025 (UTC)

If you don't want your personal information posted onwiki, you can have it oversighted certainly. Remsense 🌈 论 21:13, 7 June 2025 (UTC)

Hi there,

Many thanks for your interest in improving the policies here on Wikipedia.

I'm not sure I quite follow what you mean about Wikipedia being "liable" ?

The purpose of the sentence you've quoted is that someone accidentally referring to a real-world friend by their actual name rather than their username is not typically going to be viewed as grounds for punishment. It's important that we don't seek to overly police genuine mistakes. Remember that just because nobody is getting banned over the incident doesn't mean there aren't other options available - for example, if a real-world friend accidentally refers to an editor as their first name and the latter wants that to be removed, it can be either edited out - or you could request that Wikipedia further WP:SUPPRESS the accidental disclosure.

I fear you're essentially advocating for us telling people not to do things by accident. We'd prefer if they don't - but your fellow editors are only human; mistakes are going to happen. ···sardonism · t · c 21:13, 7 June 2025 (UTC)

@Sardonism @Remsense the wikimedia terms of use said (you will not) Soliciting personally identifiable information from anyone under the age of 18 years, or under the age of majority where you are if higher than 18 years, for an illegal purpose or violating any applicable law regarding the health or well-being of minors. So maybe under 18s unintentionally disclosure are a bit different. 185.137.137.154 (talk) 21:16, 7 June 2025 (UTC)

My first name is John. A hypothetical friend of mine who is not a member of the Wikimedia Foundation accidentally referring to me as that, rather than sardonism, in a talk page discussion can hardly be construed as the Wikimedia Foundation undertaking any action at all - regardless of the ages of those involved.

I appreciate your concern, but I'm not at all convinced your proposed change would be an improvement to the page. ···sardonism · t · c 21:18, 7 June 2025 (UTC)

There's no real conflict here though, especially given Wikipedia:Child protection and the WMF Privacy policy make explicit such considerations take precedence without exception. Remsense 🌈 论 21:18, 7 June 2025 (UTC)

@Remsense @Sardonism it is much safer to give your Wikipedia account username to a stranger that does not know your real name than to a friend that does even if you trust them. 185.137.137.154 (talk) 21:20, 7 June 2025 (UTC)

We're aware. I'm gently trying to make you aware this isn't really an issue for site policy to solve, but an issue for you to manage in your own interpersonal relations with others. Remsense 🌈 论 21:22, 7 June 2025 (UTC)

@Remsense @Sardonism, there is good faith copyright violations and real name in discussions is a good faith privacy violation. 185.137.137.154 (talk) 21:28, 7 June 2025 (UTC)

Solution, edit Wikipedia anonymously using a temporary account. 185.137.137.154 (talk) 21:32, 7 June 2025 (UTC)

If I may, this could be me assuming too much, but it seems you have encountered some stressful situation in your life, and at this moment sound plausibly like you're having a full-blown physical panic attack over it, or are close to one. If you need the assistance of oversight, what I suggest you do is make the needed private requests to oversight, and then take a concerted break from Wikipedia for a few hours at least, so you can ease up on your nerves some. There's not much else here you can do other than make yourself even more stressed out over whatever problem you're having. Just my dispassionate concern. Remsense 🌈 论 21:32, 7 June 2025 (UTC)

@Sardonism @Remsense I was just curious about the policy. Nothing stressful about my life. 185.137.137.154 (talk) 21:34, 7 June 2025 (UTC)

The anonymous account solution is the best. You can also edit from a public wifi. 185.137.137.154 (talk) 21:34, 7 June 2025 (UTC)

I'm glad that's the case then, sorry for reading too much into things here. Your posting seems characteristic that of a very anxious individual. Remsense 🌈 论 21:35, 7 June 2025 (UTC)

(edit conflict × 6) Why should the community writ large insist upon a punishment being issued if the editor affected doesn't want their friend to be subject to such?

I don't believe I have a single real-world friend who's aware of my username - and certainly not my IP address. It strikes me as being a somewhat convoluted concern to worry about 1) someone knowing my username, 2) them accidentally disclosing such in a discussion here on the wiki, 3) me being opposed to them being subject to a punishment, and, 4) there being some kind of objective imperative for a punishment to be applied even over my objection.

Consider the first paragraph of Wikipedia:Policy_writing_is_hard#Attitudes_that_help; the goal isn't to foresee every hypothetical situation ahead of time and prescribe a precise way of handling it. The community members involved will refer to the policy for how things are generally done, consider the facts & any extenuating circumstances, and take it from there.

Just because something isn't explicitly spelled out on a policy page somewhere doesn't mean it isn't an option. ···sardonism · t · c 21:45, 7 June 2025 (UTC)

WP:DOX explicitly covers "still-existing, self-disclosed posted information", and also covers redacted or oversighted information. It does not seem to explicitly cover personal information that was self-disclosed on Wikipedia, then promptly deleted, but not redacted or oversighted, and which is still visible in the page history. Is such deleted information considered to be still-existing, or would raising it (in a sock puppet investigation, for example) be considered to be outing? Nurg (talk) 23:27, 5 July 2025 (UTC)

If you go down to the subsection on "Exceptions", point number 2, it says: If individuals have identified themselves without redacting or having it oversighted, such information can be used for discussions of conflict of interest (COI) in appropriate forums. So referring to it, with a diff, is generally not going to be treated as a policy violation. However, common sense should also be used, and it may still be a better idea to communicate such information privately, depending on the context and circumstances. --Tryptofish (talk) 18:45, 6 July 2025 (UTC)

This edit request to Wikipedia:Harassment has been answered. Set the |answered= parameter to no to reactivate your request.

Remove "(for example, where Wikipedians know each other off-site and may inadvertently post personal information, such as using the other person's real name in discussions)" because this is WP:BEANS as they encourage people to post real name if known in discussions as they wont get blocked but still may get other sanctions such as iban for that violation. 49.179.69.111 (talk) 01:30, 26 October 2025 (UTC)

Referring to still-existing, self-disclosed posted information is not considered outing, and so the failure of an editor to have the information redacted in a timely manner may remove it from protection by this policy. I assume that the standard procedure for accidental disclosure by a friend of the editor in question is the same: quietly email a couple admins to revdel the outing, preferably sent by the editor themselves. However, if another guy picks up the slip-up and starts routinely referring to the user by their real name, that is at the very least going to be frowned upon and most, including me, will see that as a form of harassment, even if technically it's not exactly doxxing. The rules are not set in stone and if you intentionally behave like an asshole and try to lawyer your way through policies and guidelines, chances are you are gonna get sanctioned. While I would want for most policies and guidelines to be shorter, and in fact I started a compilation effort to make this goal happen, I do not see this passage as offending or a loophole. So  Not done but I'm not closing this edit request so that others can take a look - editing policies generally requires a bit of discussion. Szmenderowiecki (talk) 10:30, 26 October 2025 (UTC)

 Not done for now: please establish a consensus for this alteration before using the {{Edit semi-protected}} template. --Ferien (talk) 17:27, 26 October 2025 (UTC)

It seems like you should require them to sign a non-disclosure agreement before giving out your username just like what WMF does with CheckUsers and Oversighters. ~2025-32374-06 (talk) 21:50, 9 November 2025 (UTC)

For context, see this comment by an arb; recently there have been a lot of cases involving off-site canvassing or advocacy, which have led to ArbCom blocks; two people in ArbCom case either received sanctions at least partially affected by such offsite evidence, or had in the past. At least one comment on that case was redacted (the admin doing so said that they didn't think it should qualify as outing, but that it did.) The question of precisely what offsite stuff can lead to sanctions here is itself controversial (and ought to be discussed elsewhere), but it is clear that at least some stuff is leading to sanctions and that the OUTING policy is making it difficult to discuss or enforce. Therefore, I propose a limited exception to OUTING.

• Discussion of an off-wiki account is not considered OUTING, provided both of the following apply:
  • The account does not contain, and knowledge of it cannot reasonably be used to obtain, any other category of personal information.
  • The account's primary purpose is for canvassing, advocacy, or discussion directly related to Wikipedia.

The intent is to establish a reasonable balance of potential harm vs. reasonable cause; the first point establishes that the risk of harm is low, and the second point establishes that there's a reasonable cause for discussion. Some people might reasonably disagree over whether the things listed in the second point should lead to sanctions, but it is clear that they sometimes do; the reason why it goes a bit beyond just canvassing is because otherwise people might argue "ah, yes, I ran a blog saying that everything in this topic area is wrong and biased, but I didn't explicitly tell people to edit." The criteria needs to be clear-cut for reasons I think are obvious. The second bullet point could perhaps be a bit more permissive than "primary purpose", but the intent is to avoid a situation where an account is outed for one or two posts - the intent is an account whose focus is so overwhelming that it raises WP:NOTHERE or WP:TEND concerns or something similar. --Aquillion (talk) 16:55, 1 November 2025 (UTC)

I support this. Seems a reasonable change that can help tackle canvassing issues but also providing some safeguards against outing private information by including primary purpose is canvasing and that the account has no private info on it in the proposal. GothicGolem29 (GothicGolem29 Talk) 17:00, 1 November 2025 (UTC)

As the mentioned admin who revdelled that comment dubitante, I'm glad that we're having this conversation, but I actually think your exceptions are too broad. If this were implemented, I'd've still had to revdel the comment, because that editor's blog includes a forename and a selfie, which are two other categories of personal information. I imagine you'd find something like that in most cases. Even something as simple as "I live in the US", if never disclosed on-wiki, would kill this exception.

There are two solutions to this I could envision. One is saying something like The account does not reveal the editor's non-pseudonymous identity or information that could be easily used to find that identity, if it has not been revealed on-wiki. That would cover the case I revdelled, but there's obvious line-drawing problems, and we just run into the fundamental problem that most people don't have great opsec and some people can find a lot from a little... I once spent four hours tracking down someone who'd sent me threats, triangulating based on gender and approximate age, two states they'd lived in, a common profession, and a common hobby, and was able to pick them out of a list of suspects in the end based on a cat picture. So, it's hard to say let's just open the door halfway.

The other solution is something I've been toying with for a while, which is focusing on cases where an off-wiki identity either explicitly identifies an on-wiki account, or has the same/similar username and reason to think they're the same person, and then in those cases drawing a distinction between saying someone is a specific off-wiki person and asking them about it. I'd jotted down the following rough idea shortly after the revdel you mentioned:

It is not a violation of this policy to ask a user if they are the same person as an off-wiki individual who has claimed to be the on-wiki user, or whose name or pseudonym is identical or very similar to the user's username or to a name or pseudonym the user has disclosed on-wiki, if this is relevant to determining whether they have violated any Wikipedia policy and there is good reason to think they are the same person. An administrator may weigh the plausibility of a denial or failure to answer in determining whether sanctions are necessary. But such questions should not be asked gratuitously, plausible denials should generally be trusted, and editors must not assert as fact that the user is the person in question. (E.g., "User:JohnDoeAcme seems likely to have a conflict of interest with John Doe, CEO of Acme, and his explanation for his username does not seem plausible" is okay; but "User:JohnDoeAcme is John Doe, CEO of Acme, but denies it" is not.) Editors may link to information about the off-wiki person published by that person or by reliable sources, if relevant to the alleged violation of policy, but may not link to third-party primary sources such as 'people-finder' websites or government databases, and may not repeat personally identifiable information that has not been stated on-wiki, even if disclosed by the off-wiki person. E.g. "User:JohnDoeAcme, are you John Doe of Acme? [link to LinkedIn page that gives location of Greenacre]", but not "User:JohnDoeAcme, are you John Doe of Acme, from Greenacre?"

Little rough around the edges but I think something like that is the best way forward. (Tangent: We should have a discussion about clarifying that "job title" only is an issue if it can be used to infer an otherwise non-public name; it's insane that we can say "John Doe works at Acme" if he has that on his userpage, but not that he's the CEO, even if the Acme website says he's the CEO.) -- Tamzin^{[cetacean needed]} (they|xe|🤷) 17:38, 1 November 2025 (UTC)

Something that I think should be examined as part of this discussion (I'm as yet undecided on any possible changes to make) is whether the outing concerns can be adequately addressed by simply continuing our present practice of requiring that such evidence be submitted privately, instead of posted onsite, which might, perhaps, make changes unnecessary. I'm not saying that it really is unnecessary, but I would like us to be precise about why we would want to allow exceptions permitting posting something in public. --Tryptofish (talk) 22:03, 1 November 2025 (UTC)

At least from my perspective, the main advantage of this change would be to make it easier for things to be handled, and especially for problems to be quickly discussed by a larger group capable of reaching a decision without the need for a lengthy and difficult ArbCom process. For some of the people who were sanctioned by ArbCom, say, the evidence was known to a lot of people for a long time; and given ArbCom's sharp reaction to it, it's likely those, at least, could have been handled much faster and more easily in a simple WP:ANI thread if we'd been able to just start one. If these things are becoming more common (and SFR, who is in a position to know due to ArbCom being the final stop for them and seeing evidence that other people don't, says they are) then we ought to try and have a procedure for them that can act quickly and without consuming this much time and energy. One distinctive trait about everything related to ARBTRANS in particular (from the lead-up to the case itself all the way through to the final decision) is that it dragged and dragged and draaaagged, and there's a wide array of reasons for this, some of which we can't really address; but if we can open the door to sending more obvious cases to ANI for a quicker resolution, it could reduce the workload on both AE and ArbCom, both of which are heavily overworked and often slow to respond.

A secondary advantage is that holding these discussions publicly (whether at ANI or AE or even ArbCom) will make it more obvious what's happening and what evidence leads to what results, which will help people gain a sense of where the lines are and what they ought to report; even if people can notionally send evidence in private, they need to know when to do so, which is hard when they never see what's going on (or whether, you know, some particular bit of evidence has been sent in already.) This is especially true because the extent to which offsite conduct is considered (and when and how) is still a bit unsettled and controversial; allowing at least some of it to happen publicly, when it is safe to do so, would make it easier to have that discussion, because we'd be able to point to examples and ask if the results are what people want. This ties in to the above because offsite conduct, being controversial, is precisely the sort of thing that I think admins often want to see a consensus on before acting over; yet the need to present evidence privately makes it harder for that consensus to emerge in any particular case, and makes it less clear whether a broader consensus or precedent exists on the type of conduct in question. Basically, running everything in secret has a ton of drawbacks, so we should strive to move towards transparency when possible. --Aquillion (talk) 01:20, 2 November 2025 (UTC)

OK, I can see how efficiency and transparency are both desirable features. You based this argument on the recent experience of the ArbCom case, where it can be argued that there was a strong case to be made for taking disciplinary action. So I'm going to turn that around, and ask what would happen if someone, given such an exception, makes public some information that we would consider personal information, but it turns out that they were wrong, and the evidence for off-site canvassing or advocacy did not hold up. Perhaps such an exception would lead, in a situation like that, to an editor's personal information being made public when, in fact, they had done nothing wrong. --Tryptofish (talk) 22:01, 10 November 2025 (UTC)