Wiki Education takes privacy and security seriously, especially when it comes to the students, instructors, and scholars who participate in our programs. While we attempt to maintain secure infrastructure and follow best practices for web security — including regular security updates for our servers and software libraries, using HTTPS for our websites, and limiting server access to those who require it — the general state of computer security is a mess. Our main strategy for protecting program participants is to limit what information we collect and store. We keep no passwords whatsoever (participants utilize their Wikipedia accounts for login) and the personal information we do store has limited value for would-be thieves.
The main sensitive things we store are names and email addresses. These are never shared, and are accessible only to Wiki Education staff and — in the case of names — to students’ instructors. Emails are used for automated messages from the Dashboard, help requests from students to our Wikipedia Experts, and in some cases for surveys being conducted by our staff or in collaboration with academic researchers. Names are stored on the Dashboard for the convenience of instructors — so that they can easily match up students’ Wikipedia contributions with their in-class identities — but they need not be legal names. Student names are not displayed publicly, unless a student has consciously included their name in their Wikipedia username. Wikipedia usernames are visible on Dashboard course pages and in the edit history of Wikipedia itself.
The most significant privacy concerns for students and instructors to be aware of relate to activity that takes place on Wikipedia. Students’ usernames are connected to each edit they make, and the usernames of participating students are added to the wiki page for each course — connecting those usernames to each other as well as the school and instructor. Especially when students choose usernames derived from real names (which we discourage students from doing in our training materials), this can be enough for dedicated data sleuths to de-anonymize the Wikipedia contributions of some students. To our knowledge there is no market for aggregating such data (yet), but Wikipedia’s public data can play a role in online harassment.
If you have privacy or security concerns about Wiki Education programs or websites, please contact us: firstname.lastname@example.org.