All users of the toolserver(s) are required to respect the following basic rules:
- You must read all announcements to the toolserver-announce mailing list (archive). (Note that all posts to toolserver-announce are also cc'd to toolserver-l (archive), so there is no need to subscribe to both lists.)
- Use of the toolservers must be related to a designated affiliate project (see below). This rule will be strictly enforced as violations are an abuse of donated resources. If you are at all unsure if something you want to do is appropriate, contact ts-admins first.
- Designated affiliate projects of the toolserver are currently 1) The Wikimedia Foundation and any of its projects, and 2) OpenStreetMap and any of its projects.
- Specific resources like databases or login servers may be reserved for use with specific projects. For instance, some resources may be set aside for OpenStreetMap-related projects.
- All uses of the toolservers must be legal under Dutch, German, US and your local laws. Please be aware that "fair use" only exists in the USA, although other countries may have similar local laws.
- You must not run any process which may impact other networks. This includes (but is not limited to):
- Port scanning or service scanning of any kind (e.g. nmap), security "auditing", etc.
- High-rate spidering/crawling or other requests to other sites without permission from the operator of that site.
- If in doubt, ask first.
- Large web applications (e.g. phpMyAdmin, MediaWiki, etc.) may not be installed.
- "Installation" here refers to making these available to the public; see further clarification.
- You are responsible for the security of all services you provide, including both third-party software and software of your own design.
- Before making a service available, please check for security issues.
- Use of an account is limited to the person to which the account was issued.
- You must not share your account with another user.
- Tools and scripts must not ask users to authenticate using account details from a Wikimedia wiki.
- Bots must operate according to the target wiki's regulations regarding bots.
- Bots may not edit anonymously.
- You have to add a line at the bot-userpage, that the bot runs at the toolserver.
- Blocks placed on errant bots may affect other users of the toolserver.
- The continuous running of langlink-bots (also named interwikibots) is only allowed for the Multi-Maintainer-Project "interwikibot".
- All bots have to run via SGE.
- Tools may not serve significant portions of wiki page text to clients. "Significant" means distributing actual page content; for example, installing MediaWiki to serve the text of wikis would not be allowed, but showing a short extract to provide context for a tool would be okay.
- The toolserver is not an email provider; your toolserver email address should only be used for things directly related to your tools (e.g., as a contact address on your toolserver web pages).
Your actions and the contents of your home and public_html directories may be reviewed by administrators on a periodic basis to ensure compliance with these rules.
User accounts may be closed by any administrator without notice for violation of any of these rules (this applies particularly to #2 and #3) or for any other reason. If you have any reason to suspect that your use of the toolserver is not legitimate, ask first. The toolserver is not a wiki and excuses such as "the rules didn't say I can't do this" will be ignored. Accounts closed for rules violations will not be reopened except in extraordinary circumstances. You cannot abuse the toolserver and expect to keep your account because you apologise afterwards.
- You are not allowed to publish any data that is not also publicly available on the public Wikimedia wikis sites in some form.
- You have to take care not to publish any data that has been removed from the public Wikimedia wikis.
- You are not allowed to publish connection data, especially IP addresses, of other people
- this refers to the connection data of people using your tools, to data provided in log files as well as to data available about other toolserver users via tools like who.
- Tools that allow profiling of individual user's activity (beyond what can easily be achieved directly on the public wiki sites) must only be applied with the respective user's consent (opt-in).
- Note: analysis of publically available data (data mining) may well lead to information that compromizes the privacy of individuals (profiling). The fact that anyone could in theory perform this analysis does not justify the publication of such information. Only if the data is available just as easily from the Wiki iteself, or if the data in no way interferes with the privacy of individuals, can it be made available on the toolserver without the user's consent. See also w:Data Mining#Privacy concerns and ethics and w:Profiling practices#Risks and issues.
Some specific cases are covered below. More may be added when need arises.
- Deleted pages and revisions (the archive table)
- Toolserver users has limited access to the archive table. Even that limited information must only be published in highly abstracted form. Specifically, the number of edits to deleted pages per user may be shown.
- Edit counters
- Edit counters are in general allowed. The information they provide is available from the public sites, though it would be very hard to come by using the web interface.
- Counting edits per person per namespace is allowed.
- Counting edits per person per time of day requires consent, because it may lead to conclusions about the user's location or lifestyle.
- Watchlist table
- Toolserver users has limited access to the watchlist table. The sensitive data in this table has to be used with care, as it can be used to target attacks on unwatched pages. You are not allowed to use the data in a way that could bring harm to Wikimedia-projects. It is especially not allowed to give away a list of unwatched pages to anyone (a list of most watched pages would be ok).
Beyond the above, Toolserver admins have the special duty to protect any private data against unauthorized access by Toolserver users as well as any third party. This particularly includes:
- the private user data contained in the wiki databases.
- data about people accessing the toolserver, such as may be contained in access logs
- private data of toolserver users themselves.