Wikipedia talk:CheckUser/Archive 3
This is an archive of past discussions on Wikipedia:CheckUser. Do not edit the contents of this page. If you wish to start a new discussion or revive an old one, please do so on the current talk page. |
Archive 1 | Archive 2 | Archive 3 | Archive 4 | Archive 5 | → | Archive 7 |
hey so
I was kinda skimming the article, but question: is sockpuppetry the main motivation behind checking a user? if so, sin't that perhaps kind of limiting? dedicated enemies of the good 'pedia community are probably a little more clever than this policy would sugg.. BingoBob 20:03, 10 July 2009 (UTC)
- You should read the m:CheckUser policy if you want to know more. In short, no, it's not limiting, and checkuser is a useful tool. --Deskana, Champion of the Frozen Wastes 18:34, 13 July 2009 (UTC)
- k, I will look at that. meantime, I guess I wonder what's primary, fighting the trickiest IP-switching vandals, or developing a policy (assuming any development is currently going on) that gives a lot of weight to protecting the privacy (synonymous with anonymity? in this context) of the average user? hmm. I guess that's what I'm wondering right now. BingoBob 23:43, 24 July 2009 (UTC)
- We already have such a policy. m:Privacy policy. Based on your questions I'm guessing you've not actually read the project page associated with this talk page, since this question is answered directly on that page. Please do read it before asking further questions. --Deskana, Champion of the Frozen Wastes 19:04, 31 July 2009 (UTC)
- FYI, the account who posed the question has been blocked indefinitely as an abusive sockpuppet, along with several other socks. <>Multi-Xfer<> (talk) 22:37, 4 August 2009 (UTC)
- We already have such a policy. m:Privacy policy. Based on your questions I'm guessing you've not actually read the project page associated with this talk page, since this question is answered directly on that page. Please do read it before asking further questions. --Deskana, Champion of the Frozen Wastes 19:04, 31 July 2009 (UTC)
- k, I will look at that. meantime, I guess I wonder what's primary, fighting the trickiest IP-switching vandals, or developing a policy (assuming any development is currently going on) that gives a lot of weight to protecting the privacy (synonymous with anonymity? in this context) of the average user? hmm. I guess that's what I'm wondering right now. BingoBob 23:43, 24 July 2009 (UTC)
Final call for voting in Checkuser/Oversight election
The August 2009 CheckUser and Oversight elections will end at 23:59 UTC on August 10, in approximately 3.5 hours. Voting is currently underway.
For the Arbitration Committee
Risker (talk) 20:18, 10 August 2009 (UTC)
Three Audit Subcommittee vacancies: Call for applications
The process to appoint the three non-arbitrator members of the Audit Subcommittee is underway, with the election itself starting on 30 October. If you think you may be suitably qualified, please see the election pages for the job specification and application arrangements. Applications close 22 October 2009.
For the Arbitration Committee, Roger Davies talk 21:33, 7 October 2009 (UTC)
Fishing in reverse
This policy doesn't seem to address (or I missed it) a sort of "reverse fishing" that I'm contemplating.
That is -- unlike fishing -- you know exactly who the sockmaster is, and you want to identify the latest socks. Given a persistent sockmaster (in the instance on my mind, we've identified fifty-four accounts so far) and given that the socking is specifically done to evade an indefinite ban, is it possible to just run a routine "So, how many accounts did "dear little Jessica" create this month?" kind of check? WhatamIdoing (talk) 02:56, 10 October 2009 (UTC)
- Make that 63 identified socks... WhatamIdoing (talk) 16:28, 10 October 2009 (UTC)
- If you know that a banned user who creates many socks uses a certain range and a particular computer it is not fishing to occasionally run a checkuser on that range and identify the new socks. This can also aid in identifying legitimate users who use that range. If someone has the time and energy to weed the socks, mixed metaphor there, it may be possible to avoid suing a range block. This is appropriate for a banned user whose editing is merely disruptive, as opposed to harmful. Fred Talk 01:35, 30 April 2010 (UTC)
Three Audit Subcommittee vacancies: Urgent call for applications
The process to appoint the three non-arbitrator members of the Audit Subcommittee is underway. If you are suitably qualified, please see the election pages for the job specification and application arrangements. Applications close 22 October 2009.
For the Arbitration Committee, Roger Davies talk 19:14, 17 October 2009 (UTC)
IPBE monitoring
I believe most of the IPBE entries at Wikipedia:Database reports/Inactive users in user groups can be deflagged as totally inactive, but can a checkuser maintain that tracking and deflagging? MBisanz talk 16:35, 20 October 2009 (UTC)
Audit Subcommittee elections: Urgent! Final call for applications
Time is rapidly running out. The closing date for completed applications is 23:59 (UTC) 22 October 2009. If you are interested in becoming one of the three non-arbitrator members of the Audit Subcommittee, see the election pages now for the job specification and application details.
For the Arbitration Committee, Roger Davies talk 17:38, 20 October 2009 (UTC)
AUSC October 2009 elections: Vote now!
The election, using SecurePoll, has now started. You may:
- Visit the election "home page" for an overview;
- Review the candidate's statements: Dominic • Frank • Jredmond • KillerChihuahua • MBisanz • Tznkai;
- Or go straight to your personal voting page: here to cast your votes.
The election closes at 23:59 (UTC) on 8 November 2009.
For the Arbitration Committee, Roger Davies talk 07:27, 1 November 2009 (UTC)
Urgent! Last call for votes: AUSC October 2009 elections
There's only one day to go! The Audit Subcommittee election, using SecurePoll, closes at 23:59 (UTC) 8 November. Three community members will be appointed to supervise use of the CheckUser and OverSight tools. If you wish to vote you must do so urgently. Here's how:
- Visit the election "home page" for an overview;
- Review the candidate's statements: Dominic • Frank • Jredmond • KillerChihuahua •
- Or go straight to your personal voting page:
here.
For the Arbitration Committee, — Rlevse • Talk • 17:07, 7 November 2009 (UTC)
Invitation to participate in SecurePoll feedback and workshop
Interested editors are invited to participate in the SecurePoll feedback and workshop. SecurePoll was recently used in the Audit Subcommittee election, and has been proposed for use for the upcoming Arbitration Committee election at this current request for comment (RFC). Your comments, suggestions and observations are welcome.
For the Arbitration Committee,
Dougweller (talk) 09:10, 12 November 2009 (UTC)
Category discussion
This page might get a new policy category; the discussion is at WP:VPP#Wikipedia administrative policy. - Dank (push to talk) 23:54, 25 November 2009 (UTC)
Becoming a CheckUser
I am just curious, but how do you become a CheckUser? I know Sysops and Crats have to pass a RfA or RfB, but is there such thing a request for CheckUsership? --The High Fin Sperm Whale (Talk · Contribs) 06:47, 5 December 2009 (UTC)
- See Wikipedia:Arbitration Committee/CheckUser and Oversight#Appointment_methods_to_date. MBisanz talk 07:32, 5 December 2009 (UTC)
- Also, what is this mysterious checkuser-log? It can only be viewed by CheckUsers. Is it a page showing all the new loggins IP addresses? --The High Fin Sperm Whale (Talk • Contribs) 01:07, 13 January 2010 (UTC)
- As this page says, no. The log shows who performed a search and why. ~ Amory (u • t • c) 05:51, 26 January 2010 (UTC)
- So, is it a log of reports people file? --The High Fin Sperm Whale 03:19, 2 February 2010 (UTC)
- As this page says, no. The log shows who performed a search and why. ~ Amory (u • t • c) 05:51, 26 January 2010 (UTC)
- Also, what is this mysterious checkuser-log? It can only be viewed by CheckUsers. Is it a page showing all the new loggins IP addresses? --The High Fin Sperm Whale (Talk • Contribs) 01:07, 13 January 2010 (UTC)
ArbCom election reminder
Dear colleagues
This is a reminder that voting is open until 23:59 UTC next Monday 14 December to elect new members of the Arbitration Committee. It is an opportunity for all editors with at least 150 mainspace edits on or before 1 November 2009 to shape the composition of the peak judicial body on the English Wikipedia.
On behalf of the election coordinators. Tony (talk) 09:17, 8 December 2009 (UTC)
CheckUser and Oversight Elections
The Arbitration Committee has determined that there is a need for additional oversighters and checkusers to improve workload distribution and ensure complete, timely response to requests. Beginning today, experienced editors are invited to apply for either or both of the Oversight or CheckUser permissions. Current holders of either permission are also invited to apply for the other. The last day to request an application is April 10, 2010. For more information, please see the election page.
For the Arbitration Committee - KnightLago (talk) 18:11, 31 March 2010 (UTC)
CheckUser and Oversight election has now opened
The CheckUser and Oversight election has now opened. Any editor who has made at least 150 mainspace edits prior to the first announcement of the election may vote. The voting will close at one minute past 23:59 UTC on 27 May 2010.
Direct link to the voting pages
For the Arbitration Committee,
Risker (talk) 05:39, 14 May 2010 (UTC)
Question about CU
Hi all, I've found someone who has been blocked by a CU without any kind of formal SPI or even a notice on their (the blocked person's) talk or user page. I'm unclear exactly what a CU can/should do on their own, but that seems odd at best. I'm not seeing anything formal in the CU policy, so I thought I'd ask here. Thanks Hobit (talk) 13:40, 7 July 2010 (UTC)
- There could be several reasons for that, Hobit. Checkusers often practice RBI, particularly for those individuals who are frequent socks. There may be some privacy reasons involved that mitigate against linking one account with another. Sometimes there are a very large number of socks involved, or it is part of a cross-wiki investigation and the account's "home base" is actually elsewhere. There is some pretty good evidence that certain abusers of our open editing system take considerable "pride" in the list of accounts attributed to them, so sometimes accounts are deliberately not tagged. All blocked accounts receive a block message giving them instructions on how to appeal when they try to log in, so the account holder is always notified in some form, even if there's nothing on the user talk page.
If you have a concern about a specific account, please feel free to email the checkuser involved, who may (or may not) provide you with more background. If you feel that a checkusers block has been made inappropriately, you can email the Functionaries-L mailing list for more eyes on the block, or the Audit Subcommittee for a more formal review. Risker (talk) 14:08, 7 July 2010 (UTC)
- Thank you Risker for the help. Looking at it, I don't think there is a CU problem per se (though that may be part of the problem, again I'm not sure) but there does seem to be an admin problem. Unless I'm mistaken we don't generally block someone for changing accounts as long as they stop using the previous one. I guess it's probably something for ANI rather than CU. I'll wait for the admin to respond (different time zones) and figure out what to do next. Thanks again, Hobit (talk) 14:17, 7 July 2010 (UTC)
Call for applications for Checkuser or Oversight permissions
The Arbitration Committee invites applications for Checkuser or Oversight permissions effective with the posting of this motion. The application period will close at 2359 hours UTC on 1 August 2010. For this round of appointments, only administrators will be considered. Candidates who ran in the May 2010 elections elections are encouraged to apply for consideration in this round of appointments. Administrators who applied for permissions in the round leading to the May 2010 election may email the Committee at arbcom.privilegeswikipedia.org by the close of the application period, expressing continued interest and updating their prior responses or providing additional information. New applicants must email the Committee at arbcom.privilegeswikipedia.org by 30 July 2010 to obtain a questionnaire to complete; this questionnaire must be returned by the close of the application period on 1 August 2010. The Arbitration Committee will review the applications and, on 13 August 2010, the names of all candidates being actively considered for appointment will be posted on-wiki in advance of any selection. The community may comment on these candidates until 2359 on 22 August 2010.
For the Arbitration Committee, NW (Talk) 17:22, 19 July 2010 (UTC)
Personnel changes - Audit Subcommittee
The Arbitration Committee accepts, with regret, the resignation of Tznkai (talk · contribs) as a member of the Audit Subcommittee, effective immediately. Tznkai has been a community representative on the AUSC since its creation in 2009, first as an interim appointee and subsequently as a community-elected representative. As well, he has been a long-time Arbitration Clerk, and has been active in arbitration enforcement. We thank Tznkai for his services, and wish him well in his future endeavours, with the hope that he may return to be an active Wikipedian at some point in the future.
Further to the AUSC appointment announcements of November 2009, MBisanz (talk · contribs) is appointed to fill the remainder of Tznkai's term on the Audit Subcommittee.
In addition, arbitrator KnightLago will be filling the slot now vacant as Kirill Lokshin has come to the end of his term on the AUSC, and SirFozzie has agreed to extend his term to December 31, 2010.
The Arbitration Committee, in consultation with the community and with past and present members of the Audit Subcommittee, will be reviewing the activities and processes of the AUSC through its first year, to identify what improvements can be made. This review will be completed by October 10, prior to the next scheduled round of elections for community representatives to the subcommittee.
For the Arbitration Committee,
NW (Talk) 01:36, 29 July 2010 (UTC)
How does it work?
How does CheckUser work on checking registered accounts without any obvious way of knowing the IP address of the user? Usb10 Let's talk 'bout it! 00:30, 9 August 2010 (UTC)
False Positives?
See discussion here
I would like to better understand whether checkuser (the process) can produce 'false positives' - particularly in cases where the accused account is suggested to be a sock of a serial sockmaster, and there may be a presumption of guilt (subconscious or otherwise). If there is a better place to ask, (or read) a pointer would be appreciated. ‒ Jaymax✍ 01:34, 13 August 2010 (UTC)
- bump. Really, I'd have thought this was either well documented somewhere, or someone would have something to say on the matter?? ‒ Jaymax✍ 00:10, 1 September 2010 (UTC)
- A proposed determination at ArbCom states:
- "Since 2006, the articles in the Climate Change topic area have been subject to persistent, repeated insertion of contentious unsourced material as well as other comparatively non-controversial edits by a now-banned editor known as Scibaby, who has created hundreds of accounts. (Long-term abuse report) The pervasive disruption has negatively affected the editing climate within the topic area, and IP editors and those with few edits outside of the topic area are frequently challenged or reverted without comment. In several cases, non-controversial edits made within editing policies and guidelines (e.g., using more neutral language or tone) have resulted in "Scibaby" blocks because a word or phrase has been used by Scibaby in the past, and editors have been threatened with blocking for reinstating otherwise reasonable edits that have been identified as originating from a likely Scibaby sockpuppet. Efforts to reduce Scibaby's impact have had their own deleterious effects, with large IP range blocks preventing new editors from contributing to any area of the project, edit filters having a high "false positive" result, and a significant proportion of accounts (20-40% by current checkuser estimates) blocked as Scibaby subsequently determined to be unrelated. This does not negate the fact that there have been hundreds of accounts correctly identified." [1]
- The lack of response here, the clear contradiction between the above and the discussion linked above, concerns me. I am deeply perplexed by the lack of response. To the casual editor, checkuser is presented as approaching infallible. Given the above, the lack of an explicit requirement to inform an accused user is contrary to natural justice, in the extreme.
- Does no-one else share these concerns, or able to alleviate them at all? ‒ Jaymax✍
Update on Checkuser and Oversight appointment process
Following the call for applicants (19 July) and the initial call for comments on the candidates (16 August), this notice is a second call for comments from the community on the suitability of the candidates for the September 2010 appointments for checkuser and oversight permissions. The Arbitration Committee is continuing to review and collate the comments received so far. If you have not done so already, please send in your comments before 23:59 on 25 August 2010 (UTC).
Those actively being considered for Checkuser and Oversight permissions are listed here (same link as above). As the primary area of concern is confidence in the candidate's ability to operate within the Wikimedia privacy policy, comments of this nature are best directed to the Committee's mailing list (arbcom-llists.wikimedia.org).
For the Arbitration Committee, Carcharoth (talk) 21:24, 21 August 2010 (UTC)
Disclosure for formulating complaints
A few of the limited exceptions within the foundation privacy policy seem to allow for the disclosure of identifying information in order to formulate a complaint to internet service providers, however, the checkuser policy does not currently allow the full use of these exceptions.
- When necessary for investigation of abuse complaints,
- Where the user has been vandalizing articles or persistently behaving in a disruptive way, data may be released to a service provider, carrier, or other third-party entity to assist in the targeting of IP blocks, or to assist in the formulation of a complaint to relevant Internet Service Providers,
- Where it is reasonably necessary to protect the rights, property or safety of the Wikimedia Foundation, its users or the public.
I'm hoping to amend the checkuser policy to facilitate complaints to service providers against long term abusers in particular, and to establish a process under which such complaints can be handled with the appropriate sensitivity. How do we go about this? Triona (talk) 03:23, 13 September 2010 (UTC)
- Wikipedia:CheckUser#CheckUser and privacy policy reads:
- Disclosure of CheckUser results is subject to privacy policy, which broadly states that identifying information should not be disclosed under any but a few circumstances. These include:
- "With permission of the affected user",
- "Where the user has been vandalising articles or persistently behaving in a disruptive way, data may be released to assist in the targeting of IP blocks, or to assist in the formulation of a complaint to relevant Internet Service Providers", and
- "Where it is reasonably necessary to protect the rights, property or safety of the Wikimedia Foundation, its users or the public."
- Disclosure of CheckUser results is subject to privacy policy, which broadly states that identifying information should not be disclosed under any but a few circumstances. These include:
- Checkuser policy already allows disclosure of such information where necessary, in particular concerning ISPs (although I personally would always prefer to have the CU send such a report themselves, to limit the visibility of the information). In what way do you feel this is insufficient? Amalthea 13:38, 13 September 2010 (UTC)
- The rest of the checkuser policy goes on to effectively cripple that
- Even if the user is committing abuse, it's best not to reveal personal information if possible.
- Generally, do not reveal IPs. Only give information such as same network/not same network or similar. If detailed information is provided, make sure the person you are giving it to is a trusted person and will not reveal it themself.
- If the user has said they're from somewhere and the IP confirms it, it's not releasing private information to confirm it if needed.
- If you're in any doubt, give no detail. (m:Help:CheckUser states, "If you're in any doubt at all, give no detail and answer like a Magic 8-Ball.")
A further ideal on English Wikipedia is: if you are requested to perform a check, always ask for the evidence of the user that a check is needed and appropriate, and confirm for yourself that there is indeed a valid basis that you can explain if needed. Do not assume, no matter who asks.
- Sorry, would have been helpful to include that to begin with, but that direction basically binds CheckUser's tighter than our privacy policy does. We need language that clears those differences up, at least for this case, as I don't think there's a documented case of a long term abuser being reported to their ISP under checkuser evidence, and long term abusers are something the WMF privacy policy was explicitly designed not to shield. Triona (talk) 19:54, 13 September 2010 (UTC)
- Triona, I don't suppose it occurred to you to simply ask what the practice is rather than starting an RFC? Checkusers would have been happy to answer your questions. Generally, checkusers will not reveal IPs onwiki to public view, and only rarely will checkusers provide much more than same network/same ISP range to anyone other than other persons cleared for private information. Sometimes, however, that is unavoidable (e.g., SPI linking an IP with a specific user who is logging out to continue a battle). Checkusers can, and do, make abuse reports to ISPs when they believe it is appropriate; however, many ISPs who have been the recipients of reports in the past have been very unresponsive to our project's concerns. Remember that checkusers remain Wikipedia volunteers, and many organizations are unresponsive to anything that does not come with the imprimatur of the actual webhost. To that extent, this becomes something of a quandary, as we have no mechanism by which to request that the WMF step in and address such matters. Risker (talk) 20:15, 13 September 2010 (UTC)
- Risker, I was given the impression at least informally (in an off wiki discussion, so I won't list names here) by a checkuser that the checkusers would have to do the abuse reports themselves, and are sufficiently overburdened that this doesn't happen often if at all. I appreciate the insight into the process you've provided, but I do have another question. What can be done to make the notification process more transparent within the confines of the privacy policy - I think that a lot of the people combating LTA would be comforted to know at least whether reports are going out. Also, per the privacy policy, for the exception cited, it's not clearly a requirement that someone be trusted under the foundation's criteria for access to non-public information. "Where the user has been vandalizing articles or persistently behaving in a disruptive way, data may be released to a service provider, carrier, or other third-party entity to assist in the targeting of IP blocks, or to assist in the formulation of a complaint to relevant Internet Service Providers,". Posting the information on-wiki would probably be in bad form, but seems to be within the letter and spirit of the policy. Turning over information off-wiki to be able to handle blocks and abuse reports would certainly be acceptable to the privacy policy - the privacy policy doesn't require that trusted user handle all matters involving that information, only that it not be disclosed at all until an exception exists. Triona (talk) 20:44, 13 September 2010 (UTC)
- Triona, could you please be very clear exactly what problem you see, and what solution you seek? You've started with a general and open-ended RFC on a segment of the privacy policy and the checkuser policy. I'm now of the impression that you are interested in having checkuser data released for LTA investigations. Is my second impression correct? Could you please give an example of a situation where you would think such release of checkuser data to a Wikipedia volunteer would be appropriate? Risker (talk) 20:55, 13 September 2010 (UTC)
- The main thing I'm looking to get out of this is a clearer, more transparent policy for either making the information available, or getting reports out there, preferably with documentation that this is happening. There's several reasons behind this. The biggest, to me, is that even by documenting that abuse reports are being sent out under checkuser evidence, we can send a clear message that the privacy policy does not shield our worst abusers. Secondary to that is that transparency improves the communities confidence in our system. I think we can strike a better balance between our obligations under the privacy policy, responsible use of that information, and transparency, particularly in long term abuse cases. As for specific cases, I've taken a brief look over the LTA cases, and a lot of the worst abusers have been pretty reckless with their IP information anyway. I do see a handful without any documentation that abuse reporting has occurred though, and it's not clear to me which of those have been active recently enough to pursue a report - generally an effective abuse report has to happen within a short time of the abuse, so that the provider still retains the records in a form that can be traced back to a subscriber. Many providers are reducing their retention periods out of fear of costly discovery proceedings and invasion of privacy, so the biggest concern may come down to the timeliness of a report. Whether that report is done directly by a checkuser, or by a designated volunteer doesn't honestly matter to me, what matters is that it's clear to both the community and prospective abusers that reporting happens, and that our commitment to privacy only goes so far when it comes to someone that is knowingly, willingly, and repeatedly abusing the good will and trust of our community. Triona (talk) 04:39, 15 September 2010 (UTC)
- Triona, could you please be very clear exactly what problem you see, and what solution you seek? You've started with a general and open-ended RFC on a segment of the privacy policy and the checkuser policy. I'm now of the impression that you are interested in having checkuser data released for LTA investigations. Is my second impression correct? Could you please give an example of a situation where you would think such release of checkuser data to a Wikipedia volunteer would be appropriate? Risker (talk) 20:55, 13 September 2010 (UTC)
- Risker, I was given the impression at least informally (in an off wiki discussion, so I won't list names here) by a checkuser that the checkusers would have to do the abuse reports themselves, and are sufficiently overburdened that this doesn't happen often if at all. I appreciate the insight into the process you've provided, but I do have another question. What can be done to make the notification process more transparent within the confines of the privacy policy - I think that a lot of the people combating LTA would be comforted to know at least whether reports are going out. Also, per the privacy policy, for the exception cited, it's not clearly a requirement that someone be trusted under the foundation's criteria for access to non-public information. "Where the user has been vandalizing articles or persistently behaving in a disruptive way, data may be released to a service provider, carrier, or other third-party entity to assist in the targeting of IP blocks, or to assist in the formulation of a complaint to relevant Internet Service Providers,". Posting the information on-wiki would probably be in bad form, but seems to be within the letter and spirit of the policy. Turning over information off-wiki to be able to handle blocks and abuse reports would certainly be acceptable to the privacy policy - the privacy policy doesn't require that trusted user handle all matters involving that information, only that it not be disclosed at all until an exception exists. Triona (talk) 20:44, 13 September 2010 (UTC)
Here are several considerations:
- From a responsible organization perspective, a prima facie case must be made upfront that an account is being utilized by one of their customers. This requires an IP address be affirmatively asserted to be associated with the abusive account when the report is made to the organization.
- The account and IP address do not have to be publicly linked for purposes of reporting, it is only the manner which we have handled reporting abuse from IP addresses.
- CheckUsers are reluctant to release any CU information to anyone, including members of the Abuse Response team. Without an IP address, we simply cannot make contact with the responsible organization.
- Even though the stated goal of Abuse Response is specifically to report egregious abuse, and that it is permitted by the privacy policy to release information to us, we still have not received even a modicum of cooperation for receiving the data necessary to report the abuse.
- Reporting abuse is and should be an important part of the community's overall counter-abuse strategy, but as of now, less than half of it is being reported due to this obstacle.
I too would like to see a clarification issued to CheckUsers allowing them to release the info to us. CheckUsesr shouldn't be put into the awkward position of having to decide whether or not to release it to us on an individual basis and in fact at this point, we have halted investigating and reporting on any non-IP abuse due to our desire not to jeopardize individual CheckUsers.
Respectfully yours. 04:33, 22 September 2010 (UTC)
- Just so people know, Thorncrag is mainly talking about me here. I was asked to look into a few long term abuse cases. As I understand it, the Abuse Response team has a piece of software not unlike OTRS which they use to file complaints to ISPs. This means that any information I disclose (even if it's only to a single Abuse Response member) will be viewable by any member of the Abuse Response team once an e-mail has been sent to their ISP. Additionally, all that information will be logged in a piece of software that I have little to no idea about. Alarm bells started ringing for me, at this point. Many (if not all) of these users are also unidentified to the WMF and I'm simply not comfortable disclosing that much information to that many people unnecessarily. I did say that in cases where I felt it was appropriate, I was willing to disclose information to a single person, preferably an admin or well-established user, so that they can privately e-mail the ISP. As checkusers, we're taught to disclose as little information as possible, and having twelve or so people getting detailed IP information when only one person needs it doesn't fit with that. --(ʞɿɐʇ) ɐuɐʞsǝp 07:54, 22 September 2010 (UTC)
- Oh Deskana no worries, it's not just you! :-) But as I said, that was just the way we've traditionally done it, it does not have to be done that way. That being said, even if we were to continue doing it that way, I fail to see the harm since it is allowed by the policy anyway. 17:25, 22 September 2010 (UTC)
- Perhaps the letter of it does, but in my view, the spirit of it does not. The kind of information you're requesting, which would be information detailing exactly what times certain users had used certain IPs and the technical signature of the computer they were on, is basically the entirety of the output of the checkuser tool. This information could, in many cases, be used to identify someone personally. As such, disclosing this information to any more than the single person who writes the abuse report to their ISP does not seem to be in keeping with the spirit of the privacy policy, which is about reducing the amount of information that's disclosed by checkuser (and other things such as server logs) to a minimum. I consulted an arbitrator and they agreed with me, although they made it clear that that agreement was theirs alone, and that they had not consulted the rest of the Arbitration Committee. That's basically my summary of the issue. As such, I do not think this RfC can accomplish anything, as it's about the privacy policy, which is controlled by the WMF. Have you contacted the WMF about this? --(ʞɿɐʇ) ɐuɐʞsǝp 20:04, 22 September 2010 (UTC)
- But therein lies the question; in my mind, the exclusionary clause for reporting abuse to ISPs should supersede the rest of the restrictions in the policies because that just makes sense. The way it is interpreted now basically completely voids the whole exclusion put in there which we can only assume was put there for want of it being utilized for this purpose. In other words, if we were strike the exclusionary clause right now, nothing would change because that's how we're currently operating anyhow. 20:26, 22 September 2010 (UTC)
- With respect, that's simply not true. I'm not willing to provide the information on your terms, i.e. in such a manner that it can be accessed by about a dozen unidentified users. I am, however, willing to provide the information on my terms, i.e. directly to one person with their assurances that they will keep it to themselves (other than in the relevant e-mail to the ISP, of course). The latter is a direct result of the clause you mentioned in the privacy policy. --(ʞɿɐʇ) ɐuɐʞsǝp 21:23, 22 September 2010 (UTC)
- I have to admit, I'm on deskana's side on this. I'm not comfortable with large scale IP disclosure to users not identified to the WMF. SirFozzie (talk) 21:37, 22 September 2010 (UTC)
- I'd really prefer to stay away from the mentality of "we're not going to do it this way because we don't want to do it that way" and instead try to come up with a solution to make the system work for everyone, and which solution complies with relevant policies. As I've stated twice already, we don't need to have all team members be given the information, this is clearly one option. On the other hand as I've also stated, I simply don't see the harm given all the hypotheses I've put forward above, which haven't been definitively refuted, that it would do any harm or be inconsistent with policy that our team would be able to view the information. Further, it is clearly not out of the question that we too can identify to WMF (I for instance already am) and that's another viable option. 21:48, 22 September 2010 (UTC)
- Do you think that something like having a separate mailing list for those contacting/investigating user reports, and one for those doing anonymous (IP address) reports. The one doing user requests would require users to be identified to the foundation. Just an idea though... Pilif12p : Yo 22:50, 22 September 2010 (UTC)
- I'd really prefer to stay away from the mentality of "we're not going to do it this way because we don't want to do it that way" and instead try to come up with a solution to make the system work for everyone, and which solution complies with relevant policies. As I've stated twice already, we don't need to have all team members be given the information, this is clearly one option. On the other hand as I've also stated, I simply don't see the harm given all the hypotheses I've put forward above, which haven't been definitively refuted, that it would do any harm or be inconsistent with policy that our team would be able to view the information. Further, it is clearly not out of the question that we too can identify to WMF (I for instance already am) and that's another viable option. 21:48, 22 September 2010 (UTC)
- I have to admit, I'm on deskana's side on this. I'm not comfortable with large scale IP disclosure to users not identified to the WMF. SirFozzie (talk) 21:37, 22 September 2010 (UTC)
- With respect, that's simply not true. I'm not willing to provide the information on your terms, i.e. in such a manner that it can be accessed by about a dozen unidentified users. I am, however, willing to provide the information on my terms, i.e. directly to one person with their assurances that they will keep it to themselves (other than in the relevant e-mail to the ISP, of course). The latter is a direct result of the clause you mentioned in the privacy policy. --(ʞɿɐʇ) ɐuɐʞsǝp 21:23, 22 September 2010 (UTC)
- But therein lies the question; in my mind, the exclusionary clause for reporting abuse to ISPs should supersede the rest of the restrictions in the policies because that just makes sense. The way it is interpreted now basically completely voids the whole exclusion put in there which we can only assume was put there for want of it being utilized for this purpose. In other words, if we were strike the exclusionary clause right now, nothing would change because that's how we're currently operating anyhow. 20:26, 22 September 2010 (UTC)
- Perhaps the letter of it does, but in my view, the spirit of it does not. The kind of information you're requesting, which would be information detailing exactly what times certain users had used certain IPs and the technical signature of the computer they were on, is basically the entirety of the output of the checkuser tool. This information could, in many cases, be used to identify someone personally. As such, disclosing this information to any more than the single person who writes the abuse report to their ISP does not seem to be in keeping with the spirit of the privacy policy, which is about reducing the amount of information that's disclosed by checkuser (and other things such as server logs) to a minimum. I consulted an arbitrator and they agreed with me, although they made it clear that that agreement was theirs alone, and that they had not consulted the rest of the Arbitration Committee. That's basically my summary of the issue. As such, I do not think this RfC can accomplish anything, as it's about the privacy policy, which is controlled by the WMF. Have you contacted the WMF about this? --(ʞɿɐʇ) ɐuɐʞsǝp 20:04, 22 September 2010 (UTC)
- Oh Deskana no worries, it's not just you! :-) But as I said, that was just the way we've traditionally done it, it does not have to be done that way. That being said, even if we were to continue doing it that way, I fail to see the harm since it is allowed by the policy anyway. 17:25, 22 September 2010 (UTC)
(undent) How about the mindset that "we're not doing to do it that way because that way is clearly wrong"? Disclosing private information to a group that is not identified to the foundation is simply not going to happen. I'm only very rarely agreeable to disclosing checkuser information to an individual, and I only ever do so in cases where geographical constraint make it necessary (such as contacting authorities in the case of a suicide threat). I would never condone disclosure "just" to file abuse reports, and certainly not to a group rather than an individual.
If a case is so egregious as to warrant contacting a CERT, it should be a simple matter to ask a checkuser or an arbitrator to do so. — Coren (talk) 23:11, 22 September 2010 (UTC)
- @Coren: "Clearly wrong" according to whom and what policy? This is just more side-skirting the question I'm asking which is, is this not clearly an exception written into the privacy policy? This seems to be a purely futile endeavor as I suspected, which is why I never myself brought it up. I was hoping for more cooperation in the interests of improving Wikipedia, instead of coming to find terse, dismissive comments such as these. Did you not read the part where I said identifying is also an option? 00:55, 23 September 2010 (UTC)
- I beseech all of you to stop, spend some time critically thinking about the points I've made, and respond with a constructive answer instead of simply saying "that will never work" or "we'll never do that" or "I would never agree to that". Because it feels like I am getting the quick-read lip service treatment rather than the genuine attention warranted in the interest of a desire to improve Wikipedia and resolve this obstacle. 01:20, 23 September 2010 (UTC)
- I have thought about the points that you've made, and although I can see where you're coming from, I simply can't agree with you. The spirit of the privacy policy is quite clearly about minimising the disclosure of non-public and personally identifying material, and disclosing such information to about a dozen people when it is only necessary for a single person to have it isn't in line with the intention of the policy. I don't see why it's necessary to give any more than a single person access to the information. Only one person needs to write the e-mail to the ISP. Now, if all these people actually needed the information, that'd be fine, but they don't. Only one does. If you can give me your word that the people that I give the information to will keep it to themselves, then I'll happily start looking at the cases for you. --(ʞɿɐʇ) ɐuɐʞsǝp 02:09, 23 September 2010 (UTC)
- (e/c) You're making two unwarranted presumptions: that the response you are getting is not considered and deliberate, and that we agree that the situation you describe is an obstacle to an improvement. I obviously cannot speak for anyone else, but when you ask "according to whom" the answer is simple: according to me. I can tell you that any person holding checkuser who would disclose private information to a group that is not comprised of checkusers for anything less serious than clear and present danger of harm would find themselves quickly not holding checkuser.
I could expound in depth on the real-life stalkers that would love nothing better than to get their hands on good geolocation data, or on the ethical principles guiding the privacy policy, or on the underlying principle that private information isn't private only when it's convenient — but in the end this is all academic. The fact of the matter is you'll not find support within the committee for relaxing the standards of confidentiality to which we hold the checkusers and oversighters. — Coren (talk) 02:19, 23 September 2010 (UTC)
- I beseech all of you to stop, spend some time critically thinking about the points I've made, and respond with a constructive answer instead of simply saying "that will never work" or "we'll never do that" or "I would never agree to that". Because it feels like I am getting the quick-read lip service treatment rather than the genuine attention warranted in the interest of a desire to improve Wikipedia and resolve this obstacle. 01:20, 23 September 2010 (UTC)
Now I think we are getting somewhere. I do not think those are flawed premises at all. I think that the difference here is in the premise of the importance placed on reporting abuse. I for one believe that it is a highly important—if not a paramount—component of Wikipedia's overall counter-abuse strategy. I believe that this issue warrants a full airing and amicable resolution be hammered out now matter how uncomfortable it may be. I believe that for it to be an effective deterrent that it needs to be consistently applied across the board. It further needs to be PUBLIC that these reports are made and the results of them also be visible, lending question as reporting in private instead as is suggested. As it stands now, we allow some of the most heinous abusers to escape being reported to their responsible organization behind the veil of our privacy policy and this is in my opinion far more offensive than the idea of making an exception to that policy which might be somewhat opposed to its perceived spirit. It means that for the most sophisticated of abusers, who make it a crusade of theirs to damage Wikipedia, the most sophisticated of social engineers who are fully cognizant of all of these issues taken together, that they may escape being reported and that they need not fear it. It simply offends me that these sophisticated abusers can conscientiously go about continuing their abuse with impunity simply because they do so behind a registered account—and this DOES happen EVERY DAY on Wikipedia. THIS is the standpoint that I am coming from. THIS is why I believe that exception was placed in the policy in the first place, and why it frustrates me so to encounter this kind of resistance and refusal to cooperate in coming up with a real, viable solution here. 04:20, 23 September 2010 (UTC)
- The exception was put in place so that checkusers could communicate directly with ISPs, not for others who are not identified to the WMF and for whom there has been no vetting or community authorization to have access to private information. I think this discussion belongs at m:Privacy policy. Risker (talk) 04:34, 23 September 2010 (UTC)
- Thank you, Risker, for re-stating what was already stated at least four times in posts above. Now do you have any suggestions on how we can go about addressing these concerns instead of simply ignoring and dismissing them? Do you think that identifying and coming up with some kind of stronger vetting would be a step towards the these goals? Do you think that taking a look at the interpretation of the privacy policy might be in order? Do you think that CheckUsers should handle all contact because that's not how things are working now. Do I really need to moderate this discussion in Socratic fashion to get any reasonable assistance here? Please throw me a bone. 04:51, 23 September 2010 (UTC)
- That's pretty uncalled for as a reply. If it is being stated for the fourth time, then it seems it is not Risker who is missing the point of the request. Keegan (talk) 04:58, 23 September 2010 (UTC)
- I am sorry if it sounded rude, but please understand that it comes out of my frustration. I am not a troll. I am here to try to help improve Wikipedia and my history shows that. But it seems everything I am trying to argue is falling on deaf ears. If people think that reporting abuse is not important, than I wish they would just state that upfront, because if that's the consensus, then I should just stop wasting my time pursuing something that people will not appreciate, and instead spend it on something they will. 05:57, 23 September 2010 (UTC)
- Reporting abuse isn't important enough to breach privacy. That is the point we've been trying to make since the beginning of this thread. We do not needlessly disclose checkuser information — even on people we don't like — absent a pressing emergency. If you have a vandal who is so damaging as to require further intervention then a checkuser can make an abuse report. The concerns you express are not being ignored or dismissed, they are understood but simply do not warrant further exceptions to the disclosure policies. — Coren (talk) 11:36, 23 September 2010 (UTC)
- Coren, to be fair to Thorncrag, he wouldn't be raising this as an issue if checkusers were actually writing the reports to ISPs. The fact is that we are not. --(ʞɿɐʇ) ɐuɐʞsǝp 17:05, 23 September 2010 (UTC)
- True, as a rule, (though I did twice or so). But then the discussion should probably be "Should checkusers make more abuse reports to ISPs and institutional providers, and under what conditions?" — that is a discussion that's likely to have positive outcome. — Coren (talk) 21:27, 23 September 2010 (UTC)
- Coren, to be fair to Thorncrag, he wouldn't be raising this as an issue if checkusers were actually writing the reports to ISPs. The fact is that we are not. --(ʞɿɐʇ) ɐuɐʞsǝp 17:05, 23 September 2010 (UTC)
- Reporting abuse isn't important enough to breach privacy. That is the point we've been trying to make since the beginning of this thread. We do not needlessly disclose checkuser information — even on people we don't like — absent a pressing emergency. If you have a vandal who is so damaging as to require further intervention then a checkuser can make an abuse report. The concerns you express are not being ignored or dismissed, they are understood but simply do not warrant further exceptions to the disclosure policies. — Coren (talk) 11:36, 23 September 2010 (UTC)
- I am sorry if it sounded rude, but please understand that it comes out of my frustration. I am not a troll. I am here to try to help improve Wikipedia and my history shows that. But it seems everything I am trying to argue is falling on deaf ears. If people think that reporting abuse is not important, than I wish they would just state that upfront, because if that's the consensus, then I should just stop wasting my time pursuing something that people will not appreciate, and instead spend it on something they will. 05:57, 23 September 2010 (UTC)
- That's pretty uncalled for as a reply. If it is being stated for the fourth time, then it seems it is not Risker who is missing the point of the request. Keegan (talk) 04:58, 23 September 2010 (UTC)
- Thank you, Risker, for re-stating what was already stated at least four times in posts above. Now do you have any suggestions on how we can go about addressing these concerns instead of simply ignoring and dismissing them? Do you think that identifying and coming up with some kind of stronger vetting would be a step towards the these goals? Do you think that taking a look at the interpretation of the privacy policy might be in order? Do you think that CheckUsers should handle all contact because that's not how things are working now. Do I really need to moderate this discussion in Socratic fashion to get any reasonable assistance here? Please throw me a bone. 04:51, 23 September 2010 (UTC)
The New Guinea Singing Dog War
The epic battle evident in the archives of the discussion page of the article New Guinea Singing Dog, which I wandered into the middle of, but which now seems to be over, is a very good read.
But please if I may, it's a bit hard to follow if the sockpuppets are not identified.
Could you please help the reader sort out the cast of characters so we all may know who was talking to who at any given time?
Thank you for your kind attention to this matter. Chrisrus (talk) 18:36, 29 September 2010 (UTC)
Modifications to Wikipedia:CheckUser#IP_information_retention
I wished to add the following sentences to the subsection mentioned above
- No user (whether a Checkuser, administrator or an editor) can maintain a personal record or backup of checkuser data."
Comments, suggestions, viewpoints are welcome. Sincerely. Wifione ....... Leave a message 16:31, 19 October 2010 (UTC)
- Not a good idea, although I will try to explain without violating WP:BEANS. Some may keep notes of certain characteristics of long term serial abusers; for example "Sockmaster XX uses YY ISP primarily" or "Abuser ZZ edits primarily from QQ location", or even "Abuser FFF almost always uses open proxies". That information is derived from checkuser data, and thus would be in violation of your proposal. There have also been a few checkuser investigations (usually cross-wiki) that have involved edits that may be expired from the checkuser tables before the investigation is complete; usually these involve very serious abuse of WMF projects. I suspect your main objective with this is to ensure that nobody copies the actual checkuser tables as a whole. Since doing that would already be a breach of WMF policy, there is no benefit in adding it in here again. I do not know if you are aware, but almost every major serial abuser who operates on the Wikimedia projects will have some link to English Wikipedia, and the alertness of this project's checkusers to such serial abusers has enabled other, smaller projects with fewer resources to better manage problem behaviour on their projects. Risker (talk) 16:57, 19 October 2010 (UTC)
- Hi Risker. Thanks for your viewpoints. Had a query. Can you please point out to the WMF policy which explicitly prohibits copying of the actual checkuser tables? I guess if it exists already, I'll move on to proposing some other changes. Thanks. Wifione ....... Leave a message 17:16, 19 October 2010 (UTC)
- Checkuser permissions do not give direct access to the checkuser tables; they allow specific queries to be made, and only a response to that specific query is given. Full table access is restricted to very specific individuals (my understanding is, only a small subset of developers). Risker (talk) 18:20, 19 October 2010 (UTC)
- Hi Risker. Thanks for your viewpoints. Had a query. Can you please point out to the WMF policy which explicitly prohibits copying of the actual checkuser tables? I guess if it exists already, I'll move on to proposing some other changes. Thanks. Wifione ....... Leave a message 17:16, 19 October 2010 (UTC)
- Not a good idea, although I will try to explain without violating WP:BEANS. Some may keep notes of certain characteristics of long term serial abusers; for example "Sockmaster XX uses YY ISP primarily" or "Abuser ZZ edits primarily from QQ location", or even "Abuser FFF almost always uses open proxies". That information is derived from checkuser data, and thus would be in violation of your proposal. There have also been a few checkuser investigations (usually cross-wiki) that have involved edits that may be expired from the checkuser tables before the investigation is complete; usually these involve very serious abuse of WMF projects. I suspect your main objective with this is to ensure that nobody copies the actual checkuser tables as a whole. Since doing that would already be a breach of WMF policy, there is no benefit in adding it in here again. I do not know if you are aware, but almost every major serial abuser who operates on the Wikimedia projects will have some link to English Wikipedia, and the alertness of this project's checkusers to such serial abusers has enabled other, smaller projects with fewer resources to better manage problem behaviour on their projects. Risker (talk) 16:57, 19 October 2010 (UTC)
Thanks for the reply. That brings me back to the original premise then that if the checkuser policy is not clear about this area, then it must be made clear for the benefit of the project. In other words, I propose then adding the following statement post your inputs.
- Checkusers can, in the interests of the project and for the purposes of protecting Wikipedia against actual and potential disruption and abuse, maintain a personal record or backup of checkuser findings."
Again, suggestions, updates to the statement et al are kindly requested before I make this change. Wifione ....... Leave a message 03:25, 20 October 2010 (UTC)
- Hmm. That's probably too broad a statement for me to be comfortable with as just a local interpretation of the privacy policy. Actually, I think perhaps this discussion is better suited to Meta. I'd suggest getting the WMF lawyer to weigh in, but Mike Godwin's departure adds a layer of complexity to the situation. Risker (talk) 19:58, 22 October 2010 (UTC)
- Thanks Risker, I'm taking this to meta. Best. Wifione ....... Leave a message 05:45, 30 October 2010 (UTC)
Illegal
I think this feature is illegal. CheckUser hacks to the account for IP recorded since account was created.--125.25.215.162 (talk) 20:41, 24 October 2010 (UTC)
- Which law do you think is relevant? John Vandenberg (chat) 00:06, 31 October 2010 (UTC)
- Plus CheckUser (the tool) does not "hack into" anything, it disregards code that normally hides information from review - this information is gathered each time an edit is made by any account, but usually not made available for viewing. LessHeard vanU (talk) 00:19, 31 October 2010 (UTC)
what should i do
I have a registered account as Inspector123 but mostly edit unlogged through my IP which is shared in my country, the address numbers vary from 115 through to 203, I have never tried to pose as different usrs nor intended to devieve anyone with this, just lazy to log-in all the time, now a psychotic user Jaspel has created two pages of sock puppet accusation in his contributions section because I dare to stand up to him and defy his editing practice some of which is in good faith but the rest seems to be deliberately provocative atleast towards me, I dont know him nor care for what he does but will stand upto him wheres he crosses the line, before you block me kindly check the antics of this chap as well.116.71.15.192 (talk) 21:20, 6 November 2010 (UTC)
- This might help. Though I'm not holding my breath. jasepl (talk) 05:39, 7 November 2010 (UTC)
- You two really need to disengage. In particular jasepl needs to stop his edit-warring, racists attacks [2] and the excessive tagging of dozens of user pages of apparently dynamic ip's used by many different editors as sockpuppets. Would be great if you two can just disengage, so that a block of User:Jasepl and User:Investor123 can be avoided. Stepopen (talk) 06:14, 7 November 2010 (UTC)
- Jasepl, labelling other editors edits as vandalism when they are clearly not is not helpful either [3]. It proves my point that you two need to disengange as apparently you are not able to collaborate. I am on the verge of getting more input by other uninvolved editors on WP:ANI or other noticeboards, and I will certainly do so if this conflict continues. Stepopen (talk) 06:21, 7 November 2010 (UTC)
IP's requesting password reset
Hi. As of lately, I have a handful of IPs that made a chunk of password reset attempts all over my global accounts, including this wiki. The weird thing is that, I have never ever had a conflict with an IP, and I have no "enemy" editors as well. I was wondering if its allowed for CheckUser to look into such matters? Rehman 03:35, 9 November 2010 (UTC)
- In general, yes. Please do not disclose the IPs publicly though; please e-mail any IPs you want to request a check on to the Functionaries e-mail list. --(ʞɿɐʇ) ɐuɐʞsǝp 22:06, 9 November 2010 (UTC)
- Thank you for your reply. I have emailed one of the users listed. Kind regards. Rehman 09:42, 10 November 2010 (UTC)
Footnote addition to section on Fishing
I wished to add a footnote to the Fishing section that mentions, in essence, that preemptive checks on editors applying for RfAs and RfBs would not be considered Fishing, if there exists reasonable reason to do so. I wanted feedback from the community on such a footnote addition. Thanks and regards. Wifione ....... Leave a message 04:21, 23 November 2010 (UTC)
- I don't think it's necessary. If there's "reasonable reason" for a check, it's by definition no longer fishing: "Checking an account where [...] there is reasonable suspicion of sockpuppetry is not fishing". Amalthea 09:26, 24 November 2010 (UTC)
- Even though the change has already been made (I meant to reply to this earlier, just didn't have time) CUs know their job and what they can and can't do, the privacy policy and checkuser policy outline that. Amalthea is also right, the reasonable suspision clause covers the checking if it's waranted. I don't think that we need the note up...that's my opinon. -- DQ (t) (e) 12:25, 24 November 2010 (UTC)
- Sure. Not a problem. Actually, I wanted to include the RfA and RfB check as one that Checkusers could perform before each RfA, without worrying about being pulled up for fishing. Any suggestions on how we could include that (if). Thanks and regards. Wifione ....... Leave a message 14:55, 24 November 2010 (UTC)
- Unless something drastic has changed that has completely passed my attention, checkusers have pretty well uniformly rejected the idea of performing checks in relation to RFA or RFB; the request must still be based on reasonable cause. I for one would still consider it fishing unless there was reason to believe that there was something to be found. Checkusers already have a surfeit of genuine concerns to address. Risker (talk) 15:06, 24 November 2010 (UTC)
- I think you're absolutely right on this... Thanks for the reply. I guess we'll close this thread here. Sincere regards. Wifione ....... Leave a message 16:00, 24 November 2010 (UTC)
- Unless something drastic has changed that has completely passed my attention, checkusers have pretty well uniformly rejected the idea of performing checks in relation to RFA or RFB; the request must still be based on reasonable cause. I for one would still consider it fishing unless there was reason to believe that there was something to be found. Checkusers already have a surfeit of genuine concerns to address. Risker (talk) 15:06, 24 November 2010 (UTC)
- Sure. Not a problem. Actually, I wanted to include the RfA and RfB check as one that Checkusers could perform before each RfA, without worrying about being pulled up for fishing. Any suggestions on how we could include that (if). Thanks and regards. Wifione ....... Leave a message 14:55, 24 November 2010 (UTC)
- Even though the change has already been made (I meant to reply to this earlier, just didn't have time) CUs know their job and what they can and can't do, the privacy policy and checkuser policy outline that. Amalthea is also right, the reasonable suspision clause covers the checking if it's waranted. I don't think that we need the note up...that's my opinon. -- DQ (t) (e) 12:25, 24 November 2010 (UTC)
Request for comments on the Audit Subcommittee
The Arbitration Committee has conducted an internal review of the Audit Subcommittee and is now seeking comment from the community, in particular about the subcommittee's effectiveness to date and ongoing representation from community delegates ("at-large members").
As the October 2009 election yielded few candidates relative to the number of seats available, it has been suggested that filling the non-arbitrator positions by appointment after community consultation (similar to the previous round of CU/OS appointments) would attract a greater number of suitably qualified candidates.
It has also been suggested that greater numbers of community delegates be appointed to ensure adequate ongoing community representation. Should a sufficient number of suitable candidates apply, the committee will appoint three "primary members" along with a number of "standby members" (who will also receive the CheckUser and Oversight privileges) and would stand in should a primary member become inactive or be unable to hear a particular case.
Comments are invited about the above, as well as any other general comments about the Audit Subcommittee. The Arbitration Committee would like to thank outgoing community members Dominic, Jredmond, and MBisanz for their patience and continued participation on the subcommittee while this review process is ongoing.
The next call for applications is provisionally scheduled for 20 February 2011.
For the Arbitration Committee, –xenotalk 18:00, 31 January 2011 (UTC)
ACC and lack of a Checkuser Noticeboard - Proposal
Request withdrawn 7 04:01, 8 February 2011 (UTC)
Since there doesn't appear to be any checkuser noticeboard, how would CU's watching this page feel about me creating a nice little template to periodically place at the top of this page to alert CUs that there are ACC account requests requests pending checkuser? If not here on the policy page then would it help to create Wikipedia:CheckUser/Noticeboard?
There are none pending CU right now, however those of us who watch ACC outside of the UK/US timezones often see 3 or more accounts awating CU for extended periods (maybe it's just 3-4 hrs, but it seems longer sometimes).
In the past I have tried (without much success) to post them on SPI in the "quick checkuser" section. More recently I have emailed the functionaries mailing list (thanks Alison for all the quick work) but I know that even that may not be preferred by some CUs, and my mail is delayed until a mailing list admin approves it.
Would a little template note here, and adding it to the backlog category be at all helpful for those of you who have ACC access? If not, any other suggested methods of notification that you'd suggest? 7 04:10, 1 February 2011 (UTC)
- Personally I doubt that this would help to speed things up, nor is there any rush to have it sped up. There are only a couple of requests needing a checkuser per day, and the requester won't die if the need to wait a few more hours. Plus, usually only checkuser who are interested in ACC do anything about it, and I strongly doubt that anything would change in that respect. But, if people would be willing to use it, why not go ahead and make it? Ajraddatz (Talk) 05:26, 1 February 2011 (UTC)
- Agreed we don't want to rush and as volunteers we can only be expected to do so much, but I'm just thinking that in this day of instant gratification where most users (who aren't blocked) can create accounts instantly on WP, and those with minor issues can post to ACC and get a reply usually within 5 minutes that the multiple-hour waits for requests requiring CU might suprise/frustrate potential users or cause them to later request the login themselves from a different machine or IP. I'm just wondering if we could provide a more efficient notification method so that CUs are aware... I also agree that many CUs aren't currently involved at ACC and I'm hoping that is something that this type of notification could help improve. 7 05:45, 1 February 2011 (UTC)
- 7, i can appreciate the desire to have prompt resolution. It keeps people from being unhappy. It would be more accessible than the mailing list and waiting for message approval there. That said, we could discuss it all night but the query was put to them so i will not ramble further. delirious & lost ☯ ~hugs~ 06:33, 1 February 2011 (UTC)
- Agreed we don't want to rush and as volunteers we can only be expected to do so much, but I'm just thinking that in this day of instant gratification where most users (who aren't blocked) can create accounts instantly on WP, and those with minor issues can post to ACC and get a reply usually within 5 minutes that the multiple-hour waits for requests requiring CU might suprise/frustrate potential users or cause them to later request the login themselves from a different machine or IP. I'm just wondering if we could provide a more efficient notification method so that CUs are aware... I also agree that many CUs aren't currently involved at ACC and I'm hoping that is something that this type of notification could help improve. 7 05:45, 1 February 2011 (UTC)
- Support this idea. If the community has no objections, I'd say go ahead and do it. Wifione ....... Leave a message 23:41, 1 February 2011 (UTC)
- As a checkuser, I can assure you that this idea wouldn't increase the speed with which I handle the requests. Whenever I check my watchlist, I also check ACC. Those of you on ACC will notice that I actually handled an ACC checkuser request about five minutes ago (before I posted this message). If you want requests to be handled faster, the solution is to try to convince more checkusers to sign up to ACC and get them to check it, not to put notices around for requests. --(ʞɿɐʇ) ɐuɐʞsǝp 15:31, 2 February 2011 (UTC)
- Deskana, my philosophy professor last week told me that despite the invention of the remote control, one of the reasons TV manufacturers refused to provide remote control access on TV sets for much time was that they couldn't believe that humans couldn't shift a few feet to their TV sets to change channels on their own. Therefore, whenever an argument was put forward for giving TV users easy access to change channels, another argument would come forward telling that it was cheaper to motivate them to shift those few feet than make them pay money for a hand held channel changing device. Continuing the metaphor, if there were a choice between only a couple or a few channels, users wouldn't have realized the value of quick access. But with more channels, and lesser time, (jumping back) not all checkusers perhaps follow your mode of checking the ACC. A noticeboard (if not at Checkuser, perhaps at UAA) with a link to all pending checkuser accounts on ACC would necessarily motivate available checkusers to clear up the backlog. Wifione ....... Leave a message 07:18, 3 February 2011 (UTC)
- And my apologies in advance if the initial part of my reply sounded a little rude (re-reading my reply, I felt that it sounded a bit off). It wasn't intended to be that way... Thanks. Wifione ....... Leave a message 09:54, 3 February 2011 (UTC)
- That's why I said it wouldn't increase the speed with which I handle requests, not we. I know for a fact that it won't make a difference for me. Perhaps it will increase the speed with which others handle them. Personally I doubt it will, but it might. I don't object to the idea that's been put forward, but I do find it a bit pointless. Also, don't worry about the way you spoke; I speak very candidly myself. :-) --(ʞɿɐʇ) ɐuɐʞsǝp 10:17, 3 February 2011 (UTC)
- And my apologies in advance if the initial part of my reply sounded a little rude (re-reading my reply, I felt that it sounded a bit off). It wasn't intended to be that way... Thanks. Wifione ....... Leave a message 09:54, 3 February 2011 (UTC)
- I have to say being on IRC where all the checkusers are if they are on, (at least in public channels), this would not further the speed at which CUs handle them. I could ping all the availible CUs on IRC, it won't change a thing that it won't be handled till they get back to their computer and see the request, and then it's if they have time. Also this noticeboard would be a good spot for vandals/socks to get back at CUs and we already have enough places to do that. -- DQ (t) (e) 13:09, 3 February 2011 (UTC)
- Thanks to all for the replies. Doesn't seem like it will be helpful at this time. 7 04:01, 8 February 2011 (UTC)
Audit Subcommittee vacancies: Call for applications
The Arbitration Committee is seeking to appoint at least three non-arbitrator members to the Audit Subcommittee.
The Audit Subcommittee ("AUSC") was established by the Arbitration Committee to investigate complaints concerning the use of CheckUser and Oversight privileges on the English Wikipedia, and to provide better monitoring and oversight of the CheckUser and Oversight positions, and use of the applicable tools.
Matters brought before the subcommittee may be time-sensitive and subcommittee members should be prepared and available to discuss cases promptly so they may be resolved in a timely manner. Sitting subcommittee members are expected to actively participate in AUSC proceedings and may be replaced should they become inactive. All subcommittee members are subject to the relevant local and global policies and guidelines concerning CheckUser and Oversight.
If you think you may be suitably qualified, please see the appointments page for further information. The application period is scheduled to close 7 March 2011.
For the Arbitration Committee, –xenotalk 23:20, 20 February 2011 (UTC)
Audit Subcommittee appointments: Invitation to comment on candidates
The Arbitration Committee is seeking to appoint at least three non-arbitrator members to the Audit Subcommittee, and is now seeking comments from the community regarding the candidates who have volunteered for this role.
Interested parties are invited to review the appointments page containing the nomination statements supplied by the candidates and their answers to a few standard questions. Community members may also pose additional questions and submit comments about the candidates on the individual nomination subpages or privately via email to arbcom-en-blists.wikimedia.org.
Following the consultation phase, the committee will take into account the answers provided by the candidates to the questions and the comments offered by the community (both publicly and privately) along with any other relevant factors before making a final decision regarding appointments.
The consultation phase is scheduled to end 23:59, 21 March 2011 (UTC), and the appointments are scheduled to be announced by 31 March 2011.
For the Arbitration Committee, –xenotalk 00:00, 14 March 2011 (UTC)
Audit Subcommittee appointments (2011)
Effective 1 April 2011, Bahamut0013 (talk · contribs), Courcelles (talk · contribs), and Keegan (talk · contribs) are appointed as community representatives to the Audit Subcommittee. The period of appointment will be 1 April 2011 to 31 March 2012. AGK (talk · contribs) is designated as an alternate member of the subcommittee and will become a full member should one of the appointees resign their role during the term. The Arbitration Committee thanks all of the candidates, as well as the many members of the community who participated in the appointment process for these roles.
The Arbitration Committee also extends its thanks to Dominic (talk · contribs), Jredmond (talk · contribs), and MBisanz (talk · contribs), whose terms in office were extended so that an orderly transfer of responsibility could occur. Dominic will return to his previous role as a CheckUser and Oversighter; MBisanz will assume his role as an Oversighter. The Committee also thanks former subcommittee member Tznkai (talk · contribs), who was one of the original appointees to the Committee in 2009, and resigned in August 2010.
- Support: David Fuchs, Elen of the Roads, PhilKnight, Jclemens, John Vandenberg, Mailer diablo, Newyorkbrad, Kirill Lokshin, Risker, Roger Davies, Shell Kinney, Xeno
- Oppose: None
- Abstain: None
- Not voting: Casliber, Cool Hand Luke, Coren, Iridescent
- Inactive: Chase me ladies, I'm the Cavalry, Sir Fozzie
For the Arbitration Committee, –xenotalk 16:00, 31 March 2011 (UTC)
RFC on adding viewdeleted privileges to the CheckUser bundle
Please see Wikipedia:Requests for comment/Make userrights self-sufficient. –xenotalk 15:23, 12 April 2011 (UTC)
Note to Checkusers about the requested current IPBE rights w/reasons
I finally have my bot working @ Wikipedia:IP block exemption/log, and it's scheduled to run without me, and now it displays the userright entry with the IPBE instead of just the most recent one. It might not look 100% classy right now, but it works as it should now. (I'm also hoping that most CUs watch this and they know about this list :) ) -- DQ (t) (e) 23:56, 27 June 2011 (UTC)
- That still seems to have issues. :) Why aren't you using the API for this? Amalthea 09:16, 28 June 2011 (UTC)
- Actually that is API, and if your talking about the served by...etc I'm going to try and clear that up today. At least they are commented out automatically. But thanks for the note :) -- DQ (t) (e) 15:06, 28 June 2011 (UTC)
- Huh, OK. The only possible explanation I saw for these server comments ending up in the log was some bug in your HTML parsing logic? Amalthea 15:33, 28 June 2011 (UTC)
- That's because I am using XML output for the API, and I just didn't chop of that end of the string, it's easy to do. I should have the code up on github (although I should probably find a better way of dealing with the XML) soon enough. -- DQ (t) (e) 16:14, 28 June 2011 (UTC)
- Huh, OK. The only possible explanation I saw for these server comments ending up in the log was some bug in your HTML parsing logic? Amalthea 15:33, 28 June 2011 (UTC)
- Actually that is API, and if your talking about the served by...etc I'm going to try and clear that up today. At least they are commented out automatically. But thanks for the note :) -- DQ (t) (e) 15:06, 28 June 2011 (UTC)
Do you checkuser the person who brought the request?
Do you checkuser the person who brought the request?TCO (reviews needed) 17:06, 21 July 2011 (UTC)
- Generally, no, but there have been occasional exceptions. Those exceptions usually involve new or nearly-new accounts bringing checkuser requests in relation to topic areas that have had serious socking problems in the past. For some reason, some sockmasters have a tendency to request checks on their perceived opponents. The only other exception I can think of is that occasionally one of our serial banned users/sockmasters will request a checkuser using an obvious sock, and usually those are closed immediately and the sockmaster account blocked, sometimes even globally. Risker (talk) 17:58, 21 July 2011 (UTC)
- Thank you.TCO (reviews needed) 20:09, 21 July 2011 (UTC)
- To confirm what Risker has said, it is not our policy "to check anyone who requests a check", but if someone requests a check and also meets the criteria to be checked themselves (such as if we have reasonable suspicion of sockpuppetry) then the account can be checked. --(ʞɿɐʇ) ɐuɐʞsǝp 20:19, 21 July 2011 (UTC)
- I assume you don't post negative findings on such requester checks?TCO (reviews needed) 22:09, 21 July 2011 (UTC)
- In most cases that's correct, but again the reason is subtle; it's not because of the nature of the check, but because when a checkuser initiates a check based on their own evidence the checkuser does not typically post negative findings because there's no SPI case or page to put such findings on. --(ʞɿɐʇ) ɐuɐʞsǝp 23:58, 21 July 2011 (UTC)
- Well there is an obvious page to file it on (the one where they report on the rest of the parties. That's what they use when it comes positive, no?
- People file cases because it's a convenient way of collecting the information so that checkusers can see it. They're not used just to keep information about the checks that we've done. There's not much point filing a case retrospectively. Please note that if such a check comes up as positive it's not really filed either. For instance, you can look through my block log and find a lot of checkuser blocks that have no case attached to them. Checkusers are not required to have a case filed to do a check. On the contrary, SPI cases are made for the benefit of non-checkusers so that they can easily ask a checkuser to run a check for them. --(ʞɿɐʇ) ɐuɐʞsǝp 08:26, 22 July 2011 (UTC)
- If CU of a public SPI poster came positive, have you typically listed it on the public SPI page? TCO (reviews needed) 14:15, 22 July 2011 (UTC)
- People file cases because it's a convenient way of collecting the information so that checkusers can see it. They're not used just to keep information about the checks that we've done. There's not much point filing a case retrospectively. Please note that if such a check comes up as positive it's not really filed either. For instance, you can look through my block log and find a lot of checkuser blocks that have no case attached to them. Checkusers are not required to have a case filed to do a check. On the contrary, SPI cases are made for the benefit of non-checkusers so that they can easily ask a checkuser to run a check for them. --(ʞɿɐʇ) ɐuɐʞsǝp 08:26, 22 July 2011 (UTC)
- Well there is an obvious page to file it on (the one where they report on the rest of the parties. That's what they use when it comes positive, no?
- In most cases that's correct, but again the reason is subtle; it's not because of the nature of the check, but because when a checkuser initiates a check based on their own evidence the checkuser does not typically post negative findings because there's no SPI case or page to put such findings on. --(ʞɿɐʇ) ɐuɐʞsǝp 23:58, 21 July 2011 (UTC)
- I assume you don't post negative findings on such requester checks?TCO (reviews needed) 22:09, 21 July 2011 (UTC)
Data analysis
Think it would be interesting to know what fraction of checks are from public requests versus private. Also to see what the percent positive is from each category. Have no idea what you find, but it might be something like this:
Then again, it might not. Which would be interesting as well.TCO (reviews needed) 18:48, 22 July 2011 (UTC)
- Checks do not split neatly into "public" and "private" categories, and even if they did it would not be possible to discern for all checks whether they were from "private" or "public" sources. --(ʞɿɐʇ) ɐuɐʞsǝp 19:26, 22 July 2011 (UTC)
- People do business analyses all the time with the need to drive to semiquantitative insights and the requirement to decide what bucket something should go into. It might be a pain in the ass to compile, but there might be an interesting pattern. For instance for public and private, one could just say "SPI filed" and "everything else". Or something. Not pushing...just a bug in the ear. (I'm done.) TCO (reviews needed) 19:42, 22 July 2011 (UTC)
- (I can't help myself, not to be analytical. Or if compiling everything is difficult, you could do some statistical sampleing of the set. Pick some number and randomly select from the log. Then analyze on looking at the specifics which buckets to put into. Like polling.TCO (reviews needed) 19:47, 22 July 2011 (UTC)
- It would be interesting, but collecting the data would be a pretty massive task. My guess? 25% are from SPI, most aren't. --jpgordon::==( o ) 20:02, 22 July 2011 (UTC)
- (I can't help myself, not to be analytical. Or if compiling everything is difficult, you could do some statistical sampleing of the set. Pick some number and randomly select from the log. Then analyze on looking at the specifics which buckets to put into. Like polling.TCO (reviews needed) 19:47, 22 July 2011 (UTC)
- People do business analyses all the time with the need to drive to semiquantitative insights and the requirement to decide what bucket something should go into. It might be a pain in the ass to compile, but there might be an interesting pattern. For instance for public and private, one could just say "SPI filed" and "everything else". Or something. Not pushing...just a bug in the ear. (I'm done.) TCO (reviews needed) 19:42, 22 July 2011 (UTC)
Is there a lower threshold to run CUs when there is no public disclosure of the "negative"?
I don't mean by policy, but by practice.
Reading this exchange on Wikipedea Review: [4]. The request by Risker at 16:03:25. Would that have passed a public SPI to be run?
This isn't to dwell on this incident but to wonder about a possible general issue.
r/TCO
- No, there is not a lower threshold. Yes, it would have been checked if it was in an SPI case. --(ʞɿɐʇ) ɐuɐʞsǝp 22:00, 26 July 2011 (UTC)
Audit Subcommittee community member changes
Pursuant to the motion concerning advanced permissions and inactivity, the appointment of Bahamut0013 (talk · contribs) to the Audit Subcommittee is terminated effective 3 September 2011 and his Checkuser and Oversight permissions shall be withdrawn. The committee has been unable to contact Bahamut0013, and this action is taken on the basis that he is not currently active on this project.
AGK (talk · contribs) is appointed in his place in accordance with the April 2011 Audit Subcommittee appointments motion. The Arbitration Committee thanks Bahamut0013 for his contributions to the Audit Subcommittee during his tenure, and thanks AGK for agreeing to accept full membership in the subcommittee for the remainder of Bahamut0013's term.
- Supporting motion: Casliber; Chase me ladies, I'm the Cavalry; David Fuchs; Elen of the Roads; Jclemens; John Vandenberg; Newyorkbrad; PhilKnight; Risker; SirFozzie; Xeno.
- Not voting/inactive: Cool Hand Luke; Coren; Iridescent; Kirill Lokshin; Mailer diablo; Roger Davies.
For the Arbitration Committee, –xenotalk 22:00, 3 September 2011 (UTC)
2011 CheckUser and Oversight appointments: Call for applications
The Arbitration Committee is seeking to appoint additional users to the CheckUser and Oversight teams. Experienced editors are invited to apply for either or both of the permissions, and current holders of either permission are also invited to apply for the other.
Successful candidates are likely to be regularly available and already familiar with local and global processes, policies, and guidelines especially those concerning CheckUser and Oversight. CheckUser candidates are expected to be technically proficient, and previous experience with OTRS is beneficial for Oversight candidates. Trusted users who frequent IRC are also encouraged to apply for either permission. All candidates must at least 18 years of age; have attained legal majority in their jurisdiction of residence; and be willing to identify to the Wikimedia Foundation prior to receiving permissions.
- Current demand for users with regional knowledge
- Because of the increasing activity from the South Asian, Southeast Asian, or Middle Eastern regions, CheckUser applications are particularly sought from people who not only meet our general requirements but also are familiar with the ISPs and typical editing patterns of any of these regions.
If you think you may be suitably qualified, please see the appointments page for further information. The application period is scheduled to close 18 September 2011.
For the Arbitration Committee, –xenotalk 16:40, 12 September 2011 (UTC)
2011 CheckUser and Oversight appointments: Invitation to comment on candidates
The Arbitration Committee is seeking to appoint additional users to the CheckUser and Oversight teams, and is now seeking comments from the community regarding the candidates who have volunteered for this role.
Interested parties are invited to review the appointments page containing the nomination statements supplied by the candidates and their answers to a few standard questions. Community members may also pose additional questions and submit comments about the candidates on the individual nomination subpages or privately via email to arbcom-en-blists.wikimedia.org.
Following the consultation phase, the committee will take into account the answers provided by the candidates to the questions and the comments offered by the community (both publicly and privately) along with all other relevant factors before making a final decision regarding appointments.
The consultation phase is scheduled to end 23:59, 4 October 2011 (UTC), and the appointments are scheduled to be announced by 10 October 2011.
For the Arbitration Committee, –xenotalk 14:00, 26 September 2011 (UTC)
2011 CheckUser and Oversight appointments & personnel changes
The Arbitration Committee has resolved to appoint five editors to the CheckUser team and three editors to the Oversight team pursuant to the CheckUser and Oversight appointment procedures and following the 2011 CUOS appointments process.
Subject to their providing identification satisfactory to the Wikimedia Foundation, the Arbitration Committee hereby resolves to:
(a) appoint the following editors as checkusers:
- AGK (talk · contribs · blocks · protections · deletions · page moves · rights · RfA)†
- Courcelles (talk · contribs · blocks · protections · deletions · page moves · rights · RfA)†
- Elockid (talk · contribs · blocks · protections · deletions · page moves · rights · RfA)
- Keegan (talk · contribs · blocks · protections · deletions · page moves · rights · RfA)†
- WilliamH (talk · contribs · blocks · protections · deletions · page moves · rights · RfA)
(b) appoint the following editors as oversighters:
- Courcelles (talk · contribs · blocks · protections · deletions · page moves · rights · RfA)†
- Fluffernutter (talk · contribs · blocks · protections · deletions · page moves · rights · RfA)
- WilliamH (talk · contribs · blocks · protections · deletions · page moves · rights · RfA)
- † Previously identified member of the Audit Subcommittee who will retain the specified permission(s) upon the conclusion of their terms.
The committee thanks the other candidates (28bytes, HelloAnnyong, Kww, and Mentifisto); those who applied but were not put forward as candidates; and the community in bringing this appointment process to a successful conclusion.
The committee also recognizes the departures of Dominic and Nishkid64 from their dual roles on the CheckUser and Oversight teams; along with EVula, Howcheng, & Mr.Z-man from the Oversight team; and thanks these editors for their diligent service as functionaries and their extensive contributions elsewhere on the project.
At the request of arbitrator Iridescent, checkuser and oversight permissions will be removed from their account until such time as Iridescent is able to return to active participation.
- Supporting motion: Casliber; Chase me ladies, I'm the Cavalry; Coren; David Fuchs; Jclemens; John Vandenberg; Kirill Lokshin; Mailer diablo; PhilKnight; Newyorkbrad; Roger Davies; Risker; SirFozzie; Xeno
- Not voting/inactive: Cool Hand Luke; Elen of the Roads; Iridescent
For the Arbitration Committee, –xenotalk 13:00, 13 October 2011 (UTC)
CUs may want to comment
There's a discussion at VPP about using CU to out corporate POV pushers. I am not convinced that the OP understands the technical limitations of CU. WhatamIdoing (talk) 02:15, 1 December 2011 (UTC)
- Thanks for the notice. I have closed the discussion as it is invalid; the privacy policy governs the release of such information, and as a WMF policy it cannot be changed by discussion on enwiki. --(ʞɿɐʇ) ɐuɐʞsǝp 11:56, 1 December 2011 (UTC)
a propsoal at WT:ACC
see related discussion at WT:Request an account#CheckUser authorization. mabdul 20:59, 28 December 2011 (UTC)