Talk:CheckUser policy/Archive 3

From Meta, a Wikimedia project coordination wiki

Remember the mailing list!

copied from Talk:CheckUser by Theo F 08:18, 4 March 2006 (UTC) When people are given checkuser, (a) they should be told to subscribe to checkuser-l (b) the steward should email checkuser-l-owner to confirm the person should be allowed to join the list. I've added a note to this effect, feel free to reword :-) - David Gerard 15:37, 31 January 2006 (UTC)

Nobody was told that a mailing list would be implemented when a vote was organized in order to allow the checkuser tool on the French Wikipedia. Therefore this mailing list is illegal. I ask for this mailing list to be shut down. Theo F 08:05, 4 March 2006 (UTC)
Quite the reverse. If the French Wikipedia contributors are unable to agree that CheckUser should be used in the confines of existing best practice and guidelines, then CheckUser status should and must be removed from all accounts thereon until such time as they are happy with what is going on.
James F. (talk) 08:34, 4 March 2006 (UTC)
If you do not attract the French IP check performers into your untransparent scheme I may close my eyes on how other language Wikipedias deal with the issue. But please do not interfere negatively with the transparency we are trying to implement on fr:. By the way I have never heard about a so-called "best practice and guidelines". All I've heard about is a CheckUser policy and nowhere is written in that policy that a checkuser mailing list should be created. So, as far as I know, your "checkuser list" is informal, not to say pirate. If you want to know my opinion, the best practice is that of the German language Wikipedia : no checkuser at all ! Theo F 09:25, 7 March 2006 (UTC)
Actually the mainling-list is mainly (not to say only) used by en: checkusers, as they are doing dozens of checks every day (yeah, I know, that's unbelievable !), whereas on fr: the only coordination needs are fulfilled on the Requests page. I reckon fr: checkusers could as well not subscribe to the mailing-list. The only time it could be useful is for technical changes (unavailibility / features). le Korrigan bla 13:01, 7 March 2006 (UTC)
Theo F, you are not a CheckUser. Whether the mailing list exists or not is quite frankly none of your business. Sorry if that sounds rude, but it's nothing compared to your demand that the list be shut down. Alphax 14:25, 6 October 2006 (UTC)

The log is problematic

copied from Talk:CheckUser by Theo F 08:18, 4 March 2006 (UTC) I haven't a check user permission, so why I cannot see which the users that the IP was search for them? I don't want to know the results, but if one of Wikipedians that have the permission checked an IP I want to know this and the reason for this. As special case, if anyone checked my IP, I surely want to know this. Troll Refaim 15:37, 24 February 2006 (UTC)

You should implement on Wikipedia in your language a log page like the one used on the French Wikipedia, where people who perform the checks have to report : fr:Wikipédia:Vérificateur d'adresses IP/Journal. Theo F 08:02, 4 March 2006 (UTC)
I know that we can use manual log. But I want automatic report, like the delete log, so any request will be logged. If the Wikipedian with checkuser permission will make wrong decision, I want that he/she cannot hide this. At the manual log, this could be happened. Troll Refaim 16:14, 11 March 2006 (UTC)
At present the (automatic, private) checkuser log is global across all projects. I have CheckUser on Wikimedia Commons and I can see who has made what requests, globally. We are accountable to each other. Alphax 14:27, 6 October 2006 (UTC)

CheckUser on my IP

I ask you to unblock me from English wikipedia and desysop en:User:Mikkalai who blocked me without any evidences. I request also a CheckUser process to prove my innocence. Excaliburo 20:38, 19 March 2006 (UTC)

Checkuser for edits on EN Wikipedia fall under the juristicon of the EN Wikipedia community. I will see what I can do. --Walter 21:02, 19 March 2006 (UTC)

Open proxies

If checkuser checked one user, then checked his/her IP for open proxy and found it, can he/she block this IP due to "no open proxies"? --Jaroslavleff 08:11, 30 March 2006 (UTC)

That depends on what abuse the proxy has been used for. Such things are determined on a per-case basis. Alphax 14:31, 6 October 2006 (UTC)

Access (new version)

Only a very few editors and stewards are allowed to have the CheckUser status.

A local project must have a minimum of two checkusers or no checkuser at all (they should be at least two so that they can mutually control their activity).

In case there are no local checkuser
Editors will have to ask a Steward to check if UserX is a sockpuppet of UserY. To do so, simply add your request to Request for CheckUser information listing these users and explaining why you ask for such a check (with links). You also need a community consensus (like above). The Steward will answer you if these two users are from the same IP, same proxy, same network, same country, or are they completely unrelated (see discussion for what the Steward should more precisely say to the editor). The steward will not grant temporary checkuser access to anyone.

How to get checkusers on your project
On a wiki with a (Wikimedia-approved) Arbitration Committee, editors approved by the Arbitrators may have CheckUser status. After agreement, simply list the candidate on Requests for permissions to have him granted status.

On a wiki with no Arbitration Committee, or if the community does not wish to delegate checkuser control to its arbitration committee, checkusers (at least two) must be approved by the community. The user requesting check user status must request it within his local community and advertise this request properly (village pump, mailing list when available, ...). The editor must be familiar with the privacy policy. After gaining consensus (70%-80%) in his local community, with at least 25-30 editors approval, the user should list himself under Requests for permissions with a link to the page with the community's decision.

If an insufficient number of voters does not allow to vote for two checkusers on a wiki, and in any cases, it is possible for a local project to ask for any of the current (already approved by another community) checkuser to get checkuser status on the local project. The local community will have to choose at least 2 checkusers in the list of current checkuser. Minimum number of votes or percentage of support are up to the community. It is recommanded (but not mandatory) to choose editors from the same language group

for example, the en:wikibooks community may choose two checkusers approved by the en.wikipedia.
for example, the de:wikipedia community may choose two checkusers approved by the de.wikibooks.

Once a local community has become big enough to appoint its own checkusers, it may either remove the previous checkusers or choose to keep all of them according to its needs.

  • This version has my full support; I believe it addresses the issues raised recently about how to provide checkuser to smaller projects, without relaxing our standards on a very sensitive permission. I support it fully, and volunteer to serve as a "guest checkuser" for any project that needs one. Essjay TalkContact 02:01, 19 April 2006 (UTC)
  • I also indicate my support for this revision. Kelly Martin 05:19, 19 April 2006 (UTC)
  • What means Steward? Any or some in particular? -Romihaitza 08:27, 19 April 2006 (UTC)
  • I support the new version as well. Guest CheckUsers would resolve many of the issues with the 25-support limit. // Pathoschild (talk/map) 08:32, 19 April 2006 (UTC)
  • I think this is a silly policy as it relinquishes editorial control to another project. The whole point is that the stewards have been very lax in responding to any checkuser requests, or in truth havn't responded to any at all from what I've seen (I may be mistaken here). en.wikibooks simply is trying to take matters into their own hands by getting somebody who actually cares about the project enough to respond at all, because the stewards aren't or don't want to. The question here is where is the avenue for appeal if the stewards don't respond? --Roberth 16:53, 20 April 2006 (UTC)
    • I think you are mistaken indeed. Most requests for checkusers are actually done privately, with contacts either by emails or on irc. I must have myself answered at least a half dozen requests. Ant
      • I have not had a single check user request handled. Period. I've made several requests, and I've withdrawn all of them simply because after waiting several months I felt they were no longer valid requests. I guess because I am averse to communication through IRC, and agree with Teofilo below that they should be very public when they occur, that these havn't been handled. I've frankly given up trying and consider this to be a tool unavailable to non-Wikipedia projects. --Roberth 23:11, 23 August 2006 (UTC)
I think handling requests publicly, as is done on fr:Wikipédia:Vérificateur d'adresses IP/Requêtes is better for transparency. Teofilo 12:34, 26 April 2006 (UTC)
    • I do not understand this eagerness to appoint people with checkuser status everywhere. The German language Wikipedia has no such people and seems to be OK. Teofilo 19:04, 23 April 2006 (UTC)
  • Support CheckUser is not something that needs to be local to the project. This way, en.wikibooks can start with two experienced CheckUsers instead of two inexperienced ones. --Kernigh 01:44, 25 April 2006 (UTC)

Important

Please see MediaWiki 1.7 suggestions.

Checkuser to bureaucrats

I request that bureaucrats also be given checkuser rights. Bureaucrats have to deal with possible sockpuppets on an RFA and often have to determine if a suspect user is a sockpuppet or not. Since the checkuser requesting phase takes time and RFA are a comparatively short, it would make sense to grant such rights to members of the community who have the gained the trust of the community. Nichalp 07:08, 10 May 2006 (UTC)

As both a bureaucrat and a checkuser, I oppose this in the strongest possible terms. Bureaucrats were not selected to be given access to private user information that if disclosed can literally ruin the life of a Wikimedian, and given that anyone can be made a bureaucrat on any project, the possibility of checkuser falling into the wrong hands becomes frighteningly likely.
To be quite honest, in a month of being a bureaucrat (I was a checkuser before that), I've never once needed to use my checkuser status while closing an RfA. (I have, to date, been responsible for 50-60% of the promotions done on en.wiki in the last month, so plenty of chance to have needed it if it was going to come up.) I have identified sockpuppets via checkuser that had participated in an RfA, but it was done through the established procedure: A user noticed an irregularity, reported it to Requests for Checkuser, a checkuser was run, and the sockpuppets identified. The liklihood of a bureaucrat needing checkuser for an RfA is such an infrequent possibility that it is simply unnecessary to extend it on those grounds only; if they feel a checkuser is needed, they can contact a checker privately and request it.
Further, bureaucrats are not selected for having the technical skills necessary for checkuser; it is not, contrary to popular belief, a magic system that displays a bright red sockpuppet notice at the click of a button. Without the requisite skillset, releasing checkuser to all bureaucrats will a) increase dramatically the number of false accusations, b) increase the load on the checkusers who do have the necessary skillset, as we are forced to check every result to insure accuracy, and c) completely destroy the trust Wikimedians have in checkuser results, as scores of false positives are announced and then retracted. (Allow me to offer two examples: If checkusered by someone who did not a) know the individuals involved, and/or b) know how to identify a shared IP, User:Angela and User:Tim Starling would be declared sockpuppets, as would User:Mindspillage and User:GMaxwell.)
At the very least, this cannot be allowed to happen without a reconfirmation of all bureaucrats on all projects in line with the checkuser policy; specifically, those projects with no Arbitration Committee would have to establish 25-30 supporters for each bureaucrat, or relenquish thier bureaucrats (do we want that?), and those with Arbitration Committees would have to have thier bureaucrats reconfirmed by the Arbitration Committee (another situation I doubt we want).
The best route all around is to simply leave checkuser as it is; a separate permission assigned to highly trusted and technically capable users on a very limited basis. Essjay (TalkConnect) 11:18, 10 May 2006 (UTC)
I join Essjay in opposition to this idea (which has been rejected before). The current bureaucrat selection processes do not evaluate candidates for the technical skills required or for the requisite trust. Bureaucrats are trusted by the community to evaluate requests for adminship; there is no reason why this trust should be extended without consideration to the far more serious trust associated with CheckUser status. While I have no objection to individual bureaucrats applying for CheckUser rights, I would strongly urge against a blanket grant of this rather significant access to people who have not been individually screened for eligibility. Kelly Martin 11:32, 10 May 2006 (UTC)
I oppose this, because not all bureaucrats would know how to do this. However some would and it would help them in their duties. Even some admins with the necessary knowledge would find it useful, I know I would. With IP blocks, you never know if you might hit a logged in user, even more so with range blocks. Now, there is no cabal, but if there were one it would be CheckUser. Admins are elected. Bureaucrats are elected. Stewards are elected. And even Arbcom members are elected. But CheckUser... It is arbitrarily given to a very very select few by a very select few. Needless to say that is both risky and safe. On the one hand, the odds of someone abusing it are low. On the other hand, with such a small group, its usefulness and its regulation are limited. But it is likely safer this way. Prodego Talk 18:35, 15 May 2006 (UTC)
I also oppose this as well, because bureaucrats, at least on the English Wikipedia, are elected because they would follow the community's will; while I doubt that they would not be trusted with the checkuser bit, I also do not know if each one of them has the technical knowledge to follow those requests, and I do not want any of them to have to step down as a result. Communication between bureaucrats and checkusers in the cases that absolutely require IP checks would suffice, at least in my opinion. Titoxd(?!?) 02:07, 11 July 2006 (UTC)

Humm, I believe that when Nichalp said "checkuser to bureaucrats", he was most likely referring to the Bureaucrats on the English-language Wikipedia (where I, like Nichalp and Essjay, am a Bureaucrat as well), and not to all Bureaucrats in all the projects. And speaking strictly about the English-language project, I don't suppose that trust would be an issue when referring to Bureaucrats. I have complete trust in Nichalp, Essjay, Taxman and all the other Bureaucrats in that project. And if that's the case, all that is left is the issue of the technical skill to use the tool. It is true that the skill to perfom checks is not the reason why Bureaucrats are selected, which is why I would oppose as well making CheckUser a tool automatically associated with the status (such as Renameuser or Makesysop); on the other hand, nor is it rocket science either. On the English-language Wikipedia (again, talking strictly about it), the users chosen to be Bureaucrats are experienced people, who have been exposed to virtually all aspects of the project. I really don't believe that someone like Taxman, a Bureaucrat there and someone who has been with the project since 2003, wouldn't know how to perform a check appropriately (whether he would be willing to do it, is a different issue entirely), and I really, really don't believe that someone like him, or Nichalp for that matter, wouldn't know how to behave appropriately about the sensitive information associated with the tool.
And there's an interesting comparison: on the English-language project, the Arbitrators (the members of the ArbCom) were given CheckUser access: they are obviously highly trusted users, like the Bureaucrats over there, and, like the Bureaucrats as well, they were chosen to a position (Arbitrator) for a reason that does not relate to the technical ability to perform a CheckUser correctly: they were chosen to be the final rung in the conflict resolution process on the English-language Wikipedia.
With all of that in sight, I would not oppose asking the active Bureacrats on the English-language Wikipedia (listed at en:Wikipedia:Bureaucrats) if they would be interested in working at the very busy Requests for CheckUser page, which is currently managed by just 2 users (who are doing a great job, let it be said, but if one of them decided to take a vacation..). Redux 18:12, 4 August 2006 (UTC)

Addendum: Bearing in mind that, according to current policy, CheckUser status on the English-language Wikipedia is decided by the local ArbCom, any "asking" would need to be done by it, or at least have its assent. Redux 19:14, 4 August 2006 (UTC)

Using Checkuser Privileges for "Dragnet" purposes

This seems to be happening now at Wikinews[1].

  • About 4 of the requested user names were found to be in a different country; the other 10 or so were anons in Toronto. The person with Checkuser privilege, CSpurrier, reported information to the community about an alltogether different user "Factchecker" (for which there was no request at all for the use of checkuser) which he came upon during his check of the anons. There seems to be little if any actual vandalism involved and the checkuser requester, Amgine, has had an ongoing feud with the supposed sockpuppeteer,Neutralizer, who he recently blocked for 3 weeks. Can this apparently blatant abuse of the checkuser privilege be stopped? 70.50.76.209 23:43, 11 June 2006 (UTC)
Upon further research it seems that the "infraction" committed by the majority of the anons who were subjected to Checkuser was this edit which they placed on Amgine's talk page in an attempt to disclose what they felt was an unbecoming edit by an Admin which had been erased from Wikinews' history;

What Amgine said about Australians [2] "Simeon edits from Australia, a continent populated entirely by criminals! And, as a criminal he would expect that we would not trust him, so obviously we cannot drink from the glass in front of us.."- Amgine/talk 03:54, 11 May 2005 (UTC). 70.50.76.209 00:05, 12 June 2006 (UTC)

Info

What information do Checkusers have? GangstaEB (W) 19:03, 9 July 2006 (UTC)

See Help:CheckUser for an explanation of the tool and the information provided by it. Essjay (TalkConnect) 00:14, 11 July 2006 (UTC)

checkuser on my own wiki...

Hay, I run my own wiki and I was wondering how I can get my hands on this extension? Checking server access logs and comparing it against recent changes can be quite tedious... Thanks, 63.80.111.2 21:04, 7 August 2006 (UTC)

You'll have better luck trying to contact Brion Vibber directly. He's the creator of this tool. Try his talk page (follow the link I've provided to his user page and then click on the tab that says "discussion") or try e-mailing him, although I don't know if Brion made his e-mail address public. Regards, Redux 23:05, 7 August 2006 (UTC)
Brion seems have have gone AWOL... is there a better place to put this question/request? 63.80.111.2 19:58, 6 September 2006 (UTC)
Maybe if you can get a hold of any of these people, they'd be able to help you. Developers are those who make the "magic" happen on Wikimedia. Redux 18:59, 16 September 2006 (UTC)

What does "Wikimedia-approved" mean ?

This question is a kind of follow-up to a non really answered question by Angela (November 9th 2005).

Browsing through the history before asking this question, I noticed that Angela added this precision in the sentence «On a wiki with a (Wikimedia-approved) arbitration committee only editors approved by arbitrators may have CheckUser status.», to try to clarify the previous version (modification summed up as «proposed addition»).

This seems reasonable... But what does it mean exactly ? I did not find much about "Arbitration committees" with a superficial search through this Wiki. Am I right to understand the list of «(Wikimedia-approved) arbitration committee[s]» as presently reduced to one item, the arbitration committee of the en Wikipedia ? Touriste 09:30, 3 September 2006 (UTC)

The answer to this question should be provided soon. Watch for Arbitration Committee. 207.145.133.34 14:15, 6 October 2006 (UTC)
Also up for submission: Checkuser Privacy. Hints on why checkuser is important (beyond Privacy policy) and other methods of ensuring your privacy. ~Kylu (u|t) 04:50, 7 October 2006 (UTC)

How long

In the policy, it is mentioned that the information is not stored for long. How long is the information stored? And from last login, or last edit? These are important issues for a privacy policy-type matter. The preceding unsigned comment was added by Womble (talk • contribs) 06:03, 27 October 2006 (UTC)

The time period is variable. Your IP is not recorded on normal viewing of a page. Alphax 02:06, 27 October 2006 (UTC)

What if two people use the same computer

I have one doubt. This may sound trivial, but in India, it is very common for more than one person use the same computer. How to differentiate that situation and a Sock Puppet. For example, if my wife browses Wikipedia and votes in few Rfa or AFD from this computer, how can I prove that it was another person who used my computer and not me. Another case is browsing centres - Many persons may be using the same computer (with same IP). How to prove that they are both different people. Mariano Anto Bruno Mascarenhas 16:08, 31 October 2006 (UTC)

CheckUser is not Wiki Magic Pixie Dust. Some level of common sense is required by the person who carries out the CheckUser to determine if they're the same person or not, which is one reason why access to the tool is only granted a very limited set of people. Alphax 22:46, 31 October 2006 (UTC)

What if one persons uses different accounts

And coming to the next question. What if Mr.X uses one account in a computer at his home and another account in a computer at his office. How to prove that (with different IP). Mariano Anto Bruno Mascarenhas 16:08, 31 October 2006 (UTC)

See my response above; CheckUser is not Wiki Magic Pixie Dust. Alphax 22:46, 31 October 2006 (UTC)

CheckUser with greater consensus, less voters

In fi.wiktionary we have a persisent problem with vandalism. We've been discussing and the community supports gives 100 % support for CheckUsers. We haven't voted on the people yet, though. The problem is that even though the community works awfully well, in harmony and orderly, there are only ~15 of us. The question I have is, could 15 people elect CheckUsers, say, with a support of 80% or more?

(More about the issue: This is one person who creates several user accounts, and we know from fi.wikipedia that this person uses a small range of IP's during one attack. But on the course of many different attacks, the range is larger. So for one attack we need to know the IP and block it for some time to stop this person.)

Samulili 21:25, 2 November 2006 (UTC)

CheckUser result does not prove innocence

Help:CheckUser#Hints and tips writes "An editing pattern match is the important thing; the IP match is really just extra evidence (or not)." - I agree.

But, CheckUser policy#Use of the tool writes "It is allowed to check an editor's IPs upon his specific request, when this user wants to publicly prove his innocence." - this sentence seems misleading. Difference of IP does not prove his innocence in itself.

So one more sentence should be added, such as - "Note that a CU result may support inoccence, but is not enough to prove innocence." --Kanjy 14:57, 22 November 2006 (UTC)

Quite true. A person requesting a Checkuser of themselves doesn't prove anything, because it is simply too easy to engineer their editing so that they appear innocent. Alphax 03:37, 23 November 2006 (UTC)

Thanks. Comments and/or improvements are welcome! --Kanjy 04:02, 26 November 2006 (UTC)

"Note that the tool may provide some partial evidence for him, while it does not prove his innocence by itself." - How about this sentence for appending to the 3rd paragraph of CheckUser policy#Use of the tool? --Kanjy 08:13, 28 November 2006 (UTC)

I will write to this policy as I wrote above if there will be no objection for a week (168 hours) from now. OK? --Kanjy 11:35, 1 December 2006 (UTC)

Done. Thanks. --Kanjy 15:32, 8 December 2006 (UTC)

Interwiki Checkusers

An increasing number of cases have started to surface for interwiki checkuser issues. Currently two checkusers should make independent analysis and exchange notes for any interwiki requiest (provided both wikis have a checkuser avalible).

I hereby propose the authority to be bestowed on stewards to be able to checkuser interwiki w/o involving second or third parties. This is for interwiki cases only.

--Cat out 07:25, 14 December 2006 (UTC)

This is a very bad idea; Stewards are only supposed to use their access where no local users with those capabilities exist. Alphax 14:06, 14 December 2006 (UTC)

Real name policy

Regarding the recent incident, I think it is better for us to have a "real name policy" about Checkuser right as well Steward access. It would be

  • Only those who give their name to the Foundation can be granted checkuser access. For this purpose, after they are elected from the community, they should send a copy of their identification with photo to the office (see Wikimedia:Contact us for contact details).

Thought?--Aphaia 10:58, 8 March 2007 (UTC)

I agree. See this wikimail for Florence Devouard's belief that "The office also know all the real identities of the checkusers I was told. [...] I think it is not the Foundation business to enter into any credential controlling activity. It makes sense for board candidates. It makes sense for checkuser because there is a technical access to data with confidentiality agreement. But getting involved in the process of collecting credentials is something we better stay away from." 4.250.168.160 16:35, 9 March 2007 (UTC) (WAS 4.250 on en wikipedia)

Thanks for your notice, so we can say there is de-facto real-name policy about checkuser? As for access to data with confidentiality agreement, I totally agree with Florence. In that case only we lack its written description . I'll appreciate your elaboration of the proposed text the above :) Aphaia 05:41, 12 March 2007 (UTC)
Hmmm I agree but we have to see how to set this up. I mean, there's more than 100 Check User, so we need to know how to collect the informations. In my opinion this can be one of the duty of the Volounteer Coordinator, whatever I think we should ask the board to raise this issue during their next meeting Schiste 06:57, 12 March 2007 (UTC)
In my opinion they can simply fax/mail of the scanned copy of their ID to our laywer (=Foundation Office). They need not to inform their identity for Volunteer Coordinator (but it could happen though). From the view of the office, if they want VC to make a list, is another matter. There is a trade-off between how many people know their identity and workload but regarding the past experience, our laywer in Florida thought he reviewed each IDs with photo and would not be satisfied with a report from volunteers. --Aphaia 07:03, 12 March 2007 (UTC)


An attempt guage community support on this and related proposals is going on at en:User talk:Jimbo Wales/Credential Verification. Please participate. Thank you. 4.250.168.15 11:37, 13 March 2007 (UTC)

I fixed the link. Thank you for your invitation, however as for Credential verification, while it seems to be similar, it is another issue from the issue now we are discussing, so I don't think we need to go there. Our topic of only real name (and perhaps age, since Brad Patrick insisted only people over 18 years-old should be allowed to be granted the steward access). As for the oppositin to the below, I would point out two things: 1) either you don't think it feasible, it are said all CU asked to fax their ID with photo and they did and 2) regarding several point, the CU is not the matter of our virtual community but related to liability in relation to privacy policy, so relevant to the real life, it is different from the matter of sysop or bureaucrat access. --Aphaia 11:26, 15 March 2007 (UTC)

Oppose this idea. For three main reasons

  1. Not practical - it's easy to provide a fake name. If the said checkuser has never posted their photo or real birthdate online, it's just as easy to provide a fake ID. The only real way i'd imagine to verify a persons' identity would be to actually have a foundation member pay the person a visit and get them to prove they're who they claim to be on wikipedia. Which is just not feasible. Someone is probably going to say that i'm being paranoid here, if a wikipedian who's trusted enough to become a checkuser provides a copy of photo ID, we should assume good faith and trust it right? But in that case, we may as well just assume good faith and trust them to be a checkuser without the ID. Basically, if a checkuser is indeed trustworthy, then ID is really not needed - we trust them. If a checkuser is not truthworthy and planning to do something malicious, then they'd have no problems providing a fake ID and name, which totally defeats this purpose. On the other hand, if the checkuser considers real name/ID not all that important in the first place, then they would have already revealed it anyway, so once again, this is pointless.
  2. What does having real names mean? Secondly, there's no real reason for us to believe that checkusers will be better/more responsible if the foundation knows their real name. In fact, there's even no decent evidence to suggest that people who publically reveal their real names and identities will be better/more responsible members of the community because they're more accountable for their actions.
  3. If anything, it's oversight who need to be IDed since they actually do deal with sensitive information. I never understood why Wikipedia makes a big deal about IP addresses, IP addresses are not a big deal
    1. They don't identify a person. Even if someone doesn't change ISP and always uses the same internet connection, their IP address can still change often, and countless other people could still be sharing it.
    2. IP addresses don't reveal identity. All they do is reveal your ISP, and geographic location. The geographic location is also pretty vague - depending on who your internet service provider is. The mostly just tell what country you're from, which isn't a very personal piece of information.
    3. IP addresses are hardly confidential - a lot of places on the internet record your IP address. Whenever you download something from someone else, they can have your IP address. Whenever you post on any message board, the mods or admin there will have your IP address. If you've got your email at a place like hotmail, then whenever you send an email, the reciever has got your IP address.
    4. For most wikipedians, it's quite easy to find their IP address. Most wikipedians have accidentially made edits without logging on (i.e. forgetting to log on). If you go through someone's contribution history carefully, and then check the histories of the pages they edit, i bet for most wikipedians, you can come up with an IP address or two. If just depends on how far you're willing to go to find someone's IP address. MOst active wikipedians also have "email this user" activated. So often, you can just email them and get their IP address from a reply.
    5. At the end of the day, the only thing IP addresses are really good for is seeing what the probability two accounts are operated by the same person is. If they've got the same IP, then the probability is high. If they have IPs from different countries, then the probability is low. But at the end, IP addresses prove nothing.

--`/aksha 09:22, 14 March 2007 (UTC)

Comment: Actually it is sometimes possible to resonably identify who a person is from their IP. For example, if you knew my IP, you could probably easily guess my real name. To be fair, the reason is this is because I'm not that concerned about an high level of anonymity but if for example, I had decided to keep my wiki identity seperated from the my real life identity I use on the internet, you could find out details I didn't want you to know. For some people, you could probably even find out their birthday and where they live depending on how careful they are with their personal information. Point being, an IP can in fact sometimes be used to identify or at least have a very good guess at who the person is. This does require a specific set of circumstances but it is possible and if a user wishes to remain anonymous, they should be allowed to do so. Note, many of us don't bother or care that much. I admit I have not logged in on purpose and you can probably guess what my IP is if you look hard enough at wikipedia. However again, just because some, perhaps even most people don't care doesn't mean we should ignore the fact some people do care. Secondly, and perhaps more importantly, you appear to be ignoring the fact that some of our contributors are living in regimes where their edits to wikipedia may get them into trouble. For example, the status of wikipedia in the PRC is unclear and given the history, it's possible the PRC government may decide to go after Chinese wikipedians who obey our policies regarding NPOV etc in Chinese related articles. I'm not sure how things in China work with the great firewall etc and some may be using proxies anyway but it's resonably possible that people may be prosecuted because the Chinese government finds out IPs they're using on wikipedia. For that matter, it isn't just governments. What happens if someone wants to sue a wikipedian who has chosen to remain anonymous. If we are subpoened by a court, we may cooperate depending on what our lawyer says. But should we really be allowing people to bypass our current level of protection for wikipedians? Finally while it's true a lot of other places record your IP, there are several issues here. Firstly, the level of involment people have with many of these services is somewhat different. If I'm just e-mailing my family or a friend, I don't care if they know my IP most of the time. If I was doing something serious and wanted to send an anonymous email I would use mixmaster or something like that. More importantly tho, we currently present it that wikipedians with accounts have a resonable guarantee that their IPs won't be revealed to anyone without very good reason. Therefore, it is resonable for wikipedians to assume they don't need to take extra steps like use Tor or whatever for anonymity. If we aren't going to ensure checkuser is properly limited and regulated then we need to make this clear ASAP. Nil Einne 16:21, 16 March 2007 (UTC)

I support the proposal, and for oversight as well. Of course no system is proof agains someone determined enough and clever enough, but it's a good barrier against having people who are entirely unknown or fakes of some kind in these sensitive roles. I'd extend it even further, i.e. to bureaucrats and arbcom members, but I can see how that might not be practical for the office to handle so I won't press that point, at least not in this forum. Metamagician3000 09:48, 14 March 2007 (UTC)

What about IP hashes?

Related to w:Wikipedia:IP Hash, if the IP addresses of logged-on users were hashed and made public, 90% of CheckUser's functionality could be performed by ordinary users without compromising anyone's privacy. The other 10% of the time CheckUser would be necessary to check IP addresses that are similar but not the same, since IPs from the same subnet would have vastly different hashes. It seems to me the hassle of reporting a suspected sockpuppets to CheckUser has enabled quite a few to go unnoticed for a long time.  Þ  01:16, 14 March 2007 (UTC)

Age restrictions on checkusers?

Here is someting I posted to the foundation-l mailing list:

Sebastian Moleski writes:
> It might be prudent to use the term "jurisdiction" instead of country if
> we're talking semantic details here. Shouldn't this discussion take place on
> a talk page somewhere?

Weak agreement on this invocation of the Fear Of Law.  Strong agreement
that this discussion should be on a wiki page; see 
http://meta.wikimedia.org/wiki/Talk:CheckUser_policy

I am generally loathe to use age as a barrier for anything; we should be
clear about where this line is being drawn, and for what reasons.

"This is a very important role" is not a reason to discriminate based on
age.  "This is a role that requires being responsible" is likewise not
appropriate.  "This is a role that requires being legally accountable for
one's actions" is.  

SJ

Proposal to conduct random checks on RfAs

I would like to add the following subsection to the Use of the tool section:

===Adminship nominees===
Nominees for adminship may be checked at random during the nomination process. Anyone who agrees to be nominated is thereby giving permission for a check to be conducted. Nominees and the community need not be informed if this has been done, unless the checkuser believes the results of the check have invalidated the nomination, in which case the information may be revealed at the discretion of the checkuser or the bureaucrats.

See here for a prior discussion of this issue.

Any thoughts? SlimVirgin (talk) 17:05, 1 June 2007 (UTC)

I understood vote which is investigated with CU may include RfA. At any rate, Japanese Wikipedia has already performed CU on every voter (note: not random check, over 60 editors, IIRC?) on a certain RfA, include the nominee, partly since it was revealed this nominee had used to be editing via open proxy. ja:User:ちゃたま performed it, so you can see it on the log, if you have the access. Just for your information. --Aphaia 17:41, 1 June 2007 (UTC)
I certainly think this is a good idea, admins have the potential to do serious harm to their native project, and stopping known sockpuppeteers before they even get the tools would certainly be a step in the right direction. Ryan Postlethwaite 18:03, 1 June 2007 (UTC)
Don't like this idea, checkuser isn't a toy for random checks just in case there's a bad candidate somewhere. Either way, it won't solve anything because the admin would probably pass unnoticed. Majorly (talk) 18:23, 1 June 2007 (UTC)
I agree with Ryan. I've been checked twice - on my books rfa & on my books CU! Sure - things can be hidden but in the end Cu is a tool to be used even if it doesn't tell you everything. It should be used quietly & carefully - I've checked some stuff that has turned up nothing, however other than Cus no one knows & no harm has been done to anyone. As to being policy - well I don't feel strongly but it should be used --Herby talk thyme 18:35, 1 June 2007 (UTC)
Agree as well. As can be seen by the link above, the usefulness (not just the validity within policy) of this is disputed. Titoxd(?!?) 19:02, 1 June 2007 (UTC)
Titoxd, when you say you agree, do you mean you agree that we should add that section? SlimVirgin (talk) 19:36, 1 June 2007 (UTC)
No, I agree that it is an awful idea. Titoxd(?!?) 22:27, 1 June 2007 (UTC)
I think running CU on admins is perfectly fair. EVula // talk // 20:27, 1 June 2007 (UTC)
  • This is a solution looking for a problem. It will NOT solve the problem that en.wikipedia recently had with a trojan admin account. There is no point to this proposal other than adding additional bureaucracy and a feel-good solution that solves nothing. Vehemently oppose this privacy violating process. If you go this direction, you might as well insist all administrators reveal their identities to the Wikimedia Foundation. Afterall, it's the only way to be sure. --Durin 20:43, 1 June 2007 (UTC)
Just because we can't have (and don't want to have) 100 percent security against dodgy admin accounts doesn't mean we shouldn't have some. This isn't a solution looking for a problem; quite the reverse, as I indicated above. It wouldn't increase bureaucracy at all, which is why the proposal is that the accounts may be checked at random. That is, some weeks maybe a lot, some weeks none, at the discretion of the checkusers. The point is that the nominees could never be sure that they wouldn't be checked, and that might discourage a few of the less technically minded socks. Admittedly, the absolutely determined ones will be able to evade checkuser, but as I said, 100 percent security isn't what we're looking for here. SlimVirgin (talk) 21:06, 1 June 2007 (UTC)
And it might discourage some perfectly valid candidates from applying, knowing their IP will be revealed in a random drug test. You've got no evidence that this will even help, given the short duration of IP logs, and it could give a false sense of security. Just no. 64.126.24.11 21:13, 1 June 2007 (UTC)

Clearly this is against the letter of the current policy, which is why a policy change is proposed. I think it is also against the spirit, and further I think CU is a tool that is most powerful when used sparingly. I have tried to use it sparingly in my usages on Commons and now on Meta. Finally I don't think it actually would work well without a LOT of fishing and checking possible things out. So I am not keen on this proposal at all and would prefer it not be adopted. I suspect that the foundation itself would need to be involved in changing the policy, were it to come to that. ++Lar: t/c 21:48, 1 June 2007 (UTC)

I would like to see whether there's agreement among users before asking people at the Foundation for their views. SlimVirgin (talk) 22:01, 1 June 2007 (UTC)
The proposal seems quite reasonable to me. In fact, I don't think it would be unreasonable to require all admins to confirm their identities with WMF. Adminship may not be a big deal, but it is very different from editing. The damage that could be done by a skilled sockpuppeter with multiple admin accounts (thus able to create the illusion of consensus) is quite severe.-- Visviva 01:27, 2 June 2007 (UTC)
"I would like to see whether there's agreement among users"... Precisely so. I wasn't suggesting that the Foundation be asked just yet, merely pointing out that they WOULD have to make the policy change, it is not one that user consensus can make independently. I do think that a lot of good points were raised and I am in particular interested in your response to Oleg Alexandrov's point... I applaud your caution in wanting to do this and your sensitivity in raising it for discussion but I remain opposed to the idea itself. ++Lar: t/c 12:55, 3 June 2007 (UTC)

Bad idea, in my view. SlimVirgin, of all people, you are extremely careful about others not finding your IP address, and now you are suggesting other people's IP address be checked on routine basis. Would you even stand for admin again knowing that that it may entail a checkuser? en:Oleg Alexandrov (talk) 02:07, 2 June 2007 (UTC)

I would, yes, so long as I trusted the people with checkuser, and the ones who currently have it are very trustworthy. If a proposal like this were adopted, we'd have all the more reason to make sure only very responsible people get access to it, and the more checks there are, the more we can be certain that we're choosing the right people for adminship (and therefore possible checkuser) in the first place. So this proposal would indirectly tighten up checkuser security too. SlimVirgin (talk) 09:42, 7 June 2007 (UTC)

Seems to me that, if the issue is the trustworthiness of admins and potential admins, then the issue applies equally to current admins. I would suggest, if this is to go forth, that it be expanded to say "Editors holding administrator and higher rights may be subject to random checkuser. The editor and the community need not be informed if this has been done, unless the checkuser believes the results of the check raise concerns. The checkuser will report any concerns to the Arbitration Committee or bureaucrats of the applicable project, who will determine next steps." Risker 03:00, 2 June 2007 (UTC) forgot to sign, oops

This is a horrible idea. It's invasive, it's a lot of grunt work for people who have better things to do. Checkuser is never used for fishing because it's an invasion of privacy, and is only done when suspicion exists. Automatically checking admins in some hunt for possible nefariousness with no reason to do so other than "they might have other accounts!" is w:McCarthyist. Proto 09:46, 2 June 2007 (UTC)
Okay, thanks for the input. It's clear from this limited input that there's no consensus to do random checks at this time. This strongly indicates that we don't mind if admins are running more than one admin account or are formerly banned users, which I find puzzling. Even if people think adminship is no big deal, it's not no deal whatsoever, otherwise we'd give it to everyone. So I feel there's some unclear thinking going on here. SlimVirgin (talk) 22:16, 6 June 2007 (UTC)
I don't think the objections are because "we don't mind if admins are running more than one admin account or are formerly banned users." I think the issue is more that people do mind about the fact this is a privacy violation, will scare away candidates, and will give the checkusers a lot more work to do. Picaroon (Talk) 23:15, 6 June 2007 (UTC)
By all means, request a checkuser if there is valid suspicion that there's a problem. That's what checkuser is for. I would suggest that people would mind if they found out there was an admin with multiple admin accounts, or are a banned user (personally, I couldn't care less about the latter - if they have been doing a good and helpful job and not abusing things, I don't really care if they used to be Willy on Wheels or Mr Pelican Shit, and we would probably never know, anyway), but as I said above, people also value their privacy (it's a principles thing). Plus checkusering is a busy job already. Proto 09:22, 7 June 2007 (UTC)
The proposal is that random checks would be allowed, so it wouldn't add substantially to the workload; check users could do it as infrequently as they liked. This proposal would simply allow them to. As for the privacy angle, that's fair enough, but as I said above, it indicates that people don't mind that much if there are admins with multiple accounts. You're placing privacy rights above that. I value privacy too, but I trust the checkusers not to violate the privacy policy, so I don't see it as an either-or situation. SlimVirgin (talk) 09:37, 7 June 2007 (UTC)
I'm not sure it follows that if I don't like Remedy X that I think Problem Y isn't an important problem. It just means that I don't like Remedy X. CU is not the only way to combat admins with multiple accounts, or banned users returning in general, and further, a random checkuser of an admin candidate is not the only preventative measure that could be taken. I completely agree that socknests are a bad thing. I just do not agree that using CU this way is necessarily the best or only way or the most privacy maintaining way to combat them. And I'm completely open about my identity. ++Lar: t/c 18:40, 11 June 2007 (UTC)
Using checkuser on RfAs seems appropriate and useful. It would be good to make certain that someone hasn't been playing nice under one name while making trouble under another. Doczilla 19:14, 16 June 2007 (UTC)

One's country to be considered private information

It says that one's country can be revealed, but some people come from small countries with not so many users. Would it be possible to change it to be: Revealing that two users come from different countries is generally not personally identifiable. I come from a small country, I have an English Wikipedia account and there is something about me on the user page. If my country was told, that would reveal my identity, but a person coming from a big country might not come to think of that. Himyeana 14:36, 10 June 2007 (UTC)

I would rather have the name of the Internet service provider not to be told either, at least when it reveals the country. Himyeana 13:00, 12 June 2007 (UTC)

To have countries not to be told would improve the privacy, and at the same time the effectivity of the tool would not be changed. Himyeana 10:21, 13 June 2007 (UTC)

Greetings again! I found out about my ISP, and since it's very common in my country but not common worldwide, it would reveal me. In addition to some ISPs being more common in some areas, close people can sometimes know the exact ISP a person is using. So I believe revieling ISPs is not a very good idea. I don't think there is any good reason why other users would need to be told someones ISP or country. It seems that to change this doesn't change the efficiency of the policy in any way. Himyeana 12:48, 21 June 2007 (UTC)

I'm proposing it as Saying that two users come in from different countries is generally not personally identifiable. Himyeana 09:36, 16 July 2007 (UTC)

Could the "Checkuser" function be problematic?

Good day, I have chosen this issue to be the first in which I would like to make my voice heard regarding my concern on the effectiveness of the checkuser function. To begin, there's no doubt in my mind that it was established with the best of intentions, and it has indeed served to fuction as a tool that has helped limit disruption to various Wikipedia projects. In short, we know it has limited conduct that could have continued indefinitely under any other condition. But I cannot help but question its ability to effectively block disruptive wihout ever causing unwarrented harm to users with the same IP who happen to be legitimate. Here is my story to illustrate my point:

I begin editing on the English Wikipedia a little over one year ago. I started off a bit shaky, being unfamiliar with proper policy and such, but after a couple of months of well needed reading, I managed to establish a considerable edit count, gain more experience each day. I even became accepted on the user list for Vandal Proof, where I reverted countless incidences of vandalism. At the beginning of this summer, I went on what is known as a "Wikibreak" for the reason that I travel quite a bit this time of year, and can not edit regularly. After taking a couple of pictures, I came back to upload them, only to find that my account had been indefinitely blocked on the grounds that a checkuser had found evidence that sockpuppetry was coming from my IP address. Naturally, I was panicked to find that my user account, being fairly established, was in jeopardy. I immediately requested an unblock via my user talk page just before an admin, who was strikingly uncivil, protected the page prematurely, convinced I was guilty of the sockpuppetry in question. To this point, I am not entirely sure where the sockpuppets came from, but I am deeply offended that my account was shut down without any of my contributions being remotely considered. Of course, I raised the issue with an admin, and the blocking admin in question, only to receive no response. In addition, one of the admins disabled the e-mail user feature for the account. My user account, which I believe was bound for eventual adminship nomination, remains blocked, tagged as a sockpuppet of an account I had nothing to do with, and I have to deal with the fact that not only have my contributions gone unappreciated, they are now being treated as if they never occured, as I have no choice but to start over with a new user account, something I can't do as of yet because my IP remains blocked, and just walk away from a year of hard work.

So the question I put before you is this? Is it fair to block a username based on checkuser findings when there is absolutely no evidence this specific username has done anything wrong? I don't believe so, because blocking users who in all forms appear to be legitimate will inevitably result in very harmful collateral damage. It happened to me, and believe me, I'm not the first or last user to be wrongfully hurt by these actions. What checkusers need to take into consideration is the fact that almost all homes today with internet access could have sevaral people living in them with two or more who access, even edit the Wikis, and to make matters more complex there are many many shared IPs in the United States alone. Why then should ALL usernames associated with a certain IP be blocked? If an account appears to be legitimate, in every form, it most likely is, so please, let's block those who deserve sanction, and not those who don't. I plan to propose a few changes to the checkuser policy in light of my negative experiences, but I would first like to hear the input of other users. Without such changes, I feel that what happened to me, could happen to anyone.The Kensington Blonde T C 03:50, 17 June 2007 (UTC)

If everything you say is true and if you can get through this without bitterness, you will become a good admin one day. It's not just the edit count which matters but how you behave and your experience, which no one can take away from you. In the light of what I have seen I believe what you say here is important. Himyeana 21:16, 18 June 2007 (UTC)
That someone seems to think this issue through is very good, so thank you for that. And yes, I have every intention of becoming an administrator eventually, even if it takes another year to build up my credibility again, which I believe can be done. For now, I'm going to try and take part in this area of the project as there are other aspects of policy I'm concerned with as well. Thanks again for your opinion.The Kensington Blonde T C 21:50, 18 June 2007 (UTC)
I don't think CheckUser is problematic per se. Your case is a bit complex and I'm not sure I know what to make of all the evidence but I'm not sure (if you are who I think you are) that I'd characterise things exactly as you have characterised them about your contribution history. Certainly care has to be taken to interpret the findings carefully and act in the way that causes the least collaterral damage while ensuring project safety. Also please consider not using images in your signatures, it's not looked on kindly by everyone. ++Lar: t/c 21:23, 21 June 2007 (UTC)
Though I am mainly satisfied with the administrative actions I have seen, I meant that this tool does not always work because of all the shared ways of using IPs. I have seen a user to lose an account very fast because he or she had the same IP than another one, though I felt it wasn't sock-puppetry. Perhaps there could be a time period of one or two days after the check before the final decision. Himyeana 09:34, 16 July 2007 (UTC)
  • reset

There are two quite distinct issues with Checkuser

  1. Vandal accounts
  2. Puppetry of one sort or another

In the case of vandal accounts the blocking of the underlying IP is rarely questionable and in many cases is actually an Open proxy. In the case of puppetry rapid action would not be that likely. It would certainly require more than merely having the same IP to convince me. I would wish to see editing similarities, interests etc as well --Herby talk thyme 09:42, 16 July 2007 (UTC)

KensingtonBlonde is definitely a sock puppet of Kirbytime. --Matt57 20:54, 23 July 2007 (UTC)
I would like to see more proof than his participation in this conversation, Matt57. 131.107.0.106 21:26, 23 July 2007 (UTC) (KieferSkunk on Wikipedia)
I've filed a check user which explains. I think the big factor here is that this is a new user and he just came here to complain about the CheckUser function. There's other stuff, see that report. Also notice Himyeana's endorsement of KensingtonBlonde's bieng an admin. These are both new users. Its very clear if you check all their contribs. These are sock puppets (likely of Kirbytime) attempting to undermine the Checkuser policy (which they'll never succeed at, thankfully). --Matt57 21:30, 23 July 2007 (UTC)

Providing personal information to the Foundation

If you did become a checkuser what kind of personal information would you have to provide to the Wikimedia Foundation??

would it be documentation, or just your first name/surname. Pseudonyms, I assume are not accepted.

this is a hypothetical question... --Plazglend 08:48, 18 June 2007 (UTC)

Required information options as as follows -
In accordance with the Board Resolution:Access to Non-Public Data, we are requesting proof of identity and evidence of age of majority because of your role as Checkuser. This proof may be provided in one of the following manners:
1) Copy or scan of Driver's License.
2) Copy or scan of Passport.
3) Copy or scan of other official documentation indicating real name and age.
This is copied from the request I received - hope it is what you want --Herby talk thyme 09:01, 18 June 2007 (UTC)

not sure this is vandalism

Can we talk about this? [3] Do the changes that User:Salaskan made make sense? I do agree that preemptive (in one sense of the word) isn't the most appropriate use because "Checkuser is not for fishing" ... ++Lar: t/c 03:27, 25 June 2007 (UTC)

Errors?

If you check the en.wikipedia, there are definitely more checkusers than the page claims. (17 as opposed to 16). I am not sure if this is true for other wikis, but surely this should be remedied? —The preceding unsigned comment was added by Casmith 789 (talk) 12:10, 13 July 2007

Thanks for the info! (Don't forget to sign your posts with ~~~~) Who is missing? That's probably a good thing to include in your suggestion. Perhaps providing a link to the autogenerated list is not sufficient? That's the authoritative list though... this is maintained separately. (not sure if by bot or volunteer) ++Lar: t/c 13:38, 13 July 2007 (UTC)
Volunteers as far as I know and - as Lar - who is missing? I'll fix it if you let us know --Herby talk thyme 10:31, 14 July 2007 (UTC)

Privacy issue

This relates to the comments here about the countries. There was some confusion about whether the part under the subtitle Information release is possible to be edited or has it been decided by the Board. In any case it would be good to clear out this even if the change I propose never took place. I have tried to find information about the Board's possible decision of the part but have not been able to find any. The Privacy Policy which has been decided by the Board is here, and only this is taken from it:

"Policy on release of data derived from page logs
It is the policy of Wikimedia that personally identifiable data collected in the server logs, or through records in the database via the CheckUser feature, may be released by the system administrators or users with CheckUser access, in the following situations:
  1. In response to a valid subpoena or other compulsory request from law enforcement
  2. With permission of the affected user
  3. To the chair of Wikimedia Foundation, his legal counsel, or his designee, when necessary for investigation of abuse complaints.
  4. Where the information pertains to page views generated by a spider or bot and its dissemination is necessary to illustrate or resolve technical issues.
  5. Where the user has been vandalising articles or persistently behaving in a disruptive way, data may be released to assist in the targeting of IP blocks, or to assist in the formulation of a complaint to relevant Internet Service Providers
  6. Where it is reasonably necessary to protect the rights, property or safety of the Wikimedia Foundation, its users or the public."


The part === Information release === is after that. As I proposed here is to let go of the sentences about countries and ISPs and replace them with Saying that two users come in from different countries is generally not personally identifiable.

If this part has not been decided by the Board I am proposing a very small change before further conversation about my other proposal. The size of the subtitle === Information release === to changed to be == Information release ==; to clear out the confusion whether it is possible to edit that part through talk page conversation. Is there a decision from the Board concerning those sentences? If there is, would it be possible to have a link to it please? Himyeana 10:08, 18 July 2007 (UTC)

Greetings :)

I'm withdrawing the small proposal of changing the size of the subtitle, even though it seems that there is no decision from the Board over those sentences, they may be meant to reflect the Privacy policy. They could use some working to reflect it better, because countries are different to each other and not only in the amount of people. In many big countries there is a lot of everything, so no quality of a person is very rare. In small countries it is different. One can have an occupation or educational degree which is not common, or may have even studied a degree abroad which doesn't exist in that country. Editing Wikipedia already reveals interests and language skills. Sometimes it can be a very small amount of information which is enough to reveal an identity. Someone can also need to keep edits secret from an employer or a family member (there are countries where husbands are practically allowed to beat their wives for having wrong opinions, I don't come from such country). Sometimes ISP reveals a country, sometimes around where the country is, but ISP can reveal even more: an employer or family members could know the exact ISP. The proposed change would fit well together with the Privacy policy and not change the core usage of the CheckUser policy. Himyeana 11:47, 2 September 2007 (UTC)

Link correction request for huwiki

Please, change the request- and policy-link for Huwiki (Hungarian Wikipedia):

Thx a lot. V79benno 15:07, 20 July 2007 (UTC)

Done ... please check my work. Your process is interesting, that voting is required is not something you see on every wiki. ++Lar: t/c 03:24, 24 July 2007 (UTC)

What is "a wiki with a (Wikimedia-approved) Arbitration Committee (ArbCom)"?

the policy states: "On a wiki with a (Wikimedia-approved) Arbitration Committee (ArbCom), only editors approved by the Arbitrators may have CheckUser status." how does any arbcom apply for such approval? where can i find a list of foundation-approved arbcoms? how does this relate to the foundation's basic policy concerning self-government as to projects? best regards oscar 23:06, 29 July 2007 (UTC)

I have been wondering if such exists ... I am aware there would be "Board-member/s-approved" one(s), but perhaps it would be better wording "community-approved". Wait, what if a very small wiki (with 3 people, for instance) claims they have an "arbcom"? Hmmm --Aphaia 00:43, 30 July 2007 (UTC)
Hm... I thought en:wp's ArbCom was either Wikimedia Foundation approved, or grandfathered. I know some other wikis have them but don't know the status of their being approved or not. ++Lar: t/c 04:15, 30 July 2007 (UTC)
I thought en:wp one were approved by Jimbo as community leader/founder, not the Board. It doesn't matter foundation level decision, but community sanction, if I recall correctly. --Aphaia 04:26, 30 July 2007 (UTC)
Yes I think you are right, Jimbo approved it (prior to the board being set up the way it is now?), but the board leaving it be I think qualifies as "grandfathered". I don't know what other wikis have them, it would be a good list to develop. ++Lar: t/c 18:08, 30 July 2007 (UTC)
Then who approved the Wikinews ArbCom? Jimbo? Thunderhead 19:31, 30 July 2007 (UTC)

Interwiki list on en:WP:AC would be a good start for the list. The Polish one is just being established, see pl:Wikipedia:Komitet Arbitrażowy. Czech community elected new members this month. --Egg 19:32, 30 July 2007 (UTC)


Age?

Why must they be 18 and older, and why need identification? --KitKatKelly93 01:27, 30 July 2007 (UTC)

Please see foundation:Access to nonpublic data policy --.anaconda 02:26, 30 July 2007 (UTC)

Reason

Right now, the policy says "There must be a valid reason to check a user.". What does that mean? What are valid reasons to use the tool? Is mere suspicion of wrongdoing a sufficient reason? Is a public checkuser request required? sebmol ? 14:38, 30 July 2007 (UTC)

Could you add some info to your query please? I hold the rights in a couple of places but not on en wp if that is your concern. No public request is required (& based on my experience on en books it is rare to have a public request). Again based on my experience the majority of my entries in the log relate to user name vandalism of the page moved variety etc. If I can help let me know - regards --Herby talk thyme 14:47, 30 July 2007 (UTC)
My question was mostly general in nature. What I'm trying to find out is what kind of events or behavior are sufficient to justify using the checkuser tool. To some extent this is related to the CharlotteWeb case on enwiki where I still have hard time understanding the reason justifying using the tool. But I'm really more interested in a general answer. If the policy doesn't really specify that, perhaps it should? sebmol ? 16:59, 30 July 2007 (UTC)
I see there is some discussion on the Foundation mailing which may address your interest as far as en wp in concerned. As I say my views are that of just one checkuser (although quite an active one) and one who has been granted the rights by the users of the wikis I have them on (unlike en wp). My justification for user the rights is simple - is there, or does there appear to be disruption to the wiki? The area I will keep an eye on the the block log, looking at reasons etc - I may then look more closely at vandal blocked accounts. You can see on Commons the Ferrol checkuser case which is recent and was dealt with by me. A collection of users were changing/vandalising pages related to Ferrol and also attacking users and admins who were trying to deal with the issue. Admins are often referred to as cleaners or janitors - checkuser is merely an additional tool that allows you to deal with problems that are otherwise hidden. I hope that this helps although I am unable to comment on en wiki issues, regards --Herby talk thyme 20:14, 30 July 2007 (UTC)
I'd just add that the IPs revealed are very often Open Proxies, trojan'd or have spam blacklist histories and so can be seen as a possble source of disruption anyway --Herby talk thyme 07:22, 31 July 2007 (UTC)

How long is a short period

It says "This information is only stored for a short period". How long is a "short period". Perhaps it depends on activity but it might be helpful if we have some idea. Is it days? Weeks? Months? That way, people know there's no point making a request if it's been longer then that. Of course, perhaps the the ambigiuty is on purpose? Nil Einne 14:07, 3 August 2007 (UTC)

Depends on the wiki. I think there is a set amount of space for the log so en wp will be less than Commons which in turn will be less than the smaller wikis - I've seen something about it. I'll look but you may find it before me - cheers --Herby talk thyme 14:10, 3 August 2007 (UTC)

Revealing countries/ISPs

I see Maxsem wrote in June that allowing checkusers to reveal in public a user's country and ISP is okay. Max wrote that this had been approved by the board. [4] Max, can you say when it was approved, and where I could find it? SlimVirgin (talk) 00:24, 4 September 2007 (UTC)

I'd like to know that as well. ElinorD 20:30, 10 September 2007 (UTC)

Policy says it is allowed

  1. Where the user has been vandalising articles or persistently behaving in a disruptive way, data may be released to assist in the targeting of IP blocks, or to assist in the formulation of a complaint to relevant Internet Service Providers
  2. Where it is reasonably necessary to protect the rights, property or safety of the Wikimedia Foundation, its users or the public.

And it is a board approved policy. I assume he was talking based on those passage, and it sounds not strange to me. I didn't do so myself, but it can be easily imaginable that we need to access data to complain an ISP about vandalism from the IP addresses assigned to them. --Aphaia 13:12, 11 September 2007 (UTC)

Indeed. As well as actually making the complaint to an ISP (which would be release of the information, though only to the ISP itself) we also at times feel the need to disclose information for vandalism to the community at large - "they are from the same city, but a different ISP - perhaps multiple ISP accounts?" etc. - and so on. I'm happy to help explain the policy and the reasoning behind how we crafted it.
James F. (talk) 18:39, 11 September 2007 (UTC)
Currently the CheckUser policy gives the impression that there is nothing wrong to give out countries or ISPs in any cases, that it's simply innocent to reveal that information. The example about revealing countries is a situation where the user isn't a sock puppet. But that information can be identifiable, and I don't believe the administrator who does the check can always guess when. Himyeana 10:57, 14 September 2007 (UTC)
If you reveal that two users come from the same place you would have to be quite sure that they are both vandals or the same person, and block them. That revealing gives them a possibility to reveal information about each other. If one of them tells which town he comes from, the other person's town becomes revealed too. Himyeana 11:03, 14 September 2007 (UTC)

Revealing checkuser data

  1. Is there a system (visible either off-wiki or on-wiki) in place to audit who checkuser information is released to? (I understand that there is a database log entry when the checkuser command is given, but I'm referring to the subsequent release of the data that results from the checkuser command)
  2. For what reason is there no on-wiki location where a check-user access log is visible? (Not the results of a checkuser, but when and by who a check was made)
  3. It is not clear from the policy how sockpuppet checks are handled. Does the checkuser rightholder perform the check for sockpuppets, or does the checkuser rightholder perform the checkuser command and then supply the resulting IP/User information to another editor to make the determination?
  4. Can a checkuser rightholder give the checkuser IP/User Information to anyone they choose?

Uncle uncle uncle 19:37, 9 September 2007 (UTC)

Reason for asking: I recently made an edit while not logged in. The IP was flagged and blocked as from a sockpuppet. I logged in as uncle uncle uncle and made an edit in the sandbox to verify to anyone checkuser on the given IP that I am the one using the IP and not a sockpuppet. I was surprised during email communications with the blocking admin (to discuss the sockpuppet claims - which the admin determined were incorrect) that they knew my Wikipedia pseudonym (uncle uncle uncle) although I had never revealed this information to them. I was surprised that the IP/User information from a negative sockpuppet check would be given out by a checkuser rightholder.

Is the policy really: "We value your privacy, access to IP information is available only to a select few (over 18, identified, etc) with checkuser privileges, however once the information is requested by the checkuser, we have no audits or controls on what the checkuser rightholder does with the information"? The preceding unsigned comment was added by Uncle uncle uncle (talk • contribs) 19:52, 9 September 2007.

In order:
  1. There is no organised system in place. Creating one would be infeasible IMPO, given the multiplicity of forms in which this can be disclosed - does a confidential briefing of other CheckUser-holding individuals count? What about of the Foundation, its Board, its legal counsel, its staff? etc.
  2. The log is not publicly visible as the existence of checks, even when negative, would likely be used in the community against individuals ("He's had CheckUser requests run against his user name, so he must be evil", etc.), the reason field often contains privileged information ("checking per FBI request" is not something we could say publicly, for example), and there would also be the problem of "tipping off" individuals under suspicion which might then alter their patterns of behaviour so as to escape CU detection. There is in our opinion an absence of any significant positive effect from the release of there being a check without detailed commentary on the reasoning, which would greatly slow down the system, whereas there is great scope for negative impact.
  3. Users with the CheckUser right are expected to have and exercise considerable powers of reasoning and analysis. The tool is not "magic pixie dust" (per David Gerard, one of the other creators of the policy) and so individuals will generally come to a conclusion. In some cases, particularly where the decision is complex, the advice of other CheckUser-holders is sought.
  4. Finally, the results of a CheckUser request is privileged information which comes under the Foundation's privacy policy with appropriate extensions/etc. as per the legal situation.
I hope that you find this useful. If you have a complaint about the actions of an individual regarding their access to the CheckUser tool, you should speak (off-wiki) to the CheckUser Ombudsman Commission.
James F. (talk) 18:59, 11 September 2007 (UTC)
Hello - thank you for the reply. I was unsure whether I should reply here or to the crosspost on my user page.
No, I have no complaint about the actions of any individual regarding their access to the CheckUser tool, although as such usage is not publicly visible, how would I even know?
I was just surprised to see that knowledge available only through checkuser was given to an administrator with no record of the checkuser occurring.
The English Wikipedia [[5]] gives the appearance that an on-wiki log of checkuser access (by who, why, and what data is revealed) is standard, when in fact off wiki checkuser access may be more common (it is impossible to tell) and there is no record of who the data is distributed to.
Also, I was quite surprise to see that while checkuser access is restricted to a few (with proof of age and existence required) that there is no check on who they distribute data from the checkuser to and a checkuser rightholder may routinely give the checkuser data to admins who do not themselves have checkuser access.
At the minumum there should be a log visible to all of who did a checkuser access and what IP or username they did the access on (though of course not the corresponding data).
If the reason field would be "too revealing" I would have no problem with not including it.
Possibly the checkuser access log could be used to say "He's had CheckUser requests run against his user name, so he must be evil" but that would be a reasonable price to pay for the increased transparency about who is viewing Wikipedians personal information and when (if not why). Uncle uncle uncle 04:32, 13 September 2007 (UTC)
"At the minumum there should be a log visible to all of who did a checkuser access and what IP or username they did the access on (though of course not the corresponding data)." We have not thought so, as stated here and on the archive (also on the list). I think we provided the reason --- you say it "should", but you don't give the reason why it should, since you apparently don't care for the given reason but repeat your "should". So I think we have no reason to continue this discussion. And all checkuser granted users know the data you said "should". I don't see a good reason to public those data in any way. --Aphaia 12:49, 13 September 2007 (UTC)
I am unsure who is referenced by "I think we provided the reason" and "we have no reason to continue this discussion" - who is this "we" and where are their contributions.
  1. I listed my concerns about checkuser, he gave a point by point rebuttal, which I considered and replied to. :
  2. He stated that It would be infeasible to list who checkuser data is given to due to the multiplicity of sources. I did not disagree with his assessment and modified my request to just listing what CheckUser-holding individuals is performing a checkuser, and on what source.
  3. He stated how a log of what checks are taken and by who could be used negatively, I stated a positive use of such a log - knowing when and by who wikipedians personal data is accessed - so Wikipedians can have some idea of how how often personal information is accessed.
  4. He mentioned the reasoning powers and non-existance of pixie-dust. I di not disagree, but noted my belief that there should be _some_ publicly available list of when wikipedians personal data is accessed so that Wikipedians can know what is being done with their personal information.
  5. "Trust but verify", "who watches the watchers", and all that ...
Uncle uncle uncle 15:52, 13 September 2007 (UTC)
Aphaia and I are speaking as members of the Foundation community who were both involved in the initial formulation of this policy. I believe that that is what she means by "we". Also, note that use of "he" to describe one of the participants in threaded discussion is unusual, and a bit confusing. :-)
RfCU on the English Wikipedia is only one potential forum for CU requests. It represents less than 25% of actual need and use of the tool, however. It is certainly not anything like an exhaustive list. It is precisely the requests that aren't made publicly which should not be casually released, in my opinion. Also, the CU log does not give results as given in the RfCU feedback, nor reasons. It provides no context nor anything useful. I really don't see any benefit from making it public, only a great deal of disbenefit.
The concept of such absolute transparency that you advocate has been examined and rejected. This isn't really the right venue for this - if you wish to pursue, I would recommend the Foundation mailing list, but suggest that your proposed change will probably not meet with much enthusiasm.
To repeat myself (yet) again, the Foundation's Ombudsman is responsible for custodiet ipsos custodes.
James F. (talk) 13:56, 23 September 2007 (UTC)

Removal of status of checkuser da:Bruger:Christian List on Danish Wikipedia

Hi, on Danish Wikipedia we are a bit puzzled as to why da:Bruger:Christian List has lost his checkuser status. Christian List is OK with this since he has not used his checkuser powers for anything, but we would like to know how to avoid the rest of our two checkusers from losing their status. --Morten LJ 20:15, 11 September 2007 (UTC)

We would like if he could get them back as we would like 3 users to have this access so we don't lose it if one of the others suddently decide to get rid of it as we had earlier this year. --Broadbeer 21:17, 11 September 2007 (UTC)
Make sure he sends us identification and he will. Cary Bass demandez 21:21, 11 September 2007 (UTC)
In accordance with Steward handbook/email templates/identification. Thanks. Cary Bass demandez 21:23, 11 September 2007 (UTC)

Hi, the log says:

  1. 15:55, 11 September 2007 Bastique (Talk | contribs | block) changed group membership for User:Christian List@dawiki from bureaucrat, checkuser, developer, sysop to bureaucrat, developer, sysop ‎ (Removal of checkuser access. Did not identify.)

It means that the Office or Cary didn't get the required document from Christian List, and he should have gotten the request on July 1 or so. I made some translation so know the detail of the sent notification, and it said that all existing checkusers were asked to send their document within 60 days, that is, until August 1. So the date to revoke should have been August but it was belated eventually or for courtesy. So please make sure he sends us identification and he will. I think it better to include the notification requirement in your local policy of promotion, if exists. --Aphaia 21:32, 11 September 2007 (UTC)

I completely forgot about that. I'll take care of it soon. --Christian List 22:26, 11 September 2007 (UTC)

Local adaptation of CheckUser policy

There are different views about the use of the CheckUser tool. Some people say the tool can be used to any account at any time. Which view is the exact interpretation of the CheckUser policy?

(A) The CheckUser tool can be used only in case there is a serious motive, such as vandalism. The use of the CheckUser tool to an account that does nothing special is forbidden. An RfCU by a community is considered to be a serious motive to use the tool.

(B) As long as the results are not released, the CheckUser tool can be used to any account at any time. The release of the results without a serious motive is forbidden. An RfCU by a community is considered to be a serious motive to release the results.

(C) These are depends on local communities. The CheckUser tool can be used to any account at any time if a local community allows doing so.--Cave cattum 10:19, 2 October 2007 (UTC)

I am not a foundation board member but my interpretation of the privacy policy is that there is not a lot of leeway... local communities don't get to change things around as far as what is revealed and when. As to when checks can be run that does seem a different matter but my personal policy is to run them only when there is a clear and compelling need to do so because "checkuser is not for fishing"... ++Lar: t/c 01:02, 9 October 2007 (UTC)

Finnish Wikipedia and ArbCom

At the beginning of this month Arbitration Committee was elected to Finnish Wikipedia. Is our ArbCom Wikimedia-approved or not? If it is, can we vote about granting CheckUser status to certain users, or does everything depend on Arbitrators' decisions? –Ejs-80 22:56, 8 October 2007 (UTC)

If you wish to have CheckUsers on your wiki, you have 2 options:
  1. have them elected by the community with at least 25 votes and 70% support.
  2. have your local Arbitration Committee appoint them.
I'm not sure what one would define as "Wikimedia-approved", but you may be able to ask someone on the Board for help. Cbrown1023 talk 23:21, 8 October 2007 (UTC)
Thank you. –Ejs-80 23:42, 8 October 2007 (UTC)

Suggested minor edit at: /wiki/CheckUser_policy

Hi, just wanted to point out a double negative that I believe should be corrected.

Location: http://meta.wikimedia.org/wiki/CheckUser_policy#Access_to_checkuser

  • last paragraph in that section
  • sentence to edit: "If an insufficient number of voters do not allow to vote for two checkusers on a wiki, there will be no checkuser on that wiki."
  • suggested edit: remove phrase "do not" (because the prefix "in" - in the word "insufficient" - already creates a negative)


Thanks guys! -SilentAshes
(Please excuse my own less-than-perfect grammar :P)

Devs/Toolserver

Hmm, shouldn't the "shell access" devs and the toolserver admins been added to the list in some way, as they obviously have access to the relevant IP data, too? (not through the CU special page though, but through direct access.)

I'm just asking because I got some "poking" e-mails from concerned users. --:Bdk: 14:11, 4 November 2007 (UTC)

No longer an official policy...

see [6] ... There is a lot of good info here still though. It might be good to link specifically to the official policy page, and then cut away what is contradictory, tag what is a suggestion or best practice, and tag what is dynamic... thoughts? ++Lar: t/c 22:40, 10 November 2007 (UTC)

To be more specific, I think foundation:Wikimedia:Privacy_policy#Private_logging would replace/supplant CheckUser_policy#Privacy_policy and foundation:Resolution:Ombudsperson_checkuser should be referenced from CheckUser_policy#Removal_of_access, in the section about ombudsmans. What are the germane pages that discuss the approval process (elections, arbcom's role when the wiki has one, etc)? Thanks. I can take a cut at making mods if desired. ++Lar: t/c 22:52, 10 November 2007 (UTC)
Only for some clarification: German wp is electing an arbcom at the moment. (We have one since June, but it was only a test phase for the first 6 months.) And obviously the CUs on de.wp think it might be better that CUs are elected by the community and not approved by the arbcom. The last CU election is years ago, so I don't know what will happen if someone decides that we need more CUs or if one or two of the CUs leave (two of them are not really active any more actually, though they are available for CU requests, of course). Probably it will have to be the task of the arbcom to request the CU flag on Meta after a successful election. (In fact, it just should work that way.) So I don't really understand why de.wp should be treatened differently from other wikis with an arbcom. Maybe Elian should explain that. --Thogo (talk) 23:07, 10 November 2007 (UTC)
Thogo, the first (and, up to now, last) CU election on de.wikipedia is not "years ago". I dates back to July 2006 (1 year and 4 months ago). Additionally, Elian and Hoch auf einem Baum, both are still active, even if I'm (visibly) more active atm than they are. --:Bdk: 22:27, 11 November 2007 (UTC)
To be honest, I do agree with dewp. But I do not think that you should just change the policy because you disagree with it. I know that is how it goes on enwp, but that is not workable on crosswiki policies. But this has not been the first occasion, and won't be the last. Hence my suggestion for a rewrite (meta:rewrite) of several policies, so that we can update it all, get it accepted and all, and protect it. Effeietsanders 23:16, 10 November 2007 (UTC)
As for de.wp I think the community will not elect inappropriate CUs, so there will most probably be no case where the arbcom has to reject an elected CU candidate. Thus, the policy could just leave that out. Yeah, a kind of general policy cleaning up and updating (and then maybe protecting) could be useful. Additionally, I think most meanwhile changes are not updated in the translations, which has to be checked. If I can help with German, just notify me. --Thogo (talk) 23:33, 10 November 2007 (UTC)
Well, there have been discussions about clear 'segregation of duties' on de.wikipedia in the past. As for many other functions, strong and direct community support is regarded as more meaningful especially for sensible functions like CU than a sheer (indirect) appointment by an ArbCom (this comment is just meant as a general note). Also, the de.wikipedia's community decided what our "Schiedsgericht" should be responsible for (and what it is not responsible for), see "Meinungsbild" (vote) April 2007; appointing or approving CUs is actually not part of the ArbCom's responsibilities on de.wikipedia. (Personally, I am not at all worried about such a future approval option, but that's not up for discussion atm.)
You're right regarding consistancy between all translations of policy pages. Thanks for keeping an eye on this issue. --:Bdk: 22:27, 11 November 2007 (UTC)
Absent an "officially mandated" policy, this policy should be the policy for all checkusers--unless they have an even stronger local policy. Cary Bass demandez 19:03, 11 November 2007 (UTC)
Many thanks for this statement, Cary. --:Bdk: 22:27, 11 November 2007 (UTC)