Talk:CheckUser policy: Difference between revisions

I join Essjay in opposition to this idea (which has been rejected before). The current bureaucrat selection processes do not evaluate candidates for the technical skills required or for the requisite trust. Bureaucrats are trusted by the community to evaluate requests for adminship; there is no reason why this trust should be extended without consideration to the far more serious trust associated with CheckUser status. While I have no objection to individual bureaucrats applying for CheckUser rights, I would strongly urge against a blanket grant of this rather significant access to people who have not been individually screened for eligibility. Kelly Martin 11:32, 10 May 2006 (UTC)Reply

I oppose this, because not all bureaucrats would know how to do this. However some would and it would help them in their duties. Even some admins with the necessary knowledge would find it useful, I know I would. With IP blocks, you never know if you might hit a logged in user, even more so with range blocks. Now, there is no cabal, but if there were one it would be CheckUser. Admins are elected. Bureaucrats are elected. Stewards are elected. And even Arbcom members are elected. But CheckUser... It is arbitrarily given to a very very select few by a very select few. Needless to say that is both risky and safe. On the one hand, the odds of someone abusing it are low. On the other hand, with such a small group, its usefulness and its regulation are limited. But it is likely safer this way. Prodego ^Talk 18:35, 15 May 2006 (UTC)Reply

I also oppose this as well, because bureaucrats, at least on the English Wikipedia, are elected because they would follow the community's will; while I doubt that they would not be trusted with the checkuser bit, I also do not know if each one of them has the technical knowledge to follow those requests, and I do not want any of them to have to step down as a result. Communication between bureaucrats and checkusers in the cases that absolutely require IP checks would suffice, at least in my opinion. Titoxd^(?!?) 02:07, 11 July 2006 (UTC)Reply

Humm, I believe that when Nichalp said "checkuser to bureaucrats", he was most likely referring to the Bureaucrats on the English-language Wikipedia (where I, like Nichalp and Essjay, am a Bureaucrat as well), and not to all Bureaucrats in all the projects. And speaking strictly about the English-language project, I don't suppose that trust would be an issue when referring to Bureaucrats. I have complete trust in Nichalp, Essjay, Taxman and all the other Bureaucrats in that project. And if that's the case, all that is left is the issue of the technical skill to use the tool. It is true that the skill to perfom checks is not the reason why Bureaucrats are selected, which is why I would oppose as well making CheckUser a tool automatically associated with the status (such as Renameuser or Makesysop); on the other hand, nor is it rocket science either. On the English-language Wikipedia (again, talking strictly about it), the users chosen to be Bureaucrats are experienced people, who have been exposed to virtually all aspects of the project. I really don't believe that someone like Taxman, a Bureaucrat there and someone who has been with the project since 2003, wouldn't know how to perform a check appropriately (whether he would be willing to do it, is a different issue entirely), and I really, really don't believe that someone like him, or Nichalp for that matter, wouldn't know how to behave appropriately about the sensitive information associated with the tool.
And there's an interesting comparison: on the English-language project, the Arbitrators (the members of the ArbCom) were given CheckUser access: they are obviously highly trusted users, like the Bureaucrats over there, and, like the Bureaucrats as well, they were chosen to a position (Arbitrator) for a reason that does not relate to the technical ability to perform a CheckUser correctly: they were chosen to be the final rung in the conflict resolution process on the English-language Wikipedia.
With all of that in sight, I would not oppose asking the active Bureacrats on the English-language Wikipedia (listed at en:Wikipedia:Bureaucrats) if they would be interested in working at the very busy Requests for CheckUser page, which is currently managed by just 2 users (who are doing a great job, let it be said, but if one of them decided to take a vacation..). Redux 18:12, 4 August 2006 (UTC)Reply

Addendum: Bearing in mind that, according to current policy, CheckUser status on the English-language Wikipedia is decided by the local ArbCom, any "asking" would need to be done by it, or at least have its assent. Redux 19:14, 4 August 2006 (UTC)Reply

This seems to be happening now at Wikinews[1].

• About 4 of the requested user names were found to be in a different country; the other 10 or so were anons in Toronto. The person with Checkuser privilege, CSpurrier, reported information to the community about an alltogether different user "Factchecker" (for which there was no request at all for the use of checkuser) which he came upon during his check of the anons. There seems to be little if any actual vandalism involved and the checkuser requester, Amgine, has had an ongoing feud with the supposed sockpuppeteer,Neutralizer, who he recently blocked for 3 weeks. Can this apparently blatant abuse of the checkuser privilege be stopped? 70.50.76.209 23:43, 11 June 2006 (UTC)Reply

Upon further research it seems that the "infraction" committed by the majority of the anons who were subjected to Checkuser was this edit which they placed on Amgine's talk page in an attempt to disclose what they felt was an unbecoming edit by an Admin which had been erased from Wikinews' history;

What Amgine said about Australians [2] "Simeon edits from Australia, a continent populated entirely by criminals! And, as a criminal he would expect that we would not trust him, so obviously we cannot drink from the glass in front of us.."- Amgine/talk 03:54, 11 May 2005 (UTC). 70.50.76.209 00:05, 12 June 2006 (UTC)Reply

What information do Checkusers have? GangstaEB (W) 19:03, 9 July 2006 (UTC)Reply

See Help:CheckUser for an explanation of the tool and the information provided by it. Essjay (Talk • Connect) 00:14, 11 July 2006 (UTC)Reply

Hay, I run my own wiki and I was wondering how I can get my hands on this extension? Checking server access logs and comparing it against recent changes can be quite tedious... Thanks, 63.80.111.2 21:04, 7 August 2006 (UTC)Reply

You'll have better luck trying to contact Brion Vibber directly. He's the creator of this tool. Try his talk page (follow the link I've provided to his user page and then click on the tab that says "discussion") or try e-mailing him, although I don't know if Brion made his e-mail address public. Regards, Redux 23:05, 7 August 2006 (UTC)Reply

Brion seems have have gone AWOL... is there a better place to put this question/request? 63.80.111.2 19:58, 6 September 2006 (UTC)Reply

Maybe if you can get a hold of any of these people, they'd be able to help you. Developers are those who make the "magic" happen on Wikimedia. Redux 18:59, 16 September 2006 (UTC)Reply

This question is a kind of follow-up to a non really answered question by Angela (November 9th 2005).

Browsing through the history before asking this question, I noticed that Angela added this precision in the sentence «On a wiki with a (Wikimedia-approved) arbitration committee only editors approved by arbitrators may have CheckUser status.», to try to clarify the previous version (modification summed up as «proposed addition»).

This seems reasonable... But what does it mean exactly ? I did not find much about "Arbitration committees" with a superficial search through this Wiki. Am I right to understand the list of «(Wikimedia-approved) arbitration committee[s]» as presently reduced to one item, the arbitration committee of the en Wikipedia ? Touriste 09:30, 3 September 2006 (UTC)Reply

The answer to this question should be provided soon. Watch for Arbitration Committee. 207.145.133.34 14:15, 6 October 2006 (UTC)Reply

Also up for submission: Checkuser Privacy. Hints on why checkuser is important (beyond Privacy policy) and other methods of ensuring your privacy. ~Kylu (u|t) 04:50, 7 October 2006 (UTC)Reply

In the policy, it is mentioned that the information is not stored for long. How long is the information stored? And from last login, or last edit? These are important issues for a privacy policy-type matter. —The preceding unsigned comment was added by Womble (talk • contribs) 06:03, 27 October 2006 (UTC)

The time period is variable. Your IP is not recorded on normal viewing of a page. Alphax 02:06, 27 October 2006 (UTC)Reply

I have one doubt. This may sound trivial, but in India, it is very common for more than one person use the same computer. How to differentiate that situation and a Sock Puppet. For example, if my wife browses Wikipedia and votes in few Rfa or AFD from this computer, how can I prove that it was another person who used my computer and not me. Another case is browsing centres - Many persons may be using the same computer (with same IP). How to prove that they are both different people. Mariano Anto Bruno Mascarenhas 16:08, 31 October 2006 (UTC)Reply

CheckUser is not Wiki Magic Pixie Dust. Some level of common sense is required by the person who carries out the CheckUser to determine if they're the same person or not, which is one reason why access to the tool is only granted a very limited set of people. Alphax 22:46, 31 October 2006 (UTC)Reply

And coming to the next question. What if Mr.X uses one account in a computer at his home and another account in a computer at his office. How to prove that (with different IP). Mariano Anto Bruno Mascarenhas 16:08, 31 October 2006 (UTC)Reply

See my response above; CheckUser is not Wiki Magic Pixie Dust. Alphax 22:46, 31 October 2006 (UTC)Reply

In fi.wiktionary we have a persisent problem with vandalism. We've been discussing and the community supports gives 100 % support for CheckUsers. We haven't voted on the people yet, though. The problem is that even though the community works awfully well, in harmony and orderly, there are only ~15 of us. The question I have is, could 15 people elect CheckUsers, say, with a support of 80% or more?

(More about the issue: This is one person who creates several user accounts, and we know from fi.wikipedia that this person uses a small range of IP's during one attack. But on the course of many different attacks, the range is larger. So for one attack we need to know the IP and block it for some time to stop this person.)

Samulili 21:25, 2 November 2006 (UTC)Reply

Help:CheckUser#Hints and tips writes "An editing pattern match is the important thing; the IP match is really just extra evidence (or not)." - I agree.

But, CheckUser policy#Use of the tool writes "It is allowed to check an editor's IPs upon his specific request, when this user wants to publicly prove his innocence." - this sentence seems misleading. Difference of IP does not prove his innocence in itself.

So one more sentence should be added, such as - "Note that a CU result may support inoccence, but is not enough to prove innocence." --Kanjy 14:57, 22 November 2006 (UTC)Reply

Quite true. A person requesting a Checkuser of themselves doesn't prove anything, because it is simply too easy to engineer their editing so that they appear innocent. Alphax 03:37, 23 November 2006 (UTC)Reply

Thanks. Comments and/or improvements are welcome! --Kanjy 04:02, 26 November 2006 (UTC)Reply

"Note that the tool may provide some partial evidence for him, while it does not prove his innocence by itself." - How about this sentence for appending to the 3rd paragraph of CheckUser policy#Use of the tool? --Kanjy 08:13, 28 November 2006 (UTC)Reply

I will write to this policy as I wrote above if there will be no objection for a week (168 hours) from now. OK? --Kanjy 11:35, 1 December 2006 (UTC)Reply

Done. Thanks. --Kanjy 15:32, 8 December 2006 (UTC)Reply

An increasing number of cases have started to surface for interwiki checkuser issues. Currently two checkusers should make independent analysis and exchange notes for any interwiki requiest (provided both wikis have a checkuser avalible).

I hereby propose the authority to be bestowed on stewards to be able to checkuser interwiki w/o involving second or third parties. This is for interwiki cases only.

--Cat out 07:25, 14 December 2006 (UTC)Reply

This is a very bad idea; Stewards are only supposed to use their access where no local users with those capabilities exist. Alphax 14:06, 14 December 2006 (UTC)Reply

Regarding the recent incident, I think it is better for us to have a "real name policy" about Checkuser right as well Steward access. It would be

• Only those who give their name to the Foundation can be granted checkuser access. For this purpose, after they are elected from the community, they should send a copy of their identification with photo to the office (see Wikimedia:Contact us for contact details).

Thought?--Aphaia 10:58, 8 March 2007 (UTC)Reply

I agree. See this wikimail for Florence Devouard's belief that "The office also know all the real identities of the checkusers I was told. [...] I think it is not the Foundation business to enter into any credential controlling activity. It makes sense for board candidates. It makes sense for checkuser because there is a technical access to data with confidentiality agreement. But getting involved in the process of collecting credentials is something we better stay away from." 4.250.168.160 16:35, 9 March 2007 (UTC) (WAS 4.250 on en wikipedia)Reply

Thanks for your notice, so we can say there is de-facto real-name policy about checkuser? As for access to data with confidentiality agreement, I totally agree with Florence. In that case only we lack its written description . I'll appreciate your elaboration of the proposed text the above :) Aphaia 05:41, 12 March 2007 (UTC)Reply

Hmmm I agree but we have to see how to set this up. I mean, there's more than 100 Check User, so we need to know how to collect the informations. In my opinion this can be one of the duty of the Volounteer Coordinator, whatever I think we should ask the board to raise this issue during their next meeting Schiste 06:57, 12 March 2007 (UTC)Reply

In my opinion they can simply fax/mail of the scanned copy of their ID to our laywer (=Foundation Office). They need not to inform their identity for Volunteer Coordinator (but it could happen though). From the view of the office, if they want VC to make a list, is another matter. There is a trade-off between how many people know their identity and workload but regarding the past experience, our laywer in Florida thought he reviewed each IDs with photo and would not be satisfied with a report from volunteers. --Aphaia 07:03, 12 March 2007 (UTC)Reply

An attempt guage community support on this and related proposals is going on at en:User talk:Jimbo Wales/Credential Verification. Please participate. Thank you. 4.250.168.15 11:37, 13 March 2007 (UTC)Reply

I fixed the link. Thank you for your invitation, however as for Credential verification, while it seems to be similar, it is another issue from the issue now we are discussing, so I don't think we need to go there. Our topic of only real name (and perhaps age, since Brad Patrick insisted only people over 18 years-old should be allowed to be granted the steward access). As for the oppositin to the below, I would point out two things: 1) either you don't think it feasible, it are said all CU asked to fax their ID with photo and they did and 2) regarding several point, the CU is not the matter of our virtual community but related to liability in relation to privacy policy, so relevant to the real life, it is different from the matter of sysop or bureaucrat access. --Aphaia 11:26, 15 March 2007 (UTC)Reply

Oppose this idea. For three main reasons

1. Not practical - it's easy to provide a fake name. If the said checkuser has never posted their photo or real birthdate online, it's just as easy to provide a fake ID. The only real way i'd imagine to verify a persons' identity would be to actually have a foundation member pay the person a visit and get them to prove they're who they claim to be on wikipedia. Which is just not feasible. Someone is probably going to say that i'm being paranoid here, if a wikipedian who's trusted enough to become a checkuser provides a copy of photo ID, we should assume good faith and trust it right? But in that case, we may as well just assume good faith and trust them to be a checkuser without the ID. Basically, if a checkuser is indeed trustworthy, then ID is really not needed - we trust them. If a checkuser is not truthworthy and planning to do something malicious, then they'd have no problems providing a fake ID and name, which totally defeats this purpose. On the other hand, if the checkuser considers real name/ID not all that important in the first place, then they would have already revealed it anyway, so once again, this is pointless.
2. What does having real names mean? Secondly, there's no real reason for us to believe that checkusers will be better/more responsible if the foundation knows their real name. In fact, there's even no decent evidence to suggest that people who publically reveal their real names and identities will be better/more responsible members of the community because they're more accountable for their actions.
3. If anything, it's oversight who need to be IDed since they actually do deal with sensitive information. I never understood why Wikipedia makes a big deal about IP addresses, IP addresses are not a big deal
   1. They don't identify a person. Even if someone doesn't change ISP and always uses the same internet connection, their IP address can still change often, and countless other people could still be sharing it.
   2. IP addresses don't reveal identity. All they do is reveal your ISP, and geographic location. The geographic location is also pretty vague - depending on who your internet service provider is. The mostly just tell what country you're from, which isn't a very personal piece of information.
   3. IP addresses are hardly confidential - a lot of places on the internet record your IP address. Whenever you download something from someone else, they can have your IP address. Whenever you post on any message board, the mods or admin there will have your IP address. If you've got your email at a place like hotmail, then whenever you send an email, the reciever has got your IP address.
   4. For most wikipedians, it's quite easy to find their IP address. Most wikipedians have accidentially made edits without logging on (i.e. forgetting to log on). If you go through someone's contribution history carefully, and then check the histories of the pages they edit, i bet for most wikipedians, you can come up with an IP address or two. If just depends on how far you're willing to go to find someone's IP address. MOst active wikipedians also have "email this user" activated. So often, you can just email them and get their IP address from a reply.
   5. At the end of the day, the only thing IP addresses are really good for is seeing what the probability two accounts are operated by the same person is. If they've got the same IP, then the probability is high. If they have IPs from different countries, then the probability is low. But at the end, IP addresses prove nothing.

--`/aksha 09:22, 14 March 2007 (UTC)Reply

Comment: Actually it is sometimes possible to resonably identify who a person is from their IP. For example, if you knew my IP, you could probably easily guess my real name. To be fair, the reason is this is because I'm not that concerned about an high level of anonymity but if for example, I had decided to keep my wiki identity seperated from the my real life identity I use on the internet, you could find out details I didn't want you to know. For some people, you could probably even find out their birthday and where they live depending on how careful they are with their personal information. Point being, an IP can in fact sometimes be used to identify or at least have a very good guess at who the person is. This does require a specific set of circumstances but it is possible and if a user wishes to remain anonymous, they should be allowed to do so. Note, many of us don't bother or care that much. I admit I have not logged in on purpose and you can probably guess what my IP is if you look hard enough at wikipedia. However again, just because some, perhaps even most people don't care doesn't mean we should ignore the fact some people do care. Secondly, and perhaps more importantly, you appear to be ignoring the fact that some of our contributors are living in regimes where their edits to wikipedia may get them into trouble. For example, the status of wikipedia in the PRC is unclear and given the history, it's possible the PRC government may decide to go after Chinese wikipedians who obey our policies regarding NPOV etc in Chinese related articles. I'm not sure how things in China work with the great firewall etc and some may be using proxies anyway but it's resonably possible that people may be prosecuted because the Chinese government finds out IPs they're using on wikipedia. For that matter, it isn't just governments. What happens if someone wants to sue a wikipedian who has chosen to remain anonymous. If we are subpoened by a court, we may cooperate depending on what our lawyer says. But should we really be allowing people to bypass our current level of protection for wikipedians? Finally while it's true a lot of other places record your IP, there are several issues here. Firstly, the level of involment people have with many of these services is somewhat different. If I'm just e-mailing my family or a friend, I don't care if they know my IP most of the time. If I was doing something serious and wanted to send an anonymous email I would use mixmaster or something like that. More importantly tho, we currently present it that wikipedians with accounts have a resonable guarantee that their IPs won't be revealed to anyone without very good reason. Therefore, it is resonable for wikipedians to assume they don't need to take extra steps like use Tor or whatever for anonymity. If we aren't going to ensure checkuser is properly limited and regulated then we need to make this clear ASAP. Nil Einne 16:21, 16 March 2007 (UTC)Reply

I support the proposal, and for oversight as well. Of course no system is proof agains someone determined enough and clever enough, but it's a good barrier against having people who are entirely unknown or fakes of some kind in these sensitive roles. I'd extend it even further, i.e. to bureaucrats and arbcom members, but I can see how that might not be practical for the office to handle so I won't press that point, at least not in this forum. Metamagician3000 09:48, 14 March 2007 (UTC)Reply

Related to w:Wikipedia:IP Hash, if the IP addresses of logged-on users were hashed and made public, 90% of CheckUser's functionality could be performed by ordinary users without compromising anyone's privacy. The other 10% of the time CheckUser would be necessary to check IP addresses that are similar but not the same, since IPs from the same subnet would have vastly different hashes. It seems to me the hassle of reporting a suspected sockpuppets to CheckUser has enabled quite a few to go unnoticed for a long time. – Þ  01:16, 14 March 2007 (UTC)Reply

Here is someting I posted to the foundation-l mailing list:

Sebastian Moleski writes:
> It might be prudent to use the term "jurisdiction" instead of country if
> we're talking semantic details here. Shouldn't this discussion take place on
> a talk page somewhere?

Weak agreement on this invocation of the Fear Of Law.  Strong agreement
that this discussion should be on a wiki page; see 
http://meta.wikimedia.org/wiki/Talk:CheckUser_policy

I am generally loathe to use age as a barrier for anything; we should be
clear about where this line is being drawn, and for what reasons.

"This is a very important role" is not a reason to discriminate based on
age.  "This is a role that requires being responsible" is likewise not
appropriate.  "This is a role that requires being legally accountable for
one's actions" is.  

SJ

I would like to add the following subsection to the Use of the tool section:

===Adminship nominees===

Nominees for adminship may be checked at random during the nomination process. Anyone who agrees to be nominated is thereby giving permission for a check to be conducted. Nominees and the community need not be informed if this has been done, unless the checkuser believes the results of the check have invalidated the nomination, in which case the information may be revealed at the discretion of the checkuser or the bureaucrats.

See here for a prior discussion of this issue.

Any thoughts? SlimVirgin ^(talk) 17:05, 1 June 2007 (UTC)Reply

I understood vote which is investigated with CU may include RfA. At any rate, Japanese Wikipedia has already performed CU on every voter (note: not random check, over 60 editors, IIRC?) on a certain RfA, include the nominee, partly since it was revealed this nominee had used to be editing via open proxy. ja:User:ちゃたま performed it, so you can see it on the log, if you have the access. Just for your information. --Aphaia 17:41, 1 June 2007 (UTC)Reply

I certainly think this is a good idea, admins have the potential to do serious harm to their native project, and stopping known sockpuppeteers before they even get the tools would certainly be a step in the right direction. Ryan Postlethwaite 18:03, 1 June 2007 (UTC)Reply

Don't like this idea, checkuser isn't a toy for random checks just in case there's a bad candidate somewhere. Either way, it won't solve anything because the admin would probably pass unnoticed. Majorly (talk) 18:23, 1 June 2007 (UTC)Reply

I agree with Ryan. I've been checked twice - on my books rfa & on my books CU! Sure - things can be hidden but in the end Cu is a tool to be used even if it doesn't tell you everything. It should be used quietly & carefully - I've checked some stuff that has turned up nothing, however other than Cus no one knows & no harm has been done to anyone. As to being policy - well I don't feel strongly but it should be used --Herby ^{talk thyme} 18:35, 1 June 2007 (UTC)Reply

Agree as well. As can be seen by the link above, the usefulness (not just the validity within policy) of this is disputed. Titoxd^(?!?) 19:02, 1 June 2007 (UTC)Reply

Titoxd, when you say you agree, do you mean you agree that we should add that section? SlimVirgin ^(talk) 19:36, 1 June 2007 (UTC)Reply

No, I agree that it is an awful idea. Titoxd^(?!?) 22:27, 1 June 2007 (UTC)Reply

I think running CU on admins is perfectly fair. EVula // talk // 20:27, 1 June 2007 (UTC)Reply

• This is a solution looking for a problem. It will NOT solve the problem that en.wikipedia recently had with a trojan admin account. There is no point to this proposal other than adding additional bureaucracy and a feel-good solution that solves nothing. Vehemently oppose this privacy violating process. If you go this direction, you might as well insist all administrators reveal their identities to the Wikimedia Foundation. Afterall, it's the only way to be sure. --Durin 20:43, 1 June 2007 (UTC)Reply

Just because we can't have (and don't want to have) 100 percent security against dodgy admin accounts doesn't mean we shouldn't have some. This isn't a solution looking for a problem; quite the reverse, as I indicated above. It wouldn't increase bureaucracy at all, which is why the proposal is that the accounts may be checked at random. That is, some weeks maybe a lot, some weeks none, at the discretion of the checkusers. The point is that the nominees could never be sure that they wouldn't be checked, and that might discourage a few of the less technically minded socks. Admittedly, the absolutely determined ones will be able to evade checkuser, but as I said, 100 percent security isn't what we're looking for here. SlimVirgin ^(talk) 21:06, 1 June 2007 (UTC)Reply

And it might discourage some perfectly valid candidates from applying, knowing their IP will be revealed in a random drug test. You've got no evidence that this will even help, given the short duration of IP logs, and it could give a false sense of security. Just no. 64.126.24.11 21:13, 1 June 2007 (UTC)Reply

Clearly this is against the letter of the current policy, which is why a policy change is proposed. I think it is also against the spirit, and further I think CU is a tool that is most powerful when used sparingly. I have tried to use it sparingly in my usages on Commons and now on Meta. Finally I don't think it actually would work well without a LOT of fishing and checking possible things out. So I am not keen on this proposal at all and would prefer it not be adopted. I suspect that the foundation itself would need to be involved in changing the policy, were it to come to that. ++Lar: t/c 21:48, 1 June 2007 (UTC)Reply

I would like to see whether there's agreement among users before asking people at the Foundation for their views. SlimVirgin ^(talk) 22:01, 1 June 2007 (UTC)Reply

The proposal seems quite reasonable to me. In fact, I don't think it would be unreasonable to require all admins to confirm their identities with WMF. Adminship may not be a big deal, but it is very different from editing. The damage that could be done by a skilled sockpuppeter with multiple admin accounts (thus able to create the illusion of consensus) is quite severe.-- Visviva 01:27, 2 June 2007 (UTC)Reply

"I would like to see whether there's agreement among users"... Precisely so. I wasn't suggesting that the Foundation be asked just yet, merely pointing out that they WOULD have to make the policy change, it is not one that user consensus can make independently. I do think that a lot of good points were raised and I am in particular interested in your response to Oleg Alexandrov's point... I applaud your caution in wanting to do this and your sensitivity in raising it for discussion but I remain opposed to the idea itself. ++Lar: t/c 12:55, 3 June 2007 (UTC)Reply

Bad idea, in my view. SlimVirgin, of all people, you are extremely careful about others not finding your IP address, and now you are suggesting other people's IP address be checked on routine basis. Would you even stand for admin again knowing that that it may entail a checkuser? en:Oleg Alexandrov (talk) 02:07, 2 June 2007 (UTC)Reply

I would, yes, so long as I trusted the people with checkuser, and the ones who currently have it are very trustworthy. If a proposal like this were adopted, we'd have all the more reason to make sure only very responsible people get access to it, and the more checks there are, the more we can be certain that we're choosing the right people for adminship (and therefore possible checkuser) in the first place. So this proposal would indirectly tighten up checkuser security too. SlimVirgin ^(talk) 09:42, 7 June 2007 (UTC)Reply

Seems to me that, if the issue is the trustworthiness of admins and potential admins, then the issue applies equally to current admins. I would suggest, if this is to go forth, that it be expanded to say "Editors holding administrator and higher rights may be subject to random checkuser. The editor and the community need not be informed if this has been done, unless the checkuser believes the results of the check raise concerns. The checkuser will report any concerns to the Arbitration Committee or bureaucrats of the applicable project, who will determine next steps." Risker 03:00, 2 June 2007 (UTC) forgot to sign, oopsReply

This is a horrible idea. It's invasive, it's a lot of grunt work for people who have better things to do. Checkuser is never used for fishing because it's an invasion of privacy, and is only done when suspicion exists. Automatically checking admins in some hunt for possible nefariousness with no reason to do so other than "they might have other accounts!" is w:McCarthyist. Proto 09:46, 2 June 2007 (UTC)Reply

Okay, thanks for the input. It's clear from this limited input that there's no consensus to do random checks at this time. This strongly indicates that we don't mind if admins are running more than one admin account or are formerly banned users, which I find puzzling. Even if people think adminship is no big deal, it's not no deal whatsoever, otherwise we'd give it to everyone. So I feel there's some unclear thinking going on here. SlimVirgin ^(talk) 22:16, 6 June 2007 (UTC)Reply

I don't think the objections are because "we don't mind if admins are running more than one admin account or are formerly banned users." I think the issue is more that people do mind about the fact this is a privacy violation, will scare away candidates, and will give the checkusers a lot more work to do. Picaroon (Talk) 23:15, 6 June 2007 (UTC)Reply

By all means, request a checkuser if there is valid suspicion that there's a problem. That's what checkuser is for. I would suggest that people would mind if they found out there was an admin with multiple admin accounts, or are a banned user (personally, I couldn't care less about the latter - if they have been doing a good and helpful job and not abusing things, I don't really care if they used to be Willy on Wheels or Mr Pelican Shit, and we would probably never know, anyway), but as I said above, people also value their privacy (it's a principles thing). Plus checkusering is a busy job already. Proto 09:22, 7 June 2007 (UTC)Reply

The proposal is that random checks would be allowed, so it wouldn't add substantially to the workload; check users could do it as infrequently as they liked. This proposal would simply allow them to. As for the privacy angle, that's fair enough, but as I said above, it indicates that people don't mind that much if there are admins with multiple accounts. You're placing privacy rights above that. I value privacy too, but I trust the checkusers not to violate the privacy policy, so I don't see it as an either-or situation. SlimVirgin ^(talk) 09:37, 7 June 2007 (UTC)Reply

I'm not sure it follows that if I don't like Remedy X that I think Problem Y isn't an important problem. It just means that I don't like Remedy X. CU is not the only way to combat admins with multiple accounts, or banned users returning in general, and further, a random checkuser of an admin candidate is not the only preventative measure that could be taken. I completely agree that socknests are a bad thing. I just do not agree that using CU this way is necessarily the best or only way or the most privacy maintaining way to combat them. And I'm completely open about my identity. ++Lar: t/c 18:40, 11 June 2007 (UTC)Reply

Using checkuser on RfAs seems appropriate and useful. It would be good to make certain that someone hasn't been playing nice under one name while making trouble under another. Doczilla 19:14, 16 June 2007 (UTC)Reply

It says that one's country can be revealed, but some people come from small countries with not so many users. Would it be possible to change it to be: Revealing that two users come from different countries is generally not personally identifiable. I come from a small country, I have an English Wikipedia account and there is something about me on the user page. If my country was told, that would reveal my identity, but a person coming from a big country might not come to think of that. Himyeana 14:36, 10 June 2007 (UTC)Reply

I would rather have the name of the Internet service provider not to be told either, at least when it reveals the country. Himyeana 13:00, 12 June 2007 (UTC)Reply

To have countries not to be told would improve the privacy, and at the same time the effectivity of the tool would not be changed. Himyeana 10:21, 13 June 2007 (UTC)Reply

Good day, I have chosen this issue to be the first in which I would like to make my voice heard regarding my concern on the effectiveness of the checkuser function. To begin, there's no doubt in my mind that it was established with the best of intentions, and it has indeed served to fuction as a tool that has helped limit disruption to various Wikipedia projects. In short, we know it has limited conduct that could have continued indefinitely under any other condition. But I cannot help but question its ability to effectively block disruptive wihout ever causing unwarrented harm to users with the same IP who happen to be legitimate. Here is my story to illustrate my point:

I begin editing on the English Wikipedia a little over one year ago. I started off a bit shaky, being unfamiliar with proper policy and such, but after a couple of months of well needed reading, I managed to establish a considerable edit count, gain more experience each day. I even became accepted on the user list for Vandal Proof, where I reverted countless incidences of vandalism. At the beginning of this summer, I went on what is known as a "Wikibreak" for the reason that I travel quite a bit this time of year, and can not edit regularly. After taking a couple of pictures, I came back to upload them, only to find that my account had been indefinitely blocked on the grounds that a checkuser had found evidence that sockpuppetry was coming from my IP address. Naturally, I was panicked to find that my user account, being fairly established, was in jeopardy. I immediately requested an unblock via my user talk page just before an admin, who was strikingly uncivil, protected the page prematurely, convinced I was guilty of the sockpuppetry in question. To this point, I am not entirely sure where the sockpuppets came from, but I am deeply offended that my account was shut down without any of my contributions being remotely considered. Of course, I raised the issue with an admin, and the blocking admin in question, only to receive no response. In addition, one of the admins disabled the e-mail user feature for the account. My user account, which I believe was bound for eventual adminship nomination, remains blocked, tagged as a sockpuppet of an account I had nothing to do with, and I have to deal with the fact that not only have my contributions gone unappreciated, they are now being treated as if they never occured, as I have no choice but to start over with a new user account, something I can't do as of yet because my IP remains blocked, and just walk away from a year of hard work.

So the question I put before you is this? Is it fair to block a username based on checkuser findings when there is absolutely no evidence this specific username has done anything wrong? I don't believe so, because blocking users who in all forms appear to be legitimate will inevitably result in very harmful collateral damage. It happened to me, and believe me, I'm not the first or last user to be wrongfully hurt by these actions. What checkusers need to take into consideration is the fact that almost all homes today with internet access could have sevaral people living in them with two or more who access, even edit the Wikis, and to make matters more complex there are many many shared IPs in the United States alone. Why then should ALL usernames associated with a certain IP be blocked? If an account appears to be legitimate, in every form, it most likely is, so please, let's block those who deserve sanction, and not those who don't. I plan to propose a few changes to the checkuser policy in light of my negative experiences, but I would first like to hear the input of other users. Without such changes, I feel that what happened to me, could happen to anyone.The Kensington Blonde T C 03:50, 17 June 2007 (UTC)Reply

If everything you say is true and if you can get through this without bitterness, you will become a good admin one day. It's not just the edit count which matters but how you behave and your experience, which no one can take away from you. In the light of everything I have seen around I believe what you say here is important. Himyeana 21:16, 18 June 2007 (UTC)Reply

If you did become a checkuser what kind of personal information would you have to provide to the Wikimedia Foundation??

would it be documentation, or just your first name/surname. Pseudonyms, I assume are not accepted.

this is a hypothetical question... --Plazglend 08:48, 18 June 2007 (UTC)Reply

Required information options as as follows -

In accordance with the Board Resolution:Access to Non-Public Data, we are requesting proof of identity and evidence of age of majority because of your role as Checkuser. This proof may be provided in one of the following manners:

1) Copy or scan of Driver's License.

2) Copy or scan of Passport.

3) Copy or scan of other official documentation indicating real name and age.

This is copied from the request I received - hope it is what you want --Herby ^{talk thyme} 09:01, 18 June 2007 (UTC)Reply