CheckUser policy: Difference between revisions

This is a proposal by Datrio and Anthere, based on the discussions at CheckUser. If it'll get approved by the Foundation and the community in the near future, it will become a policy. September/October 2005

See the talk page for why it should NOT become a policy, or some horrible things will happen) --user:Taw

check it out for yourself oscar 02:25, 5 November 2005 (UTC)[reply]

CheckUser is a special interface for users with the checkuser permission. An editor with CheckUser status on a wiki can in particular check if a user isn't a sockpuppet of another user on this wiki (not on all wikis). By using it, users are able to:

• Determine from which IPs has a user edited the Wikimedia wiki
• Determine the edits on the Wikimedia wiki of a specific IP (even when logged in)

These data are only stored for one week, so edits made prior to that will not be shown via CheckUser. A log is kept of who has made which queries with the tool. This log is available to those with the checkuser permission:

5 sep 2005 17:29 UserX got IPs for UserY
5 sep 2005 17:29 UserX got edits for 127.0.0.1

See Help:CheckUser for the user manual.

On Wikimedia projects, privacy policy considerations are of tremendous importance. Unless someone is definitely violating policy with their actions (e.g. massive bot vandalism or spam), revealing their IP, whereabouts or other information sufficient to identify them is likely a violation.

CheckUser requires the level of confidentiality one would apply to our most confidential user data.

The relevant section of the privacy policy is:

Policy on release of data derived from page logs

It is the policy of Wikimedia that personally identifiable data collected in the server logs will not be released by the developers who have access to it, except as follows:

1. In response to a valid subpoena or other compulsory request from law enforcement
2. With permission of the affected user
3. To Jimbo Wales, his legal counsel, or his designee, when necessary for investigation of abuse complaints.
4. Where the information pertains to page views generated by a spider or bot and its dissemination is necessary to illustrate or resolve technical issues.
5. Where the user has been vandalising pages or persistently behaving in a disruptive way, data may be released to assist in the targetting of IP blocks, or to assist in the formulation of a complaint to relevant Internet Service Providers
6. Where it is reasonably necessary to protect the rights, property or safety of the Wikimedia Foundation, its users or the public.

Wikimedia policy does not permit public distribution of such information under any circumstances, except as described above.

Information release

Even if the user is committing abuse, it's best not to reveal personal information if possible.

• Generally, do not reveal ips. Only give information such as same network/not same network or similar. If detailed information is provided, make sure the person you are giving it to is a trusted person and will not reveal it himself.
• If the user has said they're from somewhere and the IP confirms it, it's not releasing private information to confirm it if needed.
• If they're on a large ISP (e.g. AOL, NTL, BT, Telstra), they're one of millions and it's not personally identifiable.
• Revealing the country is generally not personally identifiable (e.g. "User:Querulous is coming in from the UK, User:Sockpuppet is coming in from Canada").
• If you're in any doubt, give no detail

The tool is to be used to fight vandalism or check abuse of sockpuppets, for example when there is a suspicion of illegal voting. It must be used only to prevent damage to one or several of Wikimedia projects.

It is not allowed to use the tool for political control, nor to apply pressure on editors, nor as a threat toward an editor with whom you are in disagreement. There must be a valid motive to check a user (a bare disagreement with the leaders of a wiki is not a valid motive).

It is allowed to check an editor ips upon his specific request, when this user wants to publicly prove his innocence.

As a reminder, sockpuppets are not generally forbidden (editors may edit wikipedia under several accounts). It is the abuse of sockpuppets use (and in particular voting twice under two different names) which is severally frowned upon.

Notification to the one checked is not mandatory, but checkuser may choose to tell the person checked if they feel it best. Similarly, notification of the check to the community is not mandatory, but may be done as long as private information is not released.

Only few editors and Stewards are allowed to have the CheckUser status. Editors will only have CheckUser status locally.

On a wiki with an arbitration committee only editors approved by arbitrators may have CheckUser status. They should be at least two so that they can mutually control their activity. After agreement, simply list the candidate on Requests for permissions#CheckUser_Access.

On a wiki with no arbitration committee two options are possible.

The community must approve at least two CheckUsers per consensus. Activity will be checked mutually. The user requesting check user status must request it within his local community and advertise this request properly (village pump, mailing list when available ...). The editor must be aware of the privacy policy. After gaining consensus (70%-80%) in his local community, with at least 25-30 editors approval, the user should list himself under Requests for permissions#CheckUser Acess with a link to the page with the community's decision.

If an unsufficient number of voters do not allow to vote for two checkusers on a wiki, there will be no checkuser on that wiki. Editors will have to ask a Steward to check if UserX is a sockpuppet of UserY. To do so, simply add your request to Requests for permissions#CheckUser Request (to be written) listing these users and explaining why you ask for such a check (with links). You also need a community consensus (like above). The Steward will answer you if these two users are from the same IP, same proxy, same network, same country, or are they completly unrelated (see discussion for what the steward should more precisely say to the editor).

Any user account with checkuser status that is inactive for more than a year will see his checkuser access be removed.

In case of abusive use of the tool, the steward or the editor with CheckUser privilege will be immediately removed the access. This will in particular happen if checks are done routinely on editors without a serious motive to do so (links and proofs of bad behavior should be provided).

Suspicion of abuses of checkuser should be discussed on each local wiki. On wikis with an arbcom, the arbcom can decide of the removal of access. On wikis without arbcom, the community can vote removal of access. Removal can be done by stewards. The stewards may not decide alone of removal, but can help provide the information necessary to prove the abuse (log). If necessary, and in particular in case of privacy policy lack of respect, the board of Wikimedia Foundation can be asked to declare removal of access as well.

In case only one checkuser is left on a wiki, the community should elect a new checkuser (so that the number of checkusers is at least two).

• Stewards (overall) - currently using it, Datrio, Waerth, Oscar, Anthere
• Tim Starling (overall)
• David Gerard (en)
• taw (pl)

• About European Law
• Privacy policy