Jump to content

CheckUser privacy

From Meta, a Wikimedia project coordination wiki
(English) This is an essay. It expresses the opinions and ideas of some Wikimedians but may not have wide support. This is not policy on Meta, but it may be a policy or guideline on other Wikimedia projects. Feel free to update this page as needed, or use the discussion page to propose major changes.

What is Checkuser?

From CheckUser policy:

CheckUser is a special interface for users with the checkuser permission. An editor with CheckUser status on a wiki can in particular check if a user isn't a sockpuppet of another user on that wiki (not on all wikis). By using it, users are able to:

  • Determine from which IPs has a user edited the Wikimedia wiki
  • Determine the edits on the Wikimedia wiki of a specific IP (even when logged in)

This information is only stored for a short period, so edits made prior to that will not be shown via CheckUser. A log is kept of who has made which queries with the tool. This log is available to those with the checkuser permission:

5 sep 2005 17:29 UserX got IPs for UserY on zzwiki
5 sep 2005 17:29 UserX got edits for on zzwiki

See Help:CheckUser for the user manual.

Why is this a Big Deal?

"I go to messageboards and everyone sees my IP address. If I visit a website, my IP address is there for the owner to do whatever they want with. If I go on IRC, my IP address is completely visible to everyone on the network! So, why is having my IP address hidden on Wikimedia projects that big a deal?"

The answer to this question is the whole purpose of this page.

The first reason, and the one that really should answer the question, is because the Wikimedia Foundation has a Privacy policy that states that with very few exceptions, this information will not be given out. This should suffice for most people who ask.

A good second reason is that we solicit the assistance of editors in EU countries, and the EU has quite stringent data privacy standards that those of us elsewhere do not typically take for granted. The part saying "we solicit the assistance" is important. By actively asking contributors from other countries to assist us, we're creating a relationship between the Foundation and the citizens of another country. We become, at least in part, subject to the laws of that country and dependant upon its good graces in order to continue our relationship with its citizens.

The next reason is that this information can, and has, fallen into the hands of those who would use it against our contributors. I'm going to toss a few completely fictitious examples in here, though these and others have played themselves out on our projects:

  • Country A is a theocracy in which other religions, especially certain minority religions, are forbidden. Practicing these religions and being caught results in immediate death. A practicioner from Country A edits the Wikipedia article on the religion, citing sources and clarifying language so as to accurately represent their religion. What happens when the government of Country A can see the user's IP address? Best case scenario, it's narrowed down to a specific city, and the government of Country A knows where to start hunting for others who practice this religion. Worst case scenario, the IP is static and belongs to a specific home, the government of Country A decides to visit that family... well, you get the picture.
  • John B works for Really Big Corp and has provided information on policies, court cases, filed patents, and other information which is all perfectly legal and public, but when put together in a coherent fashion show patterns that an intelligent reader can put together to determine what Really Big Corp has been up to. Really Big Corp can't prove that they've been defamed, but somehow they gain the IP addresses used by John B. See the first example for the possible outcomes, though companies are more likely to simply fire the employee and ruin his life rather than kill him.
  • Adam C belongs to a secret society such as a fraternity or hate group which terrorizes a region...

I'm sure you see where this is all going. Editors that work on biographies of politicians, religious sects, companies, almost anything involving other humans, are open to unwanted personal actions if their identity is compromised. It's important to ensure that these contributors are protected from illegal action, and by following our Privacy policy, we can ensure just that.

Thing for non-Checkusers to watch for

  • IRC use: When logging into IRC, even if you have a host cloak, your real address will be (very) briefly visible. Users may be able to see your IP address. See also IRC and IRC channel cloaks for more information.
  • When requesting checkuser results, please be considerate of the target of your requests. An editor with checkuser privilages will not, for instance, give you confirmation that User:Joe Blow is editing from the address of User: That would basically confirm that user's IP address. You wouldn't do that to poor Joe, right?
  • If you visit a non-Wikipedia site, please be aware that you're giving out your information. If someone posts an external link to their own web server and tricks you into following it, you've given them your information.
  • If you reply to an email sent through the Wikipedia Special:Emailuser function, please be aware that if you reply in your mail client, most clients and mail servers will tag your IP address and real email address along with your message. If you don't want this information given out, consider replying on the talkpage of the user who mailed you or using the Special:Emailuser function.