Steward requests/Checkuser/2015-11

From Meta, a Wikimedia project coordination wiki
Jump to navigation Jump to search
Warning! Please do not post any new comments on this page. This is a discussion archive first created on 01 November 2015, although the comments contained were likely posted before and after this date. See current discussion.

Requests

Blobline@lt.wikipedia

According to CU data listed accounts are not connected. einsbor talk 21:49, 6 November 2015 (UTC)
Thank you for your time. Please respond in discussion link above, inform said users, unban me and do something about it, because Martynas Patasius previously accused another member with no real evidence, and his friend, administrator Dirgela supporting him on every case. Blobline (talk) 09:15, 7 November 2015 (UTC)
As far as I can see there are more admins on ltwiki. You can mail them linking this topic. I cannot unban you, I've done everything I could. More actions are in local admins' hands. einsbor talk 07:27, 9 November 2015 (UTC)

Cross-wiki vandal

Batman tupiniquim has been blocked by DerHexer. His contribs been reverted by User:JD. Bennylin 10:23, 16 November 2015 (UTC)

Falcon Bos

MoreInfo Additional information needed Why? Who? With whom? —MarcoAurelio 09:32, 17 October 2015 (UTC)
Verdacht wegen doppelte Stimmabgabe (s. [1]) als Falcon Bos und Yahadzija. Änderungen in gleichen Artikeln, welche mit Vandalismus nähert und ähnliche provokante Diskusionstyle. --AnToni(Talk) 09:42, 17 October 2015 (UTC)
I will abstain in favor of a steward who can read and understand German so it's easier for you (I'd love to be able to read/speak German). Best regards. —MarcoAurelio 10:22, 19 October 2015 (UTC)
@AnToni: Für eine Abfrage braucht es etwas mehr Substanz als einen solchen wagen Verdacht. Zum einen wären Diff-Links sehr hilfreich und ein paar mehr Worte, die den Verdacht untermauern. Bearbeitungen gleicher Artikel sollen vorkommen und vor allem die Diskussionen müsste hier mal verlinkt werden. In der jetzigen Form wäre es ein fishing eine Abfrage durchzuführen. -Barras talk 18:56, 29 October 2015 (UTC)
No action in 4 weeks, closing. Please reopen @AnToni: if still relevant and as per Barras's statement.  — billinghurst sDrewth 14:04, 21 November 2015 (UTC)

Amuthanan Irapann@ta.wikipedia

@AntanO:: Both are positive related, with the same addresses and UA. Other users who match their UA:
Regards, Bennylin 10:38, 16 November 2015 (UTC)
Thanks. You are right. I just see the third account (Divyamani Kandiyar) that do the same. I wait for the conclusion to take action. --AntanO 10:45, 16 November 2015 (UTC)
Previously done, Closed Closed as no further action required.  — billinghurst sDrewth 14:06, 21 November 2015 (UTC)

Gris med vinger@no.wikipedia

@4ing: for future reference purposes, please mention "Funkybeatnick" as that is the primary case as has been recorded, and that will save some to'ing and fro'ing over steward involvement. Also please only enter new usernames into the template, we cannot check old accounts and the additions of old usernames becomes noise. The harder that you make the request even experienced stewards will shy away from confusing checkuser requests.
Results
  •  Confirmed socks — Gris med vinger, Jass Viserguttene, Ticqli, Inrej, Illasutl, Jobinkado; very Likely Likely Vanntanke to be aligned with the first, similarly with Trillobrist, and Kevin Cadilac
  •  Confirmed socks — Jkbuer, Øyeren, Nefer1010, Franzzen, Ekspat, Beerbroker (noting that this is a separate sock set, and no evidence associated with the other accounts); Likely Likely Xibatee
 — billinghurst sDrewth 13:46, 21 November 2015 (UTC)
Comment
Above you have mentioned some IP addresses editing, publicly available tools will show that those are Norwegian mobile provider netcom.no operating in the ranges 89.8.0.0/16 178.232.0.0/16, 46.212.0.0/16 and 46.15.0.0/16. Your community may find it useful to approach the provider to ask them for their process to report and have them action abuse and vandalism reports. If your community was to look to place blocks on those ranges, then I would suggest that you start with soft blocks that prevented creation. Any block will have consequences on other users, so a hard block would be a bridge too far. If you went down that track you may also wish to have a process to manage unblock and creation requests. There would be some leg work involved though if, as you indicate, the IP spam/vandalism is coming from that range then it would produce a lessening of your quality problems.  — billinghurst sDrewth 13:57, 21 November 2015 (UTC)
@Billinghurst: Thanks a lot for your advise regarding how to write better CU requests, and also for taking your time to perform this CU. Both sock sets include a couple of username's that I have paid some attention to, and edit patterns clearly indicate that at least the first set should be ragerded as confirmed socks. For the second set I'm less sure. Jkbuer has a couple of edits back in 2007, before taking up edits in October 2015. Based on the user name, I am pretty confident that I can identify the user (at the University of Oslo). Franzzen has editied similar topics as Jkbuer, but might be a fellow. Franzzen and Ekspat have also been editing on a common article. Øyeren and Xibatee participated in the same AfD discussion. However, I strongly doubt that all the accounts in the second set belong to the same person.
I don't think it will be necessary to set up a range block, but it would be helpful if you could confirm whether the first sock set is conntected to the mentioned IP ranges. - 4ing (talk) 18:17, 21 November 2015 (UTC)
@Billinghurst: Just so this is clear; you confirm that Kevin Cadilac, Vanntanke and Trillobrist are all sockpuppets of Sju hav? Where there are several years since Sju hav was active? I want an explicit confirmation on this, and an explicit clarification how this is achieved. — Jeblad 22:45, 21 November 2015 (UTC)
@Jeblad: Checkuser is only sets of data, it cannot identify people, plus there is zero data that I can see for the user Sju hav. If records for the person exist, they will only be in people's personal archives, for example, your previous checkusers. I have no personal knowledge in this area, so there is no such aligning statement from me above. I can only talk about data that I see today, and for the past three months. I am saying that there is definitive (beyond reasonable doubt) information for the first listed set, and likely association (balance of probability) with the following three accounts. I cannot tell you if the English Wikipedia checkusers have definitive proof or likely association on the user though I have privately put some questions to them.

Checkuser data has levels of security, however, for known and persistent vandals there is scope to assist to block, and to assist trusted users to tackle this issue with internet service providers, who ultimately can work with us or explain to their customers why restrictions are in place.  — billinghurst sDrewth 23:52, 21 November 2015 (UTC)

@Billinghurst: Note that 4ing is using this CU as a proof that these users are the user Sju hav. This has been going on for some time, and I've been less and less confident that there are any connection between those users at all. Very few ISPs in Norway provide static IP addresses, and those who do mostly provide this service to companies, schools, colleges and universities. This makes me think that you are simply doing CU against some large school network. — Jeblad 14:21, 22 November 2015 (UTC)
Please don't make false accusations, Jeblad. I have explained to you several times that the blocks are based on studying edit patterns, and CU has only been used as supporting evidence. I know perfectly well that CU is not able to show that a current user is identical to a user blocked seven years ago. It might be that the ~50 SPI cases on en:wp can be used to link accounts over a long period from CU data, but I dont' haven't looked systematically into that. What I have studied, is the edits of 300+ sockpuppets on en:wp and 200+ on no:wp. - 4ing (talk) 20:24, 22 November 2015 (UTC)
Ok, I'll post some entries from the blocklog. The summary reads "Sokkedukke som omgår blokkering: Bruker:Sju hav" ("Sockpuppet that avoids block: User:Sju hav"). — Jeblad 10:52, 25 November 2015 (UTC)
Yes, CU supported the behavioural evidence. - 4ing (talk) 13:59, 25 November 2015 (UTC)
No, you claim a magic crystal ball. ~~
@4ing and Jeblad: Please take this discussion back to your community. If you are talking behavioural aspects and how to utilise this to request CU in a means that is acceptable, that is something that all your administrators and community should see and have the ability to participate. From my point of view this was a valid request with specific results; for previous requests you will need to review those conversations in our archives.  — billinghurst sDrewth 22:47, 27 November 2015 (UTC)

Reusjejemsms@sourceswiki & Right780@sourceswiki & Sonasing@sourceswiki

Yes check.svg Done, all spambots. I did check at loginwiki and found more of them. All listed accounts have been already locked. einsbor talk 21:34, 27 November 2015 (UTC)