Talk:CheckUser policy

From Meta, a Wikimedia project coordination wiki
Jump to navigation Jump to search
This page is for discussions related to the CheckUser policy page.

  Please remember to:

  Archives: 1 2 3 4 5

Wikimedia Community Logo.svg

Retention of data for cases resulting in indef blocks[edit]

Does Wikimedia keep data related to indefinite check-user blocks? Sometimes it does, but there is no such effort systematically. Look at Steward requests/Global/2018-05 #Global unlock for Solomon203 who did not yet. We see that check-users from en. and ja. wikipedias have nothing to say about the case. The account was globally locked and only a miraculous coincidence of factors caused the stewards to reverse. Check-users either squandered the data on Solomon203 or can’t now find them, and recently one the functionaries was busy arguing against me – not surprisingly, as they have nothing to review. A similar situation on c:Commons:Requests for checkuser/Case/Chyah. Trijnstel, a member of Wikimedia authorities, did nothing but referred to some SPI in fa.Wikipedia. Coincidence of which namely accounts did those Persians establish? There is a large IP range covering a geographically significant territory—hundreds km—and the case is further complicated by the use of proxies. Who of Commons admins or the Ombudsman commission did see those data?

Looking for a responsible admin to help with pushing for improvement in the current policies. All data related to check-user blocks, and especially to blocks against users with significant contributions, must be kept for no shorter than one year. Data for high-profile cases should be kept forever. Incnis Mrsi (talk) 12:56, 3 June 2018 (UTC)

Data retention guidelines is probably what you are looking for. — regards, Revi 14:08, 3 June 2018 (UTC)
Just for the record since the incompetence of admins and functionaries is being discussed: the block above was reviewed today and Bbb23 found the account to be technically indistinguishable. (Also pinging Green Giant so he is aware of the local results.) TonyBallioni (talk) 14:46, 3 June 2018 (UTC)
@TonyBallioni: Thank you for the ping. To clarify, I've not seen any CU data on Solomon203 but the account was unlocked based on the arguments presented at SRG, and to facilitate unblock appeals on three wikis. I have avoided commenting on the block appeals to stay impartial. I cannot say if Solomon203 is NDC or not but I defer to the opinions of people better-placed to comment. Green Giant (talk) 15:39, 3 June 2018 (UTC)
Bbb23 may perfectly be right that two Solomon203’s en.Wikipedia edits in June do not make him technically distinguishable off hordes of the Nipponese Dog’s puppets storming Wikimedia servers from a huge pool of Taiwanese IPs. Guys, I speak of retention of data from October–November in this case. You must have some notion of statistics and should understand why large data samples are important. That’s exactly the point I made. Incnis Mrsi (talk) 17:11, 3 June 2018 (UTC)

CU-only accounts and their inactivity?[edit]

On bgwiki we're discussing a local CU policy (translation). The current proposal allows the CUs to have a separate user account for the CU-related (and possibly admin) rights only. My reasoning for this was that CU is rather more sensitive in its nature than all the other local rights (except, to an extent, for the interface-admin). At the same time, we tend to stay logged in with our “ordinary” accounts for very long time periods and often not only on one device, which inevitably makes such accounts more vulnerable. Sure, 2FA mitigates this problem substantially, but another layer of security rarely hurts. If the separate CU account stays logged off most of the time, being used only when CU checks are being made, then, together with the 2FA and, obviously, a strong password (and possibly tightening a bit the password reset with the new functionality to require the email address as well, which could have a random “+” extension added to it), should provide an even greater peace of mind.

However, here's the problem: the global policy says “Any user account with CheckUser status that is inactive for more than one year will have their CheckUser access removed.”

I suppose that a reasonable explanation that this is a separate account of an otherwise active user, allowed by the local CU policy, with appropriate information on the user page, etc. would satisfy the stewards—as people—but since they also have their obligations as functionaries, not technically enforcing the policy might put them in some uncharted waters; “any user account”, the policy says—not “a user that is inactive”—must be stripped off of their CU rights.

So, TL;DR, should we possibly change the global policy here to rather refer to the inactivity of the user, not specifically of the user account? It's kind of a corner case, true, but I think it would make more sense this way. To me, it seems a bit rigidly phrased right now.

Of course, it goes without saying that the connection between the user accounts should be openly and unambiguously disclosed (this is even explicitly mentioned in the proposal for our local policy, although it's also kind of obvious, since the editors who vote need to know who they vote for). Or, in other words, the burden of proof would be entirely on the user—we are *not* talking here about forcing the stewards to go out of their way and perform some extensive checks if an inactive account is associated with some active user if that's not already clearly and unambiguously stated. It's just that if there's a clear connection between an active user and an inactive account, the stewards wouldn't feel compelled to remove the rights of the account just because the global policy explicitly says so.

Now, an argument could be made here, I guess, that it would be more confusing to have such separate accounts. But I think that having two (or, in some cases, even more) accounts is a generally accepted practice when there are good reasons for it and when this is publicly disclosed. However, there may be other reasons to not encourage people to have a second, CU-only, account. If you know such, or could think of some, please, do share them.

— Luchesar • T/C 12:15, 1 July 2020 (UTC)

If someone hasn't used the CheckUser tool in a year, why should they not have the userright removed? ST47 (talk) 19:38, 15 July 2020 (UTC)
ST47, that's a good question, even if about something slightly different. The policy has a requirement for any account activity, not specifically for CU activity. IIRC, this was explicitly discussed at some point in the past and the consensus was that the CUs shouldn't feel forced to do checks to keep their rights—even if otherwise there are no cases that justify such checks. Such counterproductive “CU misuse encouragement” would be especially pronounced in the relatively smaller projects, where the number of cases that clearly justify CU checks may fluctuate a lot. On bgwiki, for example, we've had years with literally hundreds of strongly suspected sockpuppets, and also years with almost none. It wouldn't make sense to strip the otherwise active (as editors/sysops/'crats/etc.) CUs from their rights just because this year there hasn't been enough cases for each one of them to do at least one check, when the very next year they could, contrastingly, be even overwhelmed with the number of required checks. And the whole point of requiring activity is really more about: (a) knowing that the people with such rights are, indeed, around and can react when and if their help is needed, and (b) knowing that they hadn't abandoned their accounts, which could have security implications.
— Luchesar • T/C 10:11, 16 July 2020 (UTC)