Talk:CheckUser policy

From Meta, a Wikimedia project coordination wiki
Jump to navigation Jump to search


Requests for comment/Ombuds Commission inactivity[edit]

I have started a RFC about the persistent inactivity of several members of the OC. --Rschen7754 02:01, 1 March 2021 (UTC)Reply[reply]

Blocking of user without any checking, verifiable reason and evidence for Sockpuppetry[edit]

Hi all, I want to know what is the check user policy about Sockpuppetry and blocking of user without any verifiable reason and evidence. I want to know what is the policy of inspecting the user and closing it without providing a documented and valid document. Can the inspection manager close the user indefinitely without providing proof of inspection? And state the reason that "because your account is old and has not been active for some time and now your edits are professional", close it indefinitely and abuse this management opportunity. What is the policy if he does not provide documentary evidence of his abuse, and his violation? In Fawiki they have closed my account without any document Based on doubt only. I ask them to check with tools but they Refues it. Then I want to check global policy of wiki about this please. Thanks all. — The preceding unsigned comment was added by Shahramrashidi (talk) Hi all, Why anyone dont response? Shahramrashidi (talk) 17:42, 9 April 2021 (UTC)Reply[reply]

you might want to contact the ombuds commission. See the Submission section in particular. whym (talk) 14:04, 15 April 2021 (UTC)Reply[reply]

Hi all.

I sent a complaint to OC and reported that my account " shahramrashidi" has been blocked and banned in Fawiki as nominating Sockpuppetry, without any evidence. Even the user checking has not been requested by any in check user page. But the checkusers have blocked my account according to doubt only as their declaration. Which policy of WP tell you can block unlimited any user without evidence and with doubt only.

This is the response of OC: "The Commission is responsible for investigating complaints about infringements of the Privacy Policy, the Access to nonpublic personal data policy, the CheckUser policy, and the Oversight policy, on any Wikimedia project. The OC pays close attention to policies and their violations. Regarding the complaint relating to the block of User:Shahramrashidi for sockpuppet, the commission has found no violation of any of the aforementioned policies.

Shahramrashidi was blocked according to the Persian Wikipedia's (fawiki) sockpuppetry policy, which provides that a sockpuppet can be blocked without needing to identify the "sockmaster". The Commission is not an appeals body for blocks. The local community's appeal processes should be used in this case."

How do i tell and prove my account is not sockpuppet and the response of OC is about sockpuppet user only, then when my account is not sockpuppet, this policy is not applicable for my account. I asked OC to check my account is not sockpuppet and check users have abused from their facility and access, but instead of checking my account and their action has replied as a/m.

My question is can any check user block and bann any account as sockpuppet even it not to be sockpuppet? Who check this and stop their abuse? I never stop this to prove my account is not sockpuppet and check users abuse from their access. Please check my account in Fawiki and if my account to be sockpuppet, block me in all wiki projects else stop their abuse. Thanks Shahramrashidi (talk) 07:04, 4 July 2021 (UTC)Reply[reply]

Should the test.wikipedia.org be added?[edit]

Hello, is there something missing, in the list of user with CheckUser access? The test wikipedia has two CheckUser accounts, too. Maybe, we can insert them into the list. --Indoor-Fanatiker (talk) 09:57, 6 June 2021 (UTC)Reply[reply]

2 users with CheckUser access? 2 of the users in question have been inactive on that wiki for about a month now. DarkMatterMan4500 (talk) (contribs) 20:41, 6 October 2021 (UTC)Reply[reply]

"must"?[edit]

In the case where only one CheckUser is left on a wiki (when the only other one retires, or is removed), the community must appoint a new CheckUser immediately (so that the number of CheckUsers is at least two).

Is it a formal requirement that local communities must appoint a new CU immediately? I mean, if they don't want to, the only CU left will be demoted anyway, so there's no harm either. Not to mention stewards will always revoke both CU-ship at once. NguoiDungKhongDinhDanh 11:53, 29 May 2022 (UTC)Reply[reply]

I've been thinking for a while that the wording of that section could be improved as it is not reasonable to require an immediate election. I discussed this with @Risker a while ago and she wrote w:User:Risker/Sandbox42 as a proposed rewording which addresses both the "must" issue you mention and, in addition sets a maximum time of CU-suspension. I'd like to open an RfC about it and get the policy changed on that point, but I'm a bit busy right now. —MarcoAurelio (talk) 18:55, 7 June 2022 (UTC)Reply[reply]
@MarcoAurelio: sorry for slow reply on this. Yes I also agree this could be reworded to say something like "within 6 months" and in the meantime I think the remaining checkuser can request assistance from Stewards in order to meet verification requirements, or something similar. Cheers Scott Thomson (Faendalimas) talk 14:00, 19 July 2022 (UTC)Reply[reply]

Notification of upcoming changes to policy[edit]

The Wikimedia Foundation recently received a recommendation from the Ombuds Commission that this policy be amended. The issue at hand is the appointment of Checkusers and Oversighters and whether the group which appoints them on a project must specifically be an Arbcom or whether another, specialized committee could do it. After review, the Ombuds Commission believes, and the Foundation agrees, that there is room for a wider variety of functionary "Appointment Committees" beyond simply Arbcoms.

Accordingly, we plan to update this policy and the Oversight policy on 26 July 2022. The changes will be as follows for the Checkuser policy (removals in strikethrough and additions in bold):

On wikis with an Arbitration Committee (ArbCom)Appointments Committee whose members have been elected with the support of at least 25–30 members of the local community, CheckUsers may be directly appointed by the ArbitratorsCommittee. Any committee meeting these requirements, including an Arbitration Committee (ArbCom), may fulfil this role. After agreement, a member of the Committee should simply list the candidate on Steward requests/Permissions.

On a wiki without an ArbitrationAppointments Committee that meets the criterion above, or in a project where there is a preference for independent elections, the community may approve local CheckUsers (stewards not counting as local CheckUsers) per consensus. [...]

Suspicion of abuses of CheckUser should be discussed by each local wiki. On wikis with an approved ArbCom, the ArbCom can decide on the removal of access. On wikis without an approved ArbCom, the community can vote removal of access.

We plan to make this change on 26 July 2022. Kbrown (WMF) (talk) 15:17, 18 July 2022 (UTC)Reply[reply]

@Kbrown (WMF): I thought this was a community policy. Shouldn't this change come from the community instead? While I do not substantiatively disagree with the change I think this sets a bad precedent. --Rschen7754 18:10, 18 July 2022 (UTC)Reply[reply]
I agree with Rschen, and I also am worried that the proposed change is too ambiguous. How about something like the following: (– Ajraddatz (talk) 19:17, 18 July 2022 (UTC))Reply[reply]

the community may approve local CheckUsers (stewards not counting as local CheckUsers) per consensus. Local CheckUsers may be appointed by their respective community by consensus. The CheckUser candidate status must request it must request the persmission within the local community and advertise this request properly (village pump, mailing list when available, special request page, etc.). The candidate must be familiar with the privacy policy. After gaining consensus (at least 70%–80% 75% in pro/con voting or the highest number of votes in multiple choice elections [note: should this be removed?]) in the local community, and with at least 25–30 25 editors' approval, the successful candidate should request access at Steward requests/Permissions with a link to the page with the community's decision. If there are an insufficient number of votes for at least two CheckUsers on a wiki, there will be no CheckUsers on that wiki.

On wikis with an Arbitration Committee (ArbCom) whose members have been elected with the support of at least 25–30 members of the local community, CheckUsers may be directly appointed by the Arbitrators. A community may also delegate the appointment and termination of local CheckUsers to a committee that is elected with the support of at least 25 members of the local community and which has received community consensus to manage access to the CheckUser permission. This may include an Arbitration Committee, and existing committees that already engage in the control of the CheckUser permission may continue to perform that function after this policy comes into force without requiring a separate community vote on their scope. After agreement to appoint a user, a member of the Committee should simply list the candidate on Steward requests/Permissions.

I guess the question is "who decides what counts as a valid Appointments Committee?" If I get some English Wikipedia WikiProject together and have them vote up an "Alternative ArbCom," who is in charge of deciding that that committee isn't a legitimate appointment body? GeneralNotability (talk) 20:54, 18 July 2022 (UTC)Reply[reply]

Yeah, that seems a little strange. More to the point, what would stop me from getting 25 of my IRC buddies to hold an AppCom formation RfC on the Ships In Bottles Noticeboard at 3am on a Wednesday and appoint ourselves CUs by unamimous consensus? JPxG (talk) 09:47, 20 July 2022 (UTC)Reply[reply]

Noting that Checkusers have also been discussing this on our mailing list. Some of the points are noted above. Using Chatham House Rule, I'll include additional points:

  • The policy as a whole is outdated in significant ways that do not reflect current realities of our projects.
    • VOTING: Some discussion of whether the current minimum of 25 supports is sufficient for access to this highly sensitive tool. Some discussion of whether there should be higher/more specific requirements for voters to meet in order to participate in CU elections (e.g., similar or equivalent to those for stewards). This could include minimum number of contributions, limits to only voters with accounts registered a certain period before the election, or other local requirements.
    • WIKIS WITH ONLY ONE CHECKUSER: The policy poorly addresses what happens when one or more CUs on a project are removed according to local or global policy (e.g., insufficient activity, resignation, removal for cause, etc) so that only one CU remains. (Consideration of a proposal to reflect what is mostly current practice is addressed in the section above.)
    • USING GLOBAL POLICY TO ADDRESS AN ISSUE OF A SINGLE PROJECT: There is currently only one project that has proposed even considering the need for a separate "appointments committee". Some feel it is overkill to modify a global policy to accommodate one project.
    • NEED TO ADDRESS RELEASE OF CHECKUSER DATA IN ORDER FOR CHECKUSER TO COMPLY WITH LOCAL LEGISLATION: This issue has been previously discussed on the CU mailing list in the past few months, and many felt that a formal process could/should be included in the CU policy.
  • The majority of CUs commenting on this felt that this is a community policy and changes should be made in the usual manner for global community policies that are hosted on Meta. That is, unless there is a hardline legal reason that the policy would need to be changed, the WMF's role would be to suggest or recommend changes and/or to voice support or opposition to a proposed change.
  • Unclear who would be responsible for determining whether any proposed "appointments committee" is actually accepted as such. The WMF? The local community via local policy? (And how would *that* policy be decided?) The Ombuds Committee, a non-elected body? Can a local Arbcom delegate this responsibility to a "subcommittee" that is the equivalent of an appointments committee?

My own opinion is that there's no value in modifying this section without revamping the policy as a whole; this is actually a lower priority than other updates that are needed. I also believe that this is a community policy and that, while the WMF is very welcome to suggest changes, there's no strong privacy-related or legislatively-related reason for this change that would justify that the WMF mandate this change. Finally, I would very much like to hear from the Ombuds as to their views on this proposed change, including the reasons for those views. Risker (talk) 05:45, 19 July 2022 (UTC)Reply[reply]

  • Two more issues that should probably be considered:
    • Inactivity: 1 year with no edits/logged actions (as the vague wording has been interpreted) is too lax, especially when there are only 2 CUs.
    • Voting: some wikis leave their CU nominations open for months in order to hit the minimum of 25. This is probably not a fair election. --Rschen7754 06:45, 19 July 2022 (UTC)Reply[reply]
    In response to your two more issues you mention I agree that inactivity needs to be tightened, also on voting my view is the CU election should be a 14 day election, if they cannot hit 25 in 2 weeks then they probably do not need the tools on the wiki, such wikis can go to the Stewards when in need. Cheers Scott Thomson (Faendalimas) talk 13:17, 19 July 2022 (UTC)Reply[reply]
Concerning your last point, "COMPLY WITH LOCAL LEGISLATION": in Confidentiality agreement for nonpublic information there is: Exceptions to nonpublic personal data. Nonpublic personal data does not include any information which (a) [...] (d) is required by law to be disclosed by you, but you promise to give WMF prompt notice of such legal requirement and comply with any protective order imposed on such disclosure. Der-Wir-Ing ("DWI") talk 08:42, 19 July 2022 (UTC)Reply[reply]
  • @Risker: as has been supposed in the chat on the mail list. Yes the actions of the French WP have caused this policy change. We received several requests over the their NomCom process. The OC does not have the mandate to recommend changes to policy at whim, this came about as a direct result of the case regarding the French WP and their NomCom process. What it came down to in the end was we had to determine if the process that the French WP had in place was in violation of policy and if so what to do about it. The problems with the French ArbCom are not something we have a say over it is outside our mandate. Many of the comments above were also raised by our various members and this led to a back and forth between WMF and the OC over this issue. In the end we recommended what Karen presented. It allows the process the French WP has developed to continue. I agree the whole policy needs an overhaul, and I do feel like we are playing catch-up here. I would be interested in a major overhaul of the policy and try to develop a workable document that is more to the communities needs. In the mean time we have to deal with issues as they arise. Chair Ombuds Commission Scott Thomson (Faendalimas) talk 13:40, 19 July 2022 (UTC)Reply[reply]
    Hello @Faendalimas: By reading the above, it'd appear that it is the OC opinion that the French Wikipedia method to appoint or demote users to CU/OS access is against the global policies, otherwise no change in the policy would be necessary, right? —MarcoAurelio (talk) 14:03, 19 July 2022 (UTC)Reply[reply]
    heya @MarcoAurelio: yes under current global policy there are two options in reality, appointment by ArbCom or Community Vote. What is the current practice on the French WP is neither of these. As such it is in violation of current policy. Hence the recommended changes above. Cheers Scott Thomson (Faendalimas) talk 14:16, 19 July 2022 (UTC)Reply[reply]
    While I am no longer on the OC and live in a common law jurisdiction, is there any reason why frwiki's practice cannot be "read in" to the current text? IMO an appointment body that meets the voting requirements of an ArbCom would seem to fall within the intent of the policy, especially when you consider that the policy has not been updated in a long time. – Ajraddatz (talk) 16:26, 19 July 2022 (UTC)Reply[reply]

Hi all, a quick update: as I'm sure has become obvious at this point, we've scrapped the intended 26 July implementation date. We're working on a big response for y'all. That response will probably make some suggestions as to what we could change in the proposed text to resolve the concerns that have been expressed, as well as talk about the reasoning behind the proposal and about the "whole policy needs an overhaul first" thing. I don't have an expected publish date for that response yet, but I'm hopeful we'll have it ready in the next week or so. Apologies for how long it's taking; Legal and I are taking extra time to make sure our thoughts are legally viable as well as consistent with community expectations. Kbrown (WMF) (talk) 12:34, 28 July 2022 (UTC)Reply[reply]

And here's that response:
Thanks for all your thoughts. We've reviewed the concerns people have expressed here and elsewhere and believe they have merit. We spoke with the Legal team and we want to address two points in particular, regarding how to amend the policy and how to ensure this amendment won’t be abused as well as some other points of feedback.
First, with regard to how to amend the policy, the checkuser and oversight policies are in a somewhat unusual position. They have some requirements that are dictated by law and other aspects that are open to community editing. For example, checkuser policies cannot permit data sharing that’s prohibited by the privacy policy and generally need to align with legal requirements for non-public data. Similarly, oversighted content presents a risk of abuse that could lead to legal claims against the Foundation or negligent users, so it needs a similar level of protection as to who can access the tool. On the other hand, details of the policies and how they’re handled are open to community tweaking and the Foundation does not dictate their precise wording. In this case, we found the review of the French language system for appointing checkusers and oversighters to be consistent with the Foundation’s legal obligations, but the Ombuds Commission expressed the concern that the checkuser and oversight policies as written did not permit the structure that French set up. The Ombuds Commission recommended that the policies be amended to allow this system (as it seems like it’s working well for French and there’s no legal reason others can’t do similar). We had intended to help effect their recommendation by making that change. Basically, our intention was to write into policy an already-existing appointment method that had been signed off on by OC and WMF Legal; this sort of descriptive (as opposed to prescriptive) policy-writing has been pretty common in the movement through the years. We still wanted to get community feedback from folks experienced with these tools though, and, we agree that given that there are objections to this proposal, it should go through a typical discussion process and be implemented by consensus. We’re hopeful that we can adjust the proposal to meet any concerns and reach that consensus. On re-reading the notifications we put out about this change, I think they may have been worded too bluntly and given the impression that we thought this was completely a WMF thing rather than a WMF-and-the-community thing, so apologies for that.
Second, regarding the concern of abuse, we suggest two additional language changes that may help address this point. First, we should add the following bolded language: “Appointments Committee whose members have been elected with the support of at least 25–30 members of the local community in an open election process.” This would mean that a project or group collecting 25-30 members to select a committee would not be able to do so unless they held a general vote on that wiki and were successful. Second, we suggest adding the following bolded language to indicate that there can only be one appointments committee per project: “Any committee meeting these requirements, including an Arbitration Committee (ArbCom), may fulfill this role, but there may only be one Appointments Committee per wiki.
In discussion elsewhere, people have noted that it's odd that the suggested changes say Appcoms can appoint but only Arbcoms can remove. That's also a good catch. It's written the way it is because that was Ombcom's recommendation; as we understand it, their reasoning is that if Appcom members don't hold CUOS - as they currently don't on Frwiki - then they cannot adequately investigate misuse of the tool(s). We're not 100% opposed to removals by Appcoms being allowed, but we also find the Ombcom reasoning persuasive on this and want to make sure those implications are considered.
I also want to acknowledge the concern that this number of voters may not be enough to accurately select checkusers and oversighters. We would be hesitant to raise this requirement too much given that many languages are small, but if there’s community consensus to raise it (or perhaps to raise it only for wikis having a certain number of active users) please feel free to do so via a distinct proposal as it would not be a legal problem for the Foundation if that requirement became more strict.
Lastly, there were a few comments that the policies need a bigger overhaul. This is a fair point but beyond the recommendation of the Ombuds Commission and not something we’ve looked into in detail in terms of what would be possible given current applicable laws. If there’s interest among community members in proposing other policy changes please feel free to do so and we’re happy to take a look at them to flag if they’d pose any legal problems for the Foundation. If there’s interest in having the Foundation spearhead a broader checkuser policy overhaul, we can look into what resources the Privacy and T&S teams would need to do that and try to schedule the project for the short to medium term future.
Could you let us know if these suggestions resolve the concerns that have been expressed? We are open to making further changes as needed to the proposed changes. Kbrown (WMF) (talk) 16:00, 3 August 2022 (UTC)Reply[reply]
I appreciate the clarifications and explanation of the WMF's position. --Rschen7754 07:33, 4 August 2022 (UTC)Reply[reply]
@Kbrown (WMF): Previously I have opened Requests for comment/Amendment of CheckUser policy and Oversight policy, which may contain issues and proposals you may concern. GZWDer (talk) 15:49, 13 August 2022 (UTC)Reply[reply]