Talk:CheckUser policy

From Meta, a Wikimedia project coordination wiki
Jump to: navigation, search
This page is for discussions related to the CheckUser policy page.

  Please remember to:

  Archives: 1 2 3 4
Wikimedia Community Logo.svg


Claims of CheckUser abuse[edit]

The following discussion is closed. Please do not modify it. Subsequent comments should be made in a new section.

Is it possible to get an independent investigation about use of CU? Serious claims about CU used as a tool to get rid of one of the former leaders of Wikimedia Norge (Norwegian chapter of Wikimedia) is circulating at discussions board at Wikipedia in Norwegian (bokmål) [1]. Both the former leader, in a private mail, and a former VP for Wikimedia Norge at the discussion board, have made clear statements about claims of abuse. According to one of the users with CU access, three of the holders of CU access at Wikipedia in Norwegian (bokmål) was agree about the CU. It is claimed to have been according to CU policies at the Norwegian wiki, but it may be violating the general Check User policy as stated here, and the privacy policies and the Privacy Policies presentet at Wikimedia Foundation (https://wikimediafoundation.org/wiki/Privacy_policy).

While difficult to prove, it appears the current VP at Wikimedia Norge is involved in the CU request somehow. The current VP have a long record conflict with the former leader at wikipedia Norge. The conclusion of the CU was, she had two accounts. It was though no proofs of illegal use of those accounts, like voting double or supporting own claims. Regardless the outcome of a discussion whether she have broken any policies, it appears the CU was made on a way to thin basis according to the policy.

I doubt it will be possible to get a consensus at the Norwegian wiki for investigating. Way to many of the most active users are involved in Wikimedia Norge's current activities. If this is the wrong place for asking for an investigation, please let me know. Grrahnbahr (talk) 17:01, 2 March 2014 (UTC)

The Ombudsman Commission deals with CU/OS misuse complaints, I'd recommend privately contacting them. Ajraddatz (Talk) 17:08, 2 March 2014 (UTC)
We will investigate. On behalf of the Ombudsman Commission,
--Stryn (talk) 17:12, 2 March 2014 (UTC)
Thank you. If more information is needed, please send me a private message, and I'll share what I have. Grrahnbahr (talk) 17:58, 2 March 2014 (UTC)
Dear Grrahnbahr,
We have investigated and have answered the original complainer. We can add that we did not find any violation of the WMF rules and policies.
For the Ombudsmen Commission,
Huji (talk) 02:51, 7 March 2014 (UTC)
I can't say I'm not surprised. Thank you anyway for investigated the case. Grrahnbahr (talk) 01:58, 11 March 2014 (UTC)
To my knowledge none is contacted about this and the OTRS request (Ticket#2014021710019366) is still unanswered. — Jeblad 09:02, 11 March 2014 (UTC)
May I ask who the original complainer should be? As far as I can see, I am the only one who fits a description of an original complainer in a strict interpretation of the expression, while User:Jeblad, who first brought up the case at Tinget, could may be considered as well if using a broader interpretation (the first one afaik to bring it up at a serious level at Tinget). Since the involved users critical to the use of CU, is not been asked for their opinion in the case, and it is not asked for more information regarding details, I do questioning in a friendly manner whether the investigation is neutral and thoroughly. Grrahnbahr (talk) 16:03, 11 March 2014 (UTC)
Grranbahr: This issue was brought to us by another member of the community; the Commission has already investigated this case and reached its conclusions (as I indicated above).
The contact information for the Ombudsman Commission is listed here. OC does not have access to the OTRS by default, so if that ticket is pertinent to privacy issues, please submit a detailed request to the OC". Huji (talk) 20:14, 12 March 2014 (UTC)
I can confirm Huji's statement that another no-wikipedia-user (not me) already had registered a complaint with the OC when yours came, Grrahnbahr. BR Noorse (talk) 07:43, 13 March 2014 (UTC)
Sorry but none of the involved persons have been informed, so I would say that this check is not done. — Jeblad 00:35, 13 March 2014 (UTC)
@Tiptoety: Can you please see which queue owns Ticket:2014021710019366 and transfer it to a member of the OC who can respond.  — billinghurst sDrewth 02:12, 13 March 2014 (UTC)
I have taken care of this. Best, Tiptoety talk 02:31, 13 March 2014 (UTC)

Continued conversation of an active situation doesn't belong here on the talk page of the policy. We can transfer the whole slab of text to Talk:Ombudsman commission, or it can be taken off-line as suggested, if the conversation needs to continue.  — billinghurst sDrewth 02:06, 13 March 2014 (UTC)

I would like to add myself to the list of peoples that wants to know what is going on about this matter, as I was one of the people a high profile admin on nowiki made some claims about, and as those claims is what at least one of the people involved in the CU used as a reason for running the checks. Thanks for the understanding and forwarding the info to me. — Jeblad 00:43, 19 March 2014 (UTC)
@Jeblad: then contact the Ombudsman Commission. Posting on a policy talk page is not going to get the right privacy, nor is appropriate for notification.  — billinghurst sDrewth 16:07, 19 March 2014 (UTC)


It is clearly said that the page is policy, yet it is not clear what is the scope of this policy. Is it only for meta? Is it for some of the projects? Is it for all WMF projects? If it is not for all the projects, then it should be clearly said why some projetcs can violate the policy.

The scope is somewhat identified by "The tool is to be used to fight vandalism, to check for sockpuppet abuse, and to limit disruption of the project. It must be used only to prevent damage to any of Wikimedia projects." To me that identifies three roles where use is accepted; vandalism, sock puppet abuse, and disruption. Then it goes on to say "any of the Wikimedia projects". That means that any projects that are in violation of this must update their policy to reflect this.

Later on the policy says "The tool should not be used for political control; to apply pressure on editors; or as a threat against another editor in a content dispute. There must be a valid reason to check a user. Note that alternative accounts are not forbidden, so long as they are not used in violation of the policies (for example, to double-vote or to increase the apparent support for any given position)." In short that it should not be used for control, pressure or threat, and that "alternative accounts are not forbidden". Use of the tool for such purposes are in violation of the policy.

Due to this I find it very strange that CU is used on nowiki for these purposes, which is clearly in breach of the policy. It is used for applying control, pressure and threats, on users that has alternate accounts but without vandalism, abuse or disruption. And when complaints are rised there are no CU abuse? Sorry but I don't understand this. How can this be? What is so special at nowiki that such abuse is accepted? Is this a Wikimedia-wide policy or not? If not then it should be rewritten or even deleted altogether. — Jeblad 13:37, 22 March 2014 (UTC)

... and? Your two options here are to discuss this with the Ombudsman Commission, WMF, or the Wikimedia Board of Trustees, or follow local procedures for removal of a CheckUser, should the community no longer trust them. Writing long blocks of text on this page will not resolve the issues. --Rschen7754 08:06, 23 March 2014 (UTC)
Either this page is the current policy and it governs all projects or it is not. According to the present precedent it is not a project-wide policy and should be rewritten. — Jeblad 00:34, 24 March 2014 (UTC)

That's enough. You have been told repeatedly where you can raise these concerns, and you insist on bringing them to the wrong venue, where nobody can do anything about them. Therefore, I am closing this thread. --Rschen7754 00:37, 24 March 2014 (UTC)

The above discussion is preserved as an archive. Please do not modify it. Subsequent comments should be made in a new section.

Small clarification[edit]

I submit that this checkuser policy should not say "Stewards - upon request" unless they only have that right upon request, which does not seem to be the case. Rather, it should say "Stewards" or better yet "Stewards" plus something that's accurate - e.g. that stewards self-grant local checkuser access on meta only for a brief time, because that maximizes transparency. See ENWP discussion --Elvey (talk) 21:59, 27 May 2014 (UTC)

Inactivity[edit]

Hi. According to this policy it is possible to lose flag because inactivity. However, in es:WP there is some CU inactives and they didn´t loose them. An admin told me than "is not clear what it means "inactive" according to this policy". So I ask: what "inactive" exactly means? Thanks. --Ganímedes (talk) 09:13, 11 November 2014 (UTC)

Basic editing would be my understanding of inactive, though there are other measures that would be looked at to making a determination, eg. they may be running CU checks or undertaking actions that are not editing, so a common explanation of activity should be interpreted for the purposes of alerting your community. If you have concerns over actvity of esWP checkusers then please bring it to the notice of your admins/crats/CUs and they can do the leg work and notify stewards accordingly. Having two or more checkusers should allow for them to monitor each other.  — billinghurst sDrewth 11:52, 11 November 2014 (UTC)
Basically you're saying that someone could be CU indefinetely only doing edits, no matter he didn´t check nothing in several years. Is that correct? --Ganímedes (talk) 17:48, 12 November 2014 (UTC)
No, the CU policy isn't clear regarding inactivity - so he advices you to go back to the community. You could, for example, begin a de-RfCU there. Though I agree the policy should be clarified soon about this point. It was set up when we didn't have that many CUs and it's not yet up to date anymore. We should have some clarification; maybe I'll set up a RFC about it soon. Maybe this answer helps? With regards, Trijnsteltalk 18:24, 12 November 2014 (UTC)
I am indicating that there are many measures of inactivity and numbers of them can be used. There are a number of means to investigate, however, the first in this case would be from within the community, and allow the discussion to take place. CU checks should only be undertaken when they are needed, not as a means to retain the tool. As multiple CUs are needed within a community to retain the right, you may find that one is more active and undertakes more/first checks, and the others act as review, they may participate in discussions about the data (which is confidential and can only be shared by those with the right). So, I am saying we can measure "inactive" in numbers of ways, and this becomes a discussion, not solely regarded as a specific measure. In the end, they are appointed by the community, and can be removed by the community, and you can all suggest in a mature discussion the means forward.  — billinghurst sDrewth 00:57, 13 November 2014 (UTC)
(In my opinion we have to use edit count. We should not encourage looking at private information without good reason; CheckUsers should not lose rights just because not enough requests for checks have been done).--Jasper Deng (talk) 18:58, 12 November 2014 (UTC)
And what if someone has been a CU for years, without having performed even 1 CU while they still edit regularly? (And yes, I know this happens.) Trijnsteltalk 19:12, 12 November 2014 (UTC)
As long as they don't abuse it, though being unresponsive to valid CU requests would be a separate problem in and of itself.--Jasper Deng (talk) 23:26, 12 November 2014 (UTC)
It depends on the wiki, really. Some enwiki arbs never CU, but they are expected to hold it, whereas there are CUs on other wikis (I can think of two right now) who show up and make 4 edits a year to their userspace and then leave for the next year. --Rschen7754 02:30, 13 November 2014 (UTC)
If those communities are comfortable with that as a display of activity, then I am not really certain that others can do or say much, it is activity. One could still call less than a handful of edits as inactive for a person in that role. Still the issue is about any harm from action or inaction, and each community's needs.  — billinghurst sDrewth 05:21, 13 November 2014 (UTC)
Well, they still retain access to private information, including a subscription to checkuser-l, and the CU wiki, so I'm not entirely sure that a completely detached approach is a good idea. --Rschen7754 06:06, 13 November 2014 (UTC)
Also: I think that maybe the policy should be changed to 6 months inactive, and keep it as no logged actions/no edits - it would catch most of the CUs who are completely tuned out from Wikimedia. --Rschen7754 04:18, 13 November 2014 (UTC)
How about inactivity as "12 (or 6 as Rschen7754 proposed above) months with no edits, no publicly-viewable logged actions, no formal community approval with the same consensus level and procedure as in appointment"? I expect monitoring-only CUs would have no problem with fulfilling the last condition (ArbCom approval or a new election), when needed. Also, it might be a good idea to make it explicit that this is a minimum standard for necessary activity levels, and that local communities may have a stricter policy on inactivity than this. whym (talk) 13:53, 16 November 2014 (UTC)

This topic has been raised at least two times before: 1, 2. My preference is to understand activity widely, not limited just to CU; otherwise we will force users to make use of the CU tool just to keep the right, which would be contrary to the spirit of this policy, as CU should be a tool of last resort (I agree with Jasper Deng above). However I'd support a clarification and probably a whole update to this policy for which I support Trijnstel's idea to open a RFC. Best regards. — M 15:55, 16 November 2014 (UTC)

It's unpleasant and uncomfortable force someone to use the tool, yes, but in the other hand this is not a flag like rest; it gives access to private information and should be carefully handle, I think. Thanks for interest. --Ganímedes (talk) 18:18, 21 November 2014 (UTC)
@Ganímedes: your enquiry was raised among checkusers and stewards, and there is some discussion about your concerns. There is a range of views, though my personal feeling is that some level of reassurance from checkusers to communities about how they review activity.  — billinghurst sDrewth 05:32, 22 November 2014 (UTC)

Please run Special:PageMigration here[edit]

To migrate the translations, as we have migrated the Oversight policy, thx. --Liuxinyu970226 (talk) 02:33, 25 March 2015 (UTC)

Well, it's not as simple as just running that. There are lots of other things that needs to be done and it requires a lot of time. This page has more translations than OS policy too so more work needs to be done here. I'll maybe migrate this page one of these days when I have some spare time. --Glaisher (talk) 05:24, 25 March 2015 (UTC)

New steward practice?[edit]

[2] Sorry, but this just seems silly to apply to all projects. We have hundreds of projects with fewer than five active editors. Those projects shouldn't have to meet some arbitrary requirement for "discussion" of possible socking (most of which is spam production anyway). And let's be honest, stewards are doing those checks and blocking those accounts anyway. The broader community is responsible for coming up with the criteria, and it shouldn't be a discussion on a closed mailing list. The lack of a community discussion in communities with a small number (or no) editors shouldn't be the reason that a steward refuses a request for CU. Risker (talk) 04:31, 4 April 2015 (UTC)

@Risker: There is no change of practice, that edit should not be taken in isolation, the bigger change should be taken in account with Avraham's prior edit, and the better diff would be this. If you can think of improved writing that takes into account the long held wording, go for it.  — billinghurst sDrewth 04:43, 4 April 2015 (UTC)
It is a change in practice, and it is routinely ignored as well, though. Immortalizing a non-existent practice is terrible practice. And again, this is a very negative change for very small communities, which make up the majority of our projects. Risker (talk) 04:50, 4 April 2015 (UTC)
A policy change should come about through consultation, not edit creep. If you would prefer we go back to the pre-Avraham edit and restart the conversation. To note that the stewards conversation was that changes to policy should be made by the community, not by edit creep, hence the readdition.

The reality is that we never to rarely ever get CU requests from the small communities, we get them from the mid to larger without checkuser access. It is not unknown for (disgruntled) users to bring their requests to stewards without involving admins. The larger communities with checkusers have (community discussion) processes for requesting CU, so should we have the same rights for input on these mid to large size wikis? Instead your position could be that we only have discussion held at meta (hidden away) rather than where existing communities can see and have input.

There is no change of practice for stewards, it is about having an enabling policy where stewards can enable community input contrary to a policy that does not.  — billinghurst sDrewth 05:05, 4 April 2015 (UTC)

Well, that was the opinion of you and one other steward, even though James OKed the change. But by all means, edit war over the wording on the page. Regardless of what the policy says, there is no way that any steward in their right mind would request community consensus before performing a check, and no way we would honour a request to CU a user based solely on community consensus. As for the need for community consultation to bring this page up to current practice, I'll start an RfC tomorrow sometime to clarify these parts and also the loginwiki. Hopefully we can establish some sort of consensus instead of staying in limbo on these issues. Ajraddatz (talk) 05:19, 4 April 2015 (UTC)
"There is no change of practice for stewards" that is completely false. Maybe not a change in Billinghurst's practice, but no other steward follows that. --Rschen7754 16:12, 4 April 2015 (UTC)
I don't think such practice can be enforced. In case of uncontroversial checks (such as vandals or spambots) it will just take time to organise a local discussion (and the smaller is the community, the more time it will take to organise a meaningful discussion). In case of controversial checks (involving active users) there will most likely be no proper conensus, as an active user involved will naturally try to block the check. I think that instead of local consensus a better justification, and local discussion may be an option, but diffs by involved users or any other proof should be allowed as an alternative option — NickK (talk) 19:42, 4 April 2015 (UTC)

User:Billinghurst, if you are insisting that this "requirement" to have a local community consensus in order to fulfill a SRCU request is enshrined in the previous version of the policy, can you point to any sentences in the policy that back up your assertion? --Rschen7754 02:25, 5 April 2015 (UTC)

I am insisting on nothing beyond that a change to the policy is made openly by the community rather than by edit creep. If you are asking which bit of the policy disappeared the component is included in
If an insufficient number of voters vote for at least two CheckUsers on a wiki, there will be no CheckUsers on that wiki. Editors will have to ask a steward to check if UserX is a sockpuppet of UserY. To do so, simply add your request to Steward requests/Checkuser listing these users and explaining why you ask for such a check (with links). You also need a community consensus (like above). The steward will answer you if these two users are from the same IP, same proxy, same network, same country, or are they completely unrelated (see discussion for what the Steward should more precisely say to the editor).
my bolding in statement  — billinghurst sDrewth 03:17, 5 April 2015 (UTC)
Which is a bit different. Your text is "To do so, start by having a local discussion, as a form of community consensus", which is less inclusive than the wording "You also need a community consensus (like above)". (And it's not clear what "like above" refers to; certainly it can't require 25-30 editors supporting). For example, the community could have decided that socking was automatic grounds for CU in a local policy, like Wikidata did a while back. --Rschen7754 03:45, 5 April 2015 (UTC)
Maybe a bit off-topic, but I feel that this whole policy needs a new writting, of course, if there's community consensus for it and its approval. -- M\A 18:26, 5 April 2015 (UTC)
That and the OS policy too; I think there were some points made in the ML archives that might be useful. --Rschen7754 18:34, 5 April 2015 (UTC)
  • I'm still not seeing the basis for saying that a community consensus, or even a community discussion, is required before stewards will consider doing a check. This is a new requirement that was not part of the initial expectations until...well, until a steward added it without discussing with the broad community. While local communities may have such rules (in fact, I believe even some communities with their own checkusers have such rules), they are local rules, not rules governing the entire Wikimedia constellation of projects, and they are unenforceable and undesirable on small wikis. They are probably unenforceable and undesirable on many "medium-sized" wikis (those with 20-200 users). I sense that what has happened is that some stewards are familiar with local rules for some projects they work on and are trying to impose those rules on other projects. Risker (talk) 22:29, 5 April 2015 (UTC)
    Risker. You are missing the aspect that it has always been in the policy since the beginning, and it was removed by copy edit, and it was returned. Now we are back to the original policy. There has been no change in practice and we are still at no change in practice.  — billinghurst sDrewth 22:36, 5 April 2015 (UTC)
    And I think you're missing that it was removed in the first place because it has no place in common practice. Instead of reverting it saying that discussion is needed, why not be positive and start that discussion? Ajraddatz (talk) 23:17, 5 April 2015 (UTC)
    Billinghurst, please provide a recent example of "There has been no change in practice and we are still at no change in practice." - specifically, where another steward besides yourself has declined a SRCU request for there being "no consensus" to run a check. --Rschen7754 00:26, 6 April 2015 (UTC)
    I have always thought that our policies are descriptive, not prescriptive, i.e. they describe common practices, not prescribe them. Ruslik (talk) 16:09, 8 April 2015 (UTC)
    Exactly, Ruslik.
    1. More stewards than not (a consensus, perhaps) already have expressed that "community consensus" is not part of their decision process when they decide to accept or reject a CU request.
    2. Requiring that discussions are held prior to requesting a CU on Meta would impose an extra, and unnecessary, burden on the small and medium wikis who require stewards to perform checks. Unnecessary, as the stewards, in my experience, have shown that they are pretty good at deciding which requests are valid and which are not without the need for extra bureaucracy.
    3. Not that it makes that much of a difference, but WM Legal did approve the change. Moreover, some, if not all, of our larger projects with internal CU processes (for example: EnWiki, Commons, Simple English, if Google Translate worked, then so too DeWiki, ) do not require "consensus" or discussion; merely a request. The CU (or clerk) decides whether or not to follow up on it.
    In summation, this is not "policy creep" but "policy clarification" as it reflects what I believe most of the stewards do (the consensus behavior, dare I say). It, combined with the other changes I made, makes more sense than the words that were there before, it is in line with how CU is used on other large projects, and it is accepted by Legal. To leave confusing verbiage, including words which are not carried out in practice, for the sake of no change without bureaucratic process is counterproductive in my opinion, and the clearer version I posted a few weeks ago should be used without further bureaucratic bloat. -- Avi (talk) 02:54, 14 April 2015 (UTC)
    Whether stewards choose to enforce that provision or not, or to what degree or method they choose to enforce it can vary. But we can't just remove a significant phrase like that from a global policy, even if we don't like it. It is a community policy and the fact that it was apparently discussed on a private mailing list is irrelevant as that cannot be used to gauge consensus, since private mailing lists are not open to all community members. --Rschen7754 04:57, 14 April 2015 (UTC)
    The historical reason (two revisions, @Anthere: and then @Datrio:) given for the addition of the phrase in question was "…probably means that no request may be done by one user only (but must be approved by others) and a motive always given.". It was from a time when Meta (and most projects) were much smaller than they are now. Moreover, it is no longer relevant as it is now handled by having an explicit reason given in the request, and the check run by a second party (the steward). I continue to believe that to enforce it would be counterproductive, bureaucracy for the sake of bureaucracy, and as it is more honored in the breach than the observance, it is time that it is removed so that the policy matches the practice. -- Avi (talk) 06:14, 14 April 2015 (UTC)

It has been about a week with no further responses. At this point,is there any reason not to bring the wording in line with what is the common practice? -- Avi (talk) 21:23, 21 April 2015 (UTC)

  • With no further responses to the statements above, there appears to be no significant opposition to my restoring the wording I added previously, supported by a plurality of respondents, and approved by the WMF. -- Avi (talk) 21:22, 27 April 2015 (UTC)
Retrieved from "https://meta.wikimedia.org/w/index.php?title=Talk:CheckUser_policy&oldid=15665739"